[shibboleth/cpp-xmltooling.git] / xmltooling / signature / KeyResolver.h

/*\r
 *  Copyright 2001-2006 Internet2\r
 * \r
 * Licensed under the Apache License, Version 2.0 (the "License");\r
 * you may not use this file except in compliance with the License.\r
 * You may obtain a copy of the License at\r
 *\r
 *     http://www.apache.org/licenses/LICENSE-2.0\r
 *\r
 * Unless required by applicable law or agreed to in writing, software\r
 * distributed under the License is distributed on an "AS IS" BASIS,\r
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
 * See the License for the specific language governing permissions and\r
 * limitations under the License.\r
 */\r
\r
/**\r
 * @file KeyResolver.h\r
 * \r
 * Resolves public keys and certificates based on KeyInfo information or\r
 * external factors. \r
 */\r
\r
#if !defined(__xmltooling_keyres_h__) && !defined(XMLTOOLING_NO_XMLSEC)\r
#define __xmltooling_keyres_h__\r
\r
#include <xmltooling/security/XSECCryptoX509CRL.h>\r
\r
#include <xsec/dsig/DSIGKeyInfoList.hpp>\r
#include <xsec/enc/XSECCryptoKey.hpp>\r
#include <xsec/enc/XSECCryptoX509.hpp>\r
\r
#include <algorithm>\r
#include <vector>\r
\r
namespace xmlsignature {\r
    class XMLTOOL_API KeyInfo;\r
    class XMLTOOL_API Signature;\r
\r
    /**\r
     * An API for resolving keys. The default/simple implementation\r
     * allows a hard-wired key to be supplied. This is mostly\r
     * useful for testing, or to adapt another mechanism for supplying\r
     * keys to this interface.\r
     */\r
    class XMLTOOL_API KeyResolver {\r
        MAKE_NONCOPYABLE(KeyResolver);\r
    public:\r
        /**\r
         * Constructor based on a single externally supplied key.\r
         * The key will be destroyed when the resolver is. \r
         * \r
         * @param key   external key\r
         */\r
        KeyResolver(XSECCryptoKey* key=NULL) : m_key(key) {}\r
        \r
        virtual ~KeyResolver() {\r
            delete m_key;\r
        }\r
        \r
        /**\r
         * Returns a key based on the supplied KeyInfo information.\r
         * The caller must delete the key when done with it.\r
         * \r
         * @param keyInfo   the key information\r
         * @return  the resolved key\r
         */\r
        virtual XSECCryptoKey* resolveKey(const KeyInfo* keyInfo) const {\r
            return m_key ? m_key->clone() : NULL;\r
        }\r
\r
        /**\r
         * Returns a key based on the supplied KeyInfo information.\r
         * The caller must delete the key when done with it.\r
         * \r
         * @param keyInfo   the key information\r
         * @return  the resolved key\r
         */\r
        virtual XSECCryptoKey* resolveKey(DSIGKeyInfoList* keyInfo) const {\r
            return m_key ? m_key->clone() : NULL;\r
        }\r
\r
        /**\r
         * Returns a key based on the supplied KeyInfo information.\r
         * The caller must delete the key when done with it.\r
         * \r
         * @param sig   signature containing the key information\r
         * @return  the resolved key\r
         */\r
        XSECCryptoKey* resolveKey(const Signature* sig) const;\r
\r
        /**\r
         * A wrapper that handles disposal of certificates when required.\r
         */\r
        class XMLTOOL_API ResolvedCertificates {\r
            MAKE_NONCOPYABLE(ResolvedCertificates);\r
            bool m_owned;\r
            std::vector<XSECCryptoX509*> m_certs;\r
        public:\r
            ResolvedCertificates() : m_owned(false) {}\r
            ~ResolvedCertificates() {\r
                if (m_owned) {\r
                    std::for_each(m_certs.begin(), m_certs.end(), xmltooling::cleanup<XSECCryptoX509>());\r
                }\r
            }\r
            const std::vector<XSECCryptoX509*>& v() const {\r
                return m_certs;\r
            }\r
            friend class XMLTOOL_API KeyResolver;\r
        };\r
\r
        /**\r
         * Returns a set of certificates based on the supplied KeyInfo information.\r
