X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-xmltooling.git;a=blobdiff_plain;f=xmltooling%2Fsecurity%2FBasicX509Credential.h;h=e33e7855d2498bf47c34d634d24c538fe3b7fb13;hp=617f17486b29c4cdb90819255e68cefbec6655a2;hb=a934a8b4cfcb4c9a6aabad577f7194eaeba9f78e;hpb=5a4c9204dc299319e9ca7c18f44918a82892045a diff --git a/xmltooling/security/BasicX509Credential.h b/xmltooling/security/BasicX509Credential.h index 617f174..e33e785 100644 --- a/xmltooling/security/BasicX509Credential.h +++ b/xmltooling/security/BasicX509Credential.h @@ -24,13 +24,10 @@ #define __xmltooling_basicx509cred_h__ #include +#include #include -namespace xmlsignature { - class XMLTOOL_API KeyInfo; -}; - namespace xmltooling { /** @@ -39,6 +36,11 @@ namespace xmltooling { class XMLTOOL_API BasicX509Credential : public virtual X509Credential { protected: + /** + * Constructor. + * + * @param ownCerts true iff any certificates subsequently stored should be freed by destructor + */ BasicX509Credential(bool ownCerts) : m_key(NULL), m_ownCerts(ownCerts), m_crl(NULL), m_keyInfo(NULL), m_compactKeyInfo(NULL) { } @@ -56,6 +58,18 @@ namespace xmltooling { /** The private/secret key/keypair. */ XSECCryptoKey* m_key; + /** Key names (derived from credential, KeyInfo, or both). */ + std::set m_keyNames; + + /** Subject DN. */ + std::string m_subjectName; + + /** Issuer DN. */ + std::string m_issuerName; + + /** Serial number. */ + std::string m_serial; + /** The X.509 certificate chain. */ std::vector m_xseccerts; @@ -75,71 +89,15 @@ namespace xmltooling { * Initializes (or reinitializes) a ds:KeyInfo to represent the Credential. */ void initKeyInfo(); - + public: virtual ~BasicX509Credential(); - const char* getAlgorithm() const { - if (m_key) { - switch (m_key->getKeyType()) { - case XSECCryptoKey::KEY_RSA_PRIVATE: - case XSECCryptoKey::KEY_RSA_PUBLIC: - case XSECCryptoKey::KEY_RSA_PAIR: - return "RSA"; - - case XSECCryptoKey::KEY_DSA_PRIVATE: - case XSECCryptoKey::KEY_DSA_PUBLIC: - case XSECCryptoKey::KEY_DSA_PAIR: - return "DSA"; - - case XSECCryptoKey::KEY_HMAC: - return "HMAC"; - - case XSECCryptoKey::KEY_SYMMETRIC: { - XSECCryptoSymmetricKey* skey = static_cast(m_key); - switch (skey->getSymmetricKeyType()) { - case XSECCryptoSymmetricKey::KEY_3DES_192: - return "DESede"; - case XSECCryptoSymmetricKey::KEY_AES_128: - return "AES"; - case XSECCryptoSymmetricKey::KEY_AES_192: - return "AES"; - case XSECCryptoSymmetricKey::KEY_AES_256: - return "AES"; - } - } - } - } - return NULL; - } - - unsigned int getKeySize() const { - if (m_key) { - switch (m_key->getKeyType()) { - case XSECCryptoKey::KEY_RSA_PRIVATE: - case XSECCryptoKey::KEY_RSA_PUBLIC: - case XSECCryptoKey::KEY_RSA_PAIR: { - XSECCryptoKeyRSA* rkey = static_cast(m_key); - return rkey->getLength(); - } - - case XSECCryptoKey::KEY_SYMMETRIC: { - XSECCryptoSymmetricKey* skey = static_cast(m_key); - switch (skey->getSymmetricKeyType()) { - case XSECCryptoSymmetricKey::KEY_3DES_192: - return 192; - case XSECCryptoSymmetricKey::KEY_AES_128: - return 128; - case XSECCryptoSymmetricKey::KEY_AES_192: - return 192; - case XSECCryptoSymmetricKey::KEY_AES_256: - return 256; - } - } - } - } - return 0; + unsigned int getUsage() const { + return UNSPECIFIED_CREDENTIAL; } + const char* getAlgorithm() const; + unsigned int getKeySize() const; XSECCryptoKey* getPrivateKey() const { if (m_key) { @@ -159,18 +117,16 @@ namespace xmltooling { return NULL; } - std::vector::size_type getKeyNames(std::vector& results) const; + const std::set& getKeyNames() const { + return m_keyNames; + } - const xmlsignature::KeyInfo* getKeyInfo(bool compact=false) const { - return compact ? m_compactKeyInfo : (m_keyInfo ? m_keyInfo : m_compactKeyInfo); + xmlsignature::KeyInfo* getKeyInfo(bool compact=false) const { + if (compact || !m_keyInfo) + return m_compactKeyInfo ? m_compactKeyInfo->cloneKeyInfo() : NULL; + return m_keyInfo->cloneKeyInfo(); } - /** - * Gets an immutable collection of certificates in the entity's trust chain. The entity certificate is contained - * within this list. No specific ordering of the certificates is guaranteed. - * - * @return a certificate chain - */ const std::vector& getEntityCertificateChain() const { return m_xseccerts; } @@ -178,6 +134,20 @@ namespace xmltooling { XSECCryptoX509CRL* getCRL() const { return m_crl; } + + const char* getSubjectName() const { + return m_subjectName.c_str(); + } + + const char* getIssuerName() const { + return m_issuerName.c_str(); + } + + const char* getSerialNumber() const { + return m_serial.c_str(); + } + + void extract(); }; };