2 * Copyright 2001-2007 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file xmltooling/security/BasicX509Credential.h
20 * Wraps an X.509-based Credential by storing key/cert objects inside.
23 #if !defined(__xmltooling_basicx509cred_h__) && !defined(XMLTOOLING_NO_XMLSEC)
24 #define __xmltooling_basicx509cred_h__
26 #include <xmltooling/security/X509Credential.h>
27 #include <xmltooling/signature/KeyInfo.h>
31 namespace xmltooling {
34 * Wraps an X.509-based Credential by storing key/cert objects inside.
36 class XMLTOOL_API BasicX509Credential : public virtual X509Credential
42 * @param ownCerts true iff any certificates subsequently stored should be freed by destructor
44 BasicX509Credential(bool ownCerts) : m_key(NULL), m_serial(-1), m_ownCerts(ownCerts), m_crl(NULL), m_keyInfo(NULL), m_compactKeyInfo(NULL) {
50 * @param key key pair or secret key
51 * @param certs array of X.509 certificates, the first entry being the entity certificate
52 * @param crl optional CRL
54 BasicX509Credential(XSECCryptoKey* key, const std::vector<XSECCryptoX509*>& certs, XSECCryptoX509CRL* crl=NULL)
55 : m_key(key), m_serial(-1), m_xseccerts(certs), m_ownCerts(true), m_crl(crl), m_keyInfo(NULL), m_compactKeyInfo(NULL) {
58 /** The private/secret key/keypair. */
61 /** Key names (derived from credential, KeyInfo, or both). */
62 std::set<std::string> m_keyNames;
65 std::string m_subjectName;
68 std::string m_issuerName;
73 /** The X.509 certificate chain. */
74 std::vector<XSECCryptoX509*> m_xseccerts;
76 /** Indicates whether to destroy certificates. */
80 XSECCryptoX509CRL* m_crl;
82 /** The KeyInfo object representing the information. */
83 xmlsignature::KeyInfo* m_keyInfo;
85 /** The KeyInfo object representing the information in compact form. */
86 xmlsignature::KeyInfo* m_compactKeyInfo;
89 * Initializes (or reinitializes) a ds:KeyInfo to represent the Credential.
94 virtual ~BasicX509Credential();
96 unsigned int getUsage() const {
97 return UNSPECIFIED_CREDENTIAL;
99 const char* getAlgorithm() const;
100 unsigned int getKeySize() const;
102 XSECCryptoKey* getPrivateKey() const {
104 XSECCryptoKey::KeyType type = m_key->getKeyType();
105 if (type!=XSECCryptoKey::KEY_RSA_PUBLIC && type!=XSECCryptoKey::KEY_DSA_PUBLIC)
111 XSECCryptoKey* getPublicKey() const {
113 XSECCryptoKey::KeyType type = m_key->getKeyType();
114 if (type!=XSECCryptoKey::KEY_RSA_PRIVATE && type!=XSECCryptoKey::KEY_DSA_PRIVATE)
120 const std::set<std::string>& getKeyNames() const {
124 xmlsignature::KeyInfo* getKeyInfo(bool compact=false) const {
125 if (compact || !m_keyInfo)
126 return m_compactKeyInfo ? m_compactKeyInfo->cloneKeyInfo() : NULL;
127 return m_keyInfo->cloneKeyInfo();
130 const std::vector<XSECCryptoX509*>& getEntityCertificateChain() const {
134 XSECCryptoX509CRL* getCRL() const {
138 const char* getSubjectName() const {
139 return m_subjectName.c_str();
142 const char* getIssuerName() const {
143 return m_issuerName.c_str();
146 int getSerialNumber() const {
154 #endif /* __xmltooling_basicx509cred_h__ */