2 * Copyright 2001-2007 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file xmltooling/security/KeyResolver.h
20 * Resolves public keys and certificates based on KeyInfo information or
24 #if !defined(__xmltooling_keyres_h__) && !defined(XMLTOOLING_NO_XMLSEC)
25 #define __xmltooling_keyres_h__
27 #include <xmltooling/security/XSECCryptoX509CRL.h>
29 #include <xsec/dsig/DSIGKeyInfoList.hpp>
30 #include <xsec/enc/XSECCryptoKey.hpp>
31 #include <xsec/enc/XSECCryptoX509.hpp>
36 namespace xmlsignature {
37 class XMLTOOL_API KeyInfo;
38 class XMLTOOL_API Signature;
41 namespace xmltooling {
44 * An API for resolving keys. The default/simple implementation
45 * allows a hard-wired key to be supplied. This is mostly
46 * useful for testing, or to adapt another mechanism for supplying
47 * keys to this interface.
49 class XMLTOOL_API KeyResolver {
50 MAKE_NONCOPYABLE(KeyResolver);
53 * Constructor based on a single externally supplied key.
54 * The key will be destroyed when the resolver is.
56 * @param key external key
58 KeyResolver(XSECCryptoKey* key=NULL) : m_key(key) {}
60 virtual ~KeyResolver() {
65 * Returns a key based on the supplied KeyInfo information.
66 * The caller must delete the key when done with it.
68 * @param keyInfo the key information
69 * @return the resolved key
71 virtual XSECCryptoKey* resolveKey(const xmlsignature::KeyInfo* keyInfo) const {
72 return m_key ? m_key->clone() : NULL;
76 * Returns a key based on the supplied KeyInfo information.
77 * The caller must delete the key when done with it.
79 * @param keyInfo the key information
80 * @return the resolved key
82 virtual XSECCryptoKey* resolveKey(DSIGKeyInfoList* keyInfo) const {
83 return m_key ? m_key->clone() : NULL;
87 * Returns a key based on the supplied KeyInfo information.
88 * The caller must delete the key when done with it.
90 * @param sig signature containing the key information
91 * @return the resolved key
93 XSECCryptoKey* resolveKey(const xmlsignature::Signature* sig) const;
96 * A wrapper that handles disposal of certificates when required.
98 class XMLTOOL_API ResolvedCertificates {
99 MAKE_NONCOPYABLE(ResolvedCertificates);
101 std::vector<XSECCryptoX509*> m_certs;
103 ResolvedCertificates() : m_owned(false) {}
105 ~ResolvedCertificates() {
110 * Empties the container and frees any held resources.
114 std::for_each(m_certs.begin(), m_certs.end(), xmltooling::cleanup<XSECCryptoX509>());
121 * Transfers ownership of certificates outside wrapper.
123 * @param writeTo a container into which to move the certificates
124 * @return true iff the certificates must be freed by caller
126 bool release(std::vector<XSECCryptoX509*>& writeTo) {
127 writeTo.assign(m_certs.begin(),m_certs.end());
137 * Accesses the underlying array of certificates.
139 * @return reference to certificate container
141 const std::vector<XSECCryptoX509*>& v() const {
145 friend class XMLTOOL_API KeyResolver;
149 * Returns a set of certificates based on the supplied KeyInfo information.
150 * The certificates must be cloned if kept beyond the lifetime of the KeyInfo source.
152 * @param keyInfo the key information
153 * @param certs reference to object to hold certificates
154 * @return number of certificates returned
156 virtual std::vector<XSECCryptoX509*>::size_type resolveCertificates(
157 const xmlsignature::KeyInfo* keyInfo, ResolvedCertificates& certs
161 * Returns a set of certificates based on the supplied KeyInfo information.
162 * The certificates must be cloned if kept beyond the lifetime of the KeyInfo source.
164 * @param keyInfo the key information
165 * @param certs reference to object to hold certificates
166 * @return number of certificates returned
168 virtual std::vector<XSECCryptoX509*>::size_type resolveCertificates(
169 DSIGKeyInfoList* keyInfo, ResolvedCertificates& certs
173 * Returns a set of certificates based on the supplied KeyInfo information.
174 * The certificates must be cloned if kept beyond the lifetime of the KeyInfo source.
176 * @param sig signature containing the key information
177 * @param certs reference to object to hold certificates
178 * @return number of certificates returned
180 std::vector<XSECCryptoX509*>::size_type resolveCertificates(
181 const xmlsignature::Signature* sig, ResolvedCertificates& certs
185 * Returns a CRL based on the supplied KeyInfo information.
186 * The caller must delete the CRL when done with it.
188 * @param keyInfo the key information
189 * @return the resolved CRL
191 virtual XSECCryptoX509CRL* resolveCRL(const xmlsignature::KeyInfo* keyInfo) const;
194 * Returns a CRL based on the supplied KeyInfo information.
195 * The caller must delete the CRL when done with it.
197 * @param keyInfo the key information
198 * @return the resolved CRL
200 virtual XSECCryptoX509CRL* resolveCRL(DSIGKeyInfoList* keyInfo) const;
203 * Returns a CRL based on the supplied KeyInfo information.
204 * The caller must delete the CRL when done with it.
206 * @param sig signature containing the key information
207 * @return the resolved CRL
209 XSECCryptoX509CRL* resolveCRL(const xmlsignature::Signature* sig) const;
212 /** Stores an explicit key. */
213 XSECCryptoKey* m_key;
216 * Accessor for certificate vector from derived KeyResolver classes.
218 * @param certs certificate wrapper to access
219 * @return modifiable reference to vector inside wrapper
221 std::vector<XSECCryptoX509*>& accessCertificates(ResolvedCertificates& certs) const {
222 return certs.m_certs;
226 * Accessor for certificate ownership flag from derived KeyResolver classes.
228 * @param certs certificate wrapper to access
229 * @return modifiable reference to ownership flag inside wrapper
231 bool& accessOwned(ResolvedCertificates& certs) const {
232 return certs.m_owned;
237 * Registers KeyResolver classes into the runtime.
239 void XMLTOOL_API registerKeyResolvers();
241 /** KeyResolver based on hard-wired key */
242 #define FILESYSTEM_KEY_RESOLVER "File"
244 /** KeyResolver based on extracting information directly out of a KeyInfo */
245 #define INLINE_KEY_RESOLVER "Inline"
248 #endif /* __xmltooling_keyres_h__ */