X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=blobdiff_plain;f=saml%2Fsecurity%2FTrustEngine.h;h=aeb76d980d5b80c50a2e8517ac8bb0457201d0ae;hp=3ca02b4da1de30c05924c2b0751b292e58315897;hb=ceba6432d156e82a9016190c06ae4640c651a257;hpb=75f0b5ff4b11c24ac0eef5cf35b7d3ca8d9c98fe diff --git a/saml/security/TrustEngine.h b/saml/security/TrustEngine.h index 3ca02b4..aeb76d9 100644 --- a/saml/security/TrustEngine.h +++ b/saml/security/TrustEngine.h @@ -65,12 +65,40 @@ namespace opensaml { * @param sig reference to a signature object to validate * @param role metadata role supplying key information * @param keyResolver optional externally supplied KeyResolver, or NULL + * @return true iff the signature validates */ virtual bool validate( xmlsignature::Signature& sig, const saml2md::RoleDescriptor& role, const xmlsignature::KeyResolver* keyResolver=NULL ) const=0; + + /** + * Determines whether a raw signature is correct and valid with respect to + * the information known about the signer. + * + *

A custom KeyResolver can be supplied from outside the TrustEngine. + * Alternatively, one may be specified to the plugin constructor. + * A non-caching, inline resolver will be used as a fallback. + * + * @param sigAlgorithm XML Signature identifier for the algorithm used + * @param sig null-terminated base64-encoded signature value + * @param keyInfo KeyInfo object accompanying the signature, if any + * @param in the input data over which the signature was created + * @param in_len size of input data in bytes + * @param role metadata role supplying key information + * @param keyResolver optional externally supplied KeyResolver, or NULL + * @return true iff the signature validates + */ + virtual bool validate( + const XMLCh* sigAlgorithm, + const char* sig, + xmlsignature::KeyInfo* keyInfo, + const char* in, + unsigned int in_len, + const saml2md::RoleDescriptor& role, + const xmlsignature::KeyResolver* keyResolver=NULL + ) const=0; };