Integrated credential resolver API with signing context.

[shibboleth/cpp-xmltooling.git] / xmltooling / signature / SigningContext.h

diff --git a/xmltooling/signature/SigningContext.h b/xmltooling/signature/SigningContext.h
index 520e2d3..f04b724 100644 (file)
--- a/xmltooling/signature/SigningContext.h
+++ b/xmltooling/signature/SigningContext.h
@@ -24,6 +24,7 @@
 #define __xmltooling_signctx_h__\r
 \r
 #include <xmltooling/signature/KeyInfo.h>\r
+#include <xmltooling/util/CredentialResolver.h>\r
 \r
 #include <vector>\r
 #include <xsec/dsig/DSIGSignature.hpp>\r
@@ -46,44 +47,34 @@ namespace xmlsignature {
 \r
         /**\r
          * Given a "blank" native signature, asks the context to define the\r
-         * appropriate signature transforms, references, etc.\r
-         * This method MAY attach ds:KeyInfo information, or a set of X.509\r
-         * certificates can be returned from the SigningContext::getX509Certificates()\r
-         * method instead.\r
+         * appropriate signature transforms, references, etc. The context\r
+         * should return true iff the necessary ds:KeyInfo information was\r
+         * also attached.\r
          * \r
          * @param sig   native signature interface\r
+         * @return      indicator whether ds:KeyInfo was created by context\r
          */\r
-        virtual void createSignature(DSIGSignature* sig) const=0;\r
+        virtual bool createSignature(DSIGSignature* sig)=0;\r
         \r
         /**\r
-         * Gets a reference to a collection of certificates to append to\r
-         * the ds:KeyInfo element in a ds:X509Data chain.\r
-         * The certificate corresponding to the signing key SHOULD be\r
-         * first, followed by any additional intermediates to append. \r
+         * Gets a reference to a credential resolver.\r
+         * The resolver's certificates will be included in the signature only\r
+         * if the context returns false when creating the signature and returns\r
+         * NULL from the getKeyInfo() method.\r
          * \r
-         * @return  an immutable collection of certificates to embed\r
+         * \r
+         * @return  a resolver to the credentials to sign with\r
          */\r
-        virtual const std::vector<XSECCryptoX509*>* getX509Certificates() const=0;\r
+        virtual xmltooling::CredentialResolver& getCredentialResolver()=0;\r
 \r
         /**\r
          * Gets a KeyInfo structure to embed.\r
          * Ownership of the object MUST be transferred to the caller.\r
-         * This method will only be called if no certificates are returned from\r
-         * the getX509Certificates() method.\r
          * \r
          * @return  pointer to a KeyInfo structure, will be freed by caller\r
          */\r
-        virtual KeyInfo* getKeyInfo() const=0;\r
+        virtual KeyInfo* getKeyInfo()=0;\r
 \r
-        /**\r
-         * Gets the signing key to use.\r
-         * Must be compatible with the intended signature algorithm. Ownership of the key\r
-         * MUST be transferred to the caller.\r
-         * \r
-         * @return  pointer to a signing key, will be freed by caller\r
-         */\r
-        virtual XSECCryptoKey* getSigningKey() const=0;\r
-        \r
     protected:\r
         SigningContext() {}\r
     };\r