1 /** 2 * Licensed to the University Corporation for Advanced Internet 3 * Development, Inc. (UCAID) under one or more contributor license 4 * agreements. See the NOTICE file distributed with this work for 5 * additional information regarding copyright ownership. 6 * 7 * UCAID licenses this file to you under the Apache License, 8 * Version 2.0 (the "License"); you may not use this file except 9 * in compliance with the License. You may obtain a copy of the 10 * License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, 15 * software distributed under the License is distributed on an 16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 17 * either express or implied. See the License for the specific 18 * language governing permissions and limitations under the License. 19 */ 20 21 /** 22 * @file xmltooling/security/PathValidator.h 23 * 24 * Plugin interface to certificate path validation. 25 */ 26 27 #if !defined(__xmltooling_pathval_h__) && !defined(XMLTOOLING_NO_XMLSEC) 28 #define __xmltooling_pathval_h__ 29 30 #include <vector> 31 32 class XSECCryptoX509; 33 34 namespace xmltooling { 35 36 /** 37 * Plugin interface to certificate path validation, independent of context. 38 * <p>This interface assumes that the end-entity certificate is "correctly" 39 * bound to a party, and solely addresses the validity of that certificate. 40 */ 41 class XMLTOOL_API PathValidator 42 { 43 MAKE_NONCOPYABLE(PathValidator); 44 protected: 45 PathValidator(); 46 47 public: 48 virtual ~PathValidator(); 49 50 /** 51 * Marker interface for plugin-specific parameters into the validation 52 * process. 53 */ 54 class XMLTOOL_API PathValidatorParams { 55 MAKE_NONCOPYABLE(PathValidatorParams); 56 protected: 57 PathValidatorParams(); 58 59 public: 60 virtual ~PathValidatorParams(); 61 }; 62 63 /** 64 * Validates an end-entity certificate. 65 * 66 * @param certEE end-entity certificate 67 * @param certChain the complete untrusted certificate chain 68 * @param params plugin-specific parameters to the validation process 69 * @return true iff validaton succeeds 70 */ 71 virtual bool validate( 72 XSECCryptoX509* certEE, 73 const std::vector<XSECCryptoX509*>& certChain, 74 const PathValidatorParams& params 75 ) const=0; 76 }; 77 78 /** 79 * Registers PathValidator classes into the runtime. 80 */ 81 void XMLTOOL_API registerPathValidators(); 82 83 /** PathValidator based on PKIX. */ 84 #define PKIX_PATHVALIDATOR "PKIX" 85 }; 86 87 #endif /* __xmltooling_pathval_h__ */ 88