-/*\r
- * Copyright 2001-2006 Internet2\r
- * \r
- * Licensed under the Apache License, Version 2.0 (the "License");\r
- * you may not use this file except in compliance with the License.\r
- * You may obtain a copy of the License at\r
- *\r
- * http://www.apache.org/licenses/LICENSE-2.0\r
- *\r
- * Unless required by applicable law or agreed to in writing, software\r
- * distributed under the License is distributed on an "AS IS" BASIS,\r
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * See the License for the specific language governing permissions and\r
- * limitations under the License.\r
- */\r
-\r
-/**\r
- * @file security/TrustEngine.h\r
- * \r
- * Evaluates the trustworthiness and validity of XML Signatures against\r
- * implementation-specific requirements.\r
- */\r
-\r
-#if !defined(__xmltooling_trust_h__) && !defined(XMLTOOLING_NO_XMLSEC)\r
-#define __xmltooling_trust_h__\r
-\r
-#include <xmltooling/signature/KeyResolver.h>\r
-#include <xmltooling/signature/Signature.h>\r
-\r
-namespace xmltooling {\r
-\r
- /**\r
- * Evaluates the trustworthiness and validity of XML Signatures against\r
- * implementation-specific requirements.\r
- */\r
- class XMLTOOL_API TrustEngine {\r
- MAKE_NONCOPYABLE(TrustEngine);\r
- protected:\r
- /**\r
- * Constructor.\r
- * \r
- * If a DOM is supplied, the following XML content is supported:\r
- * \r
- * <ul>\r
- * <li><KeyResolver> elements with a type attribute\r
- * </ul>\r
- * \r
- * XML namespaces are ignored in the processing of this content.\r
- * \r
- * @param e DOM to supply configuration for provider\r
- */\r
- TrustEngine(const DOMElement* e=NULL);\r
- \r
- /** Default KeyResolver instance. */\r
- xmlsignature::KeyResolver* m_keyResolver;\r
- \r
- public:\r
- virtual ~TrustEngine();\r
- \r
- /**\r
- * Callback interface to supply KeyInfo objects to a TrustEngine.\r
- * Applications can adapt TrustEngines to their environment by supplying\r
- * implementations of this interface, or create specialized TrustEngine APIs\r
- * by combining a KeyInfoIterator with a delegated TrustEngine. \r
- */\r
- class XMLTOOL_API KeyInfoIterator {\r
- MAKE_NONCOPYABLE(KeyInfoIterator);\r
- protected:\r
- KeyInfoIterator() {}\r
- public:\r
- virtual ~KeyInfoIterator() {}\r
- \r
- /**\r
- * Indicates whether additional KeyInfo objects are available.\r
- * \r
- * @return true iff another KeyInfo object can be fetched\r
- */\r
- virtual bool hasNext() const=0;\r
- \r
- /**\r
- * Returns the next KeyInfo object available.\r
- * \r
- * @return the next KeyInfo object, or NULL if none are left\r
- */\r
- virtual const xmlsignature::KeyInfo* next()=0;\r
- };\r
- \r
- /**\r
- * Determines whether a signature is correct and valid with respect to the\r
- * KeyInfo data supplied. It is the responsibility of the application to\r
- * ensure that the KeyInfo information supplied is in fact associated with\r
- * the peer who created the signature. \r
- * \r
- * A custom KeyResolver can be supplied from outside the TrustEngine.\r
- * Alternatively, one may be specified to the plugin constructor.\r
- * A non-caching, inline resolver will be used as a fallback.\r
- * \r
- * @param sig reference to a signature object to validate\r
- * @param keyInfoSource supplies KeyInfo objects to the TrustEngine\r
- * @param keyResolver optional externally supplied KeyResolver, or NULL\r
- */\r
- virtual bool validate(\r
- xmlsignature::Signature& sig,\r
- KeyInfoIterator& keyInfoSource,\r
- const xmlsignature::KeyResolver* keyResolver=NULL\r
- )=0;\r
- };\r
-\r
- /**\r
- * Registers TrustEngine classes into the runtime.\r
- */\r
- void XMLTOOL_API registerTrustEngines();\r
-\r
- /** TrustEngine based on explicit knowledge of peer key information. */\r
- #define EXPLICIT_KEY_TRUSTENGINE "org.opensaml.xmlooling.security.ExplicitKeyTrustEngine"\r
-};\r
-\r
-#endif /* __xmltooling_trust_h__ */\r
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
+ */
+
+/**
+ * @file xmltooling/security/TrustEngine.h
+ *
+ * Evaluates the trustworthiness and validity of security information against
+ * implementation-specific requirements.
+ */
+
+#if !defined(__xmltooling_trust_h__) && !defined(XMLTOOLING_NO_XMLSEC)
+#define __xmltooling_trust_h__
+
+#include <xmltooling/base.h>
+#include <xercesc/dom/DOM.hpp>
+
+namespace xmltooling {
+
+ class XMLTOOL_API KeyInfoResolver;
+
+ /**
+ * Evaluates the trustworthiness and validity of security information against
+ * implementation-specific requirements.
+ */
+ class XMLTOOL_API TrustEngine {
+ MAKE_NONCOPYABLE(TrustEngine);
+ protected:
+ /**
+ * Constructor.
+ *
+ * If a DOM is supplied, the following XML content is supported:
+ *
+ * <ul>
+ * <li><KeyInfoResolver> elements with a type attribute
+ * </ul>
+ *
+ * XML namespaces are ignored in the processing of this content.
+ *
+ * @param e DOM to supply configuration for provider
+ */
+ TrustEngine(const xercesc::DOMElement* e=nullptr);
+
+ /** Custom KeyInfoResolver instance. */
+ KeyInfoResolver* m_keyInfoResolver;
+
+ public:
+ virtual ~TrustEngine();
+
+ /**
+ * Supplies a KeyInfoResolver instance.
+ * <p>This method must be externally synchronized with any code that uses the object.
+ * Any previously set object is destroyed.
+ *
+ * @param keyInfoResolver new KeyInfoResolver instance to use
+ */
+ void setKeyInfoResolver(KeyInfoResolver* keyInfoResolver);
+ };
+
+ /**
+ * Registers TrustEngine classes into the runtime.
+ */
+ void XMLTOOL_API registerTrustEngines();
+
+ /** TrustEngine based on explicit knowledge of peer key information. */
+ #define EXPLICIT_KEY_TRUSTENGINE "ExplicitKey"
+
+ /** TrustEngine based on PKIX evaluation against a static set of trust anchors. */
+ #define STATIC_PKIX_TRUSTENGINE "StaticPKIX"
+
+ /** TrustEngine that tries multiple engines in sequence. */
+ #define CHAINING_TRUSTENGINE "Chaining"
+
+};
+
+#endif /* __xmltooling_trust_h__ */
projects / shibboleth / cpp-xmltooling.git / blobdiff