MetadataCredentialCriteria cc(*(policy.getIssuerMetadata()));
auto_ptr_char pn(policy.getIssuer()->getName());
cc.setPeerName(pn.get());
- cc.setUsage(CredentialCriteria::TLS_CREDENTIAL);
+ cc.setUsage(Credential::TLS_CREDENTIAL);
if (!x509trust->validate(chain.front(), chain, *(policy.getMetadataProvider()), &cc)) {
log.error("unable to verify certificate chain with supplied trust engine");
{
// With one recipient, we let the library generate the encryption key for us.
// Get the key encryption key to use.
- criteria.setUsage(CredentialCriteria::ENCRYPTION_CREDENTIAL);
+ criteria.setUsage(Credential::ENCRYPTION_CREDENTIAL);
const Credential* KEK = metadataProvider.resolve(&criteria);
if (!KEK)
throw EncryptionException("No key encryption credential found.");
// Now we encrypt the key for each recipient.
for (vector< pair<const MetadataProvider*, MetadataCredentialCriteria*> >::const_iterator r = recipients.begin(); r!=recipients.end(); ++r) {
// Get key encryption key to use.
- r->second->setUsage(CredentialCriteria::ENCRYPTION_CREDENTIAL);
+ r->second->setUsage(Credential::ENCRYPTION_CREDENTIAL);
const Credential* KEK = r->first->resolve(r->second);
if (!KEK) {
auto_ptr_char name(dynamic_cast<const EntityDescriptor*>(r->second->getRole().getParent())->getEntityID());
const MetadataCredentialContext* context = dynamic_cast<const MetadataCredentialContext*>(credential.getCredentalContext());
if (context) {
// Check for a usage mismatch.
- if ((getUsage()==CredentialCriteria::SIGNING_CREDENTIAL || getUsage()==CredentialCriteria::TLS_CREDENTIAL) &&
+ if ((getUsage()==xmltooling::Credential::SIGNING_CREDENTIAL || getUsage()==xmltooling::Credential::TLS_CREDENTIAL) &&
XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_ENCRYPTION))
return false;
- else if (getUsage()==CredentialCriteria::ENCRYPTION_CREDENTIAL &&
+ else if (getUsage()==xmltooling::Credential::ENCRYPTION_CREDENTIAL &&
XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_SIGNING))
return false;
}
// Set up criteria.
CredentialCriteria cc;
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
cc.setSignature(*sig, CredentialCriteria::KEYINFO_EXTRACTION_KEY);
if (peerName) {
auto_ptr_char pname(peerName);
// Set up criteria.
CredentialCriteria cc;
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
cc.setSignature(*(signable->getSignature()), CredentialCriteria::KEYINFO_EXTRACTION_KEY);
if (issuer)
cc.setPeerName(issuer);
else {
// Set up criteria.
CredentialCriteria cc;
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
cc.setSignature(*(signable->getSignature()), CredentialCriteria::KEYINFO_EXTRACTION_KEY);
if (issuer)
cc.setPeerName(issuer);
);
Locker locker(cr.get());
CredentialCriteria cc;
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
const Credential* cred = cr->resolve(&cc);
if (!cred)
throw XMLSecurityException("Unable to resolve a signing credential.");
\r
<IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">\r
<KeyDescriptor>\r
- <ds:KeyInfo>\r
- <ds:RetrievalMethod URI="#samplekey" Type="http://www.w3.org/2000/09/xmldsig#X509Data"/>
- </ds:KeyInfo>\r
+ <ds:KeyInfo>\r
+ <ds:KeyName>sp.example.org</ds:KeyName>\r
+ <ds:X509Data>\r
+ <ds:X509Certificate>\r
+ MIICjzCCAfigAwIBAgIJAKk8t1hYcMkhMA0GCSqGSIb3DQEBBAUAMDoxCzAJBgNV\r
+ BAYTAlVTMRIwEAYDVQQKEwlJbnRlcm5ldDIxFzAVBgNVBAMTDnNwLmV4YW1wbGUu\r
+ b3JnMB4XDTA1MDYyMDE1NDgzNFoXDTMyMTEwNTE1NDgzNFowOjELMAkGA1UEBhMC\r
+ VVMxEjAQBgNVBAoTCUludGVybmV0MjEXMBUGA1UEAxMOc3AuZXhhbXBsZS5vcmcw\r
+ gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANlZ1L1mKzYbUVKiMQLhZlfGDyYa\r
+ /jjCiaXP0WhLNgvJpOTeajvsrApYNnFX5MLNzuC3NeQIjXUNLN2Yo2MCSthBIOL5\r
+ qE5dka4z9W9zytoflW1LmJ8vXpx8Ay/meG4z//J5iCpYVEquA0xl28HUIlownZUF\r
+ 7w7bx0cF/02qrR23AgMBAAGjgZwwgZkwHQYDVR0OBBYEFJZiO1qsyAyc3HwMlL9p\r
+ JpN6fbGwMGoGA1UdIwRjMGGAFJZiO1qsyAyc3HwMlL9pJpN6fbGwoT6kPDA6MQsw\r
+ CQYDVQQGEwJVUzESMBAGA1UEChMJSW50ZXJuZXQyMRcwFQYDVQQDEw5zcC5leGFt\r
