xmltooling 3.2.4
xmltooling::ChainingTrustEngine Class Reference

OpenSSLTrustEngine that uses multiple engines in sequence. More...

#include <xmltooling/security/ChainingTrustEngine.h>

Inheritance diagram for xmltooling::ChainingTrustEngine:
xmltooling::SignatureTrustEngine xmltooling::OpenSSLTrustEngine xmltooling::TrustEngine xmltooling::X509TrustEngine xmltooling::TrustEngine

Public Member Functions

 ChainingTrustEngine (const xercesc::DOMElement *e=0, bool deprecationSupport=true)
 Constructor.
 
virtual ~ChainingTrustEngine ()
 Destructor will delete any embedded engines.
 
void addTrustEngine (TrustEngine *newEngine)
 Adds a trust engine for future calls.
 
TrustEngineremoveTrustEngine (TrustEngine *oldEngine)
 Removes a trust engine.
 
bool validate (xmlsignature::Signature &sig, const CredentialResolver &credResolver, CredentialCriteria *criteria=0) const
 Determines whether an XML signature is correct and valid with respect to the source of credentials supplied.
 
bool validate (const XMLCh *sigAlgorithm, const char *sig, xmlsignature::KeyInfo *keyInfo, const char *in, unsigned int in_len, const CredentialResolver &credResolver, CredentialCriteria *criteria=0) const
 Determines whether a raw signature is correct and valid with respect to the source of credentials supplied.
 
bool validate (XSECCryptoX509 *certEE, const std::vector< XSECCryptoX509 * > &certChain, const CredentialResolver &credResolver, CredentialCriteria *criteria=0) const
 Determines whether an X.509 credential is valid with respect to the source of credentials supplied.
 
bool validate (X509 *certEE, STACK_OF(X509) *certChain, const CredentialResolver &credResolver, CredentialCriteria *criteria=0) const
 Determines whether an X.509 credential is valid with respect to the source of credentials supplied.
 
- Public Member Functions inherited from xmltooling::SignatureTrustEngine
- Public Member Functions inherited from xmltooling::TrustEngine
void setKeyInfoResolver (KeyInfoResolver *keyInfoResolver)
 Supplies a KeyInfoResolver instance.
 
- Public Member Functions inherited from xmltooling::OpenSSLTrustEngine
virtual bool validate (XSECCryptoX509 *certEE, const std::vector< XSECCryptoX509 * > &certChain, const CredentialResolver &credResolver, CredentialCriteria *criteria=0) const=0
 Determines whether an X.509 credential is valid with respect to the source of credentials supplied.
 
- Public Member Functions inherited from xmltooling::X509TrustEngine

Additional Inherited Members

- Protected Member Functions inherited from xmltooling::SignatureTrustEngine
 SignatureTrustEngine (const xercesc::DOMElement *e=0, bool deprecationSupport=true)
 Constructor.
 
- Protected Member Functions inherited from xmltooling::TrustEngine
 TrustEngine (const xercesc::DOMElement *e=0, bool deprecationSupport=true)
 Constructor.
 
- Protected Member Functions inherited from xmltooling::OpenSSLTrustEngine
 OpenSSLTrustEngine (const xercesc::DOMElement *e=0, bool deprecationSupport=true)
 Constructor.
 
- Protected Member Functions inherited from xmltooling::X509TrustEngine
 X509TrustEngine (const xercesc::DOMElement *e=0, bool deprecationSupport=true)
 Constructor.
 
- Protected Attributes inherited from xmltooling::TrustEngine
KeyInfoResolverm_keyInfoResolver
 Custom KeyInfoResolver instance.
 

Detailed Description

OpenSSLTrustEngine that uses multiple engines in sequence.

Constructor & Destructor Documentation

◆ ChainingTrustEngine()

xmltooling::ChainingTrustEngine::ChainingTrustEngine ( const xercesc::DOMElement * e = 0,
bool deprecationSupport = true )

Constructor.

If a DOM is supplied, the following XML content is supported:

XML namespaces are ignored in the processing of this content.

Parameters
eDOM to supply configuration for provider
deprecationSupporttrue iff the plugin(s) should support any deprecated features

Member Function Documentation

◆ addTrustEngine()

void xmltooling::ChainingTrustEngine::addTrustEngine ( TrustEngine * newEngine)

Adds a trust engine for future calls.

Parameters
newEnginetrust engine to add

◆ removeTrustEngine()

TrustEngine * xmltooling::ChainingTrustEngine::removeTrustEngine ( TrustEngine * oldEngine)

Removes a trust engine.

