From 808b7ce25caac8cf056deb4f0c485288af6cf6bb Mon Sep 17 00:00:00 2001
From: cantor <cantor@de75baf8-a10c-0410-a50a-987c0e22f00f>
Date: Wed, 17 Oct 2007 06:20:25 +0000
Subject: [PATCH] Convert usage bits to a mask. Enable usage constraints inside
 file resolver.

git-svn-id: https://svn.middleware.georgetown.edu/cpp-xmltooling/trunk@402 de75baf8-a10c-0410-a50a-987c0e22f00f
---
 xmltooling/security/BasicX509Credential.h          |  2 +-
 xmltooling/security/Credential.h                   | 16 +++++++--------
 xmltooling/security/CredentialCriteria.h           | 14 ++++++-------
 xmltooling/security/impl/CredentialCriteria.cpp    |  4 ++--
 .../security/impl/FilesystemCredentialResolver.cpp | 23 +++++++++++++++++++++-
 5 files changed, 40 insertions(+), 19 deletions(-)

diff --git a/xmltooling/security/BasicX509Credential.h b/xmltooling/security/BasicX509Credential.h
index f76465b..b398133 100644
--- a/xmltooling/security/BasicX509Credential.h
+++ b/xmltooling/security/BasicX509Credential.h
@@ -84,7 +84,7 @@ namespace xmltooling {
     public:
         virtual ~BasicX509Credential();
         
-        UsageTypes getUsage() const {
+        unsigned int getUsage() const {
             return UNSPECIFIED_CREDENTIAL;
         }
         const char* getAlgorithm() const;
diff --git a/xmltooling/security/Credential.h b/xmltooling/security/Credential.h
index 36c8b1a..02d4999 100644
--- a/xmltooling/security/Credential.h
+++ b/xmltooling/security/Credential.h
@@ -62,21 +62,21 @@ namespace xmltooling {
         };
 
         /**
-         * Enumeration of use cases for credentials. 
+         * Bitmask of use cases for credentials. 
          */
         enum UsageTypes {
-            UNSPECIFIED_CREDENTIAL,
-            SIGNING_CREDENTIAL,
-            TLS_CREDENTIAL,
-            ENCRYPTION_CREDENTIAL
+            UNSPECIFIED_CREDENTIAL = 0,
+            SIGNING_CREDENTIAL = 1,
+            TLS_CREDENTIAL = 2,
+            ENCRYPTION_CREDENTIAL = 4
         };
         
         /**
-         * Get the credential usage type.
+         * Get credential usage types.
          * 
-         * @return the usage
+         * @return the usage bitmask
          */
-        virtual UsageTypes getUsage() const=0;
+        virtual unsigned int getUsage() const=0;
 
         /**
          * Returns an algorithm identifier for the Credential.
diff --git a/xmltooling/security/CredentialCriteria.h b/xmltooling/security/CredentialCriteria.h
index 2936f1a..8e40b9f 100644
--- a/xmltooling/security/CredentialCriteria.h
+++ b/xmltooling/security/CredentialCriteria.h
@@ -58,20 +58,20 @@ namespace xmltooling {
         virtual bool matches(const Credential& credential) const;
        
         /**
-         * Get the key usage criteria.
+         * Get key usage criteria.
          * 
-         * @return the usage.
+         * @return the usage mask
          */
-        Credential::UsageTypes getUsage() const {
+        unsigned int getUsage() const {
             return m_keyUsage;
         }
     
         /**
-         * Set the key usage criteria.
+         * Set key usage criteria.
          * 
-         * @param usage the usage to set
+         * @param usage the usage mask to set
          */
-        void setUsage(Credential::UsageTypes usage) {
+        void setUsage(unsigned int usage) {
             m_keyUsage = usage;
         }
 
