OpenSSLTrustEngine that uses multiple engines in sequence. More...
#include <xmltooling/security/ChainingTrustEngine.h>
Public Member Functions | |
ChainingTrustEngine (const xercesc::DOMElement *e=NULL) | |
Constructor. | |
virtual | ~ChainingTrustEngine () |
Destructor will delete any embedded engines. | |
void | addTrustEngine (TrustEngine *newEngine) |
Adds a trust engine for future calls. | |
TrustEngine * | removeTrustEngine (TrustEngine *oldEngine) |
Removes a trust engine. | |
bool | validate (xmlsignature::Signature &sig, const CredentialResolver &credResolver, CredentialCriteria *criteria=NULL) const |
bool | validate (const XMLCh *sigAlgorithm, const char *sig, xmlsignature::KeyInfo *keyInfo, const char *in, unsigned int in_len, const CredentialResolver &credResolver, CredentialCriteria *criteria=NULL) const |
bool | validate (XSECCryptoX509 *certEE, const std::vector< XSECCryptoX509 * > &certChain, const CredentialResolver &credResolver, CredentialCriteria *criteria=NULL) const |
Determines whether an X.509 credential is valid with respect to the source of credentials supplied. | |
bool | validate (X509 *certEE, STACK_OF(X509)*certChain, const CredentialResolver &credResolver, CredentialCriteria *criteria=NULL) const |
Determines whether an X.509 credential is valid with respect to the source of credentials supplied. |
OpenSSLTrustEngine that uses multiple engines in sequence.
xmltooling::ChainingTrustEngine::ChainingTrustEngine | ( | const xercesc::DOMElement * | e = NULL |
) |
Constructor.
If a DOM is supplied, the following XML content is supported:
XML namespaces are ignored in the processing of this content.
e | DOM to supply configuration for provider |
void xmltooling::ChainingTrustEngine::addTrustEngine | ( | TrustEngine * | newEngine | ) |
Adds a trust engine for future calls.
newEngine | trust engine to add |
TrustEngine* xmltooling::ChainingTrustEngine::removeTrustEngine | ( | TrustEngine * | oldEngine | ) |
Removes a trust engine.
The caller must delete the engine if necessary.
oldEngine | trust engine to remove |
bool xmltooling::ChainingTrustEngine::validate | ( | XSECCryptoX509 * | certEE, | |
const std::vector< XSECCryptoX509 * > & | certChain, | |||
const CredentialResolver & | credResolver, | |||
CredentialCriteria * | criteria = NULL | |||
) | const [virtual] |
Determines whether an X.509 credential is valid with respect to the source of credentials supplied.
It is the responsibility of the application to ensure that the credentials supplied are in fact associated with the peer who presented the credential.
If criteria with a peer name are supplied, the "name" of the EE certificate may also be checked to ensure that it identifies the intended peer. The peer name itself or implementation-specific rules based on the content of the peer credentials may be applied. Implementations may omit this check if they deem it unnecessary.
certEE | end-entity certificate to validate | |
certChain | the complete set of certificates presented for validation (includes certEE) | |
credResolver | a locked resolver to supply trusted peer credentials to the TrustEngine | |
criteria | criteria for selecting peer credentials |
Implements xmltooling::X509TrustEngine.
bool xmltooling::ChainingTrustEngine::validate | ( | X509 * | certEE, | |
STACK_OF(X509)* | certChain, | |||
const CredentialResolver & | credResolver, | |||
CredentialCriteria * | criteria = NULL | |||
) | const [virtual] |
Determines whether an X.509 credential is valid with respect to the source of credentials supplied.
It is the responsibility of the application to ensure that the credentials supplied are in fact associated with the peer who presented the credential.
If criteria with a peer name are supplied, the "name" of the EE certificate may also be checked to ensure that it identifies the intended peer. The peer name itself or implementation-specific rules based on the content of the peer credentials may be applied. Implementations may omit this check if they deem it unnecessary.
certEE | end-entity certificate to validate | |
certChain | the complete set of certificates presented for validation (includes certEE) | |
credResolver | a locked resolver to supply trusted peer credentials to the TrustEngine | |
criteria | criteria for selecting peer credentials |
Implements xmltooling::OpenSSLTrustEngine.