Major revamp of credential and trust handling code, PKIX engine still needs work.

[shibboleth/cpp-opensaml.git] / saml / saml2 / core / Assertions.h
diff --git a/saml/saml2/core/Assertions.h b/saml/saml2/core/Assertions.h

index 80e526c..febf744 100644 (file)
--- a/saml/saml2/core/Assertions.h
+++ b/saml/saml2/core/Assertions.h
@@ -1,5 +1,5 @@
  /*
- *  Copyright 2001-2006 Internet2
+ *  Copyright 2001-2007 Internet2
   * 
   * Licensed under the Apache License, Version 2.0 (the "License");
   * you may not use this file except in compliance with the License.
@@ -23,12 +23,13 @@
  #ifndef __saml2_assertions_h__
  #define __saml2_assertions_h__
  
-#include <saml/RootObject.h>
+#include <saml/Assertion.h>
  #include <saml/util/SAMLConstants.h>
  
  #include <xmltooling/XMLObjectBuilder.h>
  #include <xmltooling/encryption/Encryption.h>
-#include <xmltooling/signature/KeyResolver.h>
+#include <xmltooling/security/CredentialCriteria.h>
+#include <xmltooling/security/CredentialResolver.h>
  #include <xmltooling/signature/Signature.h>
  #include <xmltooling/util/DateTime.h>
  
@@ -61,17 +62,19 @@ namespace opensaml {
              static const XMLCh TYPE_NAME[];
              
              /**
-             * Decrypts the element using a standard approach based on a wrapped decryption key
-             * inside the message. The key decryption key should be supplied using the provided
-             * resolver. The recipient name may be used when multiple encrypted keys are found.
-             * The object returned will be unmarshalled around the decrypted DOM element, but the
-             * DOM itself will be released. 
+             * Decrypts the element using the supplied CredentialResolver.
+             *
+             * <p>The object returned will be unmarshalled around the decrypted DOM element, but the
+             * DOM itself will be released.
               * 
-             * @param KEKresolver   resolver supplying key decryption key
+             * @param credResolver  locked resolver supplying decryption keys
               * @param recipient     identifier naming the recipient (the entity performing the decryption)
+             * @param criteria      optional external criteria to use with resolver
               * @return  the decrypted and unmarshalled object
               */
-            virtual xmltooling::XMLObject* decrypt(xmlsignature::KeyResolver* KEKresolver, const XMLCh* recipient) const=0;
+            virtual xmltooling::XMLObject* decrypt(
+                const xmltooling::CredentialResolver& credResolver, const XMLCh* recipient, xmltooling::CredentialCriteria* criteria=NULL
+                ) const=0;
          END_XMLOBJECT;
  
          BEGIN_XMLOBJECT(SAML_API,EncryptedID,EncryptedElementType,SAML 2.0 EncryptedID element);
@@ -146,21 +149,19 @@ namespace opensaml {
              static const XMLCh TYPE_NAME[];
          END_XMLOBJECT;
  
-        BEGIN_XMLOBJECT(SAML_API,SubjectConfirmationData,xmltooling::ElementProxy,SAML 2.0 SubjectConfirmationData element);
+        BEGIN_XMLOBJECT(SAML_API,SubjectConfirmationDataType,xmltooling::XMLObject,SAML 2.0 SubjectConfirmationDataType base type);
              DECL_DATETIME_ATTRIB(NotBefore,NOTBEFORE);
              DECL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER);
              DECL_STRING_ATTRIB(Recipient,RECIPIENT);
              DECL_STRING_ATTRIB(InResponseTo,INRESPONSETO);
              DECL_STRING_ATTRIB(Address,ADDRESS);
+        END_XMLOBJECT;
+
+        BEGIN_XMLOBJECT2(SAML_API,SubjectConfirmationData,SubjectConfirmationDataType,xmltooling::ElementProxy,SAML 2.0 SubjectConfirmationData element);
              DECL_SIMPLE_CONTENT(Data);
          END_XMLOBJECT;
  
-        BEGIN_XMLOBJECT(SAML_API,KeyInfoConfirmationDataType,xmltooling::AttributeExtensibleXMLObject,SAML 2.0 KeyInfoConfirmationDataType type);
-            DECL_DATETIME_ATTRIB(NotBefore,NOTBEFORE);
-            DECL_DATETIME_ATTRIB(NotOnOrAfter,NOTONORAFTER);
-            DECL_STRING_ATTRIB(Recipient,RECIPIENT);
-            DECL_STRING_ATTRIB(InResponseTo,INRESPONSETO);
-            DECL_STRING_ATTRIB(Address,ADDRESS);
+        BEGIN_XMLOBJECT2(SAML_API,KeyInfoConfirmationDataType,SubjectConfirmationDataType,xmltooling::AttributeExtensibleXMLObject,SAML 2.0 KeyInfoConfirmationDataType type);
              DECL_TYPED_FOREIGN_CHILDREN(KeyInfo,xmlsignature);
              /** KeyInfoConfirmationDataType local name */
              static const XMLCh TYPE_NAME[];
@@ -172,7 +173,6 @@ namespace opensaml {
              DECL_TYPED_CHILD(NameID);
              DECL_TYPED_CHILD(EncryptedID);
              DECL_XMLOBJECT_CHILD(SubjectConfirmationData);
-            DECL_TYPED_CHILD(KeyInfoConfirmationDataType);
              /** SubjectConfirmationType local name */
              static const XMLCh TYPE_NAME[];
              /** Bearer confirmation method */
@@ -320,15 +320,11 @@ namespace opensaml {
              virtual Issuer* getIssuer() const=0;
          };
  
-        BEGIN_XMLOBJECT(SAML_API,Assertion,saml2::RootObject,SAML 2.0 Assertion element);
-            bool isAssertion() const {
-                return true;
-            }
+        BEGIN_XMLOBJECT2(SAML_API,Assertion,saml2::RootObject,opensaml::Assertion,SAML 2.0 Assertion element);
              DECL_INHERITED_STRING_ATTRIB(Version,VER);
              DECL_INHERITED_STRING_ATTRIB(ID,ID);
              DECL_INHERITED_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT);
              DECL_INHERITED_TYPED_CHILD(Issuer);
-            DECL_INHERITED_TYPED_FOREIGN_CHILD(Signature,xmlsignature);
              DECL_TYPED_CHILD(Subject);
              DECL_TYPED_CHILD(Conditions);
              DECL_TYPED_CHILD(Advice);