* Metadata-based CredentialCriteria subclass.
*/
-#ifndef __saml_metacred_h__
-#define __saml_metacred_h__
+#ifndef __saml_metacrit_h__
+#define __saml_metacrit_h__
#include <saml/base.h>
+#include <saml/saml2/metadata/MetadataCredentialContext.h>
#include <xmltooling/security/CredentialCriteria.h>
namespace opensaml {
namespace saml2md {
- class SAML_API RoleDescriptor;
-
/**
* Metadata-based CredentialCriteria subclass.
*/
class SAML_API MetadataCredentialCriteria : public xmltooling::CredentialCriteria
{
public:
- /*
+ /**
* Constructor.
*
* @param role source of metadata-supplied credentials
*/
- MetadataCredentialCriteria(const RoleDescriptor& role) : m_role(role) {}
+ MetadataCredentialCriteria(const RoleDescriptor& role) : m_role(role) {
+ const EntityDescriptor* entity = dynamic_cast<const EntityDescriptor*>(role.getParent());
+ if (entity) {
+ xmltooling::auto_ptr_char name(entity->getEntityID());
+ setPeerName(name.get());
+ }
+ }
virtual ~MetadataCredentialCriteria() {}
return m_role;
}
+ bool matches(const xmltooling::Credential& credential) const {
+ const MetadataCredentialContext* context = dynamic_cast<const MetadataCredentialContext*>(credential.getCredentalContext());
+ if (context) {
+ // Check for a usage mismatch.
+ if ((getUsage() | (xmltooling::Credential::SIGNING_CREDENTIAL & xmltooling::Credential::TLS_CREDENTIAL)) &&
+ XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_ENCRYPTION))
+ return false;
+ else if ((getUsage() | xmltooling::Credential::ENCRYPTION_CREDENTIAL) &&
+ XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_SIGNING))
+ return false;
+ }
+ return CredentialCriteria::matches(credential);
+ }
+
private:
const RoleDescriptor& m_role;
};
};
};
-#endif /* __saml_metacred_h__ */
+#endif /* __saml_metacrit_h__ */
projects / shibboleth / cpp-opensaml.git / blobdiff