Multi-line svn commit, see body.

Move credential usage enum to Credential class.
Add credential usage property and enforce during lookup.

diff --git a/xmltooling/encryption/impl/Decrypter.cpp b/xmltooling/encryption/impl/Decrypter.cpp
index 47ed588..c68d1cd 100644 (file)
--- a/xmltooling/encryption/impl/Decrypter.cpp
+++ b/xmltooling/encryption/impl/Decrypter.cpp
@@ -92,7 +92,7 @@ DOMDocumentFragment* Decrypter::decryptData(const EncryptedData& encryptedData,
         CredentialCriteria::KEYINFO_EXTRACTION_KEYNAMES |
         CredentialCriteria::KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES;
     if (m_criteria) {
-        m_criteria->setUsage(CredentialCriteria::ENCRYPTION_CREDENTIAL);
+        m_criteria->setUsage(Credential::ENCRYPTION_CREDENTIAL);
         m_criteria->setKeyInfo(encryptedData.getKeyInfo(), types);
         const EncryptionMethod* meth = encryptedData.getEncryptionMethod();
         if (meth)
@@ -101,7 +101,7 @@ DOMDocumentFragment* Decrypter::decryptData(const EncryptedData& encryptedData,
     }
     else {
         CredentialCriteria criteria;
-        criteria.setUsage(CredentialCriteria::ENCRYPTION_CREDENTIAL);
+        criteria.setUsage(Credential::ENCRYPTION_CREDENTIAL);
         criteria.setKeyInfo(encryptedData.getKeyInfo(), types);
         const EncryptionMethod* meth = encryptedData.getEncryptionMethod();
         if (meth)
@@ -192,7 +192,7 @@ void Decrypter::decryptData(ostream& out, const EncryptedData& encryptedData, co
         CredentialCriteria::KEYINFO_EXTRACTION_KEYNAMES |
         CredentialCriteria::KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES;
     if (m_criteria) {
-        m_criteria->setUsage(CredentialCriteria::ENCRYPTION_CREDENTIAL);
+        m_criteria->setUsage(Credential::ENCRYPTION_CREDENTIAL);
         m_criteria->setKeyInfo(encryptedData.getKeyInfo(), types);
         const EncryptionMethod* meth = encryptedData.getEncryptionMethod();
         if (meth)
@@ -201,7 +201,7 @@ void Decrypter::decryptData(ostream& out, const EncryptedData& encryptedData, co
     }
     else {
         CredentialCriteria criteria;
-        criteria.setUsage(CredentialCriteria::ENCRYPTION_CREDENTIAL);
+        criteria.setUsage(Credential::ENCRYPTION_CREDENTIAL);
         criteria.setKeyInfo(encryptedData.getKeyInfo(), types);
         const EncryptionMethod* meth = encryptedData.getEncryptionMethod();
         if (meth)
@@ -276,7 +276,7 @@ XSECCryptoKey* Decrypter::decryptKey(const EncryptedKey& encryptedKey, const XML
         CredentialCriteria::KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES;
     vector<const Credential*> creds;
     if (m_criteria) {
-        m_criteria->setUsage(CredentialCriteria::ENCRYPTION_CREDENTIAL);
+        m_criteria->setUsage(Credential::ENCRYPTION_CREDENTIAL);
         m_criteria->setKeyInfo(encryptedKey.getKeyInfo(), types);
         const EncryptionMethod* meth = encryptedKey.getEncryptionMethod();
         if (meth)
@@ -285,7 +285,7 @@ XSECCryptoKey* Decrypter::decryptKey(const EncryptedKey& encryptedKey, const XML
     }
     else {
         CredentialCriteria criteria;
-        criteria.setUsage(CredentialCriteria::ENCRYPTION_CREDENTIAL);
+        criteria.setUsage(Credential::ENCRYPTION_CREDENTIAL);
         criteria.setKeyInfo(encryptedKey.getKeyInfo(), types);
         const EncryptionMethod* meth = encryptedKey.getEncryptionMethod();
         if (meth)

diff --git a/xmltooling/security/BasicX509Credential.h b/xmltooling/security/BasicX509Credential.h
index 6b4b486..f76465b 100644 (file)
--- a/xmltooling/security/BasicX509Credential.h
+++ b/xmltooling/security/BasicX509Credential.h
@@ -84,6 +84,9 @@ namespace xmltooling {
     public:
         virtual ~BasicX509Credential();
         
