2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
22 * @file xmltooling/security/TrustEngine.h
24 * Evaluates the trustworthiness and validity of security information against
25 * implementation-specific requirements.
28 #if !defined(__xmltooling_trust_h__) && !defined(XMLTOOLING_NO_XMLSEC)
29 #define __xmltooling_trust_h__
31 #include <xmltooling/base.h>
32 #include <xercesc/dom/DOM.hpp>
34 namespace xmltooling {
36 class XMLTOOL_API KeyInfoResolver;
39 * Evaluates the trustworthiness and validity of security information against
40 * implementation-specific requirements.
42 class XMLTOOL_API TrustEngine {
43 MAKE_NONCOPYABLE(TrustEngine);
48 * If a DOM is supplied, the following XML content is supported:
51 * <li><KeyInfoResolver> elements with a type attribute
54 * XML namespaces are ignored in the processing of this content.
56 * @param e DOM to supply configuration for provider
58 TrustEngine(const xercesc::DOMElement* e=nullptr);
60 /** Custom KeyInfoResolver instance. */
61 KeyInfoResolver* m_keyInfoResolver;
64 virtual ~TrustEngine();
67 * Supplies a KeyInfoResolver instance.
68 * <p>This method must be externally synchronized with any code that uses the object.
69 * Any previously set object is destroyed.
71 * @param keyInfoResolver new KeyInfoResolver instance to use
73 void setKeyInfoResolver(KeyInfoResolver* keyInfoResolver);
77 * Registers TrustEngine classes into the runtime.
79 void XMLTOOL_API registerTrustEngines();
81 /** TrustEngine based on explicit knowledge of peer key information. */
82 #define EXPLICIT_KEY_TRUSTENGINE "ExplicitKey"
84 /** TrustEngine based on PKIX evaluation against a static set of trust anchors. */
85 #define STATIC_PKIX_TRUSTENGINE "StaticPKIX"
87 /** TrustEngine that tries multiple engines in sequence. */
88 #define CHAINING_TRUSTENGINE "Chaining"
92 #endif /* __xmltooling_trust_h__ */