2 * Copyright 2001-2006 Internet2
\r
4 * Licensed under the Apache License, Version 2.0 (the "License");
\r
5 * you may not use this file except in compliance with the License.
\r
6 * You may obtain a copy of the License at
\r
8 * http://www.apache.org/licenses/LICENSE-2.0
\r
10 * Unless required by applicable law or agreed to in writing, software
\r
11 * distributed under the License is distributed on an "AS IS" BASIS,
\r
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
13 * See the License for the specific language governing permissions and
\r
14 * limitations under the License.
\r
18 * @file SigningContext.h
\r
20 * SAML-specific signature construction
\r
23 #ifndef __saml_signctx_h__
\r
24 #define __saml_signctx_h__
\r
26 #include <saml/base.h>
\r
27 #include <xmltooling/signature/SigningContext.h>
\r
29 namespace opensaml {
\r
32 * Singleton object that manages library startup/shutdown.configuration.
\r
34 class SAML_API SigningContext : public virtual xmlsignature::SigningContext
\r
40 * @param id identifier of object being signed
\r
41 * @param key signing key to use, will be freed by context
\r
42 * @param certs a certificate chain to embed, or NULL
\r
44 SigningContext(const XMLCh* id, XSECCryptoKey* key, const std::vector<XSECCryptoX509*>* certs=NULL)
\r
45 : m_id(id), m_key(key), m_certs(certs), m_keyInfo(NULL) {
\r
51 * @param id identifier of object being signed
\r
52 * @param key signing key to use, will be freed by context
\r
53 * @param keyInfo a complete KeyInfo object to attach, will be freed by context
\r
55 SigningContext(const XMLCh* id, XSECCryptoKey* key, xmlsignature::KeyInfo* keyInfo)
\r
56 : m_id(id), m_key(key), m_certs(NULL), m_keyInfo(keyInfo) {
\r
59 virtual ~SigningContext() {
\r
65 * Given a "blank" native signature, asks the context to define the
\r
66 * appropriate signature transforms, references, etc.
\r
67 * This method MAY attach ds:KeyInfo information, or a set of X.509
\r
68 * certificates can be returned from the SigningContext::getX509Certificates()
\r
71 * @param sig native signature interface
\r
73 virtual void createSignature(DSIGSignature* sig) const;
\r
76 * Gets a reference to a collection of certificates to append to
\r
77 * the ds:KeyInfo element in a ds:X509Data chain.
\r
78 * The certificate corresponding to the signing key SHOULD be
\r
79 * first, followed by any additional intermediates to append.
\r
81 * @return an immutable collection of certificates to embed
\r
83 virtual const std::vector<XSECCryptoX509*>* getX509Certificates() const {
\r
88 * Gets a KeyInfo structure to embed.
\r
89 * Ownership of the object MUST be transferred to the caller.
\r
90 * This method will only be called if no certificates are returned from
\r
91 * the getX509Certificates() method.
\r
93 * @return pointer to a KeyInfo structure, will be freed by caller
\r
95 virtual xmlsignature::KeyInfo* getKeyInfo() const {
\r
96 xmlsignature::KeyInfo* ret=m_keyInfo;
\r
102 * Gets the signing key to use.
\r
103 * Must be compatible with the intended signature algorithm. Ownership of the key
\r
104 * MUST be transferred to the caller.
\r
106 * @return pointer to a signing key, will be freed by caller
\r
108 virtual XSECCryptoKey* getSigningKey() const {
\r
109 XSECCryptoKey* ret=m_key;
\r
114 void addInclusivePrefix(const char* prefix) {
\r
115 m_prefixes.push_back(prefix);
\r
119 /** Identifier of object to sign. */
\r
122 /** Signing key. */
\r
123 mutable XSECCryptoKey* m_key;
\r
125 /** Optional pointer to certificate chain to embed. */
\r
126 const std::vector<XSECCryptoX509*>* m_certs;
\r
128 /** Optional pointer to KeyInfo to embed. */
\r
129 mutable xmlsignature::KeyInfo* m_keyInfo;
\r
131 /** Inclusive prefixes. */
\r
132 std::vector<std::string> m_prefixes;
\r
137 #endif /* __saml_signctx_h__ */
\r