X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=xmltooling%2Fsecurity%2FCredentialCriteria.h;h=e1b65e63d5e5b7517f3362e408b75bb1e6419663;hb=81b488b2790e7bdeb2f43560b1d4a7d22c3dfdf5;hp=d331c897063297a060d544d7322dff67d84710df;hpb=54ceac01f71daae933195a7f6a661a755be83764;p=shibboleth%2Fcpp-xmltooling.git diff --git a/xmltooling/security/CredentialCriteria.h b/xmltooling/security/CredentialCriteria.h index d331c89..e1b65e6 100644 --- a/xmltooling/security/CredentialCriteria.h +++ b/xmltooling/security/CredentialCriteria.h @@ -1,17 +1,21 @@ -/* - * Copyright 2001-2007 Internet2 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at +/** + * Licensed to the University Corporation for Advanced Internet + * Development, Inc. (UCAID) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for + * additional information regarding copyright ownership. * - * http://www.apache.org/licenses/LICENSE-2.0 + * UCAID licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the + * License at * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. */ /** @@ -23,18 +27,27 @@ #if !defined(__xmltooling_credcrit_h__) && !defined(XMLTOOLING_NO_XMLSEC) #define __xmltooling_credcrit_h__ -#include -#include -#include -#include -#include +#include #include -#include -#include + +class DSIGKeyInfoList; +class XSECCryptoKey; + +namespace xmlsignature { + class XMLTOOL_API KeyInfo; + class XMLTOOL_API Signature; +}; namespace xmltooling { + class XMLTOOL_API Credential; + +#if defined (_MSC_VER) + #pragma warning( push ) + #pragma warning( disable : 4251 ) +#endif + /** * Class for specifying criteria by which a CredentialResolver should resolve credentials. */ @@ -42,12 +55,10 @@ namespace xmltooling { { MAKE_NONCOPYABLE(CredentialCriteria); public: - CredentialCriteria() : m_keyUsage(UNSPECIFIED_CREDENTIAL), m_keySize(0), m_key(NULL), - m_keyInfo(NULL), m_nativeKeyInfo(NULL), m_credential(NULL) { - } - virtual ~CredentialCriteria() { - delete m_credential; - } + /** Default constructor. */ + CredentialCriteria(); + + virtual ~CredentialCriteria(); /** * Determines whether the supplied Credential matches this CredentialCriteria. @@ -56,137 +67,106 @@ namespace xmltooling { * @return true iff the Credential is consistent with this criteria */ virtual bool matches(const Credential& credential) const; - - /** - * Enumeration of use cases for credentials. - */ - enum UsageType { - UNSPECIFIED_CREDENTIAL, - SIGNING_CREDENTIAL, - TLS_CREDENTIAL, - ENCRYPTION_CREDENTIAL - }; - + /** - * Get the key usage criteria. + * Get key usage criteria. * - * @return the usage. + * @return the usage mask */ - UsageType getUsage() const { - return m_keyUsage; - } + unsigned int getUsage() const; /** - * Set the key usage criteria. + * Set key usage criteria. * - * @param usage the usage to set + * @param usage the usage mask to set */ - void setUsage(UsageType usage) { - m_keyUsage = usage; - } + void setUsage(unsigned int usage); /** * Get the peer name criteria. * * @return the peer name */ - const char* getPeerName() const { - return m_peerName.c_str(); - } + const char* getPeerName() const; /** * Set the peer name criteria. * * @param peerName peer name to set */ - void setPeerName(const char* peerName) { - m_peerName.erase(); - if (peerName) - m_peerName = peerName; - } + void setPeerName(const char* peerName); /** * Get the key algorithm criteria. * * @return the key algorithm */ - const char* getKeyAlgorithm() const { - return m_keyAlgorithm.c_str(); - } + const char* getKeyAlgorithm() const; /** * Set the key algorithm criteria. * - * @param keyAlgorithm The key algorithm to set + * @param keyAlgorithm the key algorithm to set */ - void setKeyAlgorithm(const char* keyAlgorithm) { - m_keyAlgorithm.erase(); - if (keyAlgorithm) - m_keyAlgorithm = keyAlgorithm; - } + void setKeyAlgorithm(const char* keyAlgorithm); /** * Get the key size criteria. + *

If a a maximum size is also set, this is treated as a minimum. * * @return the key size, or 0 */ - unsigned int getKeySize() const { - return m_keySize; - } + unsigned int getKeySize() const; /** * Set the key size criteria. + *

If a a maximum size is also set, this is treated as a minimum. * - * @param keySize Key size to set + * @param keySize key size to set */ - void setKeySize(unsigned int keySize) { - m_keySize = keySize; - } - + void setKeySize(unsigned int keySize); + + /** + * Get the maximum key size criteria. + * + * @return the maximum key size, or 0 + */ + unsigned int getMaxKeySize() const; + + /** + * Set the maximum key size criteria. + * + * @param keySize maximum key size to set + */ + void setMaxKeySize(unsigned int keySize); + /** * Set the key algorithm and size criteria based on an XML algorithm specifier. * * @param algorithm XML algorithm specifier */ - void setXMLAlgorithm(const XMLCh* algorithm) { - if (algorithm) { - std::pair mapped = - XMLToolingConfig::getConfig().mapXMLAlgorithmToKeyAlgorithm(algorithm); - setKeyAlgorithm(mapped.first); - setKeySize(mapped.second); - } - else { - setKeyAlgorithm(NULL); - setKeySize(0); - } - } + void setXMLAlgorithm(const XMLCh* algorithm); /** * Gets key name