2 * Copyright 2001-2007 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file xmltooling/security/CredentialCriteria.h
20 * Class for specifying criteria by which a CredentialResolver should resolve credentials.
23 #if !defined(__xmltooling_credcrit_h__) && !defined(XMLTOOLING_NO_XMLSEC)
24 #define __xmltooling_credcrit_h__
26 #include <xmltooling/XMLToolingConfig.h>
27 #include <xmltooling/security/KeyInfoResolver.h>
28 #include <xmltooling/security/X509Credential.h>
29 #include <xmltooling/signature/KeyInfo.h>
30 #include <xmltooling/signature/Signature.h>
33 #include <xsec/dsig/DSIGKeyInfoList.hpp>
34 #include <xsec/dsig/DSIGKeyInfoName.hpp>
36 namespace xmltooling {
39 * Class for specifying criteria by which a CredentialResolver should resolve credentials.
41 class XMLTOOL_API CredentialCriteria
43 MAKE_NONCOPYABLE(CredentialCriteria);
45 CredentialCriteria() : m_keyUsage(UNSPECIFIED_CREDENTIAL), m_keySize(0), m_key(NULL),
46 m_keyInfo(NULL), m_nativeKeyInfo(NULL), m_credential(NULL) {
48 virtual ~CredentialCriteria() {
53 * Determines whether the supplied Credential matches this CredentialCriteria.
55 * @param credential the Credential to evaluate
56 * @return true iff the Credential is consistent with this criteria
58 virtual bool matches(const Credential& credential) const;
61 * Enumeration of use cases for credentials.
64 UNSPECIFIED_CREDENTIAL,
71 * Get the key usage criteria.
75 UsageType getUsage() const {
80 * Set the key usage criteria.
82 * @param usage the usage to set
84 void setUsage(UsageType usage) {
89 * Get the peer name criteria.
91 * @return the peer name
93 const char* getPeerName() const {
94 return m_peerName.c_str();
98 * Set the peer name criteria.
100 * @param peerName peer name to set
102 void setPeerName(const char* peerName) {
105 m_peerName = peerName;
109 * Get the key algorithm criteria.
111 * @return the key algorithm
113 const char* getKeyAlgorithm() const {
114 return m_keyAlgorithm.c_str();
118 * Set the key algorithm criteria.
120 * @param keyAlgorithm The key algorithm to set
122 void setKeyAlgorithm(const char* keyAlgorithm) {
123 m_keyAlgorithm.erase();
125 m_keyAlgorithm = keyAlgorithm;
129 * Get the key size criteria.
131 * @return the key size, or 0
133 unsigned int getKeySize() const {
138 * Set the key size criteria.
140 * @param keySize Key size to set
142 void setKeySize(unsigned int keySize) {
147 * Set the key algorithm and size criteria based on an XML algorithm specifier.
149 * @param algorithm XML algorithm specifier
151 void setXMLAlgorithm(const XMLCh* algorithm) {
153 std::pair<const char*,unsigned int> mapped =
154 XMLToolingConfig::getConfig().mapXMLAlgorithmToKeyAlgorithm(algorithm);
155 setKeyAlgorithm(mapped.first);
156 setKeySize(mapped.second);
159 setKeyAlgorithm(NULL);
165 * Gets key name criteria.
167 * @return an immutable set of key names
169 const std::set<std::string>& getKeyNames() const {
174 * Gets key name criteria.
176 * @return a mutable set of key names
178 std::set<std::string>& getKeyNames() {
183 * Returns the public key criteria.
185 * @return a public key
187 virtual XSECCryptoKey* getPublicKey() const {
192 * Sets the public key criteria.
194 * <p>The lifetime of the key <strong>MUST</strong> extend
195 * for the lifetime of this object.
197 * @param key a public key
199 void setPublicKey(XSECCryptoKey* key) {
204 * Bitmask constants controlling the kinds of criteria set automatically
205 * based on a KeyInfo object.
207 enum keyinfo_extraction_t {
208 KEYINFO_EXTRACTION_KEY = 1,
209 KEYINFO_EXTRACTION_KEYNAMES = 2,
210 KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES = 4
214 * Gets the KeyInfo criteria.
