Add max key size check.

git-svn-id: https://svn.middleware.georgetown.edu/cpp-xmltooling/branches/REL_1@777 de75baf8-a10c-0410-a50a-987c0e22f00f

diff --git a/xmltooling/security/CredentialCriteria.h b/xmltooling/security/CredentialCriteria.h
index c7b711d..f163985 100644 (file)
--- a/xmltooling/security/CredentialCriteria.h
+++ b/xmltooling/security/CredentialCriteria.h
@@ -102,12 +102,13 @@ namespace xmltooling {
         /**
          * Set the key algorithm criteria.
          * 
-         * @param keyAlgorithm The key algorithm to set
+         * @param keyAlgorithm the key algorithm to set
          */
         void setKeyAlgorithm(const char* keyAlgorithm);
 
         /**
          * Get the key size criteria.
+         * <p>If a a maximum size is also set, this is treated as a minimum.
          *
          * @return  the key size, or 0
          */
@@ -115,11 +116,26 @@ namespace xmltooling {
 
         /**
          * Set the key size criteria.
+         * <p>If a a maximum size is also set, this is treated as a minimum.
          *
-         * @param keySize Key size to set
+         * @param keySize key size to set
          */
         void setKeySize(unsigned int keySize);
-    
+
+        /**
+         * Get the maximum key size criteria.
+         *
+         * @return  the maximum key size, or 0
+         */
+        unsigned int getMaxKeySize() const;
+
+        /**
+         * Set the maximum key size criteria.
+         *
+         * @param keySize maximum key size to set
+         */
+        void setMaxKeySize(unsigned int keySize);
+
         /**
          * Set the key algorithm and size criteria based on an XML algorithm specifier.
          *
@@ -207,7 +223,7 @@ namespace xmltooling {
 
     private:
         unsigned int m_keyUsage;
-        unsigned int m_keySize;
+        unsigned int m_keySize,m_maxKeySize;
         std::string m_peerName,m_keyAlgorithm;
         std::set<std::string> m_keyNames;
         XSECCryptoKey* m_key;

diff --git a/xmltooling/security/impl/CredentialCriteria.cpp b/xmltooling/security/impl/CredentialCriteria.cpp
index 8003bc5..b52e4d3 100644 (file)
--- a/xmltooling/security/impl/CredentialCriteria.cpp
+++ b/xmltooling/security/impl/CredentialCriteria.cpp
@@ -42,7 +42,7 @@ using namespace xmltooling;
 using namespace std;
 
 CredentialCriteria::CredentialCriteria()
-    : m_keyUsage(Credential::UNSPECIFIED_CREDENTIAL), m_keySize(0), m_key(nullptr),
+    : m_keyUsage(Credential::UNSPECIFIED_CREDENTIAL), m_keySize(0), m_maxKeySize(0), m_key(nullptr),
         m_keyInfo(nullptr), m_nativeKeyInfo(nullptr), m_credential(nullptr)
 {
 }
@@ -96,6 +96,16 @@ void CredentialCriteria::setKeySize(unsigned int keySize)
     m_keySize = keySize;
 }
 
+unsigned int CredentialCriteria::getMaxKeySize() const
+{
+    return m_maxKeySize;
+}
+
+void CredentialCriteria::setMaxKeySize(unsigned int keySize)
+{
+    m_maxKeySize = keySize;
+}
+
 void CredentialCriteria::setXMLAlgorithm(const XMLCh* algorithm)
 {
     if (algorithm) {
@@ -218,10 +228,21 @@ bool CredentialCriteria::matches(const Credential& credential) const
     }
 
     // KeySize check, if specified and we have one.
-    if (credential.getKeySize()>0 && getKeySize()>0 && credential.getKeySize() != getKeySize()) {
-        if (log.isDebugEnabled())
-            log.debug("key size didn't match (%u != %u)", getKeySize(), credential.getKeySize());
-        return false;
+    if (credential.getKeySize() > 0) {
+        if (m_keySize > 0 && m_maxKeySize == 0) {
+            if (credential.getKeySize() != m_keySize) {
+                log.debug("key size (%u) didn't match (%u)", credential.getKeySize(), m_keySize);
+                return false;
+            }
+        }
+        else if (m_keySize > 0 && credential.getKeySize() < m_keySize) {
+            log.debug("key size (%u) smaller than minimum (%u)", credential.getKeySize(), m_keySize);
+            return false;
+        }
+        else if (m_maxKeySize > 0 && credential.getKeySize() > m_maxKeySize) {
+            log.debug("key size (%u) larger than maximum (%u)", credential.getKeySize(), m_maxKeySize);
+            return false;
+        }
     }
 
     // See if we can test key names.