criteria. * * @return an immutable set of key names */ - const std::set& getKeyNames() const { - return m_keyNames; - } + const std::set& getKeyNames() const; /** * Gets key name criteria. * * @return a mutable set of key names */ - std::set& getKeyNames() { - return m_keyNames; - } + std::set& getKeyNames(); /** * Returns the public key criteria. * * @return a public key */ - virtual XSECCryptoKey* getPublicKey() const { - return m_key; - } + virtual XSECCryptoKey* getPublicKey() const; /** * Sets the public key criteria. @@ -196,9 +176,7 @@ namespace xmltooling { * * @param key a public key */ - void setPublicKey(XSECCryptoKey* key) { - m_key = key; - } + void setPublicKey(XSECCryptoKey* key); /** * Bitmask constants controlling the kinds of criteria set automatically @@ -206,8 +184,7 @@ namespace xmltooling { */ enum keyinfo_extraction_t { KEYINFO_EXTRACTION_KEY = 1, - KEYINFO_EXTRACTION_KEYNAMES = 2, - KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES = 4 + KEYINFO_EXTRACTION_KEYNAMES = 2 }; /** @@ -215,9 +192,7 @@ namespace xmltooling { * * @return the KeyInfo criteria */ - const xmlsignature::KeyInfo* getKeyInfo() const { - return m_keyInfo; - } + const xmlsignature::KeyInfo* getKeyInfo() const; /** * Sets the KeyInfo criteria. @@ -225,36 +200,14 @@ namespace xmltooling { * @param keyInfo the KeyInfo criteria * @param extraction bitmask of criteria to auto-extract from KeyInfo */ - virtual void setKeyInfo(const xmlsignature::KeyInfo* keyInfo, int extraction=0) { - delete m_credential; - m_credential = NULL; - m_keyInfo = keyInfo; - if (!keyInfo || !extraction) - return; - - int types = (extraction & KEYINFO_EXTRACTION_KEY) ? Credential::RESOLVE_KEYS : 0; - types |= (extraction & KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES) ? X509Credential::RESOLVE_CERTS : 0; - m_credential = XMLToolingConfig::getConfig().getKeyInfoResolver()->resolve(keyInfo,types); - - if (extraction & KEYINFO_EXTRACTION_KEY) - setPublicKey(m_credential->getPublicKey()); - if (extraction & KEYINFO_EXTRACTION_KEYNAMES) - m_keyNames.insert(m_credential->getKeyNames().begin(), m_credential->getKeyNames().end()); - if (extraction & KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES) { - const X509Credential* xcred = dynamic_cast(m_credential); - if (xcred && !xcred->getEntityCertificateChain().empty()) - X509Credential::extractNames(xcred->getEntityCertificateChain().front(), m_keyNames); - } - } + virtual void setKeyInfo(const xmlsignature::KeyInfo* keyInfo, int extraction=0); /** * Gets the native KeyInfo criteria. * * @return the native KeyInfo criteria */ - DSIGKeyInfoList* getNativeKeyInfo() const { - return m_nativeKeyInfo; - } + DSIGKeyInfoList* getNativeKeyInfo() const; /** * Sets the KeyInfo criteria. @@ -262,27 +215,7 @@ namespace xmltooling { * @param keyInfo the KeyInfo criteria * @param extraction bitmask of criteria to auto-extract from KeyInfo */ - virtual void setNativeKeyInfo(DSIGKeyInfoList* keyInfo, int extraction=0) { - delete m_credential; - m_credential = NULL; - m_nativeKeyInfo = keyInfo; - if (!keyInfo || !extraction) - return; - - int types = (extraction & KEYINFO_EXTRACTION_KEY) ? Credential::RESOLVE_KEYS : 0; - types |= (extraction & KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES) ? X509Credential::RESOLVE_CERTS : 0; - m_credential = XMLToolingConfig::getConfig().getKeyInfoResolver()->resolve(keyInfo,types); - - if (extraction & KEYINFO_EXTRACTION_KEY) - setPublicKey(m_credential->getPublicKey()); - if (extraction & KEYINFO_EXTRACTION_KEYNAMES) - m_keyNames.insert(m_credential->getKeyNames().begin(), m_credential->getKeyNames().end()); - if (extraction & KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES) { - const X509Credential* xcred = dynamic_cast(m_credential); - if (xcred && !xcred->getEntityCertificateChain().empty()) - X509Credential::extractNames(xcred->getEntityCertificateChain().front(), m_keyNames); - } - } + virtual void setNativeKeyInfo(DSIGKeyInfoList* keyInfo, int extraction=0); /** * Sets the KeyInfo criteria from an XML Signature. @@ -290,19 +223,16 @@ namespace xmltooling { * @param sig the Signature containing KeyInfo criteria * @param extraction bitmask of criteria to auto-extract from KeyInfo */ - void setSignature(const xmlsignature::Signature& sig, int extraction=0) { - setXMLAlgorithm(sig.getSignatureAlgorithm()); - xmlsignature::KeyInfo* k = sig.getKeyInfo(); - if (k) - return setKeyInfo(k,extraction); - DSIGSignature* dsig = sig.getXMLSignature(); - if (dsig) - setNativeKeyInfo(dsig->getKeyInfoList(),extraction); - } + void setSignature(const xmlsignature::Signature& sig, int extraction=0); + + /** + * Resets object to a default state. + */ + virtual void reset(); private: - UsageType m_keyUsage; - unsigned int m_keySize; + unsigned int m_keyUsage; + unsigned int m_keySize,m_maxKeySize; std::string m_peerName,m_keyAlgorithm; std::set m_keyNames; XSECCryptoKey* m_key; @@ -310,6 +240,10 @@ namespace xmltooling { DSIGKeyInfoList* m_nativeKeyInfo; Credential* m_credential; }; + +#if defined (_MSC_VER) + #pragma warning( pop ) +#endif }; #endif /* __xmltooling_credcrit_h__ */