The caller must delete the engine if necessary.

Parameters
oldEnginetrust engine to remove
Returns
the old engine

◆ validate() [1/4]

bool xmltooling::ChainingTrustEngine::validate ( const XMLCh * sigAlgorithm,
const char * sig,
xmlsignature::KeyInfo * keyInfo,
const char * in,
unsigned int in_len,
const CredentialResolver & credResolver,
CredentialCriteria * criteria = 0 ) const
virtual

Determines whether a raw signature is correct and valid with respect to the source of credentials supplied.

It is the responsibility of the application to ensure that the Credentials supplied are in fact associated with the peer who created the signature.

If criteria with a peer name are supplied, the "name" of the Credential that verifies the signature may also be checked to ensure that it identifies the intended peer. The peer name itself or implementation-specific rules based on the content of the peer credentials may be applied. Implementations may omit this check if they deem it unnecessary.

Note that the keyInfo parameter is not part of the implicitly trusted set of information supplied via the CredentialResolver, but rather advisory data that may have accompanied the signature itself.

Parameters
sigAlgorithmXML Signature identifier for the algorithm used
signull-terminated base64-encoded signature value
keyInfoKeyInfo object accompanying the signature, if any
inthe input data over which the signature was created
in_lensize of input data in bytes
credResolvera locked resolver to supply trusted peer credentials to the TrustEngine
criteriacriteria for selecting peer credentials
Returns
true iff the signature validates

Implements xmltooling::SignatureTrustEngine.

◆ validate() [2/4]

bool xmltooling::ChainingTrustEngine::validate ( X509 * certEE,
STACK_OF(X509) * certChain,
const CredentialResolver & credResolver,
CredentialCriteria * criteria = 0 ) const
virtual

Determines whether an X.509 credential is valid with respect to the source of credentials supplied.

It is the responsibility of the application to ensure that the credentials supplied are in fact associated with the peer who presented the credential.

If criteria with a peer name are supplied, the "name" of the EE certificate may also be checked to ensure that it identifies the intended peer. The peer name itself or implementation-specific rules based on the content of the peer credentials may be applied. Implementations may omit this check if they deem it unnecessary.

Parameters
certEEend-entity certificate to validate
certChainthe complete set of certificates presented for validation (includes certEE)
credResolvera locked resolver to supply trusted peer credentials to the TrustEngine
criteriacriteria for selecting peer credentials

Implements xmltooling::OpenSSLTrustEngine.

◆ validate() [3/4]

bool xmltooling::ChainingTrustEngine::validate ( xmlsignature::Signature & sig,
const CredentialResolver & credResolver,
CredentialCriteria * criteria = 0 ) const
virtual

Determines whether an XML signature is correct and valid with respect to the source of credentials supplied.

It is the responsibility of the application to ensure that the credentials supplied are in fact associated with the peer who created the signature.

If criteria with a peer name are supplied, the "name" of the Credential that verifies the signature may also be checked to ensure that it identifies the intended peer. The peer name itself or implementation-specific rules based on the content of the peer credentials may be applied. Implementations may omit this check if they deem it unnecessary.

Parameters
sigreference to a signature object to validate
credResolvera locked resolver to supply trusted peer credentials to the TrustEngine
criteriacriteria for selecting peer credentials
Returns
true iff the signature validates

Implements xmltooling::SignatureTrustEngine.

◆ validate() [4/4]

bool xmltooling::ChainingTrustEngine::validate ( XSECCryptoX509 * certEE,
const std::vector< XSECCryptoX509 * > & certChain,
const CredentialResolver & credResolver,
CredentialCriteria * criteria = 0 ) const
virtual

Determines whether an X.509 credential is valid with respect to the source of credentials supplied.

It is the responsibility of the application to ensure that the credentials supplied are in fact associated with the peer who presented the credential.

If criteria with a peer name are supplied, the "name" of the EE certificate may also be checked to ensure that it identifies the intended peer. The peer name itself or implementation-specific rules based on the content of the peer credentials may be applied. Implementations may omit this check if they deem it unnecessary.

Parameters
certEEend-entity certificate to validate
certChainthe complete set of certificates presented for validation (includes certEE)
credResolvera locked resolver to supply trusted peer credentials to the TrustEngine
criteriacriteria for selecting peer credentials

Implements xmltooling::X509TrustEngine.


The documentation for this class was generated from the following file: