2 * Copyright 2001-2007 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file xmltooling/security/CredentialCriteria.h
20 * Class for specifying criteria by which a CredentialResolver should resolve credentials.
23 #if !defined(__xmltooling_credcrit_h__) && !defined(XMLTOOLING_NO_XMLSEC)
24 #define __xmltooling_credcrit_h__
26 #include <xmltooling/XMLToolingConfig.h>
27 #include <xmltooling/security/KeyInfoResolver.h>
28 #include <xmltooling/security/X509Credential.h>
29 #include <xmltooling/signature/KeyInfo.h>
30 #include <xmltooling/signature/Signature.h>
33 #include <xsec/dsig/DSIGKeyInfoList.hpp>
34 #include <xsec/dsig/DSIGKeyInfoName.hpp>
36 namespace xmltooling {
39 * Class for specifying criteria by which a CredentialResolver should resolve credentials.
41 class XMLTOOL_API CredentialCriteria
43 MAKE_NONCOPYABLE(CredentialCriteria);
45 CredentialCriteria() : m_keyUsage(Credential::UNSPECIFIED_CREDENTIAL), m_keySize(0), m_key(NULL),
46 m_keyInfo(NULL), m_nativeKeyInfo(NULL), m_credential(NULL) {
48 virtual ~CredentialCriteria() {
53 * Determines whether the supplied Credential matches this CredentialCriteria.
55 * @param credential the Credential to evaluate
56 * @return true iff the Credential is consistent with this criteria
58 virtual bool matches(const Credential& credential) const;
61 * Get key usage criteria.
63 * @return the usage mask
65 unsigned int getUsage() const {
70 * Set key usage criteria.
72 * @param usage the usage mask to set
74 void setUsage(unsigned int usage) {
79 * Get the peer name criteria.
81 * @return the peer name
83 const char* getPeerName() const {
84 return m_peerName.c_str();
88 * Set the peer name criteria.
90 * @param peerName peer name to set
92 void setPeerName(const char* peerName) {
95 m_peerName = peerName;
99 * Get the key algorithm criteria.
101 * @return the key algorithm
103 const char* getKeyAlgorithm() const {
104 return m_keyAlgorithm.c_str();
108 * Set the key algorithm criteria.
110 * @param keyAlgorithm The key algorithm to set
112 void setKeyAlgorithm(const char* keyAlgorithm) {
113 m_keyAlgorithm.erase();
115 m_keyAlgorithm = keyAlgorithm;
119 * Get the key size criteria.
121 * @return the key size, or 0
123 unsigned int getKeySize() const {
128 * Set the key size criteria.
130 * @param keySize Key size to set
132 void setKeySize(unsigned int keySize) {
137 * Set the key algorithm and size criteria based on an XML algorithm specifier.
139 * @param algorithm XML algorithm specifier
141 void setXMLAlgorithm(const XMLCh* algorithm) {
143 std::pair<const char*,unsigned int> mapped =
144 XMLToolingConfig::getConfig().mapXMLAlgorithmToKeyAlgorithm(algorithm);
145 setKeyAlgorithm(mapped.first);
146 setKeySize(mapped.second);
149 setKeyAlgorithm(NULL);
155 * Gets key name criteria.
157 * @return an immutable set of key names
159 const std::set<std::string>& getKeyNames() const {
164 * Gets key name criteria.
166 * @return a mutable set of key names
168 std::set<std::string>& getKeyNames() {
173 * Returns the public key criteria.
175 * @return a public key
177 virtual XSECCryptoKey* getPublicKey() const {
182 * Sets the public key criteria.
184 * <p>The lifetime of the key <strong>MUST</strong> extend
185 * for the lifetime of this object.
187 * @param key a public key
189 void setPublicKey(XSECCryptoKey* key) {
194 * Bitmask constants controlling the kinds of criteria set automatically
195 * based on a KeyInfo object.
