Move credential usage enum to Credential class.
Add credential usage property and enforce during lookup.
CredentialCriteria::KEYINFO_EXTRACTION_KEYNAMES |
CredentialCriteria::KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES;
if (m_criteria) {
CredentialCriteria::KEYINFO_EXTRACTION_KEYNAMES |
CredentialCriteria::KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES;
if (m_criteria) {
- m_criteria->setUsage(CredentialCriteria::ENCRYPTION_CREDENTIAL);
+ m_criteria->setUsage(Credential::ENCRYPTION_CREDENTIAL);
m_criteria->setKeyInfo(encryptedData.getKeyInfo(), types);
const EncryptionMethod* meth = encryptedData.getEncryptionMethod();
if (meth)
m_criteria->setKeyInfo(encryptedData.getKeyInfo(), types);
const EncryptionMethod* meth = encryptedData.getEncryptionMethod();
if (meth)
}
else {
CredentialCriteria criteria;
}
else {
CredentialCriteria criteria;
- criteria.setUsage(CredentialCriteria::ENCRYPTION_CREDENTIAL);
+ criteria.setUsage(Credential::ENCRYPTION_CREDENTIAL);
criteria.setKeyInfo(encryptedData.getKeyInfo(), types);
const EncryptionMethod* meth = encryptedData.getEncryptionMethod();
if (meth)
criteria.setKeyInfo(encryptedData.getKeyInfo(), types);
const EncryptionMethod* meth = encryptedData.getEncryptionMethod();
if (meth)
CredentialCriteria::KEYINFO_EXTRACTION_KEYNAMES |
CredentialCriteria::KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES;
if (m_criteria) {
CredentialCriteria::KEYINFO_EXTRACTION_KEYNAMES |
CredentialCriteria::KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES;
if (m_criteria) {
- m_criteria->setUsage(CredentialCriteria::ENCRYPTION_CREDENTIAL);
+ m_criteria->setUsage(Credential::ENCRYPTION_CREDENTIAL);
m_criteria->setKeyInfo(encryptedData.getKeyInfo(), types);
const EncryptionMethod* meth = encryptedData.getEncryptionMethod();
if (meth)
m_criteria->setKeyInfo(encryptedData.getKeyInfo(), types);
const EncryptionMethod* meth = encryptedData.getEncryptionMethod();
if (meth)
}
else {
CredentialCriteria criteria;
}
else {
CredentialCriteria criteria;
- criteria.setUsage(CredentialCriteria::ENCRYPTION_CREDENTIAL);
+ criteria.setUsage(Credential::ENCRYPTION_CREDENTIAL);
criteria.setKeyInfo(encryptedData.getKeyInfo(), types);
const EncryptionMethod* meth = encryptedData.getEncryptionMethod();
if (meth)
criteria.setKeyInfo(encryptedData.getKeyInfo(), types);
const EncryptionMethod* meth = encryptedData.getEncryptionMethod();
if (meth)
CredentialCriteria::KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES;
vector<const Credential*> creds;
if (m_criteria) {
CredentialCriteria::KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES;
vector<const Credential*> creds;
if (m_criteria) {
- m_criteria->setUsage(CredentialCriteria::ENCRYPTION_CREDENTIAL);
+ m_criteria->setUsage(Credential::ENCRYPTION_CREDENTIAL);
m_criteria->setKeyInfo(encryptedKey.getKeyInfo(), types);
const EncryptionMethod* meth = encryptedKey.getEncryptionMethod();
if (meth)
m_criteria->setKeyInfo(encryptedKey.getKeyInfo(), types);
const EncryptionMethod* meth = encryptedKey.getEncryptionMethod();
if (meth)
}
else {
CredentialCriteria criteria;
}
else {
CredentialCriteria criteria;
- criteria.setUsage(CredentialCriteria::ENCRYPTION_CREDENTIAL);
+ criteria.setUsage(Credential::ENCRYPTION_CREDENTIAL);
criteria.setKeyInfo(encryptedKey.getKeyInfo(), types);
const EncryptionMethod* meth = encryptedKey.getEncryptionMethod();
if (meth)
criteria.setKeyInfo(encryptedKey.getKeyInfo(), types);
const EncryptionMethod* meth = encryptedKey.getEncryptionMethod();
if (meth)
public:
virtual ~BasicX509Credential();
public:
virtual ~BasicX509Credential();
+ UsageTypes getUsage() const {
+ return UNSPECIFIED_CREDENTIAL;
+ }
const char* getAlgorithm() const;
unsigned int getKeySize() const;
const char* getAlgorithm() const;
unsigned int getKeySize() const;
+ * Enumeration of use cases for credentials.
