#include <xmltooling/base.h>
#include <xsec/enc/XSECCryptoKey.hpp>
+#include <set>
+#include <string>
+
namespace xmlsignature {
class XMLTOOL_API KeyInfo;
};
namespace xmltooling {
+ class XMLTOOL_API CredentialCriteria;
+ class XMLTOOL_API CredentialContext;
+
/**
* Wraps keys and related functionality.
*
public:
virtual ~Credential() {}
+ /**
+ * Bitmask constants for limiting resolution process inside a CredentialResolver.
+ */
enum ResolveTypes {
- RESOLVE_KEYS = 1
+ RESOLVE_KEYS = 1,
+ RESOLVE_NAMES = 2
};
/**
+ * Enumeration of use cases for credentials.
+ */
+ enum UsageTypes {
+ UNSPECIFIED_CREDENTIAL,
+ SIGNING_CREDENTIAL,
+ TLS_CREDENTIAL,
+ ENCRYPTION_CREDENTIAL
+ };
+
+ /**
+ * Get the credential usage type.
+ *
+ * @return the usage
+ */
+ virtual UsageTypes getUsage() const=0;
+
+ /**
* Returns an algorithm identifier for the Credential.
*
* @return the Credential algorithm, or NULL if indeterminate
virtual XSECCryptoKey* getPublicKey() const=0;
/**
- * Returns names representing the Credential, generally when the Credential itself merely
- * points to a Credential rather than containing one.
+ * Returns names representing the Credential.
+ *
+ * <p>Names should be unique in the context of the comparisons against CredentialCriteria
+ * that deployments expect to see.
*
- * @param results array to populate with names
- * @return the number of names returned
+ * @return a sorted set of names
*/
- virtual std::vector<std::string>::size_type getKeyNames(std::vector<std::string>& results) const=0;
+ virtual const std::set<std::string>& getKeyNames() const=0;
/**
* Returns a ds:KeyInfo object representing the Credential for use in
* communicating with other entities.
*
* @param compact true iff the communication medium is such that only compact forms should be included
- * @return reference to a KeyInfo object
+ * @return a KeyInfo object, which must be freed by the caller
*/
- virtual const xmlsignature::KeyInfo* getKeyInfo(bool compact=false) const=0;
+ virtual xmlsignature::KeyInfo* getKeyInfo(bool compact=false) const=0;
/**
- * Compares the public key inside the Credential to a second public key.
- *
- * @param key the public key to compare
- * @return true iff the keys are equal
+ * Get the credential context information, which provides additional information
+ * specific to the context in which the credential was resolved.
+ *
+ * @return resolution context of the credential
*/
- virtual bool isEqual(XSECCryptoKey& key) const;
+ virtual const CredentialContext* getCredentalContext() const {
+ return NULL;
+ }
};
};