projects
/
shibboleth
/
cpp-xmltooling.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Major revamp of credential and trust handling code, PKIX engine still needs work.
[shibboleth/cpp-xmltooling.git]
/
xmltooling
/
security
/
CredentialResolver.h
diff --git
a/xmltooling/security/CredentialResolver.h
b/xmltooling/security/CredentialResolver.h
index
a9324ee
..
68d675f
100644
(file)
--- a/
xmltooling/security/CredentialResolver.h
+++ b/
xmltooling/security/CredentialResolver.h
@@
-15,9
+15,9
@@
*/
/**
*/
/**
- * @file xmltooling/s
ignature
/CredentialResolver.h
+ * @file xmltooling/s
ecurity
/CredentialResolver.h
*
*
- *
Resolves keys and certificates "owned" by an entity
+ *
An API for resolving keys and certificates based on application criteria.
*/
#if !defined(__xmltooling_credres_h__) && !defined(XMLTOOLING_NO_XMLSEC)
*/
#if !defined(__xmltooling_credres_h__) && !defined(XMLTOOLING_NO_XMLSEC)
@@
-25,20
+25,15
@@
#include <xmltooling/Lockable.h>
#include <xmltooling/Lockable.h>
-#include <vector>
-#include <xsec/enc/XSECCryptoKey.hpp>
-#include <xsec/enc/XSECCryptoX509.hpp>
-
-namespace xmlsignature {
- class XMLTOOL_API KeyInfo;
-};
-
namespace xmltooling {
namespace xmltooling {
+ class XMLTOOL_API Credential;
+ class XMLTOOL_API CredentialCriteria;
+
/**
/**
- * An API for resolving
local/owned keys and certificates
+ * An API for resolving
keys and certificates based on application criteria.
*/
*/
- class XMLTOOL_API CredentialResolver : public Lockable
+ class XMLTOOL_API CredentialResolver : public
virtual
Lockable
{
MAKE_NONCOPYABLE(CredentialResolver);
protected:
{
MAKE_NONCOPYABLE(CredentialResolver);
protected:
@@
-48,21
+43,23
@@
namespace xmltooling {
virtual ~CredentialResolver() {}
/**
virtual ~CredentialResolver() {}
/**
- * Returns a secret or private key to use for signing or decryption operations.
- * The caller is responsible for deleting the key when finished with it.
+ * Returns a single Credential according to the supplied criteria.
*
*
- * @param
keyInfo optional material identifying a decryption key
- * @return a
secret or private key
+ * @param
criteria an optional CredentialCriteria object
+ * @return a
Credential, or NULL if none could be found
*/
*/
- virtual
XSECCryptoKey* getKey(const xmlsignature::KeyInfo* keyInfo
=NULL) const=0;
-
+ virtual
const Credential* resolve(const CredentialCriteria* criteria
=NULL) const=0;
+
/**
/**
- * Returns a set of certificates to publish during signing operations.
- * The certificates must be cloned if kept beyond the scope of a lock.
+ * Returns all matching Credentials according to the supplied criteria.
*
*
- * @return a set of certificates
+ * @param results array to store matching Credentials
+ * @param criteria an optional CredentialCriteria object
+ * @return number of credentials found
*/
*/
- virtual const std::vector<XSECCryptoX509*>& getCertificates() const=0;
+ virtual std::vector<const Credential*>::size_type resolve(
+ std::vector<const Credential*>& results, const CredentialCriteria* criteria=NULL
+ ) const=0;
};
/**
};
/**
@@
-70,7
+67,7
@@
namespace xmltooling {
*/
void XMLTOOL_API registerCredentialResolvers();
*/
void XMLTOOL_API registerCredentialResolvers();
- /** CredentialResolver based on local files */
+ /** CredentialResolver based on local files
with no criteria support.
*/
#define FILESYSTEM_CREDENTIAL_RESOLVER "File"
};
#define FILESYSTEM_CREDENTIAL_RESOLVER "File"
};