+ */
+ enum UsageTypes {
+ UNSPECIFIED_CREDENTIAL,
+ SIGNING_CREDENTIAL,
+ TLS_CREDENTIAL,
+ ENCRYPTION_CREDENTIAL
+ };
+
+ /**
+ * Get the credential usage type.
+ *
+ * @return the usage
+ */
+ virtual UsageTypes getUsage() const=0;
+
+ /**
* Returns an algorithm identifier for the Credential.
*
* @return the Credential algorithm, or NULL if indeterminate
* Returns an algorithm identifier for the Credential.
*
* @return the Credential algorithm, or NULL if indeterminate
{
MAKE_NONCOPYABLE(CredentialCriteria);
public:
{
MAKE_NONCOPYABLE(CredentialCriteria);
public:
- CredentialCriteria() : m_keyUsage(UNSPECIFIED_CREDENTIAL), m_keySize(0), m_key(NULL),
+ CredentialCriteria() : m_keyUsage(Credential::UNSPECIFIED_CREDENTIAL), m_keySize(0), m_key(NULL),
m_keyInfo(NULL), m_nativeKeyInfo(NULL), m_credential(NULL) {
}
virtual ~CredentialCriteria() {
m_keyInfo(NULL), m_nativeKeyInfo(NULL), m_credential(NULL) {
}
virtual ~CredentialCriteria() {
* @return true iff the Credential is consistent with this criteria
*/
virtual bool matches(const Credential& credential) const;
* @return true iff the Credential is consistent with this criteria
*/
virtual bool matches(const Credential& credential) const;
-
- /**
- * Enumeration of use cases for credentials.
- */
- enum UsageType {
- UNSPECIFIED_CREDENTIAL,
- SIGNING_CREDENTIAL,
- TLS_CREDENTIAL,
- ENCRYPTION_CREDENTIAL
- };
-
/**
* Get the key usage criteria.
*
* @return the usage.
*/
/**
* Get the key usage criteria.
*
* @return the usage.
*/
- UsageType getUsage() const {
+ Credential::UsageTypes getUsage() const {
*
* @param usage the usage to set
*/
*
* @param usage the usage to set
*/
- void setUsage(UsageType usage) {
+ void setUsage(Credential::UsageTypes usage) {
+ Credential::UsageTypes m_keyUsage;
unsigned int m_keySize;
std::string m_peerName,m_keyAlgorithm;
std::set<std::string> m_keyNames;
unsigned int m_keySize;
std::string m_peerName,m_keyAlgorithm;
std::set<std::string> m_keyNames;
if (criteria && criteria->getPeerName() && *(criteria->getPeerName())) {
log.debug("checking that the certificate name is acceptable");
if (criteria && criteria->getPeerName() && *(criteria->getPeerName())) {
log.debug("checking that the certificate name is acceptable");
- if (criteria->getUsage()==CredentialCriteria::UNSPECIFIED_CREDENTIAL)
- criteria->setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ if (criteria->getUsage()==Credential::UNSPECIFIED_CREDENTIAL)
+ criteria->setUsage(Credential::SIGNING_CREDENTIAL);
if (!checkEntityNames(certEE,credResolver,*criteria)) {
log.error("certificate name was not acceptable");
return false;
if (!checkEntityNames(certEE,credResolver,*criteria)) {
log.error("certificate name was not acceptable");
return false;
bool CredentialCriteria::matches(const Credential& credential) const
{
bool CredentialCriteria::matches(const Credential& credential) const
{
+ // Usage check, if specified and we have one.
+ if (getUsage() != Credential::UNSPECIFIED_CREDENTIAL) {
+ if (credential.getUsage() != Credential::UNSPECIFIED_CREDENTIAL)
+ if (getUsage() != credential.getUsage())
+ return false;
+ }
+
// Algorithm check, if specified and we have one.
const char* alg = getKeyAlgorithm();
if (alg && *alg) {
// Algorithm check, if specified and we have one.
