2 * Copyright 2001-2009 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * MetadataCredentialCriteria.cpp
20 * Metadata-based CredentialCriteria subclass.
24 #include "saml2/metadata/Metadata.h"
25 #include "saml2/metadata/MetadataCredentialContext.h"
26 #include "saml2/metadata/MetadataCredentialCriteria.h"
28 #include <xmltooling/security/Credential.h>
30 using namespace opensaml::saml2md;
31 using namespace xmltooling;
33 MetadataCredentialCriteria::MetadataCredentialCriteria(const RoleDescriptor& role) : m_role(role)
35 const EntityDescriptor* entity = dynamic_cast<const EntityDescriptor*>(role.getParent());
37 auto_ptr_char name(entity->getEntityID());
38 setPeerName(name.get());
42 void MetadataCredentialCriteria::reset()
44 CredentialCriteria::reset();
45 const EntityDescriptor* entity = dynamic_cast<const EntityDescriptor*>(m_role.getParent());
47 auto_ptr_char name(entity->getEntityID());
48 setPeerName(name.get());
52 bool MetadataCredentialCriteria::matches(const Credential& credential) const
54 const MetadataCredentialContext* context = dynamic_cast<const MetadataCredentialContext*>(credential.getCredentalContext());
56 // Check for a usage mismatch.
57 if ((getUsage() & (xmltooling::Credential::SIGNING_CREDENTIAL | xmltooling::Credential::TLS_CREDENTIAL)) &&
58 XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_ENCRYPTION))
60 else if ((getUsage() & xmltooling::Credential::ENCRYPTION_CREDENTIAL) &&
61 XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_SIGNING))
64 return CredentialCriteria::matches(credential);