- if (m_certs.empty())
- throw XMLSecurityException("FilesystemCredentialResolver unable to load any certificate(s)");
-
- // Load any extra CA files.
- const DOMElement* extra=XMLHelper::getFirstChildElement(e,CAPath);
- while (extra) {
- if (!extra->hasChildNodes()) {
- log.warn("skipping empty CAPath element");
- extra = XMLHelper::getNextSiblingElement(extra,CAPath);
- continue;
- }
- auto_ptr_char capath2(extra->getFirstChild()->getNodeValue());
- string capath(capath2.get());
- XMLToolingConfig::getConfig().getPathResolver()->resolve(capath, PathResolver::XMLTOOLING_CFG_FILE);
- x=NULL;
- p12=NULL;
- in=BIO_new(BIO_s_file_internal());
- if (in && BIO_read_filename(in,capath.c_str())>0) {
- if (!format_xml || !*format_xml) {
- // Determine the cert encoding format dynamically, if not explicitly specified
- fformat = getEncodingFormat(in);
- log.debug("CA certificate encoding format for (%s) dynamically resolved as (%s)", capath.c_str(), formatToString(fformat).c_str());
- }
-
- switch (fformat) {
- case PEM:
- while (x=PEM_read_bio_X509(in,NULL,NULL,NULL))
- m_certs.push_back(x);
- break;
-
- case DER:
- x=d2i_X509_bio(in,NULL);
- if (x)
- m_certs.push_back(x);
- else {
- log_openssl();
- BIO_free(in);
- throw XMLSecurityException("FilesystemCredentialResolver unable to load DER CA certificate from file ($1)",params(1,capath.c_str()));
- }
- break;
-
- case _PKCS12:
- p12 = d2i_PKCS12_bio(in, NULL);
- if (p12) {
- PKCS12_parse(p12, NULL, NULL, &x, NULL);
- PKCS12_free(p12);
- }
- if (x) {
- m_certs.push_back(x);
- x=NULL;
- }
- else {
- log_openssl();
- BIO_free(in);
- throw XMLSecurityException("FilesystemCredentialResolver unable to load PKCS12 CA certificate from file ($1)",params(1,capath.c_str()));
- }
- break;
- } //end switch
-
- BIO_free(in);
- }
- else {
- if (in)
- BIO_free(in);
- log_openssl();
- log.error("CA file (%s) can't be opened", capath.c_str());
- throw XMLSecurityException("FilesystemCredentialResolver can't open CA file ($1)",params(1,capath.c_str()));
- }
-
- extra = XMLHelper::getNextSiblingElement(extra,CAPath);
- }
+ // Do an initial load of all the objects. If anything blows up here, whatever's
+ // been loaded should be freed during teardown of the embedded objects.
+ time_t now = time(nullptr);
+ m_key.filestamp = now;
+ m_key.load(log, m_keypass.c_str());
+ for (vector<ManagedCert>::iterator i = m_certs.begin(); i != m_certs.end(); ++i) {
+ i->load(log, (i==m_certs.begin()) ? m_certpass.c_str() : nullptr);
+ i->filestamp = now;