2 * Copyright 2001-2006 Internet2
\r
4 * Licensed under the Apache License, Version 2.0 (the "License");
\r
5 * you may not use this file except in compliance with the License.
\r
6 * You may obtain a copy of the License at
\r
8 * http://www.apache.org/licenses/LICENSE-2.0
\r
10 * Unless required by applicable law or agreed to in writing, software
\r
11 * distributed under the License is distributed on an "AS IS" BASIS,
\r
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
13 * See the License for the specific language governing permissions and
\r
14 * limitations under the License.
\r
18 * @file KeyResolver.h
\r
20 * Resolves public keys and certificates based on KeyInfo information or
\r
21 * external factors.
\r
24 #if !defined(__xmltooling_keyres_h__) && !defined(XMLTOOLING_NO_XMLSEC)
\r
25 #define __xmltooling_keyres_h__
\r
27 #include <xmltooling/security/XSECCryptoX509CRL.h>
\r
28 #include <xmltooling/signature/KeyInfo.h>
\r
30 #include <xsec/dsig/DSIGKeyInfoList.hpp>
\r
31 #include <xsec/enc/XSECCryptoKey.hpp>
\r
32 #include <xsec/enc/XSECCryptoX509.hpp>
\r
36 namespace xmlsignature {
\r
39 * An API for resolving keys. The default/simple implementation
\r
40 * allows a hard-wired key to be supplied. This is mostly
\r
41 * useful for testing, or to adapt another mechanism for supplying
\r
42 * keys to this interface.
\r
44 class XMLTOOL_API KeyResolver {
\r
45 MAKE_NONCOPYABLE(KeyResolver);
\r
48 * Constructor based on a single externally supplied key.
\r
49 * The key will be destroyed when the resolver is.
\r
51 * @param key external key
\r
53 KeyResolver(XSECCryptoKey* key=NULL) : m_key(key) {}
\r
55 virtual ~KeyResolver() {
\r
60 * Returns a key based on the supplied KeyInfo information.
\r
61 * The caller must delete the key when done with it.
\r
63 * @param keyInfo the key information
\r
64 * @return the resolved key
\r
66 virtual XSECCryptoKey* resolveKey(const KeyInfo* keyInfo) const {
\r
67 return m_key ? m_key->clone() : NULL;
\r
71 * Returns a key based on the supplied KeyInfo information.
\r
72 * The caller must delete the key when done with it.
\r
74 * @param keyInfo the key information
\r
75 * @return the resolved key
\r
77 virtual XSECCryptoKey* resolveKey(DSIGKeyInfoList* keyInfo) const {
\r
78 return m_key ? m_key->clone() : NULL;
\r
82 * Returns a set of certificates based on the supplied KeyInfo information.
\r
83 * The certificates must be cloned if kept beyond the lifetime of the KeyInfo source.
\r
85 * @param keyInfo the key information
\r
86 * @param certs reference to vector to store certificates
\r
87 * @return number of certificates returned
\r
89 virtual std::vector<XSECCryptoX509*>::size_type resolveCertificates(
\r
90 const KeyInfo* keyInfo, std::vector<XSECCryptoX509*>& certs
\r
94 * Returns a set of certificates based on the supplied KeyInfo information.
\r
95 * The certificates must be cloned if kept beyond the lifetime of the KeyInfo source.
\r
97 * @param keyInfo the key information
\r
98 * @param certs reference to vector to store certificates
\r
99 * @return number of certificates returned
\r
101 virtual std::vector<XSECCryptoX509*>::size_type resolveCertificates(
\r
102 DSIGKeyInfoList* keyInfo, std::vector<XSECCryptoX509*>& certs
\r
106 * Returns a CRL based on the supplied KeyInfo information.
\r
107 * The caller must delete the CRL when done with it.
\r
109 * @param keyInfo the key information
\r
110 * @return the resolved CRL
\r
112 virtual xmltooling::XSECCryptoX509CRL* resolveCRL(const KeyInfo* keyInfo) const;
\r
115 * Returns a CRL based on the supplied KeyInfo information.
\r
116 * The caller must delete the CRL when done with it.
\r
118 * @param keyInfo the key information
\r
119 * @return the resolved CRL
\r
121 virtual xmltooling::XSECCryptoX509CRL* resolveCRL(DSIGKeyInfoList* keyInfo) const;
\r
124 XSECCryptoKey* m_key;
\r
128 * Registers KeyResolver classes into the runtime.
\r
130 void XMLTOOL_API registerKeyResolvers();
\r
132 /** KeyResolver based on hard-wired key */
\r
133 #define FILESYSTEM_KEY_RESOLVER "org.opensaml.xmlooling.FilesystemKeyResolver"
\r
135 /** KeyResolver based on extracting information directly out of a KeyInfo */
\r
136 #define INLINE_KEY_RESOLVER "org.opensaml.xmlooling.InlineKeyResolver"
\r
139 #endif /* __xmltooling_keyres_h__ */
\r