Incorporating boostisms

[shibboleth/cpp-xmltooling.git] / xmltooling / security / AbstractPKIXTrustEngine.h

diff --git a/xmltooling/security/AbstractPKIXTrustEngine.h b/xmltooling/security/AbstractPKIXTrustEngine.h
index 2437e2d..3666fb7 100644 (file)
--- a/xmltooling/security/AbstractPKIXTrustEngine.h
+++ b/xmltooling/security/AbstractPKIXTrustEngine.h
@@ -33,9 +33,11 @@
 
 #include <set>
 #include <string>
+#include <boost/ptr_container/ptr_vector.hpp>
 
 namespace xmltooling {
 
+    class XMLTOOL_API OpenSSLPathValidator;
     class XMLTOOL_API XSECCryptoX509CRL;
 
     /**
@@ -54,6 +56,7 @@ namespace xmltooling {
          *  <li>checkRevocation attribute (off, entityOnly, fullChain)
          *  <li>policyMappingInhibit attribute (boolean)
          *  <li>anyPolicyInhibit attribute (boolean)
+         *  <li>&t;PathValidator&gt; element (zero or more)
          *  <li>&lt;TrustedName&gt; element (zero or more)
          *  <li>&lt;PolicyOID&gt; element (zero or more)
          * </ul>
@@ -62,6 +65,9 @@ namespace xmltooling {
          */
         AbstractPKIXTrustEngine(const xercesc::DOMElement* e=nullptr);
 
+        /** Plugins used to perform path validation. */
+        boost::ptr_vector<OpenSSLPathValidator> m_pathValidators;
+
         /** Controls revocation checking, currently limited to CRLs and supports "off", "entityOnly", "fullChain". */
         std::string m_checkRevocation;
 
@@ -198,6 +204,8 @@ namespace xmltooling {
             CredentialCriteria* criteria=nullptr,
             const std::vector<XSECCryptoX509CRL*>* inlineCRLs=nullptr
             ) const;
+
+        friend class XMLTOOL_DLLLOCAL PKIXParams;
     };
 };