#include <xmltooling/security/OpenSSLTrustEngine.h>
Inheritance diagram for xmltooling::OpenSSLTrustEngine:
Public Member Functions | |
virtual bool | validate (X509 *certEE, STACK_OF(X509)*certChain, const CredentialResolver &credResolver, CredentialCriteria *criteria=NULL) const =0 |
Determines whether an X.509 credential is valid with respect to the source of credentials supplied. | |
Protected Member Functions | |
OpenSSLTrustEngine (const xercesc::DOMElement *e=NULL) | |
Constructor. |
xmltooling::OpenSSLTrustEngine::OpenSSLTrustEngine | ( | const xercesc::DOMElement * | e = NULL |
) | [inline, protected] |
Constructor.
If a DOM is supplied, the following XML content is supported:
XML namespaces are ignored in the processing of this content.
e | DOM to supply configuration for provider |
virtual bool xmltooling::OpenSSLTrustEngine::validate | ( | X509 * | certEE, | |
STACK_OF(X509)* | certChain, | |||
const CredentialResolver & | credResolver, | |||
CredentialCriteria * | criteria = NULL | |||
) | const [pure virtual] |
Determines whether an X.509 credential is valid with respect to the source of credentials supplied.
It is the responsibility of the application to ensure that the credentials supplied are in fact associated with the peer who presented the credential.
If criteria with a peer name are supplied, the "name" of the EE certificate may also be checked to ensure that it identifies the intended peer. The peer name itself or implementation-specific rules based on the content of the peer credentials may be applied. Implementations may omit this check if they deem it unnecessary.
certEE | end-entity certificate to validate | |
certChain | the complete set of certificates presented for validation (includes certEE) | |
credResolver | a locked resolver to supply trusted peer credentials to the TrustEngine | |
criteria | criteria for selecting peer credentials |
Implemented in xmltooling::AbstractPKIXTrustEngine, and xmltooling::ChainingTrustEngine.