-/*
- * Copyright 2001-2007 Internet2
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
*/
/**
#if !defined(__xmltooling_credcrit_h__) && !defined(XMLTOOLING_NO_XMLSEC)
#define __xmltooling_credcrit_h__
-#include <xmltooling/XMLToolingConfig.h>
-#include <xmltooling/security/KeyInfoResolver.h>
-#include <xmltooling/security/X509Credential.h>
-#include <xmltooling/signature/KeyInfo.h>
-#include <xmltooling/signature/Signature.h>
+#include <xmltooling/base.h>
#include <set>
-#include <xsec/dsig/DSIGKeyInfoList.hpp>
-#include <xsec/dsig/DSIGKeyInfoName.hpp>
+
+class DSIGKeyInfoList;
+class XSECCryptoKey;
+
+namespace xmlsignature {
+ class XMLTOOL_API KeyInfo;
+ class XMLTOOL_API Signature;
+};
namespace xmltooling {
+ class XMLTOOL_API Credential;
+
+#if defined (_MSC_VER)
+ #pragma warning( push )
+ #pragma warning( disable : 4251 )
+#endif
+
/**
* Class for specifying criteria by which a CredentialResolver should resolve credentials.
*/
{
MAKE_NONCOPYABLE(CredentialCriteria);
public:
- CredentialCriteria() : m_keyUsage(UNSPECIFIED_CREDENTIAL), m_keySize(0), m_key(NULL),
- m_keyInfo(NULL), m_nativeKeyInfo(NULL), m_credential(NULL) {
- }
- virtual ~CredentialCriteria() {
- delete m_credential;
- }
+ /** Default constructor. */
+ CredentialCriteria();
+
+ virtual ~CredentialCriteria();
/**
* Determines whether the supplied Credential matches this CredentialCriteria.
* @return true iff the Credential is consistent with this criteria
*/
virtual bool matches(const Credential& credential) const;
-
- enum UsageType {
- UNSPECIFIED_CREDENTIAL,
- SIGNING_CREDENTIAL,
- TLS_CREDENTIAL,
- ENCRYPTION_CREDENTIAL
- };
-
+
/**
- * Get the key usage criteria.
+ * Get key usage criteria.
*
- * @return the usage.
+ * @return the usage mask
*/
- UsageType getUsage() const {
- return m_keyUsage;
- }
+ unsigned int getUsage() const;
/**
- * Set the key usage criteria.
+ * Set key usage criteria.
*
- * @param usage the usage to set
+ * @param usage the usage mask to set
*/
- void setUsage(UsageType usage) {
- m_keyUsage = usage;
- }
+ void setUsage(unsigned int usage);
/**
* Get the peer name criteria.
*
* @return the peer name
*/
- const char* getPeerName() const {
- return m_peerName.c_str();
- }
+ const char* getPeerName() const;
/**
* Set the peer name criteria.
*
* @param peerName peer name to set
*/
- void setPeerName(const char* peerName) {
- m_peerName.erase();
- if (peerName)
- m_peerName = peerName;
- }
+ void setPeerName(const char* peerName);
/**
* Get the key algorithm criteria.
*
* @return the key algorithm
*/
- const char* getKeyAlgorithm() const {
- return m_keyAlgorithm.c_str();
- }
+ const char* getKeyAlgorithm() const;
/**
* Set the key algorithm criteria.
*
- * @param keyAlgorithm The key algorithm to set
+ * @param keyAlgorithm the key algorithm to set
*/
- void setKeyAlgorithm(const char* keyAlgorithm) {
- m_keyAlgorithm.erase();
- if (keyAlgorithm)
- m_keyAlgorithm = keyAlgorithm;
- }
+ void setKeyAlgorithm(const char* keyAlgorithm);
/**
* Get the key size criteria.
+ * <p>If a a maximum size is also set, this is treated as a minimum.
*
* @return the key size, or 0
*/
- unsigned int getKeySize() const {
- return m_keySize;
- }
+ unsigned int getKeySize() const;
/**
* Set the key size criteria.
+ * <p>If a a maximum size is also set, this is treated as a minimum.
*
- * @param keySize Key size to set
+ * @param keySize key size to set
*/
- void setKeySize(unsigned int keySize) {
- m_keySize = keySize;
- }
-
+ void setKeySize(unsigned int keySize);
+
+ /**
+ * Get the maximum key size criteria.
+ *
+ * @return the maximum key size, or 0
+ */
+ unsigned int getMaxKeySize() const;
+
+ /**
+ * Set the maximum key size criteria.
+ *
+ * @param keySize maximum key size to set
+ */
+ void setMaxKeySize(unsigned int keySize);
+
/**
* Set the key algorithm and size criteria based on an XML algorithm specifier.
*
* @param algorithm XML algorithm specifier
*/
- void setXMLAlgorithm(const XMLCh* algorithm) {
- if (algorithm) {
- std::pair<const char*,unsigned int> mapped =
- XMLToolingConfig::getConfig().mapXMLAlgorithmToKeyAlgorithm(algorithm);
- setKeyAlgorithm(mapped.first);
- setKeySize(mapped.second);
- }
- else {
- setKeyAlgorithm(NULL);
- setKeySize(0);
- }
- }
+ void setXMLAlgorithm(const XMLCh* algorithm);
/**
* Gets key name criteria.
*
* @return an immutable set of key names
*/
- const std::set<std::string>& getKeyNames() const {
- return m_keyNames;
- }
+ const std::set<std::string>& getKeyNames() const;
/**
* Gets key name criteria.
*
* @return a mutable set of key names
*/
- std::set<std::string>& getKeyNames() {
- return m_keyNames;
- }
+ std::set<std::string>& getKeyNames();
/**
* Returns the public key criteria.
