2 * Copyright 2001-2011 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * ChainingTrustEngine.cpp
20 * OpenSSLTrustEngine that uses multiple engines in sequence.
24 #include "exceptions.h"
26 #include "security/ChainingTrustEngine.h"
27 #include "security/CredentialCriteria.h"
28 #include "util/XMLHelper.h"
31 #include <xercesc/util/XMLUniDefs.hpp>
33 using namespace xmlsignature;
34 using namespace xmltooling::logging;
35 using namespace xmltooling;
38 using xercesc::DOMElement;
40 namespace xmltooling {
41 TrustEngine* XMLTOOL_DLLLOCAL ChainingTrustEngineFactory(const DOMElement* const & e)
43 return new ChainingTrustEngine(e);
47 static const XMLCh _TrustEngine[] = UNICODE_LITERAL_11(T,r,u,s,t,E,n,g,i,n,e);
48 static const XMLCh type[] = UNICODE_LITERAL_4(t,y,p,e);
50 ChainingTrustEngine::ChainingTrustEngine(const DOMElement* e) : TrustEngine(e) {
51 Category& log=Category::getInstance(XMLTOOLING_LOGCAT".TrustEngine."CHAINING_TRUSTENGINE);
52 e = e ? XMLHelper::getFirstChildElement(e, _TrustEngine) : nullptr;
55 string t = XMLHelper::getAttrString(e, nullptr, type);
57 log.info("building TrustEngine of type %s", t.c_str());
58 addTrustEngine(XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(t.c_str(), e));
61 catch (exception& ex) {
62 log.error("error building TrustEngine: %s", ex.what());
64 e = XMLHelper::getNextSiblingElement(e, _TrustEngine);
68 ChainingTrustEngine::~ChainingTrustEngine() {
69 for_each(m_engines.begin(), m_engines.end(), xmltooling::cleanup<TrustEngine>());
72 void ChainingTrustEngine::addTrustEngine(TrustEngine* newEngine)
74 m_engines.push_back(newEngine);
75 SignatureTrustEngine* sig = dynamic_cast<SignatureTrustEngine*>(newEngine);
77 m_sigEngines.push_back(sig);
78 X509TrustEngine* x509 = dynamic_cast<X509TrustEngine*>(newEngine);
80 m_x509Engines.push_back(x509);
81 OpenSSLTrustEngine* ossl = dynamic_cast<OpenSSLTrustEngine*>(newEngine);
83 m_osslEngines.push_back(ossl);
86 TrustEngine* ChainingTrustEngine::removeTrustEngine(TrustEngine* oldEngine)
88 vector<TrustEngine*>::iterator i = find(m_engines.begin(), m_engines.end(), oldEngine);
89 if (i != m_engines.end()) {
92 SignatureTrustEngine* sig = dynamic_cast<SignatureTrustEngine*>(oldEngine);
94 vector<SignatureTrustEngine*>::iterator s = find(m_sigEngines.begin(), m_sigEngines.end(), sig);
95 if (s != m_sigEngines.end())
96 m_sigEngines.erase(s);
99 X509TrustEngine* x509 = dynamic_cast<X509TrustEngine*>(oldEngine);
101 vector<X509TrustEngine*>::iterator x = find(m_x509Engines.begin(), m_x509Engines.end(), x509);
102 if (x != m_x509Engines.end())
103 m_x509Engines.erase(x);
106 OpenSSLTrustEngine* ossl = dynamic_cast<OpenSSLTrustEngine*>(oldEngine);
108 vector<OpenSSLTrustEngine*>::iterator o = find(m_osslEngines.begin(), m_osslEngines.end(), ossl);
109 if (o != m_osslEngines.end())
110 m_osslEngines.erase(o);
118 bool ChainingTrustEngine::validate(Signature& sig, const CredentialResolver& credResolver, CredentialCriteria* criteria) const
120 for (vector<SignatureTrustEngine*>::const_iterator i=m_sigEngines.begin(); i!=m_sigEngines.end(); ++i) {
121 if ((*i)->validate(sig,credResolver,criteria))
129 bool ChainingTrustEngine::validate(
130 const XMLCh* sigAlgorithm,
135 const CredentialResolver& credResolver,
136 CredentialCriteria* criteria
139 for (vector<SignatureTrustEngine*>::const_iterator i=m_sigEngines.begin(); i!=m_sigEngines.end(); ++i) {
140 if ((*i)->validate(sigAlgorithm, sig, keyInfo, in, in_len, credResolver, criteria))
148 bool ChainingTrustEngine::validate(
149 XSECCryptoX509* certEE,
150 const vector<XSECCryptoX509*>& certChain,
151 const CredentialResolver& credResolver,
152 CredentialCriteria* criteria
155 for (vector<X509TrustEngine*>::const_iterator i=m_x509Engines.begin(); i!=m_x509Engines.end(); ++i) {
156 if ((*i)->validate(certEE,certChain,credResolver,criteria))
164 bool ChainingTrustEngine::validate(
166 STACK_OF(X509)* certChain,
167 const CredentialResolver& credResolver,
168 CredentialCriteria* criteria
171 for (vector<OpenSSLTrustEngine*>::const_iterator i=m_osslEngines.begin(); i!=m_osslEngines.end(); ++i) {
172 if ((*i)->validate(certEE,certChain,credResolver,criteria))