#include "security/BasicX509Credential.h"
#include "security/KeyInfoCredentialContext.h"
#include "security/KeyInfoResolver.h"
+#include "security/SecurityHelper.h"
#include "security/XSECCryptoX509CRL.h"
#include "signature/KeyInfo.h"
#include "signature/Signature.h"
#include <xercesc/util/XMLUniDefs.hpp>
#include <xsec/dsig/DSIGKeyInfoX509.hpp>
#include <xsec/enc/XSECKeyInfoResolverDefault.hpp>
-#include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>
-#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp>
-#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.hpp>
+#include <xsec/enc/XSECCryptoX509.hpp>
+#include <xsec/enc/XSECCryptoKeyRSA.hpp>
+#include <xsec/enc/XSECCryptoKeyDSA.hpp>
#include <xsec/enc/XSECCryptoException.hpp>
#include <xsec/framework/XSECException.hpp>
if (ret) {
ret->setId(nullptr);
ret->getRetrievalMethods().clear();
+ ret->getKeyInfoReferences().clear();
if (compact) {
ret->getKeyValues().clear();
+ ret->getDEREncodedKeyValues().clear();
ret->getSPKIDatas().clear();
ret->getPGPDatas().clear();
ret->getUnknownXMLObjects().clear();
for (VectorOf(X509Data)::size_type pos = 0; pos < x509Datas.size();) {
x509Datas[pos]->getX509Certificates().clear();
x509Datas[pos]->getX509CRLs().clear();
+ x509Datas[pos]->getOCSPResponses().clear();
x509Datas[pos]->getUnknownXMLObjects().clear();
if (x509Datas[pos]->hasChildren())
++pos;
m_credctx = context;
}
- void resolve(const KeyInfo* keyInfo, int types=0, bool followRefs=true);
- void resolve(DSIGKeyInfoList* keyInfo, int types=0, bool followRefs=true);
+ void resolve(const KeyInfo* keyInfo, int types=0, bool followRefs=false);
+ void resolve(DSIGKeyInfoList* keyInfo, int types=0, bool followRefs=false);
private:
- bool resolveCerts(const KeyInfo* keyInfo, bool followRefs=true);
- bool resolveKey(const KeyInfo* keyInfo, bool followRefs=true);
- bool resolveCRLs(const KeyInfo* keyInfo, bool followRefs=true);
+ bool resolveCerts(const KeyInfo* keyInfo, bool followRefs=false);
+ bool resolveKey(const KeyInfo* keyInfo, bool followRefs=false);
+ bool resolveCRLs(const KeyInfo* keyInfo, bool followRefs=false);
KeyInfoCredentialContext* m_credctx;
};
{
public:
InlineKeyResolver(const DOMElement* e)
- : m_followRefs(XMLHelper::getNodeValueAsBool(e ? e->getAttributeNodeNS(nullptr, keyInfoReferences) : nullptr, true)) {
+ : m_followRefs(XMLHelper::getNodeValueAsBool(e ? e->getAttributeNodeNS(nullptr, keyInfoReferences) : nullptr, false)) {
}
virtual ~InlineKeyResolver() {}
// Check for ds:KeyValue
const vector<KeyValue*>& keyValues = keyInfo->getKeyValues();
- for (vector<KeyValue*>::const_iterator i=keyValues.begin(); i!=keyValues.end(); ++i) {
+ for (vector<KeyValue*>::const_iterator i = keyValues.begin(); i != keyValues.end(); ++i) {
try {
SchemaValidators.validate(*i); // see if it's a "valid" key
RSAKeyValue* rsakv = (*i)->getRSAKeyValue();
m_key = dsa.release();
return true;
}
+ ECKeyValue* eckv = (*i)->getECKeyValue();
+ if (eckv) {
+ log.warn("skipping ds11:ECKeyValue, not yet supported");
+ }
}
catch (ValidationException& ex) {
log.warn("skipping invalid ds:KeyValue (%s)", ex.what());
}
}
+ // Check for ds11:DEREncodedKeyValue
+ const vector<DEREncodedKeyValue*>& derValues = keyInfo->getDEREncodedKeyValues();
+ for (vector<DEREncodedKeyValue*>::const_iterator j = derValues.begin(); j != derValues.end(); ++j) {
+ log.debug("resolving ds11:DEREncodedKeyValue");
+ m_key = SecurityHelper::fromDEREncoding((*j)->getValue());
+ if (m_key)
+ return true;
+ log.warn("failed to resolve ds11:DEREncodedKeyValue");
+ }
+
+
if (followRefs) {
// Check for KeyInfoReference.
const XMLCh* fragID=NULL;