xmltooling/security/CredentialCriteria.h

   1 /*
   2  *  Copyright 2001-2007 Internet2
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *     http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 /**
  18  * @file xmltooling/security/CredentialCriteria.h
  19  *
  20  * Class for specifying criteria by which a CredentialResolver should resolve credentials.
  21  */
  22
  23 #if !defined(__xmltooling_credcrit_h__) && !defined(XMLTOOLING_NO_XMLSEC)
  24 #define __xmltooling_credcrit_h__
  25
  26 #include <xmltooling/XMLToolingConfig.h>
  27 #include <xmltooling/security/KeyInfoResolver.h>
  28 #include <xmltooling/security/X509Credential.h>
  29 #include <xmltooling/signature/KeyInfo.h>
  30 #include <xmltooling/signature/Signature.h>
  31
  32 #include <set>
  33 #include <xsec/dsig/DSIGKeyInfoList.hpp>
  34 #include <xsec/dsig/DSIGKeyInfoName.hpp>
  35
  36 namespace xmltooling {
  37
  38     /**
  39      * Class for specifying criteria by which a CredentialResolver should resolve credentials.
  40      */
  41     class XMLTOOL_API CredentialCriteria
  42     {
  43         MAKE_NONCOPYABLE(CredentialCriteria);
  44     public:
  45         CredentialCriteria() : m_keyUsage(Credential::UNSPECIFIED_CREDENTIAL), m_keySize(0), m_key(NULL),
  46             m_keyInfo(NULL), m_nativeKeyInfo(NULL), m_credential(NULL) {
  47         }
  48         virtual ~CredentialCriteria() {
  49             delete m_credential;
  50         }
  51
  52         /**
  53          * Determines whether the supplied Credential matches this CredentialCriteria.
  54          *
  55          * @param credential    the Credential to evaluate
  56          * @return true iff the Credential is consistent with this criteria
  57          */
  58         virtual bool matches(const Credential& credential) const;
  59
  60         /**
  61          * Get the key usage criteria.
  62          *
  63          * @return the usage.
  64          */
  65         Credential::UsageTypes getUsage() const {
  66             return m_keyUsage;
  67         }
  68
  69         /**
  70          * Set the key usage criteria.
  71          *
  72          * @param usage the usage to set
  73          */
  74         void setUsage(Credential::UsageTypes usage) {
  75             m_keyUsage = usage;
  76         }
  77
  78         /**
  79          * Get the peer name criteria.
  80          *
  81          * @return the peer name
  82          */
  83         const char* getPeerName() const {
  84             return m_peerName.c_str();
  85         }
  86
  87         /**
  88          * Set the peer name criteria.
  89          *
  90          * @param peerName peer name to set
  91          */
  92         void setPeerName(const char* peerName) {
  93             m_peerName.erase();
  94             if (peerName)
  95                 m_peerName = peerName;
  96         }
  97
  98         /**
  99          * Get the key algorithm criteria.
 100          *
 101          * @return the key algorithm
 102          */
 103         const char* getKeyAlgorithm() const {
 104             return m_keyAlgorithm.c_str();
 105         }
 106
 107         /**
 108          * Set the key algorithm criteria.
 109          *
 110          * @param keyAlgorithm The key algorithm to set
 111          */
 112         void setKeyAlgorithm(const char* keyAlgorithm) {
 113             m_keyAlgorithm.erase();
 114             if (keyAlgorithm)
 115                 m_keyAlgorithm = keyAlgorithm;
 116         }
 117
 118         /**
 119          * Get the key size criteria.
 120          *
 121          * @return  the key size, or 0
 122          */
 123         unsigned int getKeySize() const {
 124             return m_keySize;
 125         }
 126
 127         /**
 128          * Set the key size criteria.
 129          *
 130          * @param keySize Key size to set
 131          */
 132         void setKeySize(unsigned int keySize) {
 133             m_keySize = keySize;
 134         }
 135
 136         /**
 137          * Set the key algorithm and size criteria based on an XML algorithm specifier.
 138          *
 139          * @param algorithm XML algorithm specifier
 140          */
 141         void setXMLAlgorithm(const XMLCh* algorithm) {
 142             if (algorithm) {
 143                 std::pair<const char*,unsigned int> mapped =
 144                     XMLToolingConfig::getConfig().mapXMLAlgorithmToKeyAlgorithm(algorithm);
 145                 setKeyAlgorithm(mapped.first);
 146                 setKeySize(mapped.second);
 147             }
 148             else {
 149                 setKeyAlgorithm(NULL);
 150                 setKeySize(0);
 151             }
 152         }
 153
 154         /**
 155          * Gets key name criteria.
 156          *
 157          * @return an immutable set of key names
 158          */
 159         const std::set<std::string>& getKeyNames() const {
 160             return m_keyNames;
 161         }
 162
 163         /**
 164          * Gets key name criteria.
 165          *
 166          * @return a mutable set of key names
 167          */
 168         std::set<std::string>& getKeyNames() {
 169             return m_keyNames;
 170         }
 171
 172         /**
 173          * Returns the public key criteria.
 174          *
 175          * @return  a public key
 176          */
 177         virtual XSECCryptoKey* getPublicKey() const {
 178             return m_key;
 179         }
 180
 181         /**
 182          * Sets the public key criteria.
 183          *
 184          * <p>The lifetime of the key <strong>MUST</strong> extend
 185          * for the lifetime of this object.