+        UsageTypes getUsage() const {
+            return UNSPECIFIED_CREDENTIAL;
+        }
         const char* getAlgorithm() const;
         unsigned int getKeySize() const;
 

diff --git a/xmltooling/security/Credential.h b/xmltooling/security/Credential.h
index 8fa7bb4..36c8b1a 100644 (file)
--- a/xmltooling/security/Credential.h
+++ b/xmltooling/security/Credential.h
@@ -62,6 +62,23 @@ namespace xmltooling {
         };
 
         /**
+         * Enumeration of use cases for credentials. 
+         */
+        enum UsageTypes {
+            UNSPECIFIED_CREDENTIAL,
+            SIGNING_CREDENTIAL,
+            TLS_CREDENTIAL,
+            ENCRYPTION_CREDENTIAL
+        };
+        
+        /**
+         * Get the credential usage type.
+         * 
+         * @return the usage
+         */
+        virtual UsageTypes getUsage() const=0;
+
+        /**
          * Returns an algorithm identifier for the Credential.
          *
          * @return  the Credential algorithm, or NULL if indeterminate

diff --git a/xmltooling/security/CredentialCriteria.h b/xmltooling/security/CredentialCriteria.h
index d331c89..2936f1a 100644 (file)
--- a/xmltooling/security/CredentialCriteria.h
+++ b/xmltooling/security/CredentialCriteria.h
@@ -42,7 +42,7 @@ namespace xmltooling {
     {
         MAKE_NONCOPYABLE(CredentialCriteria);
     public:
-        CredentialCriteria() : m_keyUsage(UNSPECIFIED_CREDENTIAL), m_keySize(0), m_key(NULL),
+        CredentialCriteria() : m_keyUsage(Credential::UNSPECIFIED_CREDENTIAL), m_keySize(0), m_key(NULL),
             m_keyInfo(NULL), m_nativeKeyInfo(NULL), m_credential(NULL) {
         }
         virtual ~CredentialCriteria() {
@@ -56,23 +56,13 @@ namespace xmltooling {
          * @return true iff the Credential is consistent with this criteria
          */
         virtual bool matches(const Credential& credential) const;
-
-        /**
-         * Enumeration of use cases for credentials. 
-         */
-        enum UsageType {
-            UNSPECIFIED_CREDENTIAL,
-            SIGNING_CREDENTIAL,
-            TLS_CREDENTIAL,
-            ENCRYPTION_CREDENTIAL
-        };
-        
+       
         /**
          * Get the key usage criteria.
          * 
          * @return the usage.
          */
-        UsageType getUsage() const {
+        Credential::UsageTypes getUsage() const {
             return m_keyUsage;
         }
     
@@ -81,7 +71,7 @@ namespace xmltooling {
          * 
          * @param usage the usage to set
          */
-        void setUsage(UsageType usage) {
+        void setUsage(Credential::UsageTypes usage) {
             m_keyUsage = usage;
         }
 
