+
+const Credential* AbstractMetadataProvider::resolve(const CredentialCriteria* criteria) const
+{
+ const MetadataCredentialCriteria* metacrit = dynamic_cast<const MetadataCredentialCriteria*>(criteria);
+ if (!metacrit)
+ throw MetadataException("Cannot resolve credentials without a MetadataCredentialCriteria object.");
+
+ Lock lock(m_credentialLock);
+ const credmap_t::mapped_type& creds = resolveCredentials(metacrit->getRole());
+
+ for (credmap_t::mapped_type::const_iterator c = creds.begin(); c!=creds.end(); ++c)
+ if (matches(*c,criteria))
+ return c->second;
+ return NULL;
+}
+
+vector<const Credential*>::size_type AbstractMetadataProvider::resolve(
+ vector<const Credential*>& results, const CredentialCriteria* criteria
+ ) const
+{
+ const MetadataCredentialCriteria* metacrit = dynamic_cast<const MetadataCredentialCriteria*>(criteria);
+ if (!metacrit)
+ throw MetadataException("Cannot resolve credentials without a MetadataCredentialCriteria object.");
+
+ Lock lock(m_credentialLock);
+ const credmap_t::mapped_type& creds = resolveCredentials(metacrit->getRole());
+
+ for (credmap_t::mapped_type::const_iterator c = creds.begin(); c!=creds.end(); ++c)
+ if (matches(*c,criteria))
+ results.push_back(c->second);
+ return results.size();
+}
+
+const AbstractMetadataProvider::credmap_t::mapped_type& AbstractMetadataProvider::resolveCredentials(const RoleDescriptor& role) const
+{
+ credmap_t::const_iterator i = m_credentialMap.find(&role);
+ if (i!=m_credentialMap.end())
+ return i->second;
+
+ const KeyInfoResolver* resolver = m_resolver ? m_resolver : XMLToolingConfig::getConfig().getKeyInfoResolver();
+ const vector<KeyDescriptor*>& keys = role.getKeyDescriptors();
+ AbstractMetadataProvider::credmap_t::mapped_type& resolved = m_credentialMap[&role];
+ for (vector<KeyDescriptor*>::const_iterator k = keys.begin(); k!=keys.end(); ++k) {
+ if ((*k)->getKeyInfo()) {
+ Credential* c = resolver->resolve((*k)->getKeyInfo());
+ resolved.push_back(make_pair((*k)->getUse(), c));
+ }
+ }
+ return resolved;
+}
+
+bool AbstractMetadataProvider::matches(const pair<const XMLCh*,Credential*>& cred, const CredentialCriteria* criteria) const
+{
+ if (criteria) {
+ // Check for a usage mismatch.
+ if ((criteria->getUsage()==CredentialCriteria::SIGNING_CREDENTIAL || criteria->getUsage()==CredentialCriteria::TLS_CREDENTIAL) &&
+ XMLString::equals(cred.first,KeyDescriptor::KEYTYPE_ENCRYPTION))
+ return false;
+ else if (criteria->getUsage()==CredentialCriteria::ENCRYPTION_CREDENTIAL && XMLString::equals(cred.first,KeyDescriptor::KEYTYPE_SIGNING))
+ return false;
+
+ if (cred.second->getPublicKey()) {
+ // See if we have to match a specific key.
+ auto_ptr<Credential> critcred(
+ XMLToolingConfig::getConfig().getKeyInfoResolver()->resolve(*criteria,Credential::RESOLVE_KEYS)
+ );
+ if (critcred.get())
+ if (!critcred->isEqual(*(cred.second->getPublicKey())))
+ return false;
+ }
+ }
+ return true;
+}