2 * Copyright 2001-2007 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file xmltooling/security/CredentialCriteria.h
20 * Class for specifying criteria by which a CredentialResolver should resolve credentials.
23 #if !defined(__xmltooling_credcrit_h__) && !defined(XMLTOOLING_NO_XMLSEC)
24 #define __xmltooling_credcrit_h__
26 #include <xmltooling/XMLToolingConfig.h>
27 #include <xmltooling/security/KeyInfoResolver.h>
28 #include <xmltooling/security/X509Credential.h>
29 #include <xmltooling/signature/KeyInfo.h>
30 #include <xmltooling/signature/Signature.h>
33 #include <xsec/dsig/DSIGKeyInfoList.hpp>
34 #include <xsec/dsig/DSIGKeyInfoName.hpp>
36 namespace xmltooling {
39 * Class for specifying criteria by which a CredentialResolver should resolve credentials.
41 class XMLTOOL_API CredentialCriteria
43 MAKE_NONCOPYABLE(CredentialCriteria);
45 CredentialCriteria() : m_keyUsage(UNSPECIFIED_CREDENTIAL), m_keySize(0), m_key(NULL),
46 m_keyInfo(NULL), m_nativeKeyInfo(NULL), m_credential(NULL) {
48 virtual ~CredentialCriteria() {
53 * Determines whether the supplied Credential matches this CredentialCriteria.
55 * @param credential the Credential to evaluate
56 * @return true iff the Credential is consistent with this criteria
58 virtual bool matches(const Credential& credential) const;
61 UNSPECIFIED_CREDENTIAL,
68 * Get the key usage criteria.
72 UsageType getUsage() const {
77 * Set the key usage criteria.
79 * @param usage the usage to set
81 void setUsage(UsageType usage) {
86 * Get the peer name criteria.
88 * @return the peer name
90 const char* getPeerName() const {
91 return m_peerName.c_str();
95 * Set the peer name criteria.
97 * @param peerName peer name to set
99 void setPeerName(const char* peerName) {
102 m_peerName = peerName;
106 * Get the key algorithm criteria.
108 * @return the key algorithm
110 const char* getKeyAlgorithm() const {
111 return m_keyAlgorithm.c_str();
115 * Set the key algorithm criteria.
117 * @param keyAlgorithm The key algorithm to set
119 void setKeyAlgorithm(const char* keyAlgorithm) {
120 m_keyAlgorithm.erase();
122 m_keyAlgorithm = keyAlgorithm;
126 * Get the key size criteria.
128 * @return the key size, or 0
130 unsigned int getKeySize() const {
135 * Set the key size criteria.
137 * @param keySize Key size to set
139 void setKeySize(unsigned int keySize) {
144 * Set the key algorithm and size criteria based on an XML algorithm specifier.
146 * @param algorithm XML algorithm specifier
148 void setXMLAlgorithm(const XMLCh* algorithm) {
150 std::pair<const char*,unsigned int> mapped =
151 XMLToolingConfig::getConfig().mapXMLAlgorithmToKeyAlgorithm(algorithm);
152 setKeyAlgorithm(mapped.first);
153 setKeySize(mapped.second);
156 setKeyAlgorithm(NULL);
162 * Gets key name criteria.
164 * @return an immutable set of key names
166 const std::set<std::string>& getKeyNames() const {
171 * Gets key name criteria.
173 * @return a mutable set of key names
175 std::set<std::string>& getKeyNames() {
180 * Returns the public key criteria.
182 * @return a public key
184 virtual XSECCryptoKey* getPublicKey() const {
189 * Sets the public key criteria.
191 * <p>The lifetime of the key <strong>MUST</strong> extend
192 * for the lifetime of this object.
194 * @param key a public key
196 void setPublicKey(XSECCryptoKey* key) {
200 enum keyinfo_extraction_t {
201 KEYINFO_EXTRACTION_KEY = 1,
202 KEYINFO_EXTRACTION_KEYNAMES = 2,
203 KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES = 4
207 * Gets the KeyInfo criteria.
