X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fsaml2%2Fmetadata%2Fimpl%2FSignatureMetadataFilter.cpp;h=59fb7f5a57d348c54d9bd8688ef3eb5b25731c47;hb=b1614d3c1fc1f4230ab2a123f43994127c25462c;hp=465fd041ba86ab6c5cc224429b5f2e205c51782f;hpb=54bc3fd9396935d92c53bbb69d003e8d121720c2;p=shibboleth%2Fcpp-opensaml.git diff --git a/saml/saml2/metadata/impl/SignatureMetadataFilter.cpp b/saml/saml2/metadata/impl/SignatureMetadataFilter.cpp index 465fd04..59fb7f5 100644 --- a/saml/saml2/metadata/impl/SignatureMetadataFilter.cpp +++ b/saml/saml2/metadata/impl/SignatureMetadataFilter.cpp @@ -1,5 +1,5 @@ /* - * Copyright 2001-2006 Internet2 + * Copyright 2001-2007 Internet2 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -27,8 +27,11 @@ #include -#include +#include +#include +#include #include +#include using namespace opensaml::saml2md; using namespace opensaml; @@ -45,7 +48,7 @@ namespace opensaml { public: SignatureMetadataFilter(const DOMElement* e); ~SignatureMetadataFilter() { - delete m_sigValidator; + delete m_credResolver; } const char* getId() const { return SIGNATURE_METADATA_FILTER; } @@ -56,12 +59,13 @@ namespace opensaml { void verifySignature(Signature* sig) const { if (sig) { m_profileValidator.validate(sig); - m_sigValidator->validate(sig); + m_sigValidator.validate(sig); } } + CredentialResolver* m_credResolver; SignatureProfileValidator m_profileValidator; - SignatureValidator* m_sigValidator; + mutable SignatureValidator m_sigValidator; }; MetadataFilter* SAML_DLLLOCAL SignatureMetadataFilterFactory(const DOMElement* const & e) @@ -72,20 +76,18 @@ namespace opensaml { }; }; -static const XMLCh GenericKeyResolver[] = UNICODE_LITERAL_11(K,e,y,R,e,s,o,l,v,e,r); +static const XMLCh _CredentialResolver[] = UNICODE_LITERAL_18(C,r,e,d,e,n,t,i,a,l,R,e,s,o,l,v,e,r); static const XMLCh type[] = UNICODE_LITERAL_4(t,y,p,e); -SignatureMetadataFilter::SignatureMetadataFilter(const DOMElement* e) : m_sigValidator(NULL) +SignatureMetadataFilter::SignatureMetadataFilter(const DOMElement* e) : m_credResolver(NULL) { - e = XMLHelper::getFirstChildElement(e, GenericKeyResolver); + e = XMLHelper::getFirstChildElement(e, _CredentialResolver); auto_ptr_char t(e ? e->getAttributeNS(NULL,type) : NULL); if (t.get()) { - auto_ptr kr(XMLToolingConfig::getConfig().KeyResolverManager.newPlugin(t.get(),e)); - m_sigValidator = new SignatureValidator(kr.get()); - kr.release(); + m_credResolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(t.get(),e); } else - throw MetadataFilterException("missing element, or no type attribute found"); + throw MetadataFilterException("Missing element, or no type attribute found"); } void SignatureMetadataFilter::doFilter(XMLObject& xmlObject) const @@ -94,6 +96,11 @@ void SignatureMetadataFilter::doFilter(XMLObject& xmlObject) const NDC ndc("doFilter"); #endif + CredentialCriteria cc; + cc.setUsage(CredentialCriteria::SIGNING_CREDENTIAL); + Locker locker(m_credResolver); + m_sigValidator.setCredential(m_credResolver->resolve(&cc)); + try { EntitiesDescriptor& entities = dynamic_cast(xmlObject); doFilter(entities, true);