216 * @return the KeyInfo criteria
218 const xmlsignature::KeyInfo* getKeyInfo() const {
223 * Sets the KeyInfo criteria.
225 * @param keyInfo the KeyInfo criteria
226 * @param extraction bitmask of criteria to auto-extract from KeyInfo
228 virtual void setKeyInfo(const xmlsignature::KeyInfo* keyInfo, int extraction=0) {
232 if (!keyInfo || !extraction)
235 int types = (extraction & KEYINFO_EXTRACTION_KEY) ? Credential::RESOLVE_KEYS : 0;
236 types |= (extraction & KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES) ? X509Credential::RESOLVE_CERTS : 0;
237 m_credential = XMLToolingConfig::getConfig().getKeyInfoResolver()->resolve(keyInfo,types);
239 if (extraction & KEYINFO_EXTRACTION_KEY)
240 setPublicKey(m_credential->getPublicKey());
241 if (extraction & KEYINFO_EXTRACTION_KEYNAMES)
242 m_keyNames.insert(m_credential->getKeyNames().begin(), m_credential->getKeyNames().end());
243 if (extraction & KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES) {
244 const X509Credential* xcred = dynamic_cast<const X509Credential*>(m_credential);
245 if (xcred && !xcred->getEntityCertificateChain().empty())
246 X509Credential::extractNames(xcred->getEntityCertificateChain().front(), m_keyNames);
251 * Gets the native KeyInfo criteria.
253 * @return the native KeyInfo criteria
255 DSIGKeyInfoList* getNativeKeyInfo() const {
256 return m_nativeKeyInfo;
260 * Sets the KeyInfo criteria.
262 * @param keyInfo the KeyInfo criteria
263 * @param extraction bitmask of criteria to auto-extract from KeyInfo
265 virtual void setNativeKeyInfo(DSIGKeyInfoList* keyInfo, int extraction=0) {
268 m_nativeKeyInfo = keyInfo;
269 if (!keyInfo || !extraction)
272 int types = (extraction & KEYINFO_EXTRACTION_KEY) ? Credential::RESOLVE_KEYS : 0;
273 types |= (extraction & KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES) ? X509Credential::RESOLVE_CERTS : 0;
274 m_credential = XMLToolingConfig::getConfig().getKeyInfoResolver()->resolve(keyInfo,types);
276 if (extraction & KEYINFO_EXTRACTION_KEY)
277 setPublicKey(m_credential->getPublicKey());
278 if (extraction & KEYINFO_EXTRACTION_KEYNAMES)
279 m_keyNames.insert(m_credential->getKeyNames().begin(), m_credential->getKeyNames().end());
280 if (extraction & KEYINFO_EXTRACTION_IMPLICIT_KEYNAMES) {
281 const X509Credential* xcred = dynamic_cast<const X509Credential*>(m_credential);
282 if (xcred && !xcred->getEntityCertificateChain().empty())
283 X509Credential::extractNames(xcred->getEntityCertificateChain().front(), m_keyNames);
288 * Sets the KeyInfo criteria from an XML Signature.
290 * @param sig the Signature containing KeyInfo criteria
291 * @param extraction bitmask of criteria to auto-extract from KeyInfo
293 void setSignature(const xmlsignature::Signature& sig, int extraction=0) {
294 setXMLAlgorithm(sig.getSignatureAlgorithm());
295 xmlsignature::KeyInfo* k = sig.getKeyInfo();
297 return setKeyInfo(k,extraction);
298 DSIGSignature* dsig = sig.getXMLSignature();
300 setNativeKeyInfo(dsig->getKeyInfoList(),extraction);
304 UsageType m_keyUsage;
305 unsigned int m_keySize;
306 std::string m_peerName,m_keyAlgorithm;
307 std::set<std::string> m_keyNames;
308 XSECCryptoKey* m_key;
309 const xmlsignature::KeyInfo* m_keyInfo;
310 DSIGKeyInfoList* m_nativeKeyInfo;
311 Credential* m_credential;
315 #endif /* __xmltooling_credcrit_h__ */