X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=xmltooling%2Fsecurity%2FX509Credential.h;h=a29f4387878ef25c6635ba6a471df52a33820b36;hb=81b488b2790e7bdeb2f43560b1d4a7d22c3dfdf5;hp=b751398bc20a6a2c718007f38a7df6d68adb74c2;hpb=d96a01ce4d9648bb3186f74d43610b6f12d49758;p=shibboleth%2Fcpp-xmltooling.git

diff --git a/xmltooling/security/X509Credential.h b/xmltooling/security/X509Credential.h
index b751398..a29f438 100644
--- a/xmltooling/security/X509Credential.h
+++ b/xmltooling/security/X509Credential.h
@@ -1,17 +1,21 @@
-/*
- *  Copyright 2001-2007 Internet2
- * 
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
  *
- *     http://www.apache.org/licenses/LICENSE-2.0
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
  *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
  */
 
 /**
@@ -24,29 +28,43 @@
 #define __xmltooling_x509cred_h__
 
 #include <xmltooling/security/Credential.h>
-#include <xmltooling/security/XSECCryptoX509CRL.h>
 
-#include <xsec/enc/XSECCryptoX509.hpp>
+class XSECCryptoX509;
 
 namespace xmltooling {
 
+    class XMLTOOL_API XSECCryptoX509CRL;
+
     /**
      * Wraps an X.509-based Credential.
      */
     class XMLTOOL_API X509Credential : public virtual Credential
     {
     protected:
-        X509Credential() {}
+        X509Credential();
         
     public:
-        virtual ~X509Credential() {}
+        virtual ~X509Credential();
 
+        /**
+         * Bitmask constants for limiting resolution process inside a CredentialResolver. 
+         */
         enum ResolveTypes {
             RESOLVE_CERTS = 4,
             RESOLVE_CRLS = 8
         };
 
         /**
+         * Bitmask of supported KeyInfo content to generate. 
+         */
+        enum KeyInfoTypes {
+            KEYINFO_X509_CERTIFICATE = 4,
+            KEYINFO_X509_SUBJECTNAME = 8,
+            KEYINFO_X509_ISSUERSERIAL = 16,
+            KEYINFO_X509_DIGEST = 32
+        };
+
+        /**
          * Gets an immutable collection of certificates in the entity's trust chain. The entity certificate is contained
          * within this list. No specific ordering of the certificates is guaranteed.
          * 
@@ -55,6 +73,8 @@ namespace xmltooling {
         virtual const std::vector<XSECCryptoX509*>& getEntityCertificateChain() const=0;
 
         /**
+         * @deprecated
+         *
          * Gets a CRL associated with the credential.
          * 
          * @return CRL associated with the credential
@@ -62,12 +82,38 @@ namespace xmltooling {
         virtual XSECCryptoX509CRL* getCRL() const=0;
 
         /**
-         * Extracts Subject CN and DNS/URI subjectAltNames from a certificate.
+         * Gets an immutable collection of all CRLs associated with the credential.
+         * 
+         * @return CRLs associated with the credential
+         */
+        virtual const std::vector<XSECCryptoX509CRL*>& getCRLs() const=0;
+
+
+        /**
+         * Gets the subject name of the first certificate in the chain.
          *
-         * @param x509  certificate to extract
-         * @param names a set to insert names into
+         * @return the Subject DN
+         */
+        virtual const char* getSubjectName() const=0;
+
+        /**
+         * Gets the issuer name of the first certificate in the chain.
+         *
+         * @return the Issuer DN
+         */
+        virtual const char* getIssuerName() const=0;
+
+        /**
+         * Gets the serial number of the first certificate in the chain.
+         *
+         * @return the serial number
+         */
+        virtual const char* getSerialNumber() const=0;
+
+        /**
+         * Extracts properties like issuer and subject from the first certificate in the chain.
          */
-        static void extractNames(XSECCryptoX509* x509, std::set<std::string>& names);
+        virtual void extract()=0;
     };
 };