         * The certificates must be cloned if kept beyond the lifetime of the KeyInfo source.\r
         * \r
         * @param keyInfo   the key information\r
         * @param certs     reference to object to hold certificates\r
         * @return  number of certificates returned\r
         */\r
        virtual std::vector<XSECCryptoX509*>::size_type resolveCertificates(\r
            const KeyInfo* keyInfo, ResolvedCertificates& certs\r
            ) const;\r
        \r
        /**\r
         * Returns a set of certificates based on the supplied KeyInfo information.\r
         * The certificates must be cloned if kept beyond the lifetime of the KeyInfo source.\r
         * \r
         * @param keyInfo   the key information\r
         * @param certs     reference to object to hold certificates\r
         * @return  number of certificates returned\r
         */\r
        virtual std::vector<XSECCryptoX509*>::size_type resolveCertificates(\r
            DSIGKeyInfoList* keyInfo, ResolvedCertificates& certs \r
            ) const;\r
\r
        /**\r
         * Returns a set of certificates based on the supplied KeyInfo information.\r
         * The certificates must be cloned if kept beyond the lifetime of the KeyInfo source.\r
         * \r
         * @param sig   signature containing the key information\r
         * @param certs     reference to object to hold certificates\r
         * @return  number of certificates returned\r
         */\r
        std::vector<XSECCryptoX509*>::size_type resolveCertificates(\r
            const Signature* sig, ResolvedCertificates& certs\r
            ) const;\r
\r
        /**\r
         * Returns a CRL based on the supplied KeyInfo information.\r
         * The caller must delete the CRL when done with it.\r
         * \r
         * @param keyInfo   the key information\r
         * @return  the resolved CRL\r
         */\r
        virtual xmltooling::XSECCryptoX509CRL* resolveCRL(const KeyInfo* keyInfo) const;\r
        \r
        /**\r
         * Returns a CRL based on the supplied KeyInfo information.\r
         * The caller must delete the CRL when done with it.\r
         * \r
         * @param keyInfo   the key information\r
         * @return  the resolved CRL\r
         */\r
        virtual xmltooling::XSECCryptoX509CRL* resolveCRL(DSIGKeyInfoList* keyInfo) const;\r
\r
        /**\r
         * Returns a CRL based on the supplied KeyInfo information.\r
         * The caller must delete the CRL when done with it.\r
         * \r
         * @param sig   signature containing the key information\r
         * @return  the resolved CRL\r
         */\r
        xmltooling::XSECCryptoX509CRL* resolveCRL(const Signature* sig) const;\r
\r
    protected:\r
        XSECCryptoKey* m_key;\r
\r
        /**\r
         * Accessor for certificate vector from derived KeyResolver classes.\r
         *\r
         * @param certs certificate wrapper to access\r
         * @return modifiable reference to vector inside wrapper\r
         */\r
        std::vector<XSECCryptoX509*>& accessCertificates(ResolvedCertificates& certs) const {\r
            return certs.m_certs;\r
        }\r
\r
        /**\r
         * Accessor for certificate ownership flag from derived KeyResolver classes.\r
         *\r
         * @param certs certificate wrapper to access\r
         * @return modifiable reference to ownership flag inside wrapper\r
         */\r
        bool& accessOwned(ResolvedCertificates& certs) const {\r
            return certs.m_owned;\r
        }\r
    };\r
\r
    /**\r
     * Registers KeyResolver classes into the runtime.\r
     */\r
    void XMLTOOL_API registerKeyResolvers();\r
\r
    /** KeyResolver based on hard-wired key */\r
    #define FILESYSTEM_KEY_RESOLVER  "org.opensaml.xmlooling.FilesystemKeyResolver"\r
\r
    /** KeyResolver based on extracting information directly out of a KeyInfo */\r
    #define INLINE_KEY_RESOLVER  "org.opensaml.xmlooling.InlineKeyResolver"\r
};\r
\r
#endif /* __xmltooling_keyres_h__ */\r