2 * Copyright 2001-2007 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file xmltooling/security/BasicX509Credential.h
20 * Wraps an X.509-based Credential by storing key/cert objects inside.
23 #if !defined(__xmltooling_basicx509cred_h__) && !defined(XMLTOOLING_NO_XMLSEC)
24 #define __xmltooling_basicx509cred_h__
26 #include <xmltooling/security/X509Credential.h>
30 namespace xmlsignature {
31 class XMLTOOL_API KeyInfo;
34 namespace xmltooling {
37 * Wraps an X.509-based Credential by storing key/cert objects inside.
39 class XMLTOOL_API BasicX509Credential : public virtual X509Credential
42 BasicX509Credential(bool ownCerts) : m_key(NULL), m_ownCerts(ownCerts), m_crl(NULL), m_keyInfo(NULL), m_compactKeyInfo(NULL) {
48 * @param key key pair or secret key
49 * @param certs array of X.509 certificates, the first entry being the entity certificate
50 * @param crl optional CRL
52 BasicX509Credential(XSECCryptoKey* key, const std::vector<XSECCryptoX509*>& certs, XSECCryptoX509CRL* crl=NULL)
53 : m_key(key), m_xseccerts(certs), m_ownCerts(true), m_crl(crl), m_keyInfo(NULL), m_compactKeyInfo(NULL) {
56 /** The private/secret key/keypair. */
59 /** The X.509 certificate chain. */
60 std::vector<XSECCryptoX509*> m_xseccerts;
62 /** Indicates whether to destroy certificates. */
66 XSECCryptoX509CRL* m_crl;
68 /** The KeyInfo object representing the information. */
69 xmlsignature::KeyInfo* m_keyInfo;
71 /** The KeyInfo object representing the information in compact form. */
72 xmlsignature::KeyInfo* m_compactKeyInfo;
75 * Initializes (or reinitializes) a ds:KeyInfo to represent the Credential.
80 virtual ~BasicX509Credential();
82 const char* getAlgorithm() const {
84 switch (m_key->getKeyType()) {
85 case XSECCryptoKey::KEY_RSA_PRIVATE:
86 case XSECCryptoKey::KEY_RSA_PUBLIC:
87 case XSECCryptoKey::KEY_RSA_PAIR:
90 case XSECCryptoKey::KEY_DSA_PRIVATE:
91 case XSECCryptoKey::KEY_DSA_PUBLIC:
92 case XSECCryptoKey::KEY_DSA_PAIR:
95 case XSECCryptoKey::KEY_HMAC:
98 case XSECCryptoKey::KEY_SYMMETRIC: {
99 XSECCryptoSymmetricKey* skey = static_cast<XSECCryptoSymmetricKey*>(m_key);
100 switch (skey->getSymmetricKeyType()) {
101 case XSECCryptoSymmetricKey::KEY_3DES_192:
103 case XSECCryptoSymmetricKey::KEY_AES_128:
105 case XSECCryptoSymmetricKey::KEY_AES_192:
107 case XSECCryptoSymmetricKey::KEY_AES_256:
116 unsigned int getKeySize() const {
118 switch (m_key->getKeyType()) {
119 case XSECCryptoKey::KEY_RSA_PRIVATE:
120 case XSECCryptoKey::KEY_RSA_PUBLIC:
121 case XSECCryptoKey::KEY_RSA_PAIR: {
122 XSECCryptoKeyRSA* rkey = static_cast<XSECCryptoKeyRSA*>(m_key);
123 return rkey->getLength();
126 case XSECCryptoKey::KEY_SYMMETRIC: {
127 XSECCryptoSymmetricKey* skey = static_cast<XSECCryptoSymmetricKey*>(m_key);
128 switch (skey->getSymmetricKeyType()) {
129 case XSECCryptoSymmetricKey::KEY_3DES_192:
131 case XSECCryptoSymmetricKey::KEY_AES_128:
133 case XSECCryptoSymmetricKey::KEY_AES_192:
135 case XSECCryptoSymmetricKey::KEY_AES_256:
144 XSECCryptoKey* getPrivateKey() const {
146 XSECCryptoKey::KeyType type = m_key->getKeyType();
147 if (type!=XSECCryptoKey::KEY_RSA_PUBLIC && type!=XSECCryptoKey::KEY_DSA_PUBLIC)
153 XSECCryptoKey* getPublicKey() const {
155 XSECCryptoKey::KeyType type = m_key->getKeyType();
156 if (type!=XSECCryptoKey::KEY_RSA_PRIVATE && type!=XSECCryptoKey::KEY_DSA_PRIVATE)
162 std::vector<std::string>::size_type getKeyNames(std::vector<std::string>& results) const;
164 const xmlsignature::KeyInfo* getKeyInfo(bool compact=false) const {
165 return compact ? m_compactKeyInfo : (m_keyInfo ? m_keyInfo : m_compactKeyInfo);
169 * Gets an immutable collection of certificates in the entity's trust chain. The entity certificate is contained
170 * within this list. No specific ordering of the certificates is guaranteed.
172 * @return a certificate chain
174 const std::vector<XSECCryptoX509*>& getEntityCertificateChain() const {
178 XSECCryptoX509CRL* getCRL() const {
184 #endif /* __xmltooling_basicx509cred_h__ */