197 enum keyinfo_extraction_t {
198 KEYINFO_EXTRACTION_KEY = 1,
199 KEYINFO_EXTRACTION_KEYNAMES = 2
203 * Gets the KeyInfo criteria.
205 * @return the KeyInfo criteria
207 const xmlsignature::KeyInfo* getKeyInfo() const {
212 * Sets the KeyInfo criteria.
214 * @param keyInfo the KeyInfo criteria
215 * @param extraction bitmask of criteria to auto-extract from KeyInfo
217 virtual void setKeyInfo(const xmlsignature::KeyInfo* keyInfo, int extraction=0) {
221 if (!keyInfo || !extraction)
224 int types = (extraction & KEYINFO_EXTRACTION_KEY) ? Credential::RESOLVE_KEYS : 0;
225 types |= (extraction & KEYINFO_EXTRACTION_KEYNAMES) ? X509Credential::RESOLVE_CERTS : 0;
226 m_credential = XMLToolingConfig::getConfig().getKeyInfoResolver()->resolve(keyInfo,types);
228 if (extraction & KEYINFO_EXTRACTION_KEY)
229 setPublicKey(m_credential->getPublicKey());
230 if (extraction & KEYINFO_EXTRACTION_KEYNAMES) {
231 X509Credential* xcred = dynamic_cast<X509Credential*>(m_credential);
234 m_keyNames.insert(m_credential->getKeyNames().begin(), m_credential->getKeyNames().end());
239 * Gets the native KeyInfo criteria.
241 * @return the native KeyInfo criteria
243 DSIGKeyInfoList* getNativeKeyInfo() const {
244 return m_nativeKeyInfo;
248 * Sets the KeyInfo criteria.
250 * @param keyInfo the KeyInfo criteria
251 * @param extraction bitmask of criteria to auto-extract from KeyInfo
253 virtual void setNativeKeyInfo(DSIGKeyInfoList* keyInfo, int extraction=0) {
256 m_nativeKeyInfo = keyInfo;
257 if (!keyInfo || !extraction)
260 int types = (extraction & KEYINFO_EXTRACTION_KEY) ? Credential::RESOLVE_KEYS : 0;
261 types |= (extraction & KEYINFO_EXTRACTION_KEYNAMES) ? X509Credential::RESOLVE_CERTS : 0;
262 m_credential = XMLToolingConfig::getConfig().getKeyInfoResolver()->resolve(keyInfo,types);
264 if (extraction & KEYINFO_EXTRACTION_KEY)
265 setPublicKey(m_credential->getPublicKey());
266 if (extraction & KEYINFO_EXTRACTION_KEYNAMES) {
267 X509Credential* xcred = dynamic_cast<X509Credential*>(m_credential);
270 m_keyNames.insert(m_credential->getKeyNames().begin(), m_credential->getKeyNames().end());
275 * Sets the KeyInfo criteria from an XML Signature.
277 * @param sig the Signature containing KeyInfo criteria
278 * @param extraction bitmask of criteria to auto-extract from KeyInfo
280 void setSignature(const xmlsignature::Signature& sig, int extraction=0) {
281 setXMLAlgorithm(sig.getSignatureAlgorithm());
282 xmlsignature::KeyInfo* k = sig.getKeyInfo();
284 return setKeyInfo(k, extraction);
285 DSIGSignature* dsig = sig.getXMLSignature();
287 setNativeKeyInfo(dsig->getKeyInfoList(), extraction);
291 unsigned int m_keyUsage;
292 unsigned int m_keySize;
293 std::string m_peerName,m_keyAlgorithm;
294 std::set<std::string> m_keyNames;
295 XSECCryptoKey* m_key;
296 const xmlsignature::KeyInfo* m_keyInfo;
297 DSIGKeyInfoList* m_nativeKeyInfo;
298 Credential* m_credential;
302 #endif /* __xmltooling_credcrit_h__ */