projects
/
shibboleth
/
xmltooling.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
0a43766
)
Convert usage bits to a mask.
author
cantor
<cantor@de75baf8-a10c-0410-a50a-987c0e22f00f>
Wed, 17 Oct 2007 06:20:25 +0000
(06:20 +0000)
committer
cantor
<cantor@de75baf8-a10c-0410-a50a-987c0e22f00f>
Wed, 17 Oct 2007 06:20:25 +0000
(06:20 +0000)
Enable usage constraints inside file resolver.
git-svn-id: https://svn.middleware.georgetown.edu/cpp-xmltooling/trunk@402
de75baf8
-a10c-0410-a50a-
987c0e22f00f
xmltooling/security/BasicX509Credential.h
patch
|
blob
|
history
xmltooling/security/Credential.h
patch
|
blob
|
history
xmltooling/security/CredentialCriteria.h
patch
|
blob
|
history
xmltooling/security/impl/CredentialCriteria.cpp
patch
|
blob
|
history
xmltooling/security/impl/FilesystemCredentialResolver.cpp
patch
|
blob
|
history
diff --git
a/xmltooling/security/BasicX509Credential.h
b/xmltooling/security/BasicX509Credential.h
index
f76465b
..
b398133
100644
(file)
--- a/
xmltooling/security/BasicX509Credential.h
+++ b/
xmltooling/security/BasicX509Credential.h
@@
-84,7
+84,7
@@
namespace xmltooling {
public:
virtual ~BasicX509Credential();
public:
virtual ~BasicX509Credential();
-
UsageTypes
getUsage() const {
+
unsigned int
getUsage() const {
return UNSPECIFIED_CREDENTIAL;
}
const char* getAlgorithm() const;
return UNSPECIFIED_CREDENTIAL;
}
const char* getAlgorithm() const;
diff --git
a/xmltooling/security/Credential.h
b/xmltooling/security/Credential.h
index
36c8b1a
..
02d4999
100644
(file)
--- a/
xmltooling/security/Credential.h
+++ b/
xmltooling/security/Credential.h
@@
-62,21
+62,21
@@
namespace xmltooling {
};
/**
};
/**
- *
Enumeration
of use cases for credentials.
+ *
Bitmask
of use cases for credentials.
*/
enum UsageTypes {
*/
enum UsageTypes {
- UNSPECIFIED_CREDENTIAL,
- SIGNING_CREDENTIAL,
- TLS_CREDENTIAL,
- ENCRYPTION_CREDENTIAL
+ UNSPECIFIED_CREDENTIAL
= 0
,
+ SIGNING_CREDENTIAL
= 1
,
+ TLS_CREDENTIAL
= 2
,
+ ENCRYPTION_CREDENTIAL
= 4
};
/**
};
/**
- * Get
the credential usage type
.
+ * Get
credential usage types
.
*
*
- * @return the usage
+ * @return the usage
bitmask
*/
*/
- virtual
UsageTypes
getUsage() const=0;
+ virtual
unsigned int
getUsage() const=0;
/**
* Returns an algorithm identifier for the Credential.
/**
* Returns an algorithm identifier for the Credential.
diff --git
a/xmltooling/security/CredentialCriteria.h
b/xmltooling/security/CredentialCriteria.h
index
2936f1a
..
8e40b9f
100644
(file)
--- a/
xmltooling/security/CredentialCriteria.h
+++ b/
xmltooling/security/CredentialCriteria.h
@@
-58,20
+58,20
@@
namespace xmltooling {
virtual bool matches(const Credential& credential) const;
/**
virtual bool matches(const Credential& credential) const;
/**
- * Get
the
key usage criteria.
+ * Get key usage criteria.
*
*
- * @return the usage
.
+ * @return the usage
mask
*/
*/
-
Credential::UsageTypes
getUsage() const {
+
unsigned int
getUsage() const {
return m_keyUsage;
}
/**
return m_keyUsage;
}
/**
- * Set
the
key usage criteria.
+ * Set key usage criteria.
*
*
- * @param usage the usage to set
+ * @param usage the usage
mask
to set
*/
*/
- void setUsage(
Credential::UsageTypes
usage) {
+ void setUsage(
unsigned int
usage) {
m_keyUsage = usage;
}
m_keyUsage = usage;
}
@@
-291,7
+291,7
@@
namespace xmltooling {
}
private:
}
private:
-
Credential::UsageTypes
m_keyUsage;
+
unsigned int
m_keyUsage;
unsigned int m_keySize;
std::string m_peerName,m_keyAlgorithm;
std::set<std::string> m_keyNames;
unsigned int m_keySize;
std::string m_peerName,m_keyAlgorithm;
std::set<std::string> m_keyNames;
diff --git
a/xmltooling/security/impl/CredentialCriteria.cpp
b/xmltooling/security/impl/CredentialCriteria.cpp
index
b70227d
..
9d3cabd
100644
(file)
--- a/
xmltooling/security/impl/CredentialCriteria.cpp
+++ b/
xmltooling/security/impl/CredentialCriteria.cpp
@@
-36,10
+36,10
@@
using namespace std;
bool CredentialCriteria::matches(const Credential& credential) const
{
bool CredentialCriteria::matches(const Credential& credential) const
{
- // Usage check, if specified and we have one.
