A trust engine that uses X.509 trust anchors and CRLs associated with a peer to perform PKIX validation of signatures and credentials. More...
#include <xmltooling/security/AbstractPKIXTrustEngine.h>
Classes | |
class | PKIXValidationInfoIterator |
Stateful interface that supplies PKIX validation data to the trust engine. More... | |
Public Member Functions | |
bool | validate (xmlsignature::Signature &sig, const CredentialResolver &credResolver, CredentialCriteria *criteria=NULL) const |
bool | validate (const XMLCh *sigAlgorithm, const char *sig, xmlsignature::KeyInfo *keyInfo, const char *in, unsigned int in_len, const CredentialResolver &credResolver, CredentialCriteria *criteria=NULL) const |
bool | validate (XSECCryptoX509 *certEE, const std::vector< XSECCryptoX509 * > &certChain, const CredentialResolver &credResolver, CredentialCriteria *criteria=NULL) const |
bool | validate (X509 *certEE, STACK_OF(X509)*certChain, const CredentialResolver &credResolver, CredentialCriteria *criteria=NULL) const |
virtual PKIXValidationInfoIterator * | getPKIXValidationInfoIterator (const CredentialResolver &pkixSource, CredentialCriteria *criteria=NULL) const =0 |
Provides access to the information necessary, for the given credential source, for PKIX validation of credentials. | |
Protected Member Functions | |
AbstractPKIXTrustEngine (const xercesc::DOMElement *e=NULL) | |
Constructor. | |
bool | checkEntityNames (X509 *certEE, const CredentialResolver &credResolver, const CredentialCriteria &criteria) const |
Checks that either the name of the peer with the given credentials or the names of the credentials match the subject or subject alternate names of the certificate. | |
Protected Attributes | |
bool | m_fullCRLChain |
Flag controls whether every issuer in the trust path must have a CRL loaded. |
A trust engine that uses X.509 trust anchors and CRLs associated with a peer to perform PKIX validation of signatures and credentials.
xmltooling::AbstractPKIXTrustEngine::AbstractPKIXTrustEngine | ( | const xercesc::DOMElement * | e = NULL |
) | [protected] |
Constructor.
If a DOM is supplied, the following XML content is supported:
XML namespaces are ignored in the processing of this content.
e | DOM to supply configuration for provider |
bool xmltooling::AbstractPKIXTrustEngine::checkEntityNames | ( | X509 * | certEE, | |
const CredentialResolver & | credResolver, | |||
const CredentialCriteria & | criteria | |||
) | const [protected] |
Checks that either the name of the peer with the given credentials or the names of the credentials match the subject or subject alternate names of the certificate.
certEE | the credential for the entity to validate | |
credResolver | source of credentials | |
criteria | criteria for selecting credentials, including the peer name |
virtual PKIXValidationInfoIterator* xmltooling::AbstractPKIXTrustEngine::getPKIXValidationInfoIterator | ( | const CredentialResolver & | pkixSource, | |
CredentialCriteria * | criteria = NULL | |||
) | const [pure virtual] |
Provides access to the information necessary, for the given credential source, for PKIX validation of credentials.
Each set of validation information returned will be tried, in turn, until one succeeds or no more remain. The caller must free the returned interface when finished with it.
pkixSource | the peer for which validation rules are required | |
criteria | criteria for selecting validation rules |
bool xmltooling::AbstractPKIXTrustEngine::m_fullCRLChain [protected] |
Flag controls whether every issuer in the trust path must have a CRL loaded.