@@ -301,7 +291,7 @@ namespace xmltooling {
         }
 
     private:
-        UsageType m_keyUsage;
+        Credential::UsageTypes m_keyUsage;
         unsigned int m_keySize;
         std::string m_peerName,m_keyAlgorithm;
         std::set<std::string> m_keyNames;

diff --git a/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp b/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp
index d3c9449..69e24f3 100644 (file)
--- a/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp
+++ b/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp
@@ -262,8 +262,8 @@ bool AbstractPKIXTrustEngine::validate(
 
     if (criteria && criteria->getPeerName() && *(criteria->getPeerName())) {
         log.debug("checking that the certificate name is acceptable");
-        if (criteria->getUsage()==CredentialCriteria::UNSPECIFIED_CREDENTIAL)
-            criteria->setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+        if (criteria->getUsage()==Credential::UNSPECIFIED_CREDENTIAL)
+            criteria->setUsage(Credential::SIGNING_CREDENTIAL);
         if (!checkEntityNames(certEE,credResolver,*criteria)) {
             log.error("certificate name was not acceptable");
             return false;

diff --git a/xmltooling/security/impl/CredentialCriteria.cpp b/xmltooling/security/impl/CredentialCriteria.cpp
index ae4f1ea..b70227d 100644 (file)
--- a/xmltooling/security/impl/CredentialCriteria.cpp
+++ b/xmltooling/security/impl/CredentialCriteria.cpp
@@ -36,6 +36,13 @@ using namespace std;
 
 bool CredentialCriteria::matches(const Credential& credential) const
 {
+    // Usage check, if specified and we have one.
+    if (getUsage() != Credential::UNSPECIFIED_CREDENTIAL) {
+        if (credential.getUsage() != Credential::UNSPECIFIED_CREDENTIAL)
+            if (getUsage() != credential.getUsage())
+                return false;
+    }
+
     // Algorithm check, if specified and we have one.
     const char* alg = getKeyAlgorithm();
     if (alg && *alg) {

diff --git a/xmltooling/security/impl/ExplicitKeyTrustEngine.cpp b/xmltooling/security/impl/ExplicitKeyTrustEngine.cpp
index bed55d5..346c35f 100644 (file)
--- a/xmltooling/security/impl/ExplicitKeyTrustEngine.cpp
+++ b/xmltooling/security/impl/ExplicitKeyTrustEngine.cpp
@@ -94,13 +94,13 @@ bool ExplicitKeyTrustEngine::validate(
 
     vector<const Credential*> credentials;
     if (criteria) {
-        criteria->setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+        criteria->setUsage(Credential::SIGNING_CREDENTIAL);
         criteria->setSignature(sig, CredentialCriteria::KEYINFO_EXTRACTION_KEY);
         credResolver.resolve(credentials,criteria);
     }
     else {
         CredentialCriteria cc;
-        cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+        cc.setUsage(Credential::SIGNING_CREDENTIAL);
         cc.setSignature(sig, CredentialCriteria::KEYINFO_EXTRACTION_KEY);
         credResolver.resolve(credentials,&cc);
     }
@@ -144,14 +144,14 @@ bool ExplicitKeyTrustEngine::validate(
     
     vector<const Credential*> credentials;
     if (criteria) {
-        criteria->setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+        criteria->setUsage(Credential::SIGNING_CREDENTIAL);
         criteria->setKeyInfo(keyInfo, CredentialCriteria::KEYINFO_EXTRACTION_KEY);
         criteria->setXMLAlgorithm(sigAlgorithm);
         credResolver.resolve(credentials,criteria);
     }
     else {
         CredentialCriteria cc;
-        cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+        cc.setUsage(Credential::SIGNING_CREDENTIAL);
         cc.setKeyInfo(keyInfo, CredentialCriteria::KEYINFO_EXTRACTION_KEY);
         cc.setXMLAlgorithm(sigAlgorithm);
         credResolver.resolve(credentials,&cc);
@@ -223,13 +223,13 @@ bool ExplicitKeyTrustEngine::validate(
 
