/*
- * Copyright 2001-2007 Internet2
+ * Copyright 2001-2009 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#define __saml_metacrit_h__
#include <saml/base.h>
-#include <saml/saml2/metadata/MetadataCredentialContext.h>
#include <xmltooling/security/CredentialCriteria.h>
namespace opensaml {
*
* @param role source of metadata-supplied credentials
*/
- MetadataCredentialCriteria(const RoleDescriptor& role) : m_role(role) {
- const EntityDescriptor* entity = dynamic_cast<const EntityDescriptor*>(role.getParent());
- if (entity) {
- xmltooling::auto_ptr_char name(entity->getEntityID());
- setPeerName(name.get());
- }
- }
+ MetadataCredentialCriteria(const RoleDescriptor& role);
virtual ~MetadataCredentialCriteria() {}
return m_role;
}
- bool matches(const xmltooling::Credential& credential) const {
- const MetadataCredentialContext* context = dynamic_cast<const MetadataCredentialContext*>(credential.getCredentalContext());
- if (context) {
- // Check for a usage mismatch.
- if ((getUsage()==CredentialCriteria::SIGNING_CREDENTIAL || getUsage()==CredentialCriteria::TLS_CREDENTIAL) &&
- XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_ENCRYPTION))
- return false;
- else if (getUsage()==CredentialCriteria::ENCRYPTION_CREDENTIAL &&
- XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_SIGNING))
- return false;
- }
- return CredentialCriteria::matches(credential);
- }
+ void reset();
+ bool matches(const xmltooling::Credential& credential) const;
private:
const RoleDescriptor& m_role;