2 * Copyright 2001-2006 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
20 * Resolves public keys and certificates based on KeyInfo information or
24 #if !defined(__xmltooling_keyres_h__) && !defined(XMLTOOLING_NO_XMLSEC)
25 #define __xmltooling_keyres_h__
27 #include <xmltooling/security/XSECCryptoX509CRL.h>
29 #include <xsec/dsig/DSIGKeyInfoList.hpp>
30 #include <xsec/enc/XSECCryptoKey.hpp>
31 #include <xsec/enc/XSECCryptoX509.hpp>
36 namespace xmlsignature {
37 class XMLTOOL_API KeyInfo;
38 class XMLTOOL_API Signature;
41 * An API for resolving keys. The default/simple implementation
42 * allows a hard-wired key to be supplied. This is mostly
43 * useful for testing, or to adapt another mechanism for supplying
44 * keys to this interface.
46 class XMLTOOL_API KeyResolver {
47 MAKE_NONCOPYABLE(KeyResolver);
50 * Constructor based on a single externally supplied key.
51 * The key will be destroyed when the resolver is.
53 * @param key external key
55 KeyResolver(XSECCryptoKey* key=NULL) : m_key(key) {}
57 virtual ~KeyResolver() {
62 * Returns a key based on the supplied KeyInfo information.
63 * The caller must delete the key when done with it.
65 * @param keyInfo the key information
66 * @return the resolved key
68 virtual XSECCryptoKey* resolveKey(const KeyInfo* keyInfo) const {
69 return m_key ? m_key->clone() : NULL;
73 * Returns a key based on the supplied KeyInfo information.
74 * The caller must delete the key when done with it.
76 * @param keyInfo the key information
77 * @return the resolved key
79 virtual XSECCryptoKey* resolveKey(DSIGKeyInfoList* keyInfo) const {
80 return m_key ? m_key->clone() : NULL;
84 * Returns a key based on the supplied KeyInfo information.
85 * The caller must delete the key when done with it.
87 * @param sig signature containing the key information
88 * @return the resolved key
90 XSECCryptoKey* resolveKey(const Signature* sig) const;
93 * A wrapper that handles disposal of certificates when required.
95 class XMLTOOL_API ResolvedCertificates {
96 MAKE_NONCOPYABLE(ResolvedCertificates);
98 std::vector<XSECCryptoX509*> m_certs;
100 ResolvedCertificates() : m_owned(false) {}
101 ~ResolvedCertificates() {
103 std::for_each(m_certs.begin(), m_certs.end(), xmltooling::cleanup<XSECCryptoX509>());
106 const std::vector<XSECCryptoX509*>& v() const {
109 friend class XMLTOOL_API KeyResolver;
113 * Returns a set of certificates based on the supplied KeyInfo information.
114 * The certificates must be cloned if kept beyond the lifetime of the KeyInfo source.
116 * @param keyInfo the key information
117 * @param certs reference to object to hold certificates
118 * @return number of certificates returned
120 virtual std::vector<XSECCryptoX509*>::size_type resolveCertificates(
121 const KeyInfo* keyInfo, ResolvedCertificates& certs
125 * Returns a set of certificates based on the supplied KeyInfo information.
126 * The certificates must be cloned if kept beyond the lifetime of the KeyInfo source.
128 * @param keyInfo the key information
129 * @param certs reference to object to hold certificates
130 * @return number of certificates returned
132 virtual std::vector<XSECCryptoX509*>::size_type resolveCertificates(
133 DSIGKeyInfoList* keyInfo, ResolvedCertificates& certs
137 * Returns a set of certificates based on the supplied KeyInfo information.
138 * The certificates must be cloned if kept beyond the lifetime of the KeyInfo source.
140 * @param sig signature containing the key information
141 * @param certs reference to object to hold certificates
142 * @return number of certificates returned
144 std::vector<XSECCryptoX509*>::size_type resolveCertificates(
145 const Signature* sig, ResolvedCertificates& certs
149 * Returns a CRL based on the supplied KeyInfo information.
150 * The caller must delete the CRL when done with it.
152 * @param keyInfo the key information
153 * @return the resolved CRL
155 virtual xmltooling::XSECCryptoX509CRL* resolveCRL(const KeyInfo* keyInfo) const;
158 * Returns a CRL based on the supplied KeyInfo information.
159 * The caller must delete the CRL when done with it.
161 * @param keyInfo the key information
162 * @return the resolved CRL
164 virtual xmltooling::XSECCryptoX509CRL* resolveCRL(DSIGKeyInfoList* keyInfo) const;
167 * Returns a CRL based on the supplied KeyInfo information.
168 * The caller must delete the CRL when done with it.
170 * @param sig signature containing the key information
171 * @return the resolved CRL
173 xmltooling::XSECCryptoX509CRL* resolveCRL(const Signature* sig) const;
176 XSECCryptoKey* m_key;
179 * Accessor for certificate vector from derived KeyResolver classes.
181 * @param certs certificate wrapper to access
182 * @return modifiable reference to vector inside wrapper
184 std::vector<XSECCryptoX509*>& accessCertificates(ResolvedCertificates& certs) const {
185 return certs.m_certs;
189 * Accessor for certificate ownership flag from derived KeyResolver classes.
191 * @param certs certificate wrapper to access
192 * @return modifiable reference to ownership flag inside wrapper
194 bool& accessOwned(ResolvedCertificates& certs) const {
195 return certs.m_owned;
200 * Registers KeyResolver classes into the runtime.
202 void XMLTOOL_API registerKeyResolvers();
204 /** KeyResolver based on hard-wired key */
205 #define FILESYSTEM_KEY_RESOLVER "org.opensaml.xmlooling.FilesystemKeyResolver"
207 /** KeyResolver based on extracting information directly out of a KeyInfo */
208 #define INLINE_KEY_RESOLVER "org.opensaml.xmlooling.InlineKeyResolver"
211 #endif /* __xmltooling_keyres_h__ */