File: MetadataCredentialCriteria.cpp

package info (click to toggle)
opensaml 3.3.1-4
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 6,480 kB
  • sloc: cpp: 27,961; sh: 4,593; xml: 1,004; makefile: 429; ansic: 18
file content (59 lines) | stat: -rw-r--r-- 2,307 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 
/**
 * Licensed to the University Corporation for Advanced Internet
 * Development, Inc. (UCAID) under one or more contributor license
 * agreements. See the NOTICE file distributed with this work for
 * additional information regarding copyright ownership.
 *
 * UCAID licenses this file to you under the Apache License,
 * Version 2.0 (the "License"); you may not use this file except
 * in compliance with the License. You may obtain a copy of the
 * License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
 * either express or implied. See the License for the specific
 * language governing permissions and limitations under the License.
 */

/**
 * MetadataCredentialCriteria.cpp
 * 
 * Metadata-based CredentialCriteria subclass.
 */

#include "internal.h"
#include "saml2/metadata/Metadata.h"
#include "saml2/metadata/MetadataCredentialContext.h"
#include "saml2/metadata/MetadataCredentialCriteria.h"

#include <xmltooling/security/Credential.h>

using namespace opensaml::saml2md;
using namespace xmltooling;

MetadataCredentialCriteria::MetadataCredentialCriteria(const RoleDescriptor& role) : m_role(role)
{
    const EntityDescriptor* entity = dynamic_cast<const EntityDescriptor*>(role.getParent());
    if (entity) {
        auto_ptr_char name(entity->getEntityID());
        setPeerName(name.get());
    }
}

bool MetadataCredentialCriteria::matches(const Credential& credential) const
{
    const MetadataCredentialContext* context = dynamic_cast<const MetadataCredentialContext*>(credential.getCredentialContext());
    if (context) {
        // Check for a usage mismatch.
        if ((getUsage() & (xmltooling::Credential::SIGNING_CREDENTIAL | xmltooling::Credential::TLS_CREDENTIAL)) &&
                XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_ENCRYPTION))
            return false;
        else if ((getUsage() & xmltooling::Credential::ENCRYPTION_CREDENTIAL) &&
                XMLString::equals(context->getKeyDescriptor().getUse(),KeyDescriptor::KEYTYPE_SIGNING))
            return false;
    }
    return CredentialCriteria::matches(credential);
}