     vector<const Credential*> credentials;
     if (criteria) {
-        if (criteria->getUsage()==CredentialCriteria::UNSPECIFIED_CREDENTIAL)
-            criteria->setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+        if (criteria->getUsage()==Credential::UNSPECIFIED_CREDENTIAL)
+            criteria->setUsage(Credential::SIGNING_CREDENTIAL);
         credResolver.resolve(credentials,criteria);
     }
     else {
         CredentialCriteria cc;
-        cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+        cc.setUsage(Credential::SIGNING_CREDENTIAL);
         credResolver.resolve(credentials,&cc);
     }
     if (credentials.empty()) {

diff --git a/xmltooling/soap/impl/CURLSOAPTransport.cpp b/xmltooling/soap/impl/CURLSOAPTransport.cpp
index 190d6a1..6f8f11f 100644 (file)
--- a/xmltooling/soap/impl/CURLSOAPTransport.cpp
+++ b/xmltooling/soap/impl/CURLSOAPTransport.cpp
@@ -546,7 +546,7 @@ int xmltooling::verify_callback(X509_STORE_CTX* x509_ctx, void* arg)
 
     bool success=false;
     if (ctx->m_criteria) {
-        ctx->m_criteria->setUsage(CredentialCriteria::TLS_CREDENTIAL);
+        ctx->m_criteria->setUsage(Credential::TLS_CREDENTIAL);
         // Bypass name check (handled for us by curl).
         ctx->m_criteria->setPeerName(NULL);
         success = ctx->m_trustEngine->validate(x509_ctx->cert,x509_ctx->untrusted,*(ctx->m_peerResolver),ctx->m_criteria);
@@ -554,7 +554,7 @@ int xmltooling::verify_callback(X509_STORE_CTX* x509_ctx, void* arg)
     else {
         // Bypass name check (handled for us by curl).
         CredentialCriteria cc;
-        cc.setUsage(CredentialCriteria::TLS_CREDENTIAL);
+        cc.setUsage(Credential::TLS_CREDENTIAL);
         success = ctx->m_trustEngine->validate(x509_ctx->cert,x509_ctx->untrusted,*(ctx->m_peerResolver),&cc);
     }
     

diff --git a/xmltoolingtest/EncryptionTest.h b/xmltoolingtest/EncryptionTest.h
index 3d6c79a..7cd05e6 100644 (file)
--- a/xmltoolingtest/EncryptionTest.h
+++ b/xmltoolingtest/EncryptionTest.h
@@ -56,7 +56,7 @@ public:
 
         try {
             CredentialCriteria cc;
-            cc.setUsage(CredentialCriteria::ENCRYPTION_CREDENTIAL);
+            cc.setUsage(Credential::ENCRYPTION_CREDENTIAL);
             Locker locker(m_resolver);
             const Credential* cred=m_resolver->resolve(&cc);
             TSM_ASSERT("Retrieved credential was null", cred!=NULL);

diff --git a/xmltoolingtest/MarshallingTest.h b/xmltoolingtest/MarshallingTest.h
index a686026..38ddafd 100644 (file)
--- a/xmltoolingtest/MarshallingTest.h
+++ b/xmltoolingtest/MarshallingTest.h
@@ -66,6 +66,10 @@ public:
         DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(fs);
         TS_ASSERT(doc!=NULL);
 
+        string buf;
+        XMLHelper::serialize(rootElement, buf);
+        cout << buf;
+        
         TS_ASSERT(rootElement->isEqualNode(doc->getDocumentElement()));
         doc->release();
     }

diff --git a/xmltoolingtest/SignatureTest.h b/xmltoolingtest/SignatureTest.h
index 8e05cce..fc682e1 100644 (file)
--- a/xmltoolingtest/SignatureTest.h
+++ b/xmltoolingtest/SignatureTest.h
@@ -119,7 +119,7 @@ public:
         sig->setContentReference(new TestContext(&chNull));
 
         CredentialCriteria cc;
-        cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+        cc.setUsage(Credential::SIGNING_CREDENTIAL);
         Locker locker(m_resolver);
         const Credential* cred = m_resolver->resolve(&cc);
         TSM_ASSERT("Retrieved credential was null", cred!=NULL);