/**
* Set the key algorithm criteria.
*
- * @param keyAlgorithm The key algorithm to set
+ * @param keyAlgorithm the key algorithm to set
*/
void setKeyAlgorithm(const char* keyAlgorithm);
/**
* Get the key size criteria.
+ * <p>If a a maximum size is also set, this is treated as a minimum.
*
* @return the key size, or 0
*/
/**
* Set the key size criteria.
+ * <p>If a a maximum size is also set, this is treated as a minimum.
*
- * @param keySize Key size to set
+ * @param keySize key size to set
*/
void setKeySize(unsigned int keySize);
-
+
+ /**
+ * Get the maximum key size criteria.
+ *
+ * @return the maximum key size, or 0
+ */
+ unsigned int getMaxKeySize() const;
+
+ /**
+ * Set the maximum key size criteria.
+ *
+ * @param keySize maximum key size to set
+ */
+ void setMaxKeySize(unsigned int keySize);
+
/**
* Set the key algorithm and size criteria based on an XML algorithm specifier.
*
private:
unsigned int m_keyUsage;
- unsigned int m_keySize;
+ unsigned int m_keySize,m_maxKeySize;
std::string m_peerName,m_keyAlgorithm;
std::set<std::string> m_keyNames;
XSECCryptoKey* m_key;
using namespace std;
CredentialCriteria::CredentialCriteria()
- : m_keyUsage(Credential::UNSPECIFIED_CREDENTIAL), m_keySize(0), m_key(nullptr),
+ : m_keyUsage(Credential::UNSPECIFIED_CREDENTIAL), m_keySize(0), m_maxKeySize(0), m_key(nullptr),
m_keyInfo(nullptr), m_nativeKeyInfo(nullptr), m_credential(nullptr)
{
}
m_keySize = keySize;
}
+unsigned int CredentialCriteria::getMaxKeySize() const
+{
+ return m_maxKeySize;
+}
+
+void CredentialCriteria::setMaxKeySize(unsigned int keySize)
+{
+ m_maxKeySize = keySize;
+}
+
void CredentialCriteria::setXMLAlgorithm(const XMLCh* algorithm)
{
if (algorithm) {
}
// KeySize check, if specified and we have one.
- if (credential.getKeySize()>0 && getKeySize()>0 && credential.getKeySize() != getKeySize()) {
- if (log.isDebugEnabled())
- log.debug("key size didn't match (%u != %u)", getKeySize(), credential.getKeySize());
- return false;
+ if (credential.getKeySize() > 0) {
+ if (m_keySize > 0 && m_maxKeySize == 0) {
+ if (credential.getKeySize() != m_keySize) {
+ log.debug("key size (%u) didn't match (%u)", credential.getKeySize(), m_keySize);
+ return false;
+ }
+ }
+ else if (m_keySize > 0 && credential.getKeySize() < m_keySize) {
+ log.debug("key size (%u) smaller than minimum (%u)", credential.getKeySize(), m_keySize);
+ return false;
+ }
+ else if (m_maxKeySize > 0 && credential.getKeySize() > m_maxKeySize) {
+ log.debug("key size (%u) larger than maximum (%u)", credential.getKeySize(), m_maxKeySize);
+ return false;
+ }
}
// See if we can test key names.