Move credential usage enum to Credential class.

[shibboleth/xmltooling.git] / xmltooling / security / Credential.h
diff --git a/xmltooling/security/Credential.h b/xmltooling/security/Credential.h

index c333b67..36c8b1a 100644 (file)
--- a/xmltooling/security/Credential.h
+++ b/xmltooling/security/Credential.h
@@ -26,12 +26,18 @@
  #include <xmltooling/base.h>
  #include <xsec/enc/XSECCryptoKey.hpp>
  
+#include <set>
+#include <string>
+
  namespace xmlsignature {
      class XMLTOOL_API KeyInfo;
  };
  
  namespace xmltooling {
  
+    class XMLTOOL_API CredentialCriteria;
+    class XMLTOOL_API CredentialContext;
+
      /**
       * Wraps keys and related functionality.
       *
@@ -47,11 +53,32 @@ namespace xmltooling {
      public:
          virtual ~Credential() {}
          
+        /**
+         * Bitmask constants for limiting resolution process inside a CredentialResolver. 
+         */
          enum ResolveTypes {
-            RESOLVE_KEYS = 1
+            RESOLVE_KEYS = 1,
+            RESOLVE_NAMES = 2
          };
  
          /**
+         * Enumeration of use cases for credentials. 
+         */
+        enum UsageTypes {
+            UNSPECIFIED_CREDENTIAL,
+            SIGNING_CREDENTIAL,
+            TLS_CREDENTIAL,
+            ENCRYPTION_CREDENTIAL
+        };
+        
+        /**
+         * Get the credential usage type.
+         * 
+         * @return the usage
+         */
+        virtual UsageTypes getUsage() const=0;
+
+        /**
           * Returns an algorithm identifier for the Credential.
           *
           * @return  the Credential algorithm, or NULL if indeterminate
@@ -80,30 +107,33 @@ namespace xmltooling {
          virtual XSECCryptoKey* getPublicKey() const=0;
          
          /**
-         * Returns names representing the Credential, generally when the Credential itself merely
-         * points to a Credential rather than containing one.
+         * Returns names representing the Credential.
+         *
+         * <p>Names should be unique in the context of the comparisons against CredentialCriteria
+         * that deployments expect to see.
           * 
-         * @param results   array to populate with names
-         * @return  the number of names returned
+         * @return  a sorted set of names
           */
-        virtual std::vector<std::string>::size_type getKeyNames(std::vector<std::string>& results) const=0;
+        virtual const std::set<std::string>& getKeyNames() const=0;
          
          /**
           * Returns a ds:KeyInfo object representing the Credential for use in
           * communicating with other entities.
           * 
           * @param compact   true iff the communication medium is such that only compact forms should be included
-         * @return reference to a KeyInfo object
+         * @return a KeyInfo object, which must be freed by the caller
           */
-        virtual const xmlsignature::KeyInfo* getKeyInfo(bool compact=false) const=0;
+        virtual xmlsignature::KeyInfo* getKeyInfo(bool compact=false) const=0;
  
          /**
-         * Compares the public key inside the Credential to a second public key.
-         *
-         * @param key   the public key to compare
-         * @return true iff the keys are equal
+         * Get the credential context information, which provides additional information
+         * specific to the context in which the credential was resolved.
+         * 
+         * @return resolution context of the credential
           */
-        virtual bool isEqual(XSECCryptoKey& key) const;
+        virtual const CredentialContext* getCredentalContext() const {
+            return NULL;
+        }
      };
  };