xmltooling::AbstractPKIXTrustEngine Class Reference

A trust engine that uses X.509 trust anchors and CRLs associated with a peer to perform PKIX validation of signatures and credentials. More...

#include <xmltooling/security/AbstractPKIXTrustEngine.h>

List of all members.

Classes

class  PKIXValidationInfoIterator
 Stateful interface that supplies PKIX validation data to the trust engine. More...

Public Member Functions

bool validate (xmlsignature::Signature &sig, const CredentialResolver &credResolver, CredentialCriteria *criteria=NULL) const
bool validate (const XMLCh *sigAlgorithm, const char *sig, xmlsignature::KeyInfo *keyInfo, const char *in, unsigned int in_len, const CredentialResolver &credResolver, CredentialCriteria *criteria=NULL) const
bool validate (XSECCryptoX509 *certEE, const std::vector< XSECCryptoX509 * > &certChain, const CredentialResolver &credResolver, CredentialCriteria *criteria=NULL) const
bool validate (X509 *certEE, STACK_OF(X509)*certChain, const CredentialResolver &credResolver, CredentialCriteria *criteria=NULL) const
virtual
PKIXValidationInfoIterator
getPKIXValidationInfoIterator (const CredentialResolver &pkixSource, CredentialCriteria *criteria=NULL) const =0
 Provides access to the information necessary, for the given credential source, for PKIX validation of credentials.

Protected Member Functions

 AbstractPKIXTrustEngine (const xercesc::DOMElement *e=NULL)
 Constructor.
bool checkEntityNames (X509 *certEE, const CredentialResolver &credResolver, const CredentialCriteria &criteria) const
 Checks that either the name of the peer with the given credentials or the names of the credentials match the subject or subject alternate names of the certificate.

Protected Attributes

bool m_fullCRLChain
 Flag controls whether every issuer in the trust path must have a CRL loaded.

Detailed Description

A trust engine that uses X.509 trust anchors and CRLs associated with a peer to perform PKIX validation of signatures and credentials.


Constructor & Destructor Documentation

xmltooling::AbstractPKIXTrustEngine::AbstractPKIXTrustEngine ( const xercesc::DOMElement *  e = NULL  )  [protected]

Constructor.

If a DOM is supplied, the following XML content is supported:

  • fullCRLChain boolean attribute
  • <KeyInfoResolver> elements with a type attribute

XML namespaces are ignored in the processing of this content.

Parameters:
e DOM to supply configuration for provider

Member Function Documentation

bool xmltooling::AbstractPKIXTrustEngine::checkEntityNames ( X509 *  certEE,
const CredentialResolver credResolver,
const CredentialCriteria criteria 
) const [protected]

Checks that either the name of the peer with the given credentials or the names of the credentials match the subject or subject alternate names of the certificate.

Parameters:
certEE the credential for the entity to validate
credResolver source of credentials
criteria criteria for selecting credentials, including the peer name
Returns:
true the name check succeeds, false if not
virtual PKIXValidationInfoIterator* xmltooling::AbstractPKIXTrustEngine::getPKIXValidationInfoIterator ( const CredentialResolver pkixSource,
CredentialCriteria criteria = NULL 
) const [pure virtual]

Provides access to the information necessary, for the given credential source, for PKIX validation of credentials.

Each set of validation information returned will be tried, in turn, until one succeeds or no more remain. The caller must free the returned interface when finished with it.

Parameters:
pkixSource the peer for which validation rules are required
criteria criteria for selecting validation rules
Returns:
interface for obtaining validation data

Member Data Documentation

Flag controls whether every issuer in the trust path must have a CRL loaded.


The documentation for this class was generated from the following file:

Generated by  doxygen 1.6.2