xmltooling
3.2.0
|
Extended TrustEngine interface that adds validation of X.509 credentials using OpenSSL data types directly for efficiency. More...
#include <xmltooling/security/OpenSSLTrustEngine.h>
Public Member Functions | |
virtual bool | validate (X509 *certEE, STACK_OF(X509) *certChain, const CredentialResolver &credResolver, CredentialCriteria *criteria=0) const =0 |
Determines whether an X.509 credential is valid with respect to the source of credentials supplied. More... | |
virtual bool | validate (XSECCryptoX509 *certEE, const std::vector< XSECCryptoX509 * > &certChain, const CredentialResolver &credResolver, CredentialCriteria *criteria=0) const=0 |
Determines whether an X.509 credential is valid with respect to the source of credentials supplied. More... | |
![]() | |
virtual bool | validate (XSECCryptoX509 *certEE, const std::vector< XSECCryptoX509 *> &certChain, const CredentialResolver &credResolver, CredentialCriteria *criteria=0) const =0 |
Determines whether an X.509 credential is valid with respect to the source of credentials supplied. More... | |
![]() | |
void | setKeyInfoResolver (KeyInfoResolver *keyInfoResolver) |
Supplies a KeyInfoResolver instance. More... | |
Protected Member Functions | |
OpenSSLTrustEngine (const xercesc::DOMElement *e=0, bool deprecationSupport=true) | |
Constructor. More... | |
![]() | |
X509TrustEngine (const xercesc::DOMElement *e=0, bool deprecationSupport=true) | |
Constructor. More... | |
![]() | |
TrustEngine (const xercesc::DOMElement *e=0, bool deprecationSupport=true) | |
Constructor. More... | |
Additional Inherited Members | |
![]() | |
KeyInfoResolver * | m_keyInfoResolver |
Custom KeyInfoResolver instance. More... | |
Extended TrustEngine interface that adds validation of X.509 credentials using OpenSSL data types directly for efficiency.
|
protected |
Constructor.
e | DOM to supply configuration for provider |
deprecationSupport | true iff deprecated features and settings should be supported |
virtual bool xmltooling::X509TrustEngine::validate |
Determines whether an X.509 credential is valid with respect to the source of credentials supplied.
It is the responsibility of the application to ensure that the credentials supplied are in fact associated with the peer who presented the credential.
If criteria with a peer name are supplied, the "name" of the EE certificate may also be checked to ensure that it identifies the intended peer. The peer name itself or implementation-specific rules based on the content of the peer credentials may be applied. Implementations may omit this check if they deem it unnecessary.
certEE | end-entity certificate to validate |
certChain | the complete set of certificates presented for validation (includes certEE) |
credResolver | a locked resolver to supply trusted peer credentials to the TrustEngine |
criteria | criteria for selecting peer credentials |
|
pure virtual |
Determines whether an X.509 credential is valid with respect to the source of credentials supplied.
It is the responsibility of the application to ensure that the credentials supplied are in fact associated with the peer who presented the credential.
If criteria with a peer name are supplied, the "name" of the EE certificate may also be checked to ensure that it identifies the intended peer. The peer name itself or implementation-specific rules based on the content of the peer credentials may be applied. Implementations may omit this check if they deem it unnecessary.
certEE | end-entity certificate to validate |
certChain | the complete set of certificates presented for validation (includes certEE) |
credResolver | a locked resolver to supply trusted peer credentials to the TrustEngine |
criteria | criteria for selecting peer credentials |
Implemented in xmltooling::AbstractPKIXTrustEngine, and xmltooling::ChainingTrustEngine.