-/*
- * Copyright 2001-2007 Internet2
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
*/
/**
* @file xmltooling/security/CredentialCriteria.h
*
- * Class for specifying criteria by which a CredentialResolver should resolve credentials.
+ * Class for specifying criteria by which a CredentialResolver should resolve credentials.
*/
#if !defined(__xmltooling_credcrit_h__) && !defined(XMLTOOLING_NO_XMLSEC)
#define __xmltooling_credcrit_h__
-#include <xmltooling/unicode.h>
-#include <xmltooling/signature/KeyInfo.h>
-#include <xmltooling/signature/Signature.h>
+#include <xmltooling/base.h>
+
+#include <set>
-#include <string>
-#include <xsec/dsig/DSIGKeyInfoList.hpp>
-#include <xsec/dsig/DSIGKeyInfoName.hpp>
+class DSIGKeyInfoList;
+class XSECCryptoKey;
+
+namespace xmlsignature {
+ class XMLTOOL_API KeyInfo;
+ class XMLTOOL_API Signature;
+};
namespace xmltooling {
+ class XMLTOOL_API Credential;
+
+#if defined (_MSC_VER)
+ #pragma warning( push )
+ #pragma warning( disable : 4251 )
+#endif
+
/**
* Class for specifying criteria by which a CredentialResolver should resolve credentials.
*/
{
MAKE_NONCOPYABLE(CredentialCriteria);
public:
- CredentialCriteria() : m_keyUsage(UNSPECIFIED_CREDENTIAL), m_keyInfo(NULL), m_nativeKeyInfo(NULL) {}
- virtual ~CredentialCriteria() {}
-
- enum UsageType {
- UNSPECIFIED_CREDENTIAL,
- SIGNING_CREDENTIAL,
- TLS_CREDENTIAL,
- ENCRYPTION_CREDENTIAL
- };
-
+ /** Default constructor. */
+ CredentialCriteria();
+
+ virtual ~CredentialCriteria();
+
+ /**
+ * Determines whether the supplied Credential matches this CredentialCriteria.
+ *
+ * @param credential the Credential to evaluate
+ * @return true iff the Credential is consistent with this criteria
+ */
+ virtual bool matches(const Credential& credential) const;
+
/**
- * Get the key usage criteria.
+ * Get key usage criteria.
*
- * @return the usage.
+ * @return the usage mask
*/
- UsageType getUsage() const {
- return m_keyUsage;
- }
+ unsigned int getUsage() const;
/**
- * Set the key usage criteria.
+ * Set key usage criteria.
*
- * @param usage the usage to set
+ * @param usage the usage mask to set
*/
- void setUsage(UsageType usage) {
- m_keyUsage = usage;
- }
+ void setUsage(unsigned int usage);
/**
* Get the peer name criteria.
*
* @return the peer name
*/
- const char* getPeerName() const {
- return m_peerName.c_str();
- }
+ const char* getPeerName() const;
/**
* Set the peer name criteria.
*
* @param peerName peer name to set
*/
- void setPeerName(const char* peerName) {
- m_peerName.erase();
- if (peerName)
- m_peerName = peerName;
- }
+ void setPeerName(const char* peerName);
/**
* Get the key algorithm criteria.
*
- * @return returns the keyAlgorithm.
+ * @return the key algorithm
*/
- const char* getKeyAlgorithm() const {
- return m_keyAlgorithm.c_str();
- }
+ const char* getKeyAlgorithm() const;
/**
* Set the key algorithm criteria.
*
- * @param keyAlgorithm The keyAlgorithm to set.
+ * @param keyAlgorithm the key algorithm to set
*/
- void setKeyAlgorithm(const char* keyAlgorithm) {
- m_keyAlgorithm.erase();
- if (keyAlgorithm)
- m_keyAlgorithm = keyAlgorithm;
- }
-
+ void setKeyAlgorithm(const char* keyAlgorithm);
+
+ /**
+ * Get the key size criteria.
+ * <p>If a a maximum size is also set, this is treated as a minimum.
+ *
+ * @return the key size, or 0
+ */
+ unsigned int getKeySize() const;
+
+ /**
+ * Set the key size criteria.
+ * <p>If a a maximum size is also set, this is treated as a minimum.
+ *
+ * @param keySize key size to set
+ */
+ void setKeySize(unsigned int keySize);
+
+ /**
+ * Get the maximum key size criteria.
+ *
+ * @return the maximum key size, or 0
+ */
+ unsigned int getMaxKeySize() const;
+
+ /**
+ * Set the maximum key size criteria.
