xmltooling/security/CredentialCriteria.h

   1 /*
   2  *  Copyright 2001-2007 Internet2
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *     http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 /**
  18  * @file xmltooling/security/CredentialCriteria.h
  19  *
  20  * Class for specifying criteria by which a CredentialResolver should resolve credentials.
  21  */
  22
  23 #if !defined(__xmltooling_credcrit_h__) && !defined(XMLTOOLING_NO_XMLSEC)
  24 #define __xmltooling_credcrit_h__
  25
  26 #include <xmltooling/XMLToolingConfig.h>
  27 #include <xmltooling/security/KeyInfoResolver.h>
  28 #include <xmltooling/security/X509Credential.h>
  29 #include <xmltooling/signature/KeyInfo.h>
  30 #include <xmltooling/signature/Signature.h>
  31
  32 #include <set>
  33 #include <xsec/dsig/DSIGKeyInfoList.hpp>
  34 #include <xsec/dsig/DSIGKeyInfoName.hpp>
  35
  36 namespace xmltooling {
  37
  38     /**
  39      * Class for specifying criteria by which a CredentialResolver should resolve credentials.
  40      */
  41     class XMLTOOL_API CredentialCriteria
  42     {
  43         MAKE_NONCOPYABLE(CredentialCriteria);
  44     public:
  45         CredentialCriteria() : m_keyUsage(UNSPECIFIED_CREDENTIAL), m_keySize(0), m_key(NULL),
  46             m_keyInfo(NULL), m_nativeKeyInfo(NULL), m_credential(NULL) {
  47         }
  48         virtual ~CredentialCriteria() {
  49             delete m_credential;
  50         }
  51
  52         enum UsageType {
  53             UNSPECIFIED_CREDENTIAL,
  54             SIGNING_CREDENTIAL,
  55             TLS_CREDENTIAL,
  56             ENCRYPTION_CREDENTIAL
  57         };
  58
  59         /**
  60          * Get the key usage criteria.
  61          *
  62          * @return the usage.
  63          */
  64         UsageType getUsage() const {
  65             return m_keyUsage;
  66         }
  67
  68         /**
  69          * Set the key usage criteria.
  70          *
  71          * @param usage the usage to set
  72          */
  73         void setUsage(UsageType usage) {
  74             m_keyUsage = usage;
  75         }
  76
  77         /**
  78          * Get the peer name criteria.
  79          *
  80          * @return the peer name
  81          */
  82         const char* getPeerName() const {
  83             return m_peerName.c_str();
  84         }
  85
  86         /**
  87          * Set the peer name criteria.
  88          *
  89          * @param peerName peer name to set
  90          */
  91         void setPeerName(const char* peerName) {
  92             m_peerName.erase();
  93             if (peerName)
  94                 m_peerName = peerName;
  95         }
  96
  97         /**
  98          * Get the key algorithm criteria.
  99          *
 100          * @return the key algorithm
 101          */
 102         const char* getKeyAlgorithm() const {
 103             return m_keyAlgorithm.c_str();
 104         }
 105
 106         /**
 107          * Set the key algorithm criteria.
 108          *
 109          * @param keyAlgorithm The key algorithm to set
 110          */
 111         void setKeyAlgorithm(const char* keyAlgorithm) {
 112             m_keyAlgorithm.erase();
 113             if (keyAlgorithm)
 114                 m_keyAlgorithm = keyAlgorithm;
 115         }
 116
 117         /**
 118          * Get the key size criteria.
 119          *
 120          * @return  the key size, or 0
 121          */
 122         unsigned int getKeySize() const {
 123             return m_keySize;
 124         }
 125
 126         /**
 127          * Set the key size criteria.
 128          *
 129          * @param keySize Key size to set
 130          */
 131         void setKeySize(unsigned int keySize) {
 132             m_keySize = keySize;
 133         }
 134
 135         /**
 136          * Set the key algorithm and size criteria based on an XML algorithm specifier.
 137          *
 138          * @param algorithm XML algorithm specifier
 139          */
 140         void setXMLAlgorithm(const XMLCh* algorithm) {
 141             if (algorithm) {
 142                 std::pair<const char*,unsigned int> mapped =
 143                     XMLToolingConfig::getConfig().mapXMLAlgorithmToKeyAlgorithm(algorithm);
 144                 setKeyAlgorithm(mapped.first);
 145                 setKeySize(mapped.second);
 146             }
 147             else {
 148                 setKeyAlgorithm(NULL);
 149                 setKeySize(0);
 150             }
 151         }
 152
 153         /**
 154          * Gets key name criteria.
 155          *
 156          * @return an immutable set of key names
 157          */
 158         const std::set<std::string>& getKeyNames() const {
 159             return m_keyNames;
 160         }
 161
 162         /**
 163          * Gets key name criteria.
 164          *
 165          * @return a mutable set of key names
 166          */
 167         std::set<std::string>& getKeyNames() {
 168             return m_keyNames;
 169         }
 170
 171         /**
 172          * Returns the public key criteria.
 173          *
 174          * @return  a public key
 175          */
 176         virtual XSECCryptoKey* getPublicKey() const {
 177             return m_key;
 178         }
 179
 180         /**
 181          * Sets the public key criteria.
 182          *
 183          * <p>The lifetime of the key <strong>MUST</strong> extend
 184          * for the lifetime of this object.