*
* @return a public key
*/
- virtual XSECCryptoKey* getPublicKey() const {
- return m_key;
- }
+ virtual XSECCryptoKey* getPublicKey() const;
/**
* Sets the public key criteria.
*
* @param key a public key
*/
- void setPublicKey(XSECCryptoKey* key) {
- m_key = key;
- }
+ void setPublicKey(XSECCryptoKey* key);
+ /**
+ * Bitmask constants controlling the kinds of criteria set automatically
+ * based on a KeyInfo object.
+ */
enum keyinfo_extraction_t {
KEYINFO_EXTRACTION_KEY = 1,
- KEYINFO_EXTRACTION_KEYNAMES = 2,
- KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES = 4
+ KEYINFO_EXTRACTION_KEYNAMES = 2
};
/**
*
* @return the KeyInfo criteria
*/
- const xmlsignature::KeyInfo* getKeyInfo() const {
- return m_keyInfo;
- }
+ const xmlsignature::KeyInfo* getKeyInfo() const;
/**
* Sets the KeyInfo criteria.
* @param keyInfo the KeyInfo criteria
* @param extraction bitmask of criteria to auto-extract from KeyInfo
*/
- virtual void setKeyInfo(const xmlsignature::KeyInfo* keyInfo, int extraction=0) {
- delete m_credential;
- m_credential = NULL;
- m_keyInfo = keyInfo;
- if (!keyInfo || !extraction)
- return;
-
- int types = (extraction & KEYINFO_EXTRACTION_KEY) ? Credential::RESOLVE_KEYS : 0;
- types |= (extraction & KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES) ? X509Credential::RESOLVE_CERTS : 0;
- m_credential = XMLToolingConfig::getConfig().getKeyInfoResolver()->resolve(keyInfo,types);
-
- if (extraction & KEYINFO_EXTRACTION_KEY)
- setPublicKey(m_credential->getPublicKey());
- if (extraction & KEYINFO_EXTRACTION_KEYNAMES)
- m_keyNames.insert(m_credential->getKeyNames().begin(), m_credential->getKeyNames().end());
- if (extraction & KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES) {
- const X509Credential* xcred = dynamic_cast<const X509Credential*>(m_credential);
- if (xcred && !xcred->getEntityCertificateChain().empty())
- X509Credential::extractNames(xcred->getEntityCertificateChain().front(), m_keyNames);
- }
- }
+ virtual void setKeyInfo(const xmlsignature::KeyInfo* keyInfo, int extraction=0);
/**
* Gets the native KeyInfo criteria.
*
* @return the native KeyInfo criteria
*/
- DSIGKeyInfoList* getNativeKeyInfo() const {
- return m_nativeKeyInfo;
- }
+ DSIGKeyInfoList* getNativeKeyInfo() const;
/**
* Sets the KeyInfo criteria.
* @param keyInfo the KeyInfo criteria
* @param extraction bitmask of criteria to auto-extract from KeyInfo
*/
- virtual void setNativeKeyInfo(DSIGKeyInfoList* keyInfo, int extraction=0) {
- delete m_credential;
- m_credential = NULL;
- m_nativeKeyInfo = keyInfo;
- if (!keyInfo || !extraction)
- return;
-
- int types = (extraction & KEYINFO_EXTRACTION_KEY) ? Credential::RESOLVE_KEYS : 0;
- types |= (extraction & KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES) ? X509Credential::RESOLVE_CERTS : 0;
- m_credential = XMLToolingConfig::getConfig().getKeyInfoResolver()->resolve(keyInfo,types);
-
- if (extraction & KEYINFO_EXTRACTION_KEY)
- setPublicKey(m_credential->getPublicKey());
- if (extraction & KEYINFO_EXTRACTION_KEYNAMES)
- m_keyNames.insert(m_credential->getKeyNames().begin(), m_credential->getKeyNames().end());
- if (extraction & KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES) {
- const X509Credential* xcred = dynamic_cast<const X509Credential*>(m_credential);
- if (xcred && !xcred->getEntityCertificateChain().empty())
- X509Credential::extractNames(xcred->getEntityCertificateChain().front(), m_keyNames);
- }
- }
+ virtual void setNativeKeyInfo(DSIGKeyInfoList* keyInfo, int extraction=0);
/**
* Sets the KeyInfo criteria from an XML Signature.
* @param sig the Signature containing KeyInfo criteria
* @param extraction bitmask of criteria to auto-extract from KeyInfo
*/
- void setSignature(const xmlsignature::Signature& sig, int extraction=0) {
- setXMLAlgorithm(sig.getSignatureAlgorithm());
- xmlsignature::KeyInfo* k = sig.getKeyInfo();
- if (k)
- return setKeyInfo(k,extraction);
- DSIGSignature* dsig = sig.getXMLSignature();
- if (dsig)
- setNativeKeyInfo(dsig->getKeyInfoList(),extraction);
- }
+ void setSignature(const xmlsignature::Signature& sig, int extraction=0);
+
+ /**
+ * Resets object to a default state.
+ */
+ virtual void reset();
private:
- UsageType m_keyUsage;
- unsigned int m_keySize;
+ unsigned int m_keyUsage;
+ unsigned int m_keySize,m_maxKeySize;
std::string m_peerName,m_keyAlgorithm;
std::set<std::string> m_keyNames;
XSECCryptoKey* m_key;
DSIGKeyInfoList* m_nativeKeyInfo;
Credential* m_credential;
};
+
+#if defined (_MSC_VER)
+ #pragma warning( pop )
+#endif
};
#endif /* __xmltooling_credcrit_h__ */