-/*
- * Copyright 2001-2007 Internet2
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
*/
/**
- * @file xmltooling/signature/CredentialResolver.h
+ * @file xmltooling/security/CredentialResolver.h
*
- * Resolves keys and certificates "owned" by an entity
+ * An API for resolving keys and certificates based on application criteria.
*/
#if !defined(__xmltooling_credres_h__) && !defined(XMLTOOLING_NO_XMLSEC)
#include <xmltooling/Lockable.h>
-#include <vector>
-#include <xsec/enc/XSECCryptoKey.hpp>
-#include <xsec/enc/XSECCryptoX509.hpp>
-
namespace xmltooling {
+ class XMLTOOL_API Credential;
+ class XMLTOOL_API CredentialCriteria;
+
/**
- * An API for resolving local/owned keys and certificates
+ * An API for resolving keys and certificates based on application criteria.
*/
- class XMLTOOL_API CredentialResolver : public Lockable
+ class XMLTOOL_API CredentialResolver : public virtual Lockable
{
MAKE_NONCOPYABLE(CredentialResolver);
protected:
- CredentialResolver() {}
+ CredentialResolver();
public:
- virtual ~CredentialResolver() {}
+ virtual ~CredentialResolver();
/**
- * Returns a secret or private key to use for signing operations.
- * The caller is responsible for deleting the key when finished with it.
+ * Returns a single Credential according to the supplied criteria.
*
- * @return a secret or private key
+ * @param criteria an optional CredentialCriteria object
+ * @return a Credential, or nullptr if none could be found
*/
- virtual XSECCryptoKey* getKey() const=0;
-
+ virtual const Credential* resolve(const CredentialCriteria* criteria=nullptr) const=0;
+
/**
- * Returns a set of certificates to publish during signing operations.
- * The certificates must be cloned if kept beyond the scope of a lock.
+ * Returns all matching Credentials according to the supplied criteria.
*
- * @return a set of certificates
+ * @param results array to store matching Credentials
+ * @param criteria an optional CredentialCriteria object
+ * @return number of credentials found
*/
- virtual const std::vector<XSECCryptoX509*>& getCertificates() const=0;
+ virtual std::vector<const Credential*>::size_type resolve(
+ std::vector<const Credential*>& results, const CredentialCriteria* criteria=nullptr
+ ) const=0;
};
/**
*/
void XMLTOOL_API registerCredentialResolvers();
- /** CredentialResolver based on local files */
+ /** CredentialResolver based on local files with no criteria support. */
#define FILESYSTEM_CREDENTIAL_RESOLVER "File"
+
+ /** CredentialResolver that returns nothing, for use with some APIs. */
+ #define DUMMY_CREDENTIAL_RESOLVER "Dummy"
+
+ /** CredentialResolver based on chaining together other resolvers. */
+ #define CHAINING_CREDENTIAL_RESOLVER "Chaining"
};
#endif /* __xmltooling_credres_h__ */