xmltooling::SignatureTrustEngine Class Reference

TrustEngine interface that adds validation of digital signatures. More...

#include <xmltooling/security/SignatureTrustEngine.h>

Inheritance diagram for xmltooling::SignatureTrustEngine:
xmltooling::TrustEngine xmltooling::AbstractPKIXTrustEngine xmltooling::ChainingTrustEngine

List of all members.

Public Member Functions

virtual bool validate (xmlsignature::Signature &sig, const CredentialResolver &credResolver, CredentialCriteria *criteria=0) const =0
 Determines whether an XML signature is correct and valid with respect to the source of credentials supplied.
virtual bool validate (const XMLCh *sigAlgorithm, const char *sig, xmlsignature::KeyInfo *keyInfo, const char *in, unsigned int in_len, const CredentialResolver &credResolver, CredentialCriteria *criteria=0) const =0
 Determines whether a raw signature is correct and valid with respect to the source of credentials supplied.

Protected Member Functions

 SignatureTrustEngine (const xercesc::DOMElement *e=0, bool deprecationSupport=true)
 Constructor.

Detailed Description

TrustEngine interface that adds validation of digital signatures.


Constructor & Destructor Documentation

xmltooling::SignatureTrustEngine::SignatureTrustEngine ( const xercesc::DOMElement *  e = 0,
bool  deprecationSupport = true 
) [protected]

Constructor.

Parameters:
e DOM to supply configuration for provider
deprecationSupport true iff deprecated features and settings should be supported

Member Function Documentation

virtual bool xmltooling::SignatureTrustEngine::validate ( const XMLCh *  sigAlgorithm,
const char *  sig,
xmlsignature::KeyInfo keyInfo,
const char *  in,
unsigned int  in_len,
const CredentialResolver credResolver,
CredentialCriteria criteria = 0 
) const [pure virtual]

Determines whether a raw signature is correct and valid with respect to the source of credentials supplied.

It is the responsibility of the application to ensure that the Credentials supplied are in fact associated with the peer who created the signature.

If criteria with a peer name are supplied, the "name" of the Credential that verifies the signature may also be checked to ensure that it identifies the intended peer. The peer name itself or implementation-specific rules based on the content of the peer credentials may be applied. Implementations may omit this check if they deem it unnecessary.

Note that the keyInfo parameter is not part of the implicitly trusted set of information supplied via the CredentialResolver, but rather advisory data that may have accompanied the signature itself.

Parameters:
sigAlgorithm XML Signature identifier for the algorithm used
sig null-terminated base64-encoded signature value
keyInfo KeyInfo object accompanying the signature, if any
in the input data over which the signature was created
in_len size of input data in bytes
credResolver a locked resolver to supply trusted peer credentials to the TrustEngine
criteria criteria for selecting peer credentials
Returns:
true iff the signature validates

Implemented in xmltooling::AbstractPKIXTrustEngine, and xmltooling::ChainingTrustEngine.

virtual bool xmltooling::SignatureTrustEngine::validate ( xmlsignature::Signature sig,
const CredentialResolver credResolver,
CredentialCriteria criteria = 0 
) const [pure virtual]

Determines whether an XML signature is correct and valid with respect to the source of credentials supplied.

It is the responsibility of the application to ensure that the credentials supplied are in fact associated with the peer who created the signature.

If criteria with a peer name are supplied, the "name" of the Credential that verifies the signature may also be checked to ensure that it identifies the intended peer. The peer name itself or implementation-specific rules based on the content of the peer credentials may be applied. Implementations may omit this check if they deem it unnecessary.

Parameters:
sig reference to a signature object to validate
credResolver a locked resolver to supply trusted peer credentials to the TrustEngine
criteria criteria for selecting peer credentials
Returns:
true iff the signature validates

Implemented in xmltooling::AbstractPKIXTrustEngine, and xmltooling::ChainingTrustEngine.


The documentation for this class was generated from the following file:

Generated on 24 Jan 2020 for xmltooling by  doxygen 1.6.1