Class for manipulating X.509 Token Profile. More...
#include <X509Token.h>
Public Types | |
| enum | X509TokenType |
Public Member Functions | |
| X509Token (SOAPEnvelope &soap, const std::string &keyfile="") | |
| X509Token (SOAPEnvelope &soap, const std::string &certfile, const std::string &keyfile, X509TokenType token_type=Signature) | |
| ~X509Token (void) | |
| operator bool (void) | |
| bool | Authenticate (const std::string &cafile, const std::string &capath) |
| bool | Authenticate (void) |
Class for manipulating X.509 Token Profile.
This class is for generating/consuming X.509 Token profile. Currently it is used by x509token handler (src/hed/pdc/x509tokensh/) It is not necessary to directly called this class. If we need to use X.509 Token functionality, we only need to configure the x509token handler into service and client.
X509TokeType is for distinguishing two types of operation. It is used as the parameter of constuctor.
| Arc::X509Token::X509Token | ( | SOAPEnvelope & | soap, | |
| const std::string & | keyfile = "" | |||
| ) |
Constructor.Parse X509 Token information from SOAP header. X509 Token related information is extracted from SOAP header and stored in class variables. And then it the X509Token object will be used for authentication if the tokentype is Signature; otherwise if the tokentype is Encryption, the encrypted soap body will be decrypted and replaced by decrypted message. keyfile is only needed when the X509Token is encryption token
| Arc::X509Token::X509Token | ( | SOAPEnvelope & | soap, | |
| const std::string & | certfile, | |||
| const std::string & | keyfile, | |||
| X509TokenType | token_type = Signature | |||
| ) |
Constructor. Add X509 Token information into the SOAP header. Generated token contains elements X509 token and signature, and is meant to be used for authentication on the consuming side.
| soap | The SOAP message to which the X509 Token will be inserted | |
| certfile | The certificate file which will be used to encrypt the SOAP body (if parameter tokentype is Encryption), or be used as <wsse:BinarySecurityToken/> (if parameter tokentype is Signature). | |
| keyfile | The key file which will be used to create signature. Not needed when create encryption. | |
| tokentype | Token type: Signature or Encryption. |
| Arc::X509Token::~X509Token | ( | void | ) |
Deconstructor. Nothing to be done except finalizing the xmlsec library.
| bool Arc::X509Token::Authenticate | ( | void | ) |
Check signature by using the cert information in soap message. Only the signature itself is checked, and it is not guranteed that the certificate which is supposed to check the signature is trusted.
| bool Arc::X509Token::Authenticate | ( | const std::string & | cafile, | |
| const std::string & | capath | |||
| ) |
Check signature by using the certificare information in X509Token which is parsed by the constructor, and the trusted certificates specified as one of the two parameters. Not only the signature (in the X509Token) itself is checked, but also the certificate which is supposed to check the signature needs to be trused (which means the certificate is issued by the ca certificate from CA file or CA directory). At least one the the two parameters should be set.
| cafile | The CA file | |
| capath | The CA directory |
| Arc::X509Token::operator bool | ( | void | ) |
Returns true of constructor succeeded
1.6.3