const char* alg = getKeyAlgorithm();
if (alg && *alg) {
vector<const Credential*> credentials;
if (criteria) {
vector<const Credential*> credentials;
if (criteria) {
- criteria->setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ criteria->setUsage(Credential::SIGNING_CREDENTIAL);
criteria->setSignature(sig, CredentialCriteria::KEYINFO_EXTRACTION_KEY);
credResolver.resolve(credentials,criteria);
}
else {
CredentialCriteria cc;
criteria->setSignature(sig, CredentialCriteria::KEYINFO_EXTRACTION_KEY);
credResolver.resolve(credentials,criteria);
}
else {
CredentialCriteria cc;
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
cc.setSignature(sig, CredentialCriteria::KEYINFO_EXTRACTION_KEY);
credResolver.resolve(credentials,&cc);
}
cc.setSignature(sig, CredentialCriteria::KEYINFO_EXTRACTION_KEY);
credResolver.resolve(credentials,&cc);
}
vector<const Credential*> credentials;
if (criteria) {
vector<const Credential*> credentials;
if (criteria) {
- criteria->setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ criteria->setUsage(Credential::SIGNING_CREDENTIAL);
criteria->setKeyInfo(keyInfo, CredentialCriteria::KEYINFO_EXTRACTION_KEY);
criteria->setXMLAlgorithm(sigAlgorithm);
credResolver.resolve(credentials,criteria);
}
else {
CredentialCriteria cc;
criteria->setKeyInfo(keyInfo, CredentialCriteria::KEYINFO_EXTRACTION_KEY);
criteria->setXMLAlgorithm(sigAlgorithm);
credResolver.resolve(credentials,criteria);
}
else {
CredentialCriteria cc;
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
cc.setKeyInfo(keyInfo, CredentialCriteria::KEYINFO_EXTRACTION_KEY);
cc.setXMLAlgorithm(sigAlgorithm);
credResolver.resolve(credentials,&cc);
cc.setKeyInfo(keyInfo, CredentialCriteria::KEYINFO_EXTRACTION_KEY);
cc.setXMLAlgorithm(sigAlgorithm);
credResolver.resolve(credentials,&cc);
vector<const Credential*> credentials;
if (criteria) {
vector<const Credential*> credentials;
if (criteria) {
- if (criteria->getUsage()==CredentialCriteria::UNSPECIFIED_CREDENTIAL)
- criteria->setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ if (criteria->getUsage()==Credential::UNSPECIFIED_CREDENTIAL)
+ criteria->setUsage(Credential::SIGNING_CREDENTIAL);
credResolver.resolve(credentials,criteria);
}
else {
CredentialCriteria cc;
credResolver.resolve(credentials,criteria);
}
else {
CredentialCriteria cc;
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
credResolver.resolve(credentials,&cc);
}
if (credentials.empty()) {
credResolver.resolve(credentials,&cc);
}
if (credentials.empty()) {
bool success=false;
if (ctx->m_criteria) {
bool success=false;
if (ctx->m_criteria) {
- ctx->m_criteria->setUsage(CredentialCriteria::TLS_CREDENTIAL);
+ ctx->m_criteria->setUsage(Credential::TLS_CREDENTIAL);
// Bypass name check (handled for us by curl).
ctx->m_criteria->setPeerName(NULL);
success = ctx->m_trustEngine->validate(x509_ctx->cert,x509_ctx->untrusted,*(ctx->m_peerResolver),ctx->m_criteria);
// Bypass name check (handled for us by curl).
ctx->m_criteria->setPeerName(NULL);
success = ctx->m_trustEngine->validate(x509_ctx->cert,x509_ctx->untrusted,*(ctx->m_peerResolver),ctx->m_criteria);
else {
// Bypass name check (handled for us by curl).
CredentialCriteria cc;
else {
// Bypass name check (handled for us by curl).
CredentialCriteria cc;
- cc.setUsage(CredentialCriteria::TLS_CREDENTIAL);
+ cc.setUsage(Credential::TLS_CREDENTIAL);
success = ctx->m_trustEngine->validate(x509_ctx->cert,x509_ctx->untrusted,*(ctx->m_peerResolver),&cc);
}
success = ctx->m_trustEngine->validate(x509_ctx->cert,x509_ctx->untrusted,*(ctx->m_peerResolver),&cc);
}
try {
CredentialCriteria cc;
try {
CredentialCriteria cc;
- cc.setUsage(CredentialCriteria::ENCRYPTION_CREDENTIAL);
+ cc.setUsage(Credential::ENCRYPTION_CREDENTIAL);
Locker locker(m_resolver);
const Credential* cred=m_resolver->resolve(&cc);
TSM_ASSERT("Retrieved credential was null", cred!=NULL);
Locker locker(m_resolver);
const Credential* cred=m_resolver->resolve(&cc);
TSM_ASSERT("Retrieved credential was null", cred!=NULL);
DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(fs);
TS_ASSERT(doc!=NULL);
DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(fs);
TS_ASSERT(doc!=NULL);
+ string buf;
+ XMLHelper::serialize(rootElement, buf);
+ cout << buf;
+
TS_ASSERT(rootElement->isEqualNode(doc->getDocumentElement()));
doc->release();
}
TS_ASSERT(rootElement->isEqualNode(doc->getDocumentElement()));
doc->release();
}
sig->setContentReference(new TestContext(&chNull));
CredentialCriteria cc;
sig->setContentReference(new TestContext(&chNull));
CredentialCriteria cc;
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
Locker locker(m_resolver);
const Credential* cred = m_resolver->resolve(&cc);
TSM_ASSERT("Retrieved credential was null", cred!=NULL);
Locker locker(m_resolver);
const Credential* cred = m_resolver->resolve(&cc);
TSM_ASSERT("Retrieved credential was null", cred!=NULL);