/*
- * Copyright 2001-2009 Internet2
+ * Copyright 2001-2010 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.hpp>
#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp>
+using xmlsignature::KeyInfo;
+using xmlsignature::Signature;
+using namespace xmltooling::logging;
using namespace xmltooling;
using namespace std;
CredentialCriteria::CredentialCriteria()
- : m_keyUsage(Credential::UNSPECIFIED_CREDENTIAL), m_keySize(0), m_key(NULL),
- m_keyInfo(NULL), m_nativeKeyInfo(NULL), m_credential(NULL)
+ : m_keyUsage(Credential::UNSPECIFIED_CREDENTIAL), m_keySize(0), m_key(nullptr),
+ m_keyInfo(nullptr), m_nativeKeyInfo(nullptr), m_credential(nullptr)
{
}
delete m_credential;
}
+unsigned int CredentialCriteria::getUsage() const
+{
+ return m_keyUsage;
+}
+
+void CredentialCriteria::setUsage(unsigned int usage)
+{
+ m_keyUsage = usage;
+}
+
+const char* CredentialCriteria::getPeerName() const
+{
+ return m_peerName.c_str();
+}
+
+void CredentialCriteria::setPeerName(const char* peerName)
+{
+ m_peerName.erase();
+ if (peerName)
+ m_peerName = peerName;
+}
+
+const char* CredentialCriteria::getKeyAlgorithm() const
+{
+ return m_keyAlgorithm.c_str();
+}
+
+void CredentialCriteria::setKeyAlgorithm(const char* keyAlgorithm)
+{
+ m_keyAlgorithm.erase();
+ if (keyAlgorithm)
+ m_keyAlgorithm = keyAlgorithm;
+}
+
+unsigned int CredentialCriteria::getKeySize() const
+{
+ return m_keySize;
+}
+
+void CredentialCriteria::setKeySize(unsigned int keySize)
+{
+ m_keySize = keySize;
+}
+
void CredentialCriteria::setXMLAlgorithm(const XMLCh* algorithm)
{
if (algorithm) {
setKeySize(mapped.second);
}
else {
- setKeyAlgorithm(NULL);
+ setKeyAlgorithm(nullptr);
setKeySize(0);
}
}
-void CredentialCriteria::setKeyInfo(const xmlsignature::KeyInfo* keyInfo, int extraction)
+const set<string>& CredentialCriteria::getKeyNames() const
+{
+ return m_keyNames;
+}
+
+set<string>& CredentialCriteria::getKeyNames()
+{
+ return m_keyNames;
+}
+
+XSECCryptoKey* CredentialCriteria::getPublicKey() const
+{
+ return m_key;
+}
+
+void CredentialCriteria::setPublicKey(XSECCryptoKey* key)
+{
+ m_key = key;
+}
+
+const KeyInfo* CredentialCriteria::getKeyInfo() const
+{
+ return m_keyInfo;
+}
+
+void CredentialCriteria::setKeyInfo(const KeyInfo* keyInfo, int extraction)
{
delete m_credential;
- m_credential = NULL;
+ m_credential = nullptr;
m_keyInfo = keyInfo;
if (!keyInfo || !extraction)
return;
if (xcred)
xcred->extract();
}
-}
+}
+
+DSIGKeyInfoList* CredentialCriteria::getNativeKeyInfo() const
+{
+ return m_nativeKeyInfo;
+}
void CredentialCriteria::setNativeKeyInfo(DSIGKeyInfoList* keyInfo, int extraction)
{
delete m_credential;
- m_credential = NULL;
+ m_credential = nullptr;
m_nativeKeyInfo = keyInfo;
if (!keyInfo || !extraction)
return;
}
}
-void CredentialCriteria::setSignature(const xmlsignature::Signature& sig, int extraction)
+void CredentialCriteria::setSignature(const Signature& sig, int extraction)
{
setXMLAlgorithm(sig.getSignatureAlgorithm());
- xmlsignature::KeyInfo* k = sig.getKeyInfo();
+ KeyInfo* k = sig.getKeyInfo();
if (k)
return setKeyInfo(k, extraction);
DSIGSignature* dsig = sig.getXMLSignature();
bool CredentialCriteria::matches(const Credential& credential) const
{
+ Category& log = Category::getInstance(XMLTOOLING_LOGCAT".CredentialCriteria");
+
// Usage check, if specified and we have one, compare masks.
if (getUsage() != Credential::UNSPECIFIED_CREDENTIAL) {
if (credential.getUsage() != Credential::UNSPECIFIED_CREDENTIAL)
- if ((getUsage() & credential.getUsage()) == 0)
+ if ((getUsage() & credential.getUsage()) == 0) {
+ if (log.isDebugEnabled())
+ log.debug("usage didn't match (%u != %u)", getUsage(), credential.getUsage());
return false;
+ }
}
// Algorithm check, if specified and we have one.
const char* alg = getKeyAlgorithm();
if (alg && *alg) {
const char* alg2 = credential.getAlgorithm();
- if (alg2 && *alg2)
- if (strcmp(alg,alg2))
+ if (alg2 && *alg2) {
+ if (strcmp(alg,alg2)) {
+ if (log.isDebugEnabled())
+ log.debug("key algorithm didn't match ('%s' != '%s')", getKeyAlgorithm(), credential.getAlgorithm());
return false;
+ }
+ }
}
// KeySize check, if specified and we have one.
- if (credential.getKeySize()>0 && getKeySize()>0 && credential.getKeySize() != getKeySize())
+ if (credential.getKeySize()>0 && getKeySize()>0 && credential.getKeySize() != getKeySize()) {
+ if (log.isDebugEnabled())
+ log.debug("key size didn't match (%u != %u)", getKeySize(), credential.getKeySize());
return false;
+ }
// See if we can test key names.
set<string> critnames = getKeyNames();
break;
}
}
- if (!found)
+ if (!found) {
+ log.debug("credential name(s) didn't overlap");
return false;
+ }
}
// See if we have to match a specific key.
if (!key2)
return true; // no key here, so we can't test it
- return SecurityHelper::matches(*key1, *key2);
+ if (SecurityHelper::matches(*key1, *key2))
+ return true;
+
+ log.debug("keys didn't match");
+ return false;
}