2 * Copyright 2001-2009 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file xmltooling/security/CredentialCriteria.h
20 * Class for specifying criteria by which a CredentialResolver should resolve credentials.
23 #if !defined(__xmltooling_credcrit_h__) && !defined(XMLTOOLING_NO_XMLSEC)
24 #define __xmltooling_credcrit_h__
26 #include <xmltooling/XMLToolingConfig.h>
27 #include <xmltooling/security/KeyInfoResolver.h>
28 #include <xmltooling/security/Credential.h>
29 #include <xmltooling/signature/KeyInfo.h>
30 #include <xmltooling/signature/Signature.h>
33 #include <xsec/dsig/DSIGKeyInfoList.hpp>
34 #include <xsec/dsig/DSIGKeyInfoName.hpp>
36 namespace xmltooling {
39 * Class for specifying criteria by which a CredentialResolver should resolve credentials.
41 class XMLTOOL_API CredentialCriteria
43 MAKE_NONCOPYABLE(CredentialCriteria);
45 CredentialCriteria() : m_keyUsage(Credential::UNSPECIFIED_CREDENTIAL), m_keySize(0), m_key(NULL),
46 m_keyInfo(NULL), m_nativeKeyInfo(NULL), m_credential(NULL) {
48 virtual ~CredentialCriteria() {
53 * Determines whether the supplied Credential matches this CredentialCriteria.
55 * @param credential the Credential to evaluate
56 * @return true iff the Credential is consistent with this criteria
58 virtual bool matches(const Credential& credential) const;
61 * Get key usage criteria.
63 * @return the usage mask
65 unsigned int getUsage() const {
70 * Set key usage criteria.
72 * @param usage the usage mask to set
74 void setUsage(unsigned int usage) {
79 * Get the peer name criteria.
81 * @return the peer name
83 const char* getPeerName() const {
84 return m_peerName.c_str();
88 * Set the peer name criteria.
90 * @param peerName peer name to set
92 void setPeerName(const char* peerName) {
95 m_peerName = peerName;
99 * Get the key algorithm criteria.
101 * @return the key algorithm
103 const char* getKeyAlgorithm() const {
104 return m_keyAlgorithm.c_str();
108 * Set the key algorithm criteria.
110 * @param keyAlgorithm The key algorithm to set
112 void setKeyAlgorithm(const char* keyAlgorithm) {
113 m_keyAlgorithm.erase();
115 m_keyAlgorithm = keyAlgorithm;
119 * Get the key size criteria.
121 * @return the key size, or 0
123 unsigned int getKeySize() const {
128 * Set the key size criteria.
130 * @param keySize Key size to set
132 void setKeySize(unsigned int keySize) {
137 * Set the key algorithm and size criteria based on an XML algorithm specifier.
139 * @param algorithm XML algorithm specifier
141 void setXMLAlgorithm(const XMLCh* algorithm) {
143 std::pair<const char*,unsigned int> mapped =
144 XMLToolingConfig::getConfig().mapXMLAlgorithmToKeyAlgorithm(algorithm);
145 setKeyAlgorithm(mapped.first);
146 setKeySize(mapped.second);
149 setKeyAlgorithm(NULL);
155 * Gets key name criteria.
157 * @return an immutable set of key names
159 const std::set<std::string>& getKeyNames() const {
164 * Gets key name criteria.
166 * @return a mutable set of key names
168 std::set<std::string>& getKeyNames() {
173 * Returns the public key criteria.
175 * @return a public key
177 virtual XSECCryptoKey* getPublicKey() const {
182 * Sets the public key criteria.
184 * <p>The lifetime of the key <strong>MUST</strong> extend
185 * for the lifetime of this object.
187 * @param key a public key
189 void setPublicKey(XSECCryptoKey* key) {
194 * Bitmask constants controlling the kinds of criteria set automatically
195 * based on a KeyInfo object.
197 enum keyinfo_extraction_t {
198 KEYINFO_EXTRACTION_KEY = 1,
199 KEYINFO_EXTRACTION_KEYNAMES = 2
203 * Gets the KeyInfo criteria.
205 * @return the KeyInfo criteria
207 const xmlsignature::KeyInfo* getKeyInfo() const {
212 * Sets the KeyInfo criteria.
214 * @param keyInfo the KeyInfo criteria
215 * @param extraction bitmask of criteria to auto-extract from KeyInfo
217 virtual void setKeyInfo(const xmlsignature::KeyInfo* keyInfo, int extraction=0);
220 * Gets the native KeyInfo criteria.
222 * @return the native KeyInfo criteria
224 DSIGKeyInfoList* getNativeKeyInfo() const {
225 return m_nativeKeyInfo;
229 * Sets the KeyInfo criteria.
231 * @param keyInfo the KeyInfo criteria
232 * @param extraction bitmask of criteria to auto-extract from KeyInfo
234 virtual void setNativeKeyInfo(DSIGKeyInfoList* keyInfo, int extraction=0);
237 * Sets the KeyInfo criteria from an XML Signature.
239 * @param sig the Signature containing KeyInfo criteria
240 * @param extraction bitmask of criteria to auto-extract from KeyInfo
242 void setSignature(const xmlsignature::Signature& sig, int extraction=0);
245 unsigned int m_keyUsage;
246 unsigned int m_keySize;
247 std::string m_peerName,m_keyAlgorithm;
248 std::set<std::string> m_keyNames;
249 XSECCryptoKey* m_key;
250 const xmlsignature::KeyInfo* m_keyInfo;
251 DSIGKeyInfoList* m_nativeKeyInfo;
252 Credential* m_credential;
256 #endif /* __xmltooling_credcrit_h__ */