#define __xmltooling_signctx_h__\r
\r
#include <xmltooling/signature/KeyInfo.h>\r
+#include <xmltooling/util/CredentialResolver.h>\r
\r
#include <vector>\r
#include <xsec/dsig/DSIGSignature.hpp>\r
\r
/**\r
* Given a "blank" native signature, asks the context to define the\r
- * appropriate signature transforms, references, etc.\r
- * This method MAY attach ds:KeyInfo information, or a set of X.509\r
- * certificates can be returned from the SigningContext::getX509Certificates()\r
- * method instead.\r
+ * appropriate signature transforms, references, etc. The context\r
+ * should return true iff the necessary ds:KeyInfo information was\r
+ * also attached.\r
* \r
* @param sig native signature interface\r
+ * @return indicator whether ds:KeyInfo was created by context\r
*/\r
- virtual void createSignature(DSIGSignature* sig) const=0;\r
+ virtual bool createSignature(DSIGSignature* sig)=0;\r
\r
/**\r
- * Gets a reference to a collection of certificates to append to\r
- * the ds:KeyInfo element in a ds:X509Data chain.\r
- * The certificate corresponding to the signing key SHOULD be\r
- * first, followed by any additional intermediates to append. \r
+ * Gets a reference to a credential resolver.\r
+ * The resolver's certificates will be included in the signature only\r
+ * if the context returns false when creating the signature and returns\r
+ * NULL from the getKeyInfo() method.\r
* \r
- * @return an immutable collection of certificates to embed\r
+ * \r
+ * @return a resolver to the credentials to sign with\r
*/\r
- virtual const std::vector<XSECCryptoX509*>* getX509Certificates() const=0;\r
+ virtual xmltooling::CredentialResolver& getCredentialResolver()=0;\r
\r
/**\r
* Gets a KeyInfo structure to embed.\r
* Ownership of the object MUST be transferred to the caller.\r
- * This method will only be called if no certificates are returned from\r
- * the getX509Certificates() method.\r
* \r
* @return pointer to a KeyInfo structure, will be freed by caller\r
*/\r
- virtual KeyInfo* getKeyInfo() const=0;\r
+ virtual KeyInfo* getKeyInfo()=0;\r
\r
- /**\r
- * Gets the signing key to use.\r
- * Must be compatible with the intended signature algorithm. Ownership of the key\r
- * MUST be transferred to the caller.\r
- * \r
- * @return pointer to a signing key, will be freed by caller\r
- */\r
- virtual XSECCryptoKey* getSigningKey() const=0;\r
- \r
protected:\r
SigningContext() {}\r
};\r