 185          *
 186          * @param key a public key
 187          */
 188         void setPublicKey(XSECCryptoKey* key) {
 189             m_key = key;
 190         }
 191
 192         enum keyinfo_extraction_t {
 193             KEYINFO_EXTRACTION_KEY = 1,
 194             KEYINFO_EXTRACTION_KEYNAMES = 2,
 195             KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES = 4
 196         };
 197
 198         /**
 199          * Gets the KeyInfo criteria.
 200          *
 201          * @return the KeyInfo criteria
 202          */
 203         const xmlsignature::KeyInfo* getKeyInfo() const {
 204             return m_keyInfo;
 205         }
 206
 207         /**
 208          * Sets the KeyInfo criteria.
 209          *
 210          * @param keyInfo       the KeyInfo criteria
 211          * @param extraction    bitmask of criteria to auto-extract from KeyInfo
 212          */
 213         virtual void setKeyInfo(const xmlsignature::KeyInfo* keyInfo, int extraction=0) {
 214             delete m_credential;
 215             m_credential = NULL;
 216             m_keyInfo = keyInfo;
 217             if (!keyInfo || !extraction)
 218                 return;
 219
 220             int types = (extraction & KEYINFO_EXTRACTION_KEY) ? Credential::RESOLVE_KEYS : 0;
 221             types |= (extraction & KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES) ? X509Credential::RESOLVE_CERTS : 0;
 222             m_credential = XMLToolingConfig::getConfig().getKeyInfoResolver()->resolve(keyInfo,types);
 223
 224             if (extraction & KEYINFO_EXTRACTION_KEY)
 225                 setPublicKey(m_credential->getPublicKey());
 226             if (extraction & KEYINFO_EXTRACTION_KEYNAMES)
 227                 m_keyNames.insert(m_credential->getKeyNames().begin(), m_credential->getKeyNames().end());
 228             if (extraction & KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES) {
 229                 const X509Credential* xcred = dynamic_cast<const X509Credential*>(m_credential);
 230                 if (xcred && !xcred->getEntityCertificateChain().empty())
 231                     X509Credential::extractNames(xcred->getEntityCertificateChain().front(), m_keyNames);
 232             }
 233         }
 234
 235         /**
 236          * Gets the native KeyInfo criteria.
 237          *
 238          * @return the native KeyInfo criteria
 239          */
 240         DSIGKeyInfoList* getNativeKeyInfo() const {
 241             return m_nativeKeyInfo;
 242         }
 243
 244         /**
 245          * Sets the KeyInfo criteria.
 246          *
 247          * @param keyInfo       the KeyInfo criteria
 248          * @param extraction    bitmask of criteria to auto-extract from KeyInfo
 249          */
 250         virtual void setNativeKeyInfo(DSIGKeyInfoList* keyInfo, int extraction=0) {
 251             delete m_credential;
 252             m_credential = NULL;
 253             m_nativeKeyInfo = keyInfo;
 254             if (!keyInfo || !extraction)
 255                 return;
 256
 257             int types = (extraction & KEYINFO_EXTRACTION_KEY) ? Credential::RESOLVE_KEYS : 0;
 258             types |= (extraction & KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES) ? X509Credential::RESOLVE_CERTS : 0;
 259             m_credential = XMLToolingConfig::getConfig().getKeyInfoResolver()->resolve(keyInfo,types);
 260
 261             if (extraction & KEYINFO_EXTRACTION_KEY)
 262                 setPublicKey(m_credential->getPublicKey());
 263             if (extraction & KEYINFO_EXTRACTION_KEYNAMES)
 264                 m_keyNames.insert(m_credential->getKeyNames().begin(), m_credential->getKeyNames().end());
 265             if (extraction & KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES) {
 266                 const X509Credential* xcred = dynamic_cast<const X509Credential*>(m_credential);
 267                 if (xcred && !xcred->getEntityCertificateChain().empty())
 268                     X509Credential::extractNames(xcred->getEntityCertificateChain().front(), m_keyNames);
 269             }
 270         }
 271
 272         /**
 273          * Sets the KeyInfo criteria from an XML Signature.
 274          *
 275          * @param sig           the Signature containing KeyInfo criteria
 276          * @param extraction    bitmask of criteria to auto-extract from KeyInfo
 277          */
 278         void setSignature(const xmlsignature::Signature& sig, int extraction=0) {
 279             setXMLAlgorithm(sig.getSignatureAlgorithm());
 280             xmlsignature::KeyInfo* k = sig.getKeyInfo();
 281             if (k)
 282                 return setKeyInfo(k,extraction);
 283             DSIGSignature* dsig = sig.getXMLSignature();
 284             if (dsig)
 285                 setNativeKeyInfo(dsig->getKeyInfoList(),extraction);
 286         }
 287
 288     private:
 289         UsageType m_keyUsage;
 290         unsigned int m_keySize;
 291         std::string m_peerName,m_keyAlgorithm;
 292         std::set<std::string> m_keyNames;
 293         XSECCryptoKey* m_key;
 294         const xmlsignature::KeyInfo* m_keyInfo;
 295         DSIGKeyInfoList* m_nativeKeyInfo;
 296         Credential* m_credential;
 297     };
 298 };
 299
 300 #endif /* __xmltooling_credcrit_h__ */