xmltooling::OpenSSLTrustEngine Class Reference

Extended TrustEngine interface that adds validation of X.509 credentials using OpenSSL data types directly for efficiency. More...

#include <xmltooling/security/OpenSSLTrustEngine.h>

Inheritance diagram for xmltooling::OpenSSLTrustEngine:

xmltooling::X509TrustEngine xmltooling::TrustEngine xmltooling::AbstractPKIXTrustEngine xmltooling::ChainingTrustEngine List of all members.

Public Member Functions

virtual bool validate (X509 *certEE, STACK_OF(X509)*certChain, const CredentialResolver &credResolver, CredentialCriteria *criteria=NULL) const =0
 Determines whether an X.509 credential is valid with respect to the source of credentials supplied.

Protected Member Functions

 OpenSSLTrustEngine (const xercesc::DOMElement *e=NULL)
 Constructor.

Detailed Description

Extended TrustEngine interface that adds validation of X.509 credentials using OpenSSL data types directly for efficiency.


Constructor & Destructor Documentation

xmltooling::OpenSSLTrustEngine::OpenSSLTrustEngine ( const xercesc::DOMElement *  e = NULL  )  [inline, protected]

Constructor.

If a DOM is supplied, the following XML content is supported:

XML namespaces are ignored in the processing of this content.

Parameters:
e DOM to supply configuration for provider


Member Function Documentation

virtual bool xmltooling::OpenSSLTrustEngine::validate ( X509 *  certEE,
STACK_OF(X509)*  certChain,
const CredentialResolver credResolver,
CredentialCriteria criteria = NULL 
) const [pure virtual]

Determines whether an X.509 credential is valid with respect to the source of credentials supplied.

It is the responsibility of the application to ensure that the credentials supplied are in fact associated with the peer who presented the credential.

If criteria with a peer name are supplied, the "name" of the EE certificate may also be checked to ensure that it identifies the intended peer. The peer name itself or implementation-specific rules based on the content of the peer credentials may be applied. Implementations may omit this check if they deem it unnecessary.

Parameters:
certEE end-entity certificate to validate
certChain the complete set of certificates presented for validation (includes certEE)
credResolver a locked resolver to supply trusted peer credentials to the TrustEngine
criteria criteria for selecting peer credentials

Implemented in xmltooling::AbstractPKIXTrustEngine, and xmltooling::ChainingTrustEngine.


The documentation for this class was generated from the following file:
Generated on Mon Oct 19 14:18:34 2009 for xmltooling by  doxygen 1.4.7