* Metadata-based CredentialCriteria subclass.
*/
-#ifndef __saml_metacred_h__
-#define __saml_metacred_h__
+#ifndef __saml_metacrit_h__
+#define __saml_metacrit_h__
#include <saml/base.h>
-#include <saml/saml2/metadata/Metadata.h>
+#include <saml/saml2/metadata/MetadataCredentialContext.h>
#include <xmltooling/security/CredentialCriteria.h>
namespace opensaml {
class SAML_API MetadataCredentialCriteria : public xmltooling::CredentialCriteria
{
public:
- /*
+ /**
* Constructor.
*
* @param role source of metadata-supplied credentials
return m_role;
}
+ bool matches(const xmltooling::Credential& credential) const {
+ const MetadataCredentialContext* context = dynamic_cast<const MetadataCredentialContext*>(credential.getCredentalContext());
+ if (context) {
+ // Check for a usage mismatch.
+ if ((getUsage() | (xmltooling::Credential::SIGNING_CREDENTIAL & xmltooling::Credential::TLS_CREDENTIAL)) &&
+ XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_ENCRYPTION))
+ return false;
+ else if ((getUsage() | xmltooling::Credential::ENCRYPTION_CREDENTIAL) &&
+ XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_SIGNING))
+ return false;
+ }
+ return CredentialCriteria::matches(credential);
+ }
+
private:
const RoleDescriptor& m_role;
};
};
};
-#endif /* __saml_metacred_h__ */
+#endif /* __saml_metacrit_h__ */