2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
22 * MetadataCredentialCriteria.cpp
24 * Metadata-based CredentialCriteria subclass.
28 #include "saml2/metadata/Metadata.h"
29 #include "saml2/metadata/MetadataCredentialContext.h"
30 #include "saml2/metadata/MetadataCredentialCriteria.h"
32 #include <xmltooling/security/Credential.h>
34 using namespace opensaml::saml2md;
35 using namespace xmltooling;
37 MetadataCredentialCriteria::MetadataCredentialCriteria(const RoleDescriptor& role) : m_role(role)
39 const EntityDescriptor* entity = dynamic_cast<const EntityDescriptor*>(role.getParent());
41 auto_ptr_char name(entity->getEntityID());
42 setPeerName(name.get());
46 bool MetadataCredentialCriteria::matches(const Credential& credential) const
48 const MetadataCredentialContext* context = dynamic_cast<const MetadataCredentialContext*>(credential.getCredentalContext());
50 // Check for a usage mismatch.
51 if ((getUsage() & (xmltooling::Credential::SIGNING_CREDENTIAL | xmltooling::Credential::TLS_CREDENTIAL)) &&
52 XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_ENCRYPTION))
54 else if ((getUsage() & xmltooling::Credential::ENCRYPTION_CREDENTIAL) &&
55 XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_SIGNING))
58 return CredentialCriteria::matches(credential);