2 * Copyright 2001-2007 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file xmltooling/security/SignatureTrustEngine.h
20 * TrustEngine interface that adds validation of digital signatures.
23 #if !defined(__xmltooling_sigtrust_h__) && !defined(XMLTOOLING_NO_XMLSEC)
24 #define __xmltooling_sigtrust_h__
26 #include <xmltooling/security/TrustEngine.h>
28 namespace xmlsignature {
29 class XMLTOOL_API KeyInfo;
30 class XMLTOOL_API Signature;
33 namespace xmltooling {
35 class XMLTOOL_API CredentialCriteria;
36 class XMLTOOL_API CredentialResolver;
39 * TrustEngine interface that adds validation of digital signatures.
41 class XMLTOOL_API SignatureTrustEngine : public virtual TrustEngine {
46 * If a DOM is supplied, the following XML content is supported:
49 * <li><KeyInfoResolver> elements with a type attribute
52 * XML namespaces are ignored in the processing of this content.
54 * @param e DOM to supply configuration for provider
56 SignatureTrustEngine(const xercesc::DOMElement* e=NULL) : TrustEngine(e) {}
59 virtual ~SignatureTrustEngine() {}
62 * Determines whether an XML signature is correct and valid with respect to
63 * the source of credentials supplied.
65 * <p>It is the responsibility of the application to ensure that the credentials
66 * supplied are in fact associated with the peer who created the signature.
68 * <p>If criteria with a peer name are supplied, the "name" of the Credential that verifies
69 * the signature may also be checked to ensure that it identifies the intended peer.
70 * The peer name itself or implementation-specific rules based on the content of the
71 * peer credentials may be applied. Implementations may omit this check if they
72 * deem it unnecessary.
74 * @param sig reference to a signature object to validate
75 * @param credResolver a locked resolver to supply trusted peer credentials to the TrustEngine
76 * @param criteria criteria for selecting peer credentials
77 * @return true iff the signature validates
79 virtual bool validate(
80 xmlsignature::Signature& sig,
81 const CredentialResolver& credResolver,
82 CredentialCriteria* criteria=NULL
86 * Determines whether a raw signature is correct and valid with respect to
87 * the source of credentials supplied.
89 * <p>It is the responsibility of the application to ensure that the Credentials
90 * supplied are in fact associated with the peer who created the signature.
92 * <p>If criteria with a peer name are supplied, the "name" of the Credential that verifies
93 * the signature may also be checked to ensure that it identifies the intended peer.
94 * The peer name itself or implementation-specific rules based on the content of the
95 * peer credentials may be applied. Implementations may omit this check if they
96 * deem it unnecessary.
98 * <p>Note that the keyInfo parameter is not part of the implicitly trusted
99 * set of information supplied via the CredentialResolver, but rather advisory
100 * data that may have accompanied the signature itself.
102 * @param sigAlgorithm XML Signature identifier for the algorithm used
103 * @param sig null-terminated base64-encoded signature value
104 * @param keyInfo KeyInfo object accompanying the signature, if any
105 * @param in the input data over which the signature was created
106 * @param in_len size of input data in bytes
107 * @param credResolver a locked resolver to supply trusted peer credentials to the TrustEngine
108 * @param criteria criteria for selecting peer credentials
109 * @return true iff the signature validates
111 virtual bool validate(
112 const XMLCh* sigAlgorithm,
114 xmlsignature::KeyInfo* keyInfo,
117 const CredentialResolver& credResolver,
118 CredentialCriteria* criteria=NULL
123 #endif /* __xmltooling_sigtrust_h__ */