Public Member Functions

xmltooling::ChainingTrustEngine Class Reference

OpenSSLTrustEngine that uses multiple engines in sequence. More...

#include <xmltooling/security/ChainingTrustEngine.h>

Inheritance diagram for xmltooling::ChainingTrustEngine:
Inheritance graph
[legend]
Collaboration diagram for xmltooling::ChainingTrustEngine:
Collaboration graph
[legend]

List of all members.

Public Member Functions

 ChainingTrustEngine (const xercesc::DOMElement *e=NULL)
 Constructor.
virtual ~ChainingTrustEngine ()
 Destructor will delete any embedded engines.
void addTrustEngine (TrustEngine *newEngine)
 Adds a trust engine for future calls.
TrustEngineremoveTrustEngine (TrustEngine *oldEngine)
 Removes a trust engine.
bool validate (xmlsignature::Signature &sig, const CredentialResolver &credResolver, CredentialCriteria *criteria=NULL) const
bool validate (const XMLCh *sigAlgorithm, const char *sig, xmlsignature::KeyInfo *keyInfo, const char *in, unsigned int in_len, const CredentialResolver &credResolver, CredentialCriteria *criteria=NULL) const
bool validate (XSECCryptoX509 *certEE, const std::vector< XSECCryptoX509 * > &certChain, const CredentialResolver &credResolver, CredentialCriteria *criteria=NULL) const
 Determines whether an X.509 credential is valid with respect to the source of credentials supplied.
bool validate (X509 *certEE, STACK_OF(X509)*certChain, const CredentialResolver &credResolver, CredentialCriteria *criteria=NULL) const
 Determines whether an X.509 credential is valid with respect to the source of credentials supplied.

Detailed Description

OpenSSLTrustEngine that uses multiple engines in sequence.


Constructor & Destructor Documentation

xmltooling::ChainingTrustEngine::ChainingTrustEngine ( const xercesc::DOMElement *  e = NULL  ) 

Constructor.

If a DOM is supplied, the following XML content is supported:

XML namespaces are ignored in the processing of this content.

Parameters:
e DOM to supply configuration for provider

Member Function Documentation

void xmltooling::ChainingTrustEngine::addTrustEngine ( TrustEngine newEngine  ) 

Adds a trust engine for future calls.

Parameters:
newEngine trust engine to add
TrustEngine* xmltooling::ChainingTrustEngine::removeTrustEngine ( TrustEngine oldEngine  ) 

Removes a trust engine.

The caller must delete the engine if necessary.

Parameters:
oldEngine trust engine to remove
Returns:
the old engine
bool xmltooling::ChainingTrustEngine::validate ( XSECCryptoX509 *  certEE,
const std::vector< XSECCryptoX509 * > &  certChain,
const CredentialResolver credResolver,
CredentialCriteria criteria = NULL 
) const [virtual]

Determines whether an X.509 credential is valid with respect to the source of credentials supplied.

It is the responsibility of the application to ensure that the credentials supplied are in fact associated with the peer who presented the credential.

If criteria with a peer name are supplied, the "name" of the EE certificate may also be checked to ensure that it identifies the intended peer. The peer name itself or implementation-specific rules based on the content of the peer credentials may be applied. Implementations may omit this check if they deem it unnecessary.

Parameters:
certEE end-entity certificate to validate
certChain the complete set of certificates presented for validation (includes certEE)
credResolver a locked resolver to supply trusted peer credentials to the TrustEngine
criteria criteria for selecting peer credentials

Implements xmltooling::X509TrustEngine.

bool xmltooling::ChainingTrustEngine::validate ( X509 *  certEE,
STACK_OF(X509)*  certChain,
const CredentialResolver credResolver,
CredentialCriteria criteria = NULL 
) const [virtual]

Determines whether an X.509 credential is valid with respect to the source of credentials supplied.

It is the responsibility of the application to ensure that the credentials supplied are in fact associated with the peer who presented the credential.

If criteria with a peer name are supplied, the "name" of the EE certificate may also be checked to ensure that it identifies the intended peer. The peer name itself or implementation-specific rules based on the content of the peer credentials may be applied. Implementations may omit this check if they deem it unnecessary.

Parameters:
certEE end-entity certificate to validate
certChain the complete set of certificates presented for validation (includes certEE)
credResolver a locked resolver to supply trusted peer credentials to the TrustEngine
criteria criteria for selecting peer credentials

Implements xmltooling::OpenSSLTrustEngine.


The documentation for this class was generated from the following file: