2 * Copyright 2001-2007 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file xmltooling/security/CredentialCriteria.h
20 * Class for specifying criteria by which a CredentialResolver should resolve credentials.
23 #if !defined(__xmltooling_credcrit_h__) && !defined(XMLTOOLING_NO_XMLSEC)
24 #define __xmltooling_credcrit_h__
26 #include <xmltooling/XMLToolingConfig.h>
27 #include <xmltooling/security/KeyInfoResolver.h>
28 #include <xmltooling/security/X509Credential.h>
29 #include <xmltooling/signature/KeyInfo.h>
30 #include <xmltooling/signature/Signature.h>
33 #include <xsec/dsig/DSIGKeyInfoList.hpp>
34 #include <xsec/dsig/DSIGKeyInfoName.hpp>
36 namespace xmltooling {
39 * Class for specifying criteria by which a CredentialResolver should resolve credentials.
41 class XMLTOOL_API CredentialCriteria
43 MAKE_NONCOPYABLE(CredentialCriteria);
45 CredentialCriteria() : m_keyUsage(UNSPECIFIED_CREDENTIAL), m_keySize(0), m_key(NULL),
46 m_keyInfo(NULL), m_nativeKeyInfo(NULL), m_credential(NULL) {
48 virtual ~CredentialCriteria() {
53 UNSPECIFIED_CREDENTIAL,
60 * Get the key usage criteria.
64 UsageType getUsage() const {
69 * Set the key usage criteria.
71 * @param usage the usage to set
73 void setUsage(UsageType usage) {
78 * Get the peer name criteria.
80 * @return the peer name
82 const char* getPeerName() const {
83 return m_peerName.c_str();
87 * Set the peer name criteria.
89 * @param peerName peer name to set
91 void setPeerName(const char* peerName) {
94 m_peerName = peerName;
98 * Get the key algorithm criteria.
100 * @return the key algorithm
102 const char* getKeyAlgorithm() const {
103 return m_keyAlgorithm.c_str();
107 * Set the key algorithm criteria.
109 * @param keyAlgorithm The key algorithm to set
111 void setKeyAlgorithm(const char* keyAlgorithm) {
112 m_keyAlgorithm.erase();
114 m_keyAlgorithm = keyAlgorithm;
118 * Get the key size criteria.
120 * @return the key size, or 0
122 unsigned int getKeySize() const {
127 * Set the key size criteria.
129 * @param keySize Key size to set
131 void setKeySize(unsigned int keySize) {
136 * Set the key algorithm and size criteria based on an XML algorithm specifier.
138 * @param algorithm XML algorithm specifier
140 void setXMLAlgorithm(const XMLCh* algorithm) {
142 std::pair<const char*,unsigned int> mapped =
143 XMLToolingConfig::getConfig().mapXMLAlgorithmToKeyAlgorithm(algorithm);
144 setKeyAlgorithm(mapped.first);
145 setKeySize(mapped.second);
148 setKeyAlgorithm(NULL);
154 * Gets key name criteria.
156 * @return an immutable set of key names
158 const std::set<std::string>& getKeyNames() const {
163 * Gets key name criteria.
165 * @return a mutable set of key names
167 std::set<std::string>& getKeyNames() {
172 * Returns the public key criteria.
174 * @return a public key
176 virtual XSECCryptoKey* getPublicKey() const {
181 * Sets the public key criteria.
183 * <p>The lifetime of the key <strong>MUST</strong> extend
184 * for the lifetime of this object.
186 * @param key a public key
188 void setPublicKey(XSECCryptoKey* key) {
192 enum keyinfo_extraction_t {
193 KEYINFO_EXTRACTION_KEY = 1,
194 KEYINFO_EXTRACTION_KEYNAMES = 2,
195 KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES = 4
199 * Gets the KeyInfo criteria.
201 * @return the KeyInfo criteria
203 const xmlsignature::KeyInfo* getKeyInfo() const {
208 * Sets the KeyInfo criteria.
