saml/security/ChainingTrustEngine.h

   1 /*
   2  *  Copyright 2001-2006 Internet2
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *     http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 /**
  18  * @file saml/security/ChainingTrustEngine.h
  19  *
  20  * X509TrustEngine that uses multiple engines in sequence.
  21  */
  22
  23 #ifndef __saml_chaintrust_h__
  24 #define __saml_chaintrust_h__
  25
  26 #include <saml/security/X509TrustEngine.h>
  27
  28 namespace opensaml {
  29
  30     /**
  31      * X509TrustEngine that uses multiple engines in sequence.
  32      */
  33     class SAML_API ChainingTrustEngine : public X509TrustEngine {
  34     public:
  35         /**
  36          * Constructor.
  37          *
  38          * If a DOM is supplied, the following XML content is supported:
  39          *
  40          * <ul>
  41          *  <li>&lt;TrustEngine&gt; elements with a type attribute
  42          * </ul>
  43          *
  44          * XML namespaces are ignored in the processing of this content.
  45          *
  46          * @param e DOM to supply configuration for provider
  47          */
  48         ChainingTrustEngine(const DOMElement* e=NULL);
  49
  50         /**
  51          * Destructor will delete any embedded engines.
  52          */
  53         virtual ~ChainingTrustEngine();
  54
  55         /**
  56          * Adds a trust engine for future calls.
  57          *
  58          * @param newEngine trust engine to add
  59          */
  60         void addTrustEngine(X509TrustEngine* newEngine) {
  61             m_engines.push_back(newEngine);
  62         }
  63
  64         /**
  65          * Removes a trust engine. The caller must delete the engine if necessary.
  66          *
  67          * @param oldEngine trust engine to remove
  68          * @return  the old engine
  69          */
  70         X509TrustEngine* removeTrustEngine(X509TrustEngine* oldEngine) {
  71             for (std::vector<X509TrustEngine*>::iterator i=m_engines.begin(); i!=m_engines.end(); i++) {
  72                 if (oldEngine==(*i)) {
  73                     m_engines.erase(i);
  74                     return oldEngine;
  75                 }
  76             }
  77             return NULL;
  78         }
  79
  80         virtual bool validate(
  81             xmlsignature::Signature& sig,
  82             const saml2md::RoleDescriptor& role,
  83             const xmlsignature::KeyResolver* keyResolver=NULL
  84             ) const;
  85         virtual bool validate(
  86             const XMLCh* sigAlgorithm,
  87             const char* sig,
  88             xmlsignature::KeyInfo* keyInfo,
  89             const char* in,
  90             unsigned int in_len,
  91             const saml2md::RoleDescriptor& role,
  92             const xmlsignature::KeyResolver* keyResolver=NULL
  93             ) const;
  94         virtual bool validate(
  95             XSECCryptoX509* certEE,
  96             const std::vector<XSECCryptoX509*>& certChain,
  97             const saml2md::RoleDescriptor& role,
  98             bool checkName=true,
  99             const xmlsignature::KeyResolver* keyResolver=NULL
 100             ) const;
 101
 102     private:
 103         std::vector<X509TrustEngine*> m_engines;
 104     };
 105
 106 };
 107
 108 #endif /* __saml_chaintrust_h__ */