+ cGxlLm9yZ4IJAKk8t1hYcMkhMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQAD\r
+ gYEAMFq/UeSQyngE0GpZueyD2UW0M358uhseYOgGEIfm+qXIFQF6MYwNoX7WFzhC\r
+ LJZ2E6mEvZZFHCHUtl7mGDvsRwgZ85YCtRbvleEpqfgNQToto9pLYe+X6vvH9Z6p\r
+ gmYsTmak+kxO93JprrOd9xp8aZPMEprL7VCdrhbZEfyYER0=\r
+ </ds:X509Certificate>\r
+ </ds:X509Data>\r
+ </ds:KeyInfo>\r
</KeyDescriptor>\r
\r
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:protocol"\r
\r
<SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:oasis:names:tc:SAML:2.0:protocol">\r
<KeyDescriptor>\r
- <ds:KeyInfo Id="samplekey">\r
+ <ds:KeyInfo>\r
<ds:KeyName>sp.example.org</ds:KeyName>\r
<ds:X509Data>
<ds:X509Certificate>
// Sign while marshalling.
vector<Signature*> sigs(1,sig);
CredentialCriteria cc;
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
Locker locker(m_resolver);
const Credential* cred = m_resolver->resolve(&cc);
TSM_ASSERT("Retrieved credential was null", cred!=NULL);
janitor.release();\r
\r
CredentialCriteria cc;\r
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);\r
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);\r
Locker clocker(m_creds);\r
const Credential* cred = m_creds->resolve(&cc);\r
TSM_ASSERT("Retrieved credential was null", cred!=NULL);\r
response->setSignature(SignatureBuilder::buildSignature());\r
vector<Signature*> sigs(1,response->getSignature());\r
CredentialCriteria cc;\r
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);\r
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);\r
Locker clocker(m_creds);\r
const Credential* cred = m_creds->resolve(&cc);\r
TSM_ASSERT("Retrieved credential was null", cred!=NULL);\r
janitor.release();
CredentialCriteria cc;
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
Locker clocker(m_creds);
const Credential* cred = m_creds->resolve(&cc);
TSM_ASSERT("Retrieved credential was null", cred!=NULL);
janitor.release();
CredentialCriteria cc;
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
Locker clocker(m_creds);
const Credential* cred = m_creds->resolve(&cc);
TSM_ASSERT("Retrieved credential was null", cred!=NULL);
janitor.release();
CredentialCriteria cc;
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
Locker clocker(m_creds);
const Credential* cred = m_creds->resolve(&cc);
TSM_ASSERT("Retrieved credential was null", cred!=NULL);
janitor.release();
CredentialCriteria cc;
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
Locker clocker(m_creds);
const Credential* cred = m_creds->resolve(&cc);
TSM_ASSERT("Retrieved credential was null", cred!=NULL);
janitor.release();
CredentialCriteria cc;
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
Locker clocker(m_creds);
const Credential* cred = m_creds->resolve(&cc);
TSM_ASSERT("Retrieved credential was null", cred!=NULL);
// Sign while marshalling.
vector<Signature*> sigs(1,sig);
CredentialCriteria cc;
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
Locker locker(m_resolver);
const Credential* cred = m_resolver->resolve(&cc);
TSM_ASSERT("Retrieved credential was null", cred!=NULL);
// Sign while marshalling.
vector<Signature*> sigs(1,sig);
CredentialCriteria cc;
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
Locker locker(m_resolver);
const Credential* cred = m_resolver->resolve(&cc);
TSM_ASSERT("Retrieved credential was null", cred!=NULL);
// Sign assertion while marshalling.
vector<Signature*> sigs(1,assertion->getSignature());
CredentialCriteria cc;
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
Locker locker(m_resolver);
const Credential* cred = m_resolver->resolve(&cc);
TSM_ASSERT("Retrieved credential was null", cred!=NULL);
// Sign while marshalling.
vector<Signature*> sigs(1,sig);
CredentialCriteria cc;
- cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
Locker locker(m_resolver);
const Credential* cred = m_resolver->resolve(&cc);
TSM_ASSERT("Retrieved credential was null", cred!=NULL);