xmltooling
1.6.4
|
TrustEngine interface that adds validation of digital signatures. More...
#include <xmltooling/security/SignatureTrustEngine.h>
Public Member Functions | |
virtual bool | validate (xmlsignature::Signature &sig, const CredentialResolver &credResolver, CredentialCriteria *criteria=0) const =0 |
Determines whether an XML signature is correct and valid with respect to the source of credentials supplied. More... | |
virtual bool | validate (const XMLCh *sigAlgorithm, const char *sig, xmlsignature::KeyInfo *keyInfo, const char *in, unsigned int in_len, const CredentialResolver &credResolver, CredentialCriteria *criteria=0) const =0 |
Determines whether a raw signature is correct and valid with respect to the source of credentials supplied. More... | |
![]() | |
void | setKeyInfoResolver (KeyInfoResolver *keyInfoResolver) |
Supplies a KeyInfoResolver instance. More... | |
Protected Member Functions | |
SignatureTrustEngine (const xercesc::DOMElement *e=0) | |
Constructor. More... | |
![]() | |
TrustEngine (const xercesc::DOMElement *e=0) | |
Constructor. More... | |
Additional Inherited Members | |
![]() | |
KeyInfoResolver * | m_keyInfoResolver |
Custom KeyInfoResolver instance. More... | |
TrustEngine interface that adds validation of digital signatures.
|
protected |
Constructor.
e | DOM to supply configuration for provider |
|
pure virtual |
Determines whether an XML signature is correct and valid with respect to the source of credentials supplied.
It is the responsibility of the application to ensure that the credentials supplied are in fact associated with the peer who created the signature.
If criteria with a peer name are supplied, the "name" of the Credential that verifies the signature may also be checked to ensure that it identifies the intended peer. The peer name itself or implementation-specific rules based on the content of the peer credentials may be applied. Implementations may omit this check if they deem it unnecessary.
sig | reference to a signature object to validate |
credResolver | a locked resolver to supply trusted peer credentials to the TrustEngine |
criteria | criteria for selecting peer credentials |
Implemented in xmltooling::AbstractPKIXTrustEngine, and xmltooling::ChainingTrustEngine.
|
pure virtual |
Determines whether a raw signature is correct and valid with respect to the source of credentials supplied.
It is the responsibility of the application to ensure that the Credentials supplied are in fact associated with the peer who created the signature.
If criteria with a peer name are supplied, the "name" of the Credential that verifies the signature may also be checked to ensure that it identifies the intended peer. The peer name itself or implementation-specific rules based on the content of the peer credentials may be applied. Implementations may omit this check if they deem it unnecessary.
Note that the keyInfo parameter is not part of the implicitly trusted set of information supplied via the CredentialResolver, but rather advisory data that may have accompanied the signature itself.
sigAlgorithm | XML Signature identifier for the algorithm used |
sig | null-terminated base64-encoded signature value |
keyInfo | KeyInfo object accompanying the signature, if any |
in | the input data over which the signature was created |
in_len | size of input data in bytes |
credResolver | a locked resolver to supply trusted peer credentials to the TrustEngine |
criteria | criteria for selecting peer credentials |
Implemented in xmltooling::AbstractPKIXTrustEngine, and xmltooling::ChainingTrustEngine.