xmltooling 3.2.4
|
OpenSSLTrustEngine that uses multiple engines in sequence. More...
#include <xmltooling/security/ChainingTrustEngine.h>
Public Member Functions | |
ChainingTrustEngine (const xercesc::DOMElement *e=0, bool deprecationSupport=true) | |
Constructor. | |
virtual | ~ChainingTrustEngine () |
Destructor will delete any embedded engines. | |
void | addTrustEngine (TrustEngine *newEngine) |
Adds a trust engine for future calls. | |
TrustEngine * | removeTrustEngine (TrustEngine *oldEngine) |
Removes a trust engine. | |
bool | validate (xmlsignature::Signature &sig, const CredentialResolver &credResolver, CredentialCriteria *criteria=0) const |
Determines whether an XML signature is correct and valid with respect to the source of credentials supplied. | |
bool | validate (const XMLCh *sigAlgorithm, const char *sig, xmlsignature::KeyInfo *keyInfo, const char *in, unsigned int in_len, const CredentialResolver &credResolver, CredentialCriteria *criteria=0) const |
Determines whether a raw signature is correct and valid with respect to the source of credentials supplied. | |
bool | validate (XSECCryptoX509 *certEE, const std::vector< XSECCryptoX509 * > &certChain, const CredentialResolver &credResolver, CredentialCriteria *criteria=0) const |
Determines whether an X.509 credential is valid with respect to the source of credentials supplied. | |
bool | validate (X509 *certEE, STACK_OF(X509) *certChain, const CredentialResolver &credResolver, CredentialCriteria *criteria=0) const |
Determines whether an X.509 credential is valid with respect to the source of credentials supplied. | |
![]() | |
![]() | |
void | setKeyInfoResolver (KeyInfoResolver *keyInfoResolver) |
Supplies a KeyInfoResolver instance. | |
![]() | |
virtual bool | validate (XSECCryptoX509 *certEE, const std::vector< XSECCryptoX509 * > &certChain, const CredentialResolver &credResolver, CredentialCriteria *criteria=0) const=0 |
Determines whether an X.509 credential is valid with respect to the source of credentials supplied. | |
![]() |
Additional Inherited Members | |
![]() | |
SignatureTrustEngine (const xercesc::DOMElement *e=0, bool deprecationSupport=true) | |
Constructor. | |
![]() | |
TrustEngine (const xercesc::DOMElement *e=0, bool deprecationSupport=true) | |
Constructor. | |
![]() | |
OpenSSLTrustEngine (const xercesc::DOMElement *e=0, bool deprecationSupport=true) | |
Constructor. | |
![]() | |
X509TrustEngine (const xercesc::DOMElement *e=0, bool deprecationSupport=true) | |
Constructor. | |
![]() | |
KeyInfoResolver * | m_keyInfoResolver |
Custom KeyInfoResolver instance. | |
OpenSSLTrustEngine that uses multiple engines in sequence.
xmltooling::ChainingTrustEngine::ChainingTrustEngine | ( | const xercesc::DOMElement * | e = 0, |
bool | deprecationSupport = true ) |
Constructor.
If a DOM is supplied, the following XML content is supported:
XML namespaces are ignored in the processing of this content.
e | DOM to supply configuration for provider |
deprecationSupport | true iff the plugin(s) should support any deprecated features |
void xmltooling::ChainingTrustEngine::addTrustEngine | ( | TrustEngine * | newEngine | ) |
Adds a trust engine for future calls.
newEngine | trust engine to add |
TrustEngine * xmltooling::ChainingTrustEngine::removeTrustEngine | ( | TrustEngine * | oldEngine | ) |
Removes a trust engine.
The caller must delete the engine if necessary.
oldEngine | trust engine to remove |
|
virtual |
Determines whether a raw signature is correct and valid with respect to the source of credentials supplied.
It is the responsibility of the application to ensure that the Credentials supplied are in fact associated with the peer who created the signature.
If criteria with a peer name are supplied, the "name" of the Credential that verifies the signature may also be checked to ensure that it identifies the intended peer. The peer name itself or implementation-specific rules based on the content of the peer credentials may be applied. Implementations may omit this check if they deem it unnecessary.
Note that the keyInfo parameter is not part of the implicitly trusted set of information supplied via the CredentialResolver, but rather advisory data that may have accompanied the signature itself.
sigAlgorithm | XML Signature identifier for the algorithm used |
sig | null-terminated base64-encoded signature value |
keyInfo | KeyInfo object accompanying the signature, if any |
in | the input data over which the signature was created |
in_len | size of input data in bytes |
credResolver | a locked resolver to supply trusted peer credentials to the TrustEngine |
criteria | criteria for selecting peer credentials |
Implements xmltooling::SignatureTrustEngine.
|
virtual |
Determines whether an X.509 credential is valid with respect to the source of credentials supplied.
It is the responsibility of the application to ensure that the credentials supplied are in fact associated with the peer who presented the credential.
If criteria with a peer name are supplied, the "name" of the EE certificate may also be checked to ensure that it identifies the intended peer. The peer name itself or implementation-specific rules based on the content of the peer credentials may be applied. Implementations may omit this check if they deem it unnecessary.
certEE | end-entity certificate to validate |
certChain | the complete set of certificates presented for validation (includes certEE) |
credResolver | a locked resolver to supply trusted peer credentials to the TrustEngine |
criteria | criteria for selecting peer credentials |
Implements xmltooling::OpenSSLTrustEngine.
|
virtual |
Determines whether an XML signature is correct and valid with respect to the source of credentials supplied.
It is the responsibility of the application to ensure that the credentials supplied are in fact associated with the peer who created the signature.
If criteria with a peer name are supplied, the "name" of the Credential that verifies the signature may also be checked to ensure that it identifies the intended peer. The peer name itself or implementation-specific rules based on the content of the peer credentials may be applied. Implementations may omit this check if they deem it unnecessary.
sig | reference to a signature object to validate |
credResolver | a locked resolver to supply trusted peer credentials to the TrustEngine |
criteria | criteria for selecting peer credentials |
Implements xmltooling::SignatureTrustEngine.
|
virtual |
Determines whether an X.509 credential is valid with respect to the source of credentials supplied.
It is the responsibility of the application to ensure that the credentials supplied are in fact associated with the peer who presented the credential.
If criteria with a peer name are supplied, the "name" of the EE certificate may also be checked to ensure that it identifies the intended peer. The peer name itself or implementation-specific rules based on the content of the peer credentials may be applied. Implementations may omit this check if they deem it unnecessary.
certEE | end-entity certificate to validate |
certChain | the complete set of certificates presented for validation (includes certEE) |
credResolver | a locked resolver to supply trusted peer credentials to the TrustEngine |
criteria | criteria for selecting peer credentials |
Implements xmltooling::X509TrustEngine.