Convert from NULL macro to nullptr.

[shibboleth/cpp-xmltooling.git] / xmltooling / security / AbstractPKIXTrustEngine.h
diff --git a/xmltooling/security/AbstractPKIXTrustEngine.h b/xmltooling/security/AbstractPKIXTrustEngine.h

index 9c60888..43bc661 100644 (file)
--- a/xmltooling/security/AbstractPKIXTrustEngine.h
+++ b/xmltooling/security/AbstractPKIXTrustEngine.h
@@ -1,5 +1,5 @@
  /*
- *  Copyright 2001-2007 Internet2
+ *  Copyright 2001-2010 Internet2
   * 
   * Licensed under the Apache License, Version 2.0 (the "License");
   * you may not use this file except in compliance with the License.
@@ -26,10 +26,11 @@
  
  #include <xmltooling/security/OpenSSLTrustEngine.h>
  #include <xmltooling/security/SignatureTrustEngine.h>
-#include <xmltooling/security/XSECCryptoX509CRL.h>
  
  namespace xmltooling {
  
+    class XMLTOOL_API XSECCryptoX509CRL;
+
      /**
       * A trust engine that uses X.509 trust anchors and CRLs associated with a peer
       * to perform PKIX validation of signatures and credentials.
@@ -43,6 +44,7 @@ namespace xmltooling {
           * If a DOM is supplied, the following XML content is supported:
           * 
           * <ul>
+         *  <li>fullCRLChain boolean attribute
           *  <li>&lt;KeyInfoResolver&gt; elements with a type attribute
           * </ul>
           * 
@@ -50,7 +52,10 @@ namespace xmltooling {
           * 
           * @param e DOM to supply configuration for provider
           */
-        AbstractPKIXTrustEngine(const xercesc::DOMElement* e=NULL) : TrustEngine(e) {}
+        AbstractPKIXTrustEngine(const xercesc::DOMElement* e=nullptr);
+
+        /** Flag controls whether every issuer in the trust path must have a CRL loaded. */
+        bool m_fullCRLChain;
          
          /**
           * Checks that either the name of the peer with the given credentials or the names
@@ -63,14 +68,14 @@ namespace xmltooling {
           * @return true the name check succeeds, false if not
           */
          bool checkEntityNames(X509* certEE, const CredentialResolver& credResolver, const CredentialCriteria& criteria) const;
-        
+
      public:
-        virtual ~AbstractPKIXTrustEngine() {}
+        virtual ~AbstractPKIXTrustEngine();
  
          bool validate(
              xmlsignature::Signature& sig,
              const CredentialResolver& credResolver,
-            CredentialCriteria* criteria=NULL
+            CredentialCriteria* criteria=nullptr
              ) const;
  
          bool validate(
@@ -80,21 +85,21 @@ namespace xmltooling {
              const char* in,
              unsigned int in_len,
              const CredentialResolver& credResolver,
-            CredentialCriteria* criteria=NULL
+            CredentialCriteria* criteria=nullptr
              ) const;
  
          bool validate(
              XSECCryptoX509* certEE,
              const std::vector<XSECCryptoX509*>& certChain,
              const CredentialResolver& credResolver,
-            CredentialCriteria* criteria=NULL
+            CredentialCriteria* criteria=nullptr
              ) const;
  
          bool validate(
              X509* certEE,
              STACK_OF(X509)* certChain,
              const CredentialResolver& credResolver,
-            CredentialCriteria* criteria=NULL
+            CredentialCriteria* criteria=nullptr
              ) const;
  
          /**
@@ -106,10 +111,10 @@ namespace xmltooling {
          class XMLTOOL_API PKIXValidationInfoIterator {
              MAKE_NONCOPYABLE(PKIXValidationInfoIterator);
          protected:
-            PKIXValidationInfoIterator() {}
+            PKIXValidationInfoIterator();
              
          public:
-            virtual ~PKIXValidationInfoIterator() {}
+            virtual ~PKIXValidationInfoIterator();
              
              /**
               * Advances to the next set of information, if any.
@@ -158,8 +163,17 @@ namespace xmltooling {
           * @return interface for obtaining validation data
           */
          virtual PKIXValidationInfoIterator* getPKIXValidationInfoIterator(
-            const CredentialResolver& pkixSource, CredentialCriteria* criteria=NULL
+            const CredentialResolver& pkixSource, CredentialCriteria* criteria=nullptr
              ) const=0;
+
+    private:
+        bool validateWithCRLs(
+            X509* certEE,
+            STACK_OF(X509)* certChain,
+            const CredentialResolver& credResolver,
+            CredentialCriteria* criteria=nullptr,
+            const std::vector<XSECCryptoX509CRL*>* inlineCRLs=nullptr
+            ) const;
      };
  };