xmltooling::X509TrustEngine Class Reference

TrustEngine interface that adds validation of X.509 credentials. More...

#include <xmltooling/security/X509TrustEngine.h>

Inheritance diagram for xmltooling::X509TrustEngine:
xmltooling::TrustEngine xmltooling::OpenSSLTrustEngine xmltooling::AbstractPKIXTrustEngine xmltooling::ChainingTrustEngine

List of all members.

Public Member Functions

virtual bool validate (XSECCryptoX509 *certEE, const std::vector< XSECCryptoX509 * > &certChain, const CredentialResolver &credResolver, CredentialCriteria *criteria=0) const =0
 Determines whether an X.509 credential is valid with respect to the source of credentials supplied.

Protected Member Functions

 X509TrustEngine (const xercesc::DOMElement *e=0, bool deprecationSupport=true)
 Constructor.

Detailed Description

TrustEngine interface that adds validation of X.509 credentials.


Constructor & Destructor Documentation

xmltooling::X509TrustEngine::X509TrustEngine ( const xercesc::DOMElement *  e = 0,
bool  deprecationSupport = true 
) [protected]

Constructor.

Parameters:
e DOM to supply configuration for provider
deprecationSupport true iff deprecated features and settings should be supported

Member Function Documentation

virtual bool xmltooling::X509TrustEngine::validate ( XSECCryptoX509 *  certEE,
const std::vector< XSECCryptoX509 * > &  certChain,
const CredentialResolver credResolver,
CredentialCriteria criteria = 0 
) const [pure virtual]

Determines whether an X.509 credential is valid with respect to the source of credentials supplied.

It is the responsibility of the application to ensure that the credentials supplied are in fact associated with the peer who presented the credential.

If criteria with a peer name are supplied, the "name" of the EE certificate may also be checked to ensure that it identifies the intended peer. The peer name itself or implementation-specific rules based on the content of the peer credentials may be applied. Implementations may omit this check if they deem it unnecessary.

Parameters:
certEE end-entity certificate to validate
certChain the complete set of certificates presented for validation (includes certEE)
credResolver a locked resolver to supply trusted peer credentials to the TrustEngine
criteria criteria for selecting peer credentials

Implemented in xmltooling::AbstractPKIXTrustEngine, and xmltooling::ChainingTrustEngine.


The documentation for this class was generated from the following file:

Generated on 24 Jan 2020 for xmltooling by  doxygen 1.6.1