209 * @return the KeyInfo criteria
211 const xmlsignature::KeyInfo* getKeyInfo() const {
216 * Sets the KeyInfo criteria.
218 * @param keyInfo the KeyInfo criteria
219 * @param extraction bitmask of criteria to auto-extract from KeyInfo
221 virtual void setKeyInfo(const xmlsignature::KeyInfo* keyInfo, int extraction=0) {
225 if (!keyInfo || !extraction)
228 int types = (extraction & KEYINFO_EXTRACTION_KEY) ? Credential::RESOLVE_KEYS : 0;
229 types |= (extraction & KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES) ? X509Credential::RESOLVE_CERTS : 0;
230 m_credential = XMLToolingConfig::getConfig().getKeyInfoResolver()->resolve(keyInfo,types);
232 if (extraction & KEYINFO_EXTRACTION_KEY)
233 setPublicKey(m_credential->getPublicKey());
234 if (extraction & KEYINFO_EXTRACTION_KEYNAMES)
235 m_keyNames.insert(m_credential->getKeyNames().begin(), m_credential->getKeyNames().end());
236 if (extraction & KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES) {
237 const X509Credential* xcred = dynamic_cast<const X509Credential*>(m_credential);
238 if (xcred && !xcred->getEntityCertificateChain().empty())
239 X509Credential::extractNames(xcred->getEntityCertificateChain().front(), m_keyNames);
244 * Gets the native KeyInfo criteria.
246 * @return the native KeyInfo criteria
248 DSIGKeyInfoList* getNativeKeyInfo() const {
249 return m_nativeKeyInfo;
253 * Sets the KeyInfo criteria.
255 * @param keyInfo the KeyInfo criteria
256 * @param extraction bitmask of criteria to auto-extract from KeyInfo
258 virtual void setNativeKeyInfo(DSIGKeyInfoList* keyInfo, int extraction=0) {
261 m_nativeKeyInfo = keyInfo;
262 if (!keyInfo || !extraction)
265 int types = (extraction & KEYINFO_EXTRACTION_KEY) ? Credential::RESOLVE_KEYS : 0;
266 types |= (extraction & KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES) ? X509Credential::RESOLVE_CERTS : 0;
267 m_credential = XMLToolingConfig::getConfig().getKeyInfoResolver()->resolve(keyInfo,types);
269 if (extraction & KEYINFO_EXTRACTION_KEY)
270 setPublicKey(m_credential->getPublicKey());
271 if (extraction & KEYINFO_EXTRACTION_KEYNAMES)
272 m_keyNames.insert(m_credential->getKeyNames().begin(), m_credential->getKeyNames().end());
273 if (extraction & KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES) {
274 const X509Credential* xcred = dynamic_cast<const X509Credential*>(m_credential);
275 if (xcred && !xcred->getEntityCertificateChain().empty())
276 X509Credential::extractNames(xcred->getEntityCertificateChain().front(), m_keyNames);
281 * Sets the KeyInfo criteria from an XML Signature.
283 * @param sig the Signature containing KeyInfo criteria
284 * @param extraction bitmask of criteria to auto-extract from KeyInfo
286 void setSignature(const xmlsignature::Signature& sig, int extraction=0) {
287 setXMLAlgorithm(sig.getSignatureAlgorithm());
288 xmlsignature::KeyInfo* k = sig.getKeyInfo();
290 return setKeyInfo(k,extraction);
291 DSIGSignature* dsig = sig.getXMLSignature();
293 setNativeKeyInfo(dsig->getKeyInfoList(),extraction);
297 UsageType m_keyUsage;
298 unsigned int m_keySize;
299 std::string m_peerName,m_keyAlgorithm;
300 std::set<std::string> m_keyNames;
301 XSECCryptoKey* m_key;
302 const xmlsignature::KeyInfo* m_keyInfo;
303 DSIGKeyInfoList* m_nativeKeyInfo;
304 Credential* m_credential;
308 #endif /* __xmltooling_credcrit_h__ */