xmltooling  3.2.2
xmltooling::OpenSSLTrustEngine Class Referenceabstract

Extended TrustEngine interface that adds validation of X.509 credentials using OpenSSL data types directly for efficiency. More...

#include <xmltooling/security/OpenSSLTrustEngine.h>

Inheritance diagram for xmltooling::OpenSSLTrustEngine:
xmltooling::X509TrustEngine xmltooling::TrustEngine xmltooling::AbstractPKIXTrustEngine xmltooling::ChainingTrustEngine

Public Member Functions

virtual bool validate (X509 *certEE, STACK_OF(X509) *certChain, const CredentialResolver &credResolver, CredentialCriteria *criteria=0) const =0
 Determines whether an X.509 credential is valid with respect to the source of credentials supplied. More...
 
virtual bool validate (XSECCryptoX509 *certEE, const std::vector< XSECCryptoX509 * > &certChain, const CredentialResolver &credResolver, CredentialCriteria *criteria=0) const=0
 Determines whether an X.509 credential is valid with respect to the source of credentials supplied. More...
 
- Public Member Functions inherited from xmltooling::X509TrustEngine
virtual bool validate (XSECCryptoX509 *certEE, const std::vector< XSECCryptoX509 *> &certChain, const CredentialResolver &credResolver, CredentialCriteria *criteria=0) const =0
 Determines whether an X.509 credential is valid with respect to the source of credentials supplied. More...
 
- Public Member Functions inherited from xmltooling::TrustEngine
void setKeyInfoResolver (KeyInfoResolver *keyInfoResolver)
 Supplies a KeyInfoResolver instance. More...
 

Protected Member Functions

 OpenSSLTrustEngine (const xercesc::DOMElement *e=0, bool deprecationSupport=true)
 Constructor. More...
 
- Protected Member Functions inherited from xmltooling::X509TrustEngine
 X509TrustEngine (const xercesc::DOMElement *e=0, bool deprecationSupport=true)
 Constructor. More...
 
- Protected Member Functions inherited from xmltooling::TrustEngine
 TrustEngine (const xercesc::DOMElement *e=0, bool deprecationSupport=true)
 Constructor. More...
 

Additional Inherited Members

- Protected Attributes inherited from xmltooling::TrustEngine
KeyInfoResolverm_keyInfoResolver
 Custom KeyInfoResolver instance. More...
 

Detailed Description

Extended TrustEngine interface that adds validation of X.509 credentials using OpenSSL data types directly for efficiency.

Constructor & Destructor Documentation

◆ OpenSSLTrustEngine()

xmltooling::OpenSSLTrustEngine::OpenSSLTrustEngine ( const xercesc::DOMElement *  e = 0,
bool  deprecationSupport = true 
)
protected

Constructor.

Parameters
eDOM to supply configuration for provider
deprecationSupporttrue iff deprecated features and settings should be supported

Member Function Documentation

◆ validate() [1/2]

virtual bool xmltooling::X509TrustEngine::validate

Determines whether an X.509 credential is valid with respect to the source of credentials supplied.

It is the responsibility of the application to ensure that the credentials supplied are in fact associated with the peer who presented the credential.

If criteria with a peer name are supplied, the "name" of the EE certificate may also be checked to ensure that it identifies the intended peer. The peer name itself or implementation-specific rules based on the content of the peer credentials may be applied. Implementations may omit this check if they deem it unnecessary.

Parameters
certEEend-entity certificate to validate
certChainthe complete set of certificates presented for validation (includes certEE)
credResolvera locked resolver to supply trusted peer credentials to the TrustEngine
criteriacriteria for selecting peer credentials

◆ validate() [2/2]

virtual bool xmltooling::OpenSSLTrustEngine::validate ( X509 *  certEE,
STACK_OF(X509) *  certChain,
const CredentialResolver credResolver,
CredentialCriteria criteria = 0 
) const
pure virtual

Determines whether an X.509 credential is valid with respect to the source of credentials supplied.

It is the responsibility of the application to ensure that the credentials supplied are in fact associated with the peer who presented the credential.

If criteria with a peer name are supplied, the "name" of the EE certificate may also be checked to ensure that it identifies the intended peer. The peer name itself or implementation-specific rules based on the content of the peer credentials may be applied. Implementations may omit this check if they deem it unnecessary.

Parameters
certEEend-entity certificate to validate
certChainthe complete set of certificates presented for validation (includes certEE)
credResolvera locked resolver to supply trusted peer credentials to the TrustEngine
criteriacriteria for selecting peer credentials

Implemented in xmltooling::AbstractPKIXTrustEngine, and xmltooling::ChainingTrustEngine.


The documentation for this class was generated from the following file: