2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
22 * @file xmltooling/security/KeyInfoResolver.h
24 * Resolves credentials from KeyInfo information.
27 #if !defined(__xmltooling_keyres_h__) && !defined(XMLTOOLING_NO_XMLSEC)
28 #define __xmltooling_keyres_h__
30 #include <xmltooling/base.h>
32 class DSIGKeyInfoList;
34 namespace xmlsignature {
35 class XMLTOOL_API KeyInfo;
36 class XMLTOOL_API Signature;
39 namespace xmltooling {
41 class XMLTOOL_API Credential;
42 class XMLTOOL_API CredentialCriteria;
43 class XMLTOOL_API KeyInfoCredentialContext;
46 * Resolves credentials from KeyInfo information.
48 * <p>Credential-specific bitmasks can be provided to control what to resolve.
50 * <p>Implementations should only establish KeyNames on the basis of explicit names
51 * within the KeyInfo object, never by extracting names out of physical credentials
54 class XMLTOOL_API KeyInfoResolver {
55 MAKE_NONCOPYABLE(KeyInfoResolver);
59 virtual ~KeyInfoResolver();
62 * Returns a credential based on the supplied KeyInfo information.
63 * The caller must release the credential when done with it.
65 * @param keyInfo the key information
66 * @param types types of credentials to resolve, or 0 for any/all
67 * @return the resolved credential, or nullptr
69 virtual Credential* resolve(const xmlsignature::KeyInfo* keyInfo, int types=0) const=0;
72 * Returns a credential based on the supplied KeyInfo information.
73 * The caller must release the credential when done with it.
75 * @param keyInfo the key information
76 * @param types types of credentials to resolve, or 0 for any/all
77 * @return the resolved credential, or nullptr
79 virtual Credential* resolve(DSIGKeyInfoList* keyInfo, int types=0) const=0;
82 * Returns a credential based on the KeyInfo information in the supplied
83 * context. The caller must release the credential when done with it.
85 * <p>The context object will be owned by the Credential and freed with it.
87 * @param context context containing the key information
88 * @param types types of credentials to resolve, or 0 for any/all
89 * @return the resolved credential, or nullptr
91 virtual Credential* resolve(KeyInfoCredentialContext* context, int types=0) const=0;
94 * Returns a credential based on the supplied KeyInfo information.
95 * The caller must release the credential when done with it.
97 * @param sig signature containing the key information
98 * @param types types of credentials to resolve, or 0 for any/all
99 * @return the resolved credential, or nullptr
101 Credential* resolve(const xmlsignature::Signature* sig, int types=0) const;
104 * Returns a credential based on the KeyInfo information in the supplied
105 * criteria. The caller must release the credential when done with it.
107 * @param criteria criteria containing the key information
108 * @param types types of credentials to resolve, or 0 for any/all
109 * @return the resolved credential, or nullptr
111 Credential* resolve(const CredentialCriteria& criteria, int types=0) const;
115 * Registers KeyInfoResolver classes into the runtime.
117 void XMLTOOL_API registerKeyInfoResolvers();
119 /** KeyInfoResolver based on extracting by value directly out of a KeyInfo */
120 #define INLINE_KEYINFO_RESOLVER "Inline"
123 #endif /* __xmltooling_keyres_h__ */