/**\r
* @file KeyResolver.h\r
* \r
- * Resolves keys based on KeyInfo information or other external factors. \r
+ * Resolves public keys and certificates based on KeyInfo information or\r
+ * external factors. \r
*/\r
\r
#if !defined(__xmltooling_keyres_h__) && !defined(XMLTOOLING_NO_XMLSEC)\r
#define __xmltooling_keyres_h__\r
\r
+#include <xmltooling/security/XSECCryptoX509CRL.h>\r
#include <xmltooling/signature/KeyInfo.h>\r
\r
#include <xsec/dsig/DSIGKeyInfoList.hpp>\r
#include <xsec/enc/XSECCryptoKey.hpp>\r
+#include <xsec/enc/XSECCryptoX509.hpp>\r
+\r
+#include <vector>\r
\r
namespace xmlsignature {\r
\r
/**\r
- * An API for resolving keys.\r
+ * An API for resolving keys. The default/simple implementation\r
+ * allows a hard-wired key to be supplied. This is mostly\r
+ * useful for testing, or to adapt another mechanism for supplying\r
+ * keys to this interface.\r
*/\r
class XMLTOOL_API KeyResolver {\r
+ MAKE_NONCOPYABLE(KeyResolver);\r
public:\r
/**\r
* Constructor based on a single externally supplied key.\r
* @param keyInfo the key information\r
* @return the resolved key\r
*/\r
- virtual XSECCryptoKey* resolveKey(KeyInfo* keyInfo) {\r
+ virtual XSECCryptoKey* resolveKey(const KeyInfo* keyInfo) const {\r
return m_key ? m_key->clone() : NULL;\r
}\r
\r
* @param keyInfo the key information\r
* @return the resolved key\r
*/\r
- virtual XSECCryptoKey* resolveKey(DSIGKeyInfoList* keyInfo=NULL) {\r
+ virtual XSECCryptoKey* resolveKey(DSIGKeyInfoList* keyInfo) const {\r
return m_key ? m_key->clone() : NULL;\r
}\r
+\r
+ /**\r
+ * A wrapper that handles disposal of certificates when required.\r
+ */\r
+ class XMLTOOL_API ResolvedCertificates {\r
+ MAKE_NONCOPYABLE(ResolvedCertificates);\r
+ bool m_owned;\r
+ std::vector<XSECCryptoX509*> m_certs;\r
+ public:\r
+ ResolvedCertificates() : m_owned(false) {}\r
+ ~ResolvedCertificates() {\r
+ if (m_owned) {\r
+ std::for_each(m_certs.begin(), m_certs.end(), xmltooling::cleanup<XSECCryptoX509>());\r
+ }\r
+ }\r
+ const std::vector<XSECCryptoX509*>& v() const {\r
+ return m_certs;\r
+ }\r
+ friend class XMLTOOL_API KeyResolver;\r
+ };\r
+\r
+ /**\r
+ * Returns a set of certificates based on the supplied KeyInfo information.\r
+ * The certificates must be cloned if kept beyond the lifetime of the KeyInfo source.\r
+ * \r
+ * @param keyInfo the key information\r
+ * @param certs reference to object to hold certificates\r
+ * @return number of certificates returned\r
+ */\r
+ virtual std::vector<XSECCryptoX509*>::size_type resolveCertificates(\r
+ const KeyInfo* keyInfo, ResolvedCertificates& certs\r
+ ) const;\r
\r
/**\r
- * Creates a copy of the resolver.\r
+ * Returns a set of certificates based on the supplied KeyInfo information.\r
+ * The certificates must be cloned if kept beyond the lifetime of the KeyInfo source.\r
* \r
- * @return the cloned resolver\r
+ * @param keyInfo the key information\r
+ * @param certs reference to object to hold certificates\r
+ * @return number of certificates returned\r
*/\r
- virtual KeyResolver* clone() const {\r
- return new KeyResolver(m_key ? m_key->clone() : NULL);\r
- }\r
+ virtual std::vector<XSECCryptoX509*>::size_type resolveCertificates(\r
+ DSIGKeyInfoList* keyInfo, ResolvedCertificates& certs \r
+ ) const;\r
+\r
+ /**\r
+ * Returns a CRL based on the supplied KeyInfo information.\r
+ * The caller must delete the CRL when done with it.\r
+ * \r
+ * @param keyInfo the key information\r
+ * @return the resolved CRL\r
+ */\r
+ virtual xmltooling::XSECCryptoX509CRL* resolveCRL(const KeyInfo* keyInfo) const;\r
\r
+ /**\r
+ * Returns a CRL based on the supplied KeyInfo information.\r
+ * The caller must delete the CRL when done with it.\r
+ * \r
+ * @param keyInfo the key information\r
+ * @return the resolved CRL\r
+ */\r
+ virtual xmltooling::XSECCryptoX509CRL* resolveCRL(DSIGKeyInfoList* keyInfo) const;\r
+\r
protected:\r
XSECCryptoKey* m_key;\r
+\r
+ /**\r
+ * Accessor for certificate vector from derived KeyResolver classes.\r
+ *\r
+ * @param certs certificate wrapper to access\r
+ * @return modifiable reference to vector inside wrapper\r
+ */\r
+ std::vector<XSECCryptoX509*>& accessCertificates(ResolvedCertificates& certs) const {\r
+ return certs.m_certs;\r
+ }\r
+\r
+ /**\r
+ * Accessor for certificate ownership flag from derived KeyResolver classes.\r
+ *\r
+ * @param certs certificate wrapper to access\r
+ * @return modifiable reference to ownership flag inside wrapper\r
+ */\r
+ bool& accessOwned(ResolvedCertificates& certs) const {\r
+ return certs.m_owned;\r
+ }\r
};\r
\r
+ /**\r
+ * Registers KeyResolver classes into the runtime.\r
+ */\r
+ void XMLTOOL_API registerKeyResolvers();\r
+\r
+ /** KeyResolver based on hard-wired key */\r
+ #define FILESYSTEM_KEY_RESOLVER "org.opensaml.xmlooling.FilesystemKeyResolver"\r
+\r
+ /** KeyResolver based on extracting information directly out of a KeyInfo */\r
+ #define INLINE_KEY_RESOLVER "org.opensaml.xmlooling.InlineKeyResolver"\r
};\r
\r
#endif /* __xmltooling_keyres_h__ */\r