 186          *
 187          * @param key a public key
 188          */
 189         void setPublicKey(XSECCryptoKey* key) {
 190             m_key = key;
 191         }
 192
 193         /**
 194          * Bitmask constants controlling the kinds of criteria set automatically
 195          * based on a KeyInfo object.
 196          */
 197         enum keyinfo_extraction_t {
 198             KEYINFO_EXTRACTION_KEY = 1,
 199             KEYINFO_EXTRACTION_KEYNAMES = 2,
 200             KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES = 4
 201         };
 202
 203         /**
 204          * Gets the KeyInfo criteria.
 205          *
 206          * @return the KeyInfo criteria
 207          */
 208         const xmlsignature::KeyInfo* getKeyInfo() const {
 209             return m_keyInfo;
 210         }
 211
 212         /**
 213          * Sets the KeyInfo criteria.
 214          *
 215          * @param keyInfo       the KeyInfo criteria
 216          * @param extraction    bitmask of criteria to auto-extract from KeyInfo
 217          */
 218         virtual void setKeyInfo(const xmlsignature::KeyInfo* keyInfo, int extraction=0) {
 219             delete m_credential;
 220             m_credential = NULL;
 221             m_keyInfo = keyInfo;
 222             if (!keyInfo || !extraction)
 223                 return;
 224
 225             int types = (extraction & KEYINFO_EXTRACTION_KEY) ? Credential::RESOLVE_KEYS : 0;
 226             types |= (extraction & KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES) ? X509Credential::RESOLVE_CERTS : 0;
 227             m_credential = XMLToolingConfig::getConfig().getKeyInfoResolver()->resolve(keyInfo,types);
 228
 229             if (extraction & KEYINFO_EXTRACTION_KEY)
 230                 setPublicKey(m_credential->getPublicKey());
 231             if (extraction & KEYINFO_EXTRACTION_KEYNAMES)
 232                 m_keyNames.insert(m_credential->getKeyNames().begin(), m_credential->getKeyNames().end());
 233             if (extraction & KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES) {
 234                 const X509Credential* xcred = dynamic_cast<const X509Credential*>(m_credential);
 235                 if (xcred && !xcred->getEntityCertificateChain().empty())
 236                     X509Credential::extractNames(xcred->getEntityCertificateChain().front(), m_keyNames);
 237             }
 238         }
 239
 240         /**
 241          * Gets the native KeyInfo criteria.
 242          *
 243          * @return the native KeyInfo criteria
 244          */
 245         DSIGKeyInfoList* getNativeKeyInfo() const {
 246             return m_nativeKeyInfo;
 247         }
 248
 249         /**
 250          * Sets the KeyInfo criteria.
 251          *
 252          * @param keyInfo       the KeyInfo criteria
 253          * @param extraction    bitmask of criteria to auto-extract from KeyInfo
 254          */
 255         virtual void setNativeKeyInfo(DSIGKeyInfoList* keyInfo, int extraction=0) {
 256             delete m_credential;
 257             m_credential = NULL;
 258             m_nativeKeyInfo = keyInfo;
 259             if (!keyInfo || !extraction)
 260                 return;
 261
 262             int types = (extraction & KEYINFO_EXTRACTION_KEY) ? Credential::RESOLVE_KEYS : 0;
 263             types |= (extraction & KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES) ? X509Credential::RESOLVE_CERTS : 0;
 264             m_credential = XMLToolingConfig::getConfig().getKeyInfoResolver()->resolve(keyInfo,types);
 265
 266             if (extraction & KEYINFO_EXTRACTION_KEY)
 267                 setPublicKey(m_credential->getPublicKey());
 268             if (extraction & KEYINFO_EXTRACTION_KEYNAMES)
 269                 m_keyNames.insert(m_credential->getKeyNames().begin(), m_credential->getKeyNames().end());
 270             if (extraction & KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES) {
 271                 const X509Credential* xcred = dynamic_cast<const X509Credential*>(m_credential);
 272                 if (xcred && !xcred->getEntityCertificateChain().empty())
 273                     X509Credential::extractNames(xcred->getEntityCertificateChain().front(), m_keyNames);
 274             }
 275         }
 276
 277         /**
 278          * Sets the KeyInfo criteria from an XML Signature.
 279          *
 280          * @param sig           the Signature containing KeyInfo criteria
 281          * @param extraction    bitmask of criteria to auto-extract from KeyInfo
 282          */
 283         void setSignature(const xmlsignature::Signature& sig, int extraction=0) {
 284             setXMLAlgorithm(sig.getSignatureAlgorithm());
 285             xmlsignature::KeyInfo* k = sig.getKeyInfo();
 286             if (k)
 287                 return setKeyInfo(k,extraction);
 288             DSIGSignature* dsig = sig.getXMLSignature();
 289             if (dsig)
 290                 setNativeKeyInfo(dsig->getKeyInfoList(),extraction);
 291         }
 292
 293     private:
 294         Credential::UsageTypes m_keyUsage;
 295         unsigned int m_keySize;
 296         std::string m_peerName,m_keyAlgorithm;
 297         std::set<std::string> m_keyNames;
 298         XSECCryptoKey* m_key;
 299         const xmlsignature::KeyInfo* m_keyInfo;
 300         DSIGKeyInfoList* m_nativeKeyInfo;
 301         Credential* m_credential;
 302     };
 303 };
 304
 305 #endif /* __xmltooling_credcrit_h__ */