-/*\r
- * Copyright 2001-2006 Internet2\r
- * \r
- * Licensed under the Apache License, Version 2.0 (the "License");\r
- * you may not use this file except in compliance with the License.\r
- * You may obtain a copy of the License at\r
- *\r
- * http://www.apache.org/licenses/LICENSE-2.0\r
- *\r
- * Unless required by applicable law or agreed to in writing, software\r
- * distributed under the License is distributed on an "AS IS" BASIS,\r
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * See the License for the specific language governing permissions and\r
- * limitations under the License.\r
- */\r
-\r
-/**\r
- * @file xmltooling/security/X509TrustEngine.h\r
- * \r
- * Extended TrustEngine interface that adds validation of X.509 credentials.\r
- */\r
-\r
-#if !defined(__xmltooling_x509trust_h__) && !defined(XMLTOOLING_NO_XMLSEC)\r
-#define __xmltooling_x509trust_h__\r
-\r
-#include <xmltooling/security/TrustEngine.h>\r
-\r
-namespace xmltooling {\r
-\r
- /**\r
- * Extended TrustEngine interface that adds validation of X.509 credentials.\r
- */\r
- class XMLTOOL_API X509TrustEngine : public TrustEngine {\r
- protected:\r
- /**\r
- * Constructor.\r
- * \r
- * If a DOM is supplied, the following XML content is supported:\r
- * \r
- * <ul>\r
- * <li><KeyResolver> elements with a type attribute\r
- * </ul>\r
- * \r
- * XML namespaces are ignored in the processing of this content.\r
- * \r
- * @param e DOM to supply configuration for provider\r
- */\r
- X509TrustEngine(const DOMElement* e=NULL) : TrustEngine(e) {}\r
- \r
- public:\r
- virtual ~X509TrustEngine() {}\r
- \r
- /**\r
- * Determines whether an X.509 credential is valid with respect to the\r
- * KeyInfo data supplied. It is the responsibility of the application to\r
- * ensure that the KeyInfo information supplied is in fact associated with\r
- * the peer who presented the signature. \r
- * \r
- * A custom KeyResolver can be supplied from outside the TrustEngine.\r
- * Alternatively, one may be specified to the plugin constructor.\r
- * A non-caching, inline resolver will be used as a fallback.\r
- * \r
- * @param certEE end-entity certificate to validate\r
- * @param certChain the complete set of certificates presented for validation (includes certEE)\r
- * @param keyInfoSource supplies KeyInfo objects to the TrustEngine\r
- * @param checkName true iff certificate subject/name checking has <b>NOT</b> already occurred\r
- * @param keyResolver optional externally supplied KeyResolver, or NULL\r
- */\r
- virtual bool validate(\r
- XSECCryptoX509* certEE,\r
- const std::vector<XSECCryptoX509*>& certChain,\r
- TrustEngine::KeyInfoIterator& keyInfoSource,\r
- bool checkName=true,\r
- const xmlsignature::KeyResolver* keyResolver=NULL\r
- ) const=0;\r
- };\r
- \r
-};\r
-\r
-#endif /* __xmltooling_x509trust_h__ */\r
+/*
+ * Copyright 2001-2006 Internet2
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @file xmltooling/security/X509TrustEngine.h
+ *
+ * Extended TrustEngine interface that adds validation of X.509 credentials.
+ */
+
+#if !defined(__xmltooling_x509trust_h__) && !defined(XMLTOOLING_NO_XMLSEC)
+#define __xmltooling_x509trust_h__
+
+#include <xmltooling/security/TrustEngine.h>
+
+namespace xmltooling {
+
+ /**
+ * Extended TrustEngine interface that adds validation of X.509 credentials.
+ */
+ class XMLTOOL_API X509TrustEngine : public TrustEngine {
+ protected:
+ /**
+ * Constructor.
+ *
+ * If a DOM is supplied, the following XML content is supported:
+ *
+ * <ul>
+ * <li><KeyResolver> elements with a type attribute
+ * </ul>
+ *
+ * XML namespaces are ignored in the processing of this content.
+ *
+ * @param e DOM to supply configuration for provider
+ */
+ X509TrustEngine(const DOMElement* e=NULL) : TrustEngine(e) {}
+
+ public:
+ virtual ~X509TrustEngine() {}
+
+ /**
+ * Determines whether an X.509 credential is valid with respect to the
+ * KeyInfo data supplied. It is the responsibility of the application to
+ * ensure that the KeyInfo information supplied is in fact associated with
+ * the peer who presented the signature.
+ *
+ * A custom KeyResolver can be supplied from outside the TrustEngine.
+ * Alternatively, one may be specified to the plugin constructor.
+ * A non-caching, inline resolver will be used as a fallback.
+ *
+ * @param certEE end-entity certificate to validate
+ * @param certChain the complete set of certificates presented for validation (includes certEE)
+ * @param keyInfoSource supplies KeyInfo objects to the TrustEngine
+ * @param checkName true iff certificate subject/name checking has <b>NOT</b> already occurred
+ * @param keyResolver optional externally supplied KeyResolver, or NULL
+ */
+ virtual bool validate(
+ XSECCryptoX509* certEE,
+ const std::vector<XSECCryptoX509*>& certChain,
+ TrustEngine::KeyInfoIterator& keyInfoSource,
+ bool checkName=true,
+ const xmlsignature::KeyResolver* keyResolver=NULL
+ ) const=0;
+ };
+
+};
+
+#endif /* __xmltooling_x509trust_h__ */
projects / shibboleth / cpp-xmltooling.git / blobdiff