@@ -291,7 +291,7 @@ namespace xmltooling {
         }
 
     private:
-        Credential::UsageTypes m_keyUsage;
+        unsigned int m_keyUsage;
         unsigned int m_keySize;
         std::string m_peerName,m_keyAlgorithm;
         std::set<std::string> m_keyNames;
diff --git a/xmltooling/security/impl/CredentialCriteria.cpp b/xmltooling/security/impl/CredentialCriteria.cpp
index b70227d..9d3cabd 100644
--- a/xmltooling/security/impl/CredentialCriteria.cpp
+++ b/xmltooling/security/impl/CredentialCriteria.cpp
@@ -36,10 +36,10 @@ using namespace std;
 
 bool CredentialCriteria::matches(const Credential& credential) const
 {
-    // Usage check, if specified and we have one.
+    // Usage check, if specified and we have one, compare masks.
     if (getUsage() != Credential::UNSPECIFIED_CREDENTIAL) {
         if (credential.getUsage() != Credential::UNSPECIFIED_CREDENTIAL)
-            if (getUsage() != credential.getUsage())
+            if ((getUsage() & credential.getUsage()) == 0)
                 return false;
     }
 
diff --git a/xmltooling/security/impl/FilesystemCredentialResolver.cpp b/xmltooling/security/impl/FilesystemCredentialResolver.cpp
index 7bf0d0e..6fd9a48 100644
--- a/xmltooling/security/impl/FilesystemCredentialResolver.cpp
+++ b/xmltooling/security/impl/FilesystemCredentialResolver.cpp
@@ -69,7 +69,7 @@ namespace xmltooling {
     {
     public:
         FilesystemCredential(FilesystemCredentialResolver* resolver, XSECCryptoKey* key, const std::vector<XSECCryptoX509*>& xseccerts)
-                : BasicX509Credential(key, xseccerts), m_resolver(resolver) {
+                : BasicX509Credential(key, xseccerts), m_resolver(resolver), m_usage(UNSPECIFIED_CREDENTIAL) {
             if (!m_xseccerts.empty())
                 extractNames(m_xseccerts.front(), m_keyNames);
             initKeyInfo();
@@ -77,12 +77,29 @@ namespace xmltooling {
         virtual ~FilesystemCredential() {
         }
 
+        unsigned int getUsage() const {
+            return m_usage;
+        }
+
+        void setUsage(const XMLCh* usage) {
+            if (usage && *usage) {
+                auto_ptr_char u(usage);
+                if (!strcmp(u.get(), "signing"))
+                    m_usage = SIGNING_CREDENTIAL | TLS_CREDENTIAL;
+                else if (!strcmp(u.get(), "TLS"))
+                    m_usage = TLS_CREDENTIAL;
+                else if (!strcmp(u.get(), "encryption"))
+                    m_usage = ENCRYPTION_CREDENTIAL;
+            }
+        }
+
         void addKeyNames(const DOMElement* e);
 
         void attach(SSL_CTX* ctx) const;
     
     private:
         FilesystemCredentialResolver* m_resolver;
+        unsigned int m_usage;
     };
 
 #if defined (_MSC_VER)
@@ -147,6 +164,7 @@ namespace xmltooling {
     static const XMLCh Name[] =             UNICODE_LITERAL_4(N,a,m,e);
     static const XMLCh password[] =         UNICODE_LITERAL_8(p,a,s,s,w,o,r,d);
     static const XMLCh Path[] =             UNICODE_LITERAL_4(P,a,t,h);
+    static const XMLCh _use[] =             UNICODE_LITERAL_3(u,s,e);
 };
 
 FilesystemCredentialResolver::FilesystemCredentialResolver(const DOMElement* e) : m_credential(NULL)
@@ -181,6 +199,7 @@ FilesystemCredentialResolver::FilesystemCredentialResolver(const DOMElement* e)
     }
     
     const DOMElement* root=e;
+    const XMLCh* usage = root->getAttributeNS(NULL,_use);
 
     XSECCryptoKey* key=NULL;
     vector<XSECCryptoX509*> xseccerts;
@@ -261,6 +280,7 @@ FilesystemCredentialResolver::FilesystemCredentialResolver(const DOMElement* e)
     if (!e) {
         m_credential = new FilesystemCredential(this,key,xseccerts);
         m_credential->addKeyNames(keynode);
+        m_credential->setUsage(usage);
         return;
     }
     auto_ptr_char certpass(e->getAttributeNS(NULL,password));
@@ -425,6 +445,7 @@ FilesystemCredentialResolver::FilesystemCredentialResolver(const DOMElement* e)
         key = xseccerts.front()->clonePublicKey();
     m_credential = new FilesystemCredential(this, key, xseccerts);
     m_credential->addKeyNames(keynode);
+    m_credential->setUsage(usage);
 }
 
 XSECCryptoKey* FilesystemCredentialResolver::loadKey()
-- 
2.1.4