+ *
+ * @param keySize maximum key size to set
+ */
+ void setMaxKeySize(unsigned int keySize);
+
+ /**
+ * Set the key algorithm and size criteria based on an XML algorithm specifier.
+ *
+ * @param algorithm XML algorithm specifier
+ */
+ void setXMLAlgorithm(const XMLCh* algorithm);
+
/**
- * Get the key name criteria.
+ * Gets key name criteria.
*
- * @return the key name
+ * @return an immutable set of key names
*/
- const char* getKeyName() const {
- return m_keyName.c_str();
- }
-
+ const std::set<std::string>& getKeyNames() const;
+
+ /**
+ * Gets key name criteria.
+ *
+ * @return a mutable set of key names
+ */
+ std::set<std::string>& getKeyNames();
+
+ /**
+ * Returns the public key criteria.
+ *
+ * @return a public key
+ */
+ virtual XSECCryptoKey* getPublicKey() const;
+
/**
- * Set the key name criteria.
+ * Sets the public key criteria.
+ *
+ * <p>The lifetime of the key <strong>MUST</strong> extend
+ * for the lifetime of this object.
*
- * @param keyName key name to set
+ * @param key a public key
*/
- void setKeyName(const char* keyName) {
- m_keyName.erase();
- if (keyName)
- m_keyName = keyName;
- }
-
+ void setPublicKey(XSECCryptoKey* key);
+
+ /**
+ * Bitmask constants controlling the kinds of criteria set automatically
+ * based on a KeyInfo object.
+ */
+ enum keyinfo_extraction_t {
+ KEYINFO_EXTRACTION_KEY = 1,
+ KEYINFO_EXTRACTION_KEYNAMES = 2
+ };
+
/**
* Gets the KeyInfo criteria.
*
* @return the KeyInfo criteria
*/
- const xmlsignature::KeyInfo* getKeyInfo() const {
- return m_keyInfo;
- }
+ const xmlsignature::KeyInfo* getKeyInfo() const;
/**
* Sets the KeyInfo criteria.
*
- * @param keyInfo the KeyInfo criteria
+ * @param keyInfo the KeyInfo criteria
+ * @param extraction bitmask of criteria to auto-extract from KeyInfo
*/
- void setKeyInfo(const xmlsignature::KeyInfo* keyInfo) {
- m_keyInfo = keyInfo;
- }
+ virtual void setKeyInfo(const xmlsignature::KeyInfo* keyInfo, int extraction=0);
/**
* Gets the native KeyInfo criteria.
*
* @return the native KeyInfo criteria
*/
- DSIGKeyInfoList* getNativeKeyInfo() const {
- return m_nativeKeyInfo;
- }
+ DSIGKeyInfoList* getNativeKeyInfo() const;
/**
* Sets the KeyInfo criteria.
*
- * @param keyInfo the KeyInfo criteria
+ * @param keyInfo the KeyInfo criteria
+ * @param extraction bitmask of criteria to auto-extract from KeyInfo
*/
- void setNativeKeyInfo(DSIGKeyInfoList* keyInfo) {
- m_nativeKeyInfo = keyInfo;
- }
+ virtual void setNativeKeyInfo(DSIGKeyInfoList* keyInfo, int extraction=0);
- void setSignature(const xmlsignature::Signature& sig) {
- xmlsignature::KeyInfo* k = sig.getKeyInfo();
- if (k)
- return setKeyInfo(k);
- DSIGSignature* dsig = sig.getXMLSignature();
- if (dsig)
- setNativeKeyInfo(dsig->getKeyInfoList());
- }
+ /**
+ * Sets the KeyInfo criteria from an XML Signature.
+ *
+ * @param sig the Signature containing KeyInfo criteria
+ * @param extraction bitmask of criteria to auto-extract from KeyInfo
+ */
+ void setSignature(const xmlsignature::Signature& sig, int extraction=0);
+
+ /**
+ * Resets object to a default state.
+ */
+ virtual void reset();
private:
- UsageType m_keyUsage;
- std::string m_peerName,m_keyAlgorithm,m_keyName;
+ unsigned int m_keyUsage;
+ unsigned int m_keySize,m_maxKeySize;
+ std::string m_peerName,m_keyAlgorithm;
+ std::set<std::string> m_keyNames;
+ XSECCryptoKey* m_key;
const xmlsignature::KeyInfo* m_keyInfo;
DSIGKeyInfoList* m_nativeKeyInfo;
+ Credential* m_credential;
};
+
+#if defined (_MSC_VER)
+ #pragma warning( pop )
+#endif
};
#endif /* __xmltooling_credcrit_h__ */