+ // Usage check, if specified and we have one
, compare masks
.
if (getUsage() != Credential::UNSPECIFIED_CREDENTIAL) {
if (credential.getUsage() != Credential::UNSPECIFIED_CREDENTIAL)
if (getUsage() != Credential::UNSPECIFIED_CREDENTIAL) {
if (credential.getUsage() != Credential::UNSPECIFIED_CREDENTIAL)
- if (
getUsage() != credential.getUsage()
)
+ if (
(getUsage() & credential.getUsage()) == 0
)
return false;
}
return false;
}
diff --git
a/xmltooling/security/impl/FilesystemCredentialResolver.cpp
b/xmltooling/security/impl/FilesystemCredentialResolver.cpp
index
7bf0d0e
..
6fd9a48
100644
(file)
--- a/
xmltooling/security/impl/FilesystemCredentialResolver.cpp
+++ b/
xmltooling/security/impl/FilesystemCredentialResolver.cpp
@@
-69,7
+69,7
@@
namespace xmltooling {
{
public:
FilesystemCredential(FilesystemCredentialResolver* resolver, XSECCryptoKey* key, const std::vector<XSECCryptoX509*>& xseccerts)
{
public:
FilesystemCredential(FilesystemCredentialResolver* resolver, XSECCryptoKey* key, const std::vector<XSECCryptoX509*>& xseccerts)
- : BasicX509Credential(key, xseccerts), m_resolver(resolver) {
+ : BasicX509Credential(key, xseccerts), m_resolver(resolver)
, m_usage(UNSPECIFIED_CREDENTIAL)
{
if (!m_xseccerts.empty())
extractNames(m_xseccerts.front(), m_keyNames);
initKeyInfo();
if (!m_xseccerts.empty())
extractNames(m_xseccerts.front(), m_keyNames);
initKeyInfo();
@@
-77,12
+77,29
@@
namespace xmltooling {
virtual ~FilesystemCredential() {
}
virtual ~FilesystemCredential() {
}
+ unsigned int getUsage() const {
+ return m_usage;
+ }
+
+ void setUsage(const XMLCh* usage) {
+ if (usage && *usage) {
+ auto_ptr_char u(usage);
+ if (!strcmp(u.get(), "signing"))
+ m_usage = SIGNING_CREDENTIAL | TLS_CREDENTIAL;
+ else if (!strcmp(u.get(), "TLS"))
+ m_usage = TLS_CREDENTIAL;
+ else if (!strcmp(u.get(), "encryption"))
+ m_usage = ENCRYPTION_CREDENTIAL;
+ }
+ }
+
void addKeyNames(const DOMElement* e);
void attach(SSL_CTX* ctx) const;
private:
FilesystemCredentialResolver* m_resolver;
void addKeyNames(const DOMElement* e);
void attach(SSL_CTX* ctx) const;
private:
FilesystemCredentialResolver* m_resolver;
+ unsigned int m_usage;
};
#if defined (_MSC_VER)
};
#if defined (_MSC_VER)
@@
-147,6
+164,7
@@
namespace xmltooling {
static const XMLCh Name[] = UNICODE_LITERAL_4(N,a,m,e);
static const XMLCh password[] = UNICODE_LITERAL_8(p,a,s,s,w,o,r,d);
static const XMLCh Path[] = UNICODE_LITERAL_4(P,a,t,h);
static const XMLCh Name[] = UNICODE_LITERAL_4(N,a,m,e);
static const XMLCh password[] = UNICODE_LITERAL_8(p,a,s,s,w,o,r,d);
static const XMLCh Path[] = UNICODE_LITERAL_4(P,a,t,h);
+ static const XMLCh _use[] = UNICODE_LITERAL_3(u,s,e);
};
FilesystemCredentialResolver::FilesystemCredentialResolver(const DOMElement* e) : m_credential(NULL)
};
FilesystemCredentialResolver::FilesystemCredentialResolver(const DOMElement* e) : m_credential(NULL)
@@
-181,6
+199,7
@@
FilesystemCredentialResolver::FilesystemCredentialResolver(const DOMElement* e)
}
const DOMElement* root=e;
}
const DOMElement* root=e;
+ const XMLCh* usage = root->getAttributeNS(NULL,_use);
XSECCryptoKey* key=NULL;
vector<XSECCryptoX509*> xseccerts;
XSECCryptoKey* key=NULL;
vector<XSECCryptoX509*> xseccerts;
@@
-261,6
+280,7
@@
FilesystemCredentialResolver::FilesystemCredentialResolver(const DOMElement* e)
if (!e) {
m_credential = new FilesystemCredential(this,key,xseccerts);
m_credential->addKeyNames(keynode);
if (!e) {
m_credential = new FilesystemCredential(this,key,xseccerts);
m_credential->addKeyNames(keynode);
+ m_credential->setUsage(usage);
return;
}
auto_ptr_char certpass(e->getAttributeNS(NULL,password));
return;
}
auto_ptr_char certpass(e->getAttributeNS(NULL,password));
@@
-425,6
+445,7
@@
FilesystemCredentialResolver::FilesystemCredentialResolver(const DOMElement* e)
key = xseccerts.front()->clonePublicKey();
m_credential = new FilesystemCredential(this, key, xseccerts);
m_credential->addKeyNames(keynode);
key = xseccerts.front()->clonePublicKey();
m_credential = new FilesystemCredential(this, key, xseccerts);
m_credential->addKeyNames(keynode);
+ m_credential->setUsage(usage);
}
XSECCryptoKey* FilesystemCredentialResolver::loadKey()
}
XSECCryptoKey* FilesystemCredentialResolver::loadKey()