+ for (vector<const Credential*>::const_iterator c=credentials.begin(); c!=credentials.end(); ++c) {
+ sigValidator.setCredential(*c);
+ try {
+ sigValidator.validate(&sig);
+ log.debug("signature validated with credential");
+ return true;
+ }
+ catch (ValidationException& e) {
+ log.debug("public key did not validate signature: %s", e.what());
+ }
+ }
+
+ log.debug("no peer credentials validated the signature");
+ return false;
+}
+
+bool ExplicitKeyTrustEngine::validate(
+ const XMLCh* sigAlgorithm,
+ const char* sig,
+ KeyInfo* keyInfo,
+ const char* in,
+ unsigned int in_len,
+ const CredentialResolver& credResolver,
+ CredentialCriteria* criteria
+ ) const
+{
+#ifdef _DEBUG
+ NDC ndc("validate");
+#endif
+ Category& log=Category::getInstance(XMLTOOLING_LOGCAT".TrustEngine."EXPLICIT_KEY_TRUSTENGINE);
+
+ vector<const Credential*> credentials;
+ if (criteria) {
+ criteria->setUsage(Credential::SIGNING_CREDENTIAL);
+ criteria->setKeyInfo(keyInfo, CredentialCriteria::KEYINFO_EXTRACTION_KEY);
+ criteria->setXMLAlgorithm(sigAlgorithm);
+ credResolver.resolve(credentials,criteria);
+ }
+ else {
+ CredentialCriteria cc;
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
+ cc.setKeyInfo(keyInfo, CredentialCriteria::KEYINFO_EXTRACTION_KEY);
+ cc.setXMLAlgorithm(sigAlgorithm);
+ credResolver.resolve(credentials,&cc);
+ }
+ if (credentials.empty()) {
+ log.debug("unable to validate signature, no credentials available from peer");
+ return false;
+ }
+
+ log.debug("attempting to validate signature with the peer's credentials");
+ for (vector<const Credential*>::const_iterator c=credentials.begin(); c!=credentials.end(); ++c) {
+ if ((*c)->getPublicKey()) {