2 * Copyright 2001-2008 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * CredentialCriteria.cpp
20 * Class for specifying criteria by which a CredentialResolver should resolve credentials.
25 #include "security/Credential.h"
26 #include "security/CredentialCriteria.h"
27 #include "security/KeyInfoResolver.h"
28 #include "security/SecurityHelper.h"
30 #include <openssl/dsa.h>
31 #include <openssl/rsa.h>
32 #include <xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.hpp>
33 #include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp>
35 using namespace xmltooling;
38 bool CredentialCriteria::matches(const Credential& credential) const
40 // Usage check, if specified and we have one, compare masks.
41 if (getUsage() != Credential::UNSPECIFIED_CREDENTIAL) {
42 if (credential.getUsage() != Credential::UNSPECIFIED_CREDENTIAL)
43 if ((getUsage() & credential.getUsage()) == 0)
47 // Algorithm check, if specified and we have one.
48 const char* alg = getKeyAlgorithm();
50 const char* alg2 = credential.getAlgorithm();
56 // KeySize check, if specified and we have one.
57 if (credential.getKeySize()>0 && getKeySize()>0 && credential.getKeySize() != getKeySize())
60 // See if we can test key names.
61 const set<string>& critnames = getKeyNames();
62 const set<string>& crednames = credential.getKeyNames();
63 if (!critnames.empty() && !crednames.empty()) {
65 for (set<string>::const_iterator n = critnames.begin(); n!=critnames.end(); ++n) {
66 if (crednames.count(*n)>0) {
75 // See if we have to match a specific key.
76 const XSECCryptoKey* key1 = getPublicKey();
78 return true; // no key to compare against, so we're done
80 const XSECCryptoKey* key2 = credential.getPublicKey();
82 return true; // no key here, so we can't test it
84 return SecurityHelper::matches(key1, key2);