1 /** 2 * Licensed to the University Corporation for Advanced Internet 3 * Development, Inc. (UCAID) under one or more contributor license 4 * agreements. See the NOTICE file distributed with this work for 5 * additional information regarding copyright ownership. 6 * 7 * UCAID licenses this file to you under the Apache License, 8 * Version 2.0 (the "License"); you may not use this file except 9 * in compliance with the License. You may obtain a copy of the 10 * License at 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, 15 * software distributed under the License is distributed on an 16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 17 * either express or implied. See the License for the specific 18 * language governing permissions and limitations under the License. 19 */ 20 21 /** 22 * @file xmltooling/security/Credential.h 23 * 24 * Wraps keys and related functionality. 25 */ 26 27 #if !defined(__xmltooling_cred_h__) && !defined(XMLTOOLING_NO_XMLSEC) 28 #define __xmltooling_cred_h__ 29 30 #include <xmltooling/base.h> 31 32 #include <set> 33 #include <string> 34 35 class XSECCryptoKey; 36 37 namespace xmlsignature { 38 class XMLTOOL_API KeyInfo; 39 }; 40 41 namespace xmltooling { 42 43 class XMLTOOL_API CredentialCriteria; 44 class XMLTOOL_API CredentialContext; 45 46 /** 47 * Wraps keys and related functionality. 48 * 49 * <p>Shared credential implementations should implement reference counting 50 * and honor any locking parameters to ensure appropriate synchronization. 51 */ 52 class XMLTOOL_API Credential 53 { 54 MAKE_NONCOPYABLE(Credential); 55 protected: 56 Credential(); 57 58 public: 59 virtual ~Credential(); 60 61 /** 62 * Bitmask constants for limiting resolution process inside a CredentialResolver. 63 */ 64 enum ResolveTypes { 65 RESOLVE_KEYS = 1, 66 RESOLVE_NAMES = 2 67 }; 68 69 /** 70 * Bitmask of use cases for credentials. 71 */ 72 enum UsageTypes { 73 UNSPECIFIED_CREDENTIAL = 0, 74 SIGNING_CREDENTIAL = 1, 75 TLS_CREDENTIAL = 2, 76 ENCRYPTION_CREDENTIAL = 4 77 }; 78 79 /** 80 * Bitmask of supported KeyInfo content to generate. 81 */ 82 enum KeyInfoTypes { 83 KEYINFO_KEY_VALUE = 1, 84 KEYINFO_KEY_NAME = 2 85 }; 86 87 /** 88 * Get credential usage types. 89 * 90 * @return the usage bitmask 91 */ 92 virtual unsigned int getUsage() const=0; 93 94 /** 95 * Returns an algorithm identifier for the Credential. 96 * 97 * @return the Credential algorithm, or nullptr if indeterminate 98 */ 99 virtual const char* getAlgorithm() const=0; 100 101 /** 102 * Returns the size of the key in bits. 103 * 104 * @return the key size, or 0 if indeterminate 105 */ 106 virtual unsigned int getKeySize() const=0; 107 108 /** 109 * Returns a secret or private key to use for signing or decryption operations. 110 * 111 * @return a secret or private key 112 */ 113 virtual const XSECCryptoKey* getPrivateKey() const=0; 114 115 /** 116 * Returns a secret or public key to use for verification or encryption operations. 117 * 118 * @return a secret or public key 119 */ 120 virtual const XSECCryptoKey* getPublicKey() const=0; 121 122 /** 123 * Returns names representing the Credential. 124 * 125 * <p>Names should be unique in the context of the comparisons against CredentialCriteria 126 * that deployments expect to see. 127 * 128 * @return a sorted set of names 129 */ 130 virtual const std::set<std::string>& getKeyNames() const=0; 131 132 /** 133 * Returns a ds:KeyInfo object representing the Credential for use in 134 * communicating with other entities. 135 * 136 * @param compact true iff the communication medium is such that only compact forms should be included 137 * @return a KeyInfo object, which must be freed by the caller 138 */ 139 virtual xmlsignature::KeyInfo* getKeyInfo(bool compact=false) const=0; 140 141 /** 142 * Get the credential context information, which provides additional information 143 * specific to the context in which the credential was resolved. 144 * 145 * @return resolution context of the credential 146 */ 147 virtual const CredentialContext* getCredentialContext() const; 148 }; 149 }; 150 151 #endif /* __xmltooling_cred_h__ */ 152