2 * Copyright 2001-2008 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file xmltooling/security/SecurityHelper.h
20 * A helper class for working with keys, certificates, etc.
23 #if !defined(__xmltooling_sechelper_h__) && !defined(XMLTOOLING_NO_XMLSEC)
24 #define __xmltooling_sechelper_h__
26 #include <xmltooling/security/XSECCryptoX509CRL.h>
27 #include <xmltooling/soap/SOAPTransport.h>
30 #include <xsec/enc/XSECCryptoKey.hpp>
31 #include <xsec/enc/XSECCryptoX509.hpp>
33 namespace xmltooling {
35 * A helper class for working with keys, certificates, etc.
37 class XMLTOOL_API SecurityHelper
41 * Access a file to try and guess the encoding format used.
43 * @param pathname path to file
44 * @return constant identifying encoding format
46 static const char* guessEncodingFormat(const char* pathname);
49 * Loads a private key from a local file.
51 * @param pathname path to file containing key
52 * @param format optional constant identifying key encoding format
53 * @param password optional password to decrypt key
54 * @return a populated key object
56 static XSECCryptoKey* loadKeyFromFile(const char* pathname, const char* format=NULL, const char* password=NULL);
59 * Loads certificate(s) from a local file.
61 * @param certs array to populate with certificate(s)
62 * @param pathname path to file containing certificate(s)
63 * @param format optional constant identifying certificate encoding format
64 * @return size of the resulting array
66 static std::vector<XSECCryptoX509*>::size_type loadCertificatesFromFile(
67 std::vector<XSECCryptoX509*>& certs, const char* pathname, const char* format=NULL, const char* password=NULL
71 * Loads CRL(s) from a local file.
73 * @param crls array to populate with CRL(s)
74 * @param pathname path to file containing CRL(s)
75 * @param format optional constant identifying CRL encoding format
76 * @return size of the resulting array
78 static std::vector<XSECCryptoX509CRL*>::size_type loadCRLsFromFile(
79 std::vector<XSECCryptoX509CRL*>& crls, const char* pathname, const char* format=NULL
83 * Loads a private key from a URL.
85 * @param transport object to use to acquire key
86 * @param backing backing file for key (written to or read from if download fails)
87 * @param format optional constant identifying key encoding format
88 * @param password optional password to decrypt key
89 * @return a populated key object
91 static XSECCryptoKey* loadKeyFromURL(SOAPTransport& transport, const char* backing, const char* format=NULL, const char* password=NULL);
94 * Loads certificate(s) from a URL.
96 * @param certs array to populate with certificate(s)
97 * @param transport object to use to acquire certificate(s)
98 * @param backing backing file for certificate(s) (written to or read from if download fails)
99 * @param format optional constant identifying certificate encoding format
100 * @return size of the resulting array
102 static std::vector<XSECCryptoX509*>::size_type loadCertificatesFromURL(
103 std::vector<XSECCryptoX509*>& certs, SOAPTransport& transport, const char* backing, const char* format=NULL, const char* password=NULL
107 * Loads CRL(s) from a URL.
109 * @param crls array to populate with CRL(s)
110 * @param transport object to use to acquire CRL(s)
111 * @param backing backing file for CRL(s) (written to or read from if download fails)
112 * @param format optional constant identifying CRL encoding format
113 * @return size of the resulting array
115 static std::vector<XSECCryptoX509CRL*>::size_type loadCRLsFromURL(
116 std::vector<XSECCryptoX509CRL*>& crls, SOAPTransport& transport, const char* backing, const char* format=NULL
120 * Compares two keys for equality.
122 * @param key1 first key to compare
123 * @param key2 second key to compare
124 * @return true iff the keys match
126 static bool matches(const XSECCryptoKey* key1, const XSECCryptoKey* key2);
130 #endif /* __xmltooling_sechelper_h__ */