210 * @param keyInfo the KeyInfo criteria
211 * @param extraction bitmask of criteria to auto-extract from KeyInfo
213 virtual void setKeyInfo(const xmlsignature::KeyInfo* keyInfo, int extraction=0) {
217 if (!keyInfo || !extraction)
220 int types = (extraction & KEYINFO_EXTRACTION_KEY) ? Credential::RESOLVE_KEYS : 0;
221 types |= (extraction & KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES) ? X509Credential::RESOLVE_CERTS : 0;
222 m_credential = XMLToolingConfig::getConfig().getKeyInfoResolver()->resolve(keyInfo,types);
224 if (extraction & KEYINFO_EXTRACTION_KEY)
225 setPublicKey(m_credential->getPublicKey());
226 if (extraction & KEYINFO_EXTRACTION_KEYNAMES)
227 m_keyNames.insert(m_credential->getKeyNames().begin(), m_credential->getKeyNames().end());
228 if (extraction & KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES) {
229 const X509Credential* xcred = dynamic_cast<const X509Credential*>(m_credential);
230 if (xcred && !xcred->getEntityCertificateChain().empty())
231 X509Credential::extractNames(xcred->getEntityCertificateChain().front(), m_keyNames);
236 * Gets the native KeyInfo criteria.
238 * @return the native KeyInfo criteria
240 DSIGKeyInfoList* getNativeKeyInfo() const {
241 return m_nativeKeyInfo;
245 * Sets the KeyInfo criteria.
247 * @param keyInfo the KeyInfo criteria
248 * @param extraction bitmask of criteria to auto-extract from KeyInfo
250 virtual void setNativeKeyInfo(DSIGKeyInfoList* keyInfo, int extraction=0) {
253 m_nativeKeyInfo = keyInfo;
254 if (!keyInfo || !extraction)
257 int types = (extraction & KEYINFO_EXTRACTION_KEY) ? Credential::RESOLVE_KEYS : 0;
258 types |= (extraction & KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES) ? X509Credential::RESOLVE_CERTS : 0;
259 m_credential = XMLToolingConfig::getConfig().getKeyInfoResolver()->resolve(keyInfo,types);
261 if (extraction & KEYINFO_EXTRACTION_KEY)
262 setPublicKey(m_credential->getPublicKey());
263 if (extraction & KEYINFO_EXTRACTION_KEYNAMES)
264 m_keyNames.insert(m_credential->getKeyNames().begin(), m_credential->getKeyNames().end());
265 if (extraction & KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES) {
266 const X509Credential* xcred = dynamic_cast<const X509Credential*>(m_credential);
267 if (xcred && !xcred->getEntityCertificateChain().empty())
268 X509Credential::extractNames(xcred->getEntityCertificateChain().front(), m_keyNames);
273 * Sets the KeyInfo criteria from an XML Signature.
275 * @param sig the Signature containing KeyInfo criteria
276 * @param extraction bitmask of criteria to auto-extract from KeyInfo
278 void setSignature(const xmlsignature::Signature& sig, int extraction=0) {
279 setXMLAlgorithm(sig.getSignatureAlgorithm());
280 xmlsignature::KeyInfo* k = sig.getKeyInfo();
282 return setKeyInfo(k,extraction);
283 DSIGSignature* dsig = sig.getXMLSignature();
285 setNativeKeyInfo(dsig->getKeyInfoList(),extraction);
289 UsageType m_keyUsage;
290 unsigned int m_keySize;
291 std::string m_peerName,m_keyAlgorithm;
292 std::set<std::string> m_keyNames;
293 XSECCryptoKey* m_key;
294 const xmlsignature::KeyInfo* m_keyInfo;
295 DSIGKeyInfoList* m_nativeKeyInfo;
296 Credential* m_credential;
300 #endif /* __xmltooling_credcrit_h__ */