X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=xmltooling%2FXMLToolingConfig.cpp;h=c255dca72d0b6ce193420d2627dc403ac34bb8e2;hb=2e65468d4cb200611c0fd004279b17e4f234a1e4;hp=be5ec26d1a754f64578737a676f6e96abf0dd5c7;hpb=4a4b8fd387a7c03b4ea3d052104c8ca70ceb4a35;p=shibboleth%2Fcpp-xmltooling.git diff --git a/xmltooling/XMLToolingConfig.cpp b/xmltooling/XMLToolingConfig.cpp index be5ec26..c255dca 100644 --- a/xmltooling/XMLToolingConfig.cpp +++ b/xmltooling/XMLToolingConfig.cpp @@ -1,18 +1,21 @@ -/* - * Licensed to UCAID under one or more contributor license agreements. - * See the NOTICE file distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file to you under - * the Apache License, Version 2.0 (the "License"); you may not use this - * file except in compliance with the License. You may obtain a copy of the +/** + * Licensed to the University Corporation for Advanced Internet + * Development, Inc. (UCAID) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for + * additional information regarding copyright ownership. + * + * UCAID licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the * License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. */ /** @@ -33,9 +36,11 @@ #include "security/OpenSSLCryptoX509CRL.h" #include "security/CredentialResolver.h" #include "security/KeyInfoResolver.h" +#include "security/PathValidator.h" #include "signature/KeyInfo.h" #include "signature/Signature.h" #include "soap/SOAP.h" +#include "soap/SOAPTransport.h" #include "util/NDC.h" #include "util/PathResolver.h" #include "util/ReplayCache.h" @@ -50,6 +55,8 @@ #endif #include +#include + #if defined(XMLTOOLING_LOG4SHIB) # include # include @@ -73,6 +80,7 @@ using namespace soap11; using namespace xmltooling::logging; using namespace xmltooling; using namespace xercesc; +using namespace boost; using namespace std; #ifdef WIN32 @@ -103,14 +111,14 @@ using namespace xmlsignature; namespace { static XMLToolingInternalConfig g_config; #ifndef XMLTOOLING_NO_XMLSEC - static vector g_openssl_locks; + static ptr_vector g_openssl_locks; extern "C" void openssl_locking_callback(int mode,int n,const char *file,int line) { if (mode & CRYPTO_LOCK) - g_openssl_locks[n]->lock(); + g_openssl_locks[n].lock(); else - g_openssl_locks[n]->unlock(); + g_openssl_locks[n].unlock(); } # ifndef WIN32 @@ -286,7 +294,6 @@ XMLToolingInternalConfig::XMLToolingInternalConfig() : XMLToolingInternalConfig::~XMLToolingInternalConfig() { - delete m_lock; } bool XMLToolingInternalConfig::log_config(const char* config) @@ -348,7 +355,7 @@ bool XMLToolingInternalConfig::log_config(const char* config) #endif } catch (const ConfigureFailure& e) { - string msg = string("failed to configure logging: ") + e.what(); + string msg = string("error in file permissions or logging configuration: ") + e.what(); Category::getInstance(XMLTOOLING_LOGCAT".Logging").crit(msg); #ifdef WIN32 LogEvent(nullptr, EVENTLOG_ERROR_TYPE, 2100, nullptr, msg.c_str()); @@ -368,7 +375,7 @@ bool XMLToolingInternalConfig::init() Lock initLock(m_lock); - if (m_initCount == LONG_MAX) { + if (m_initCount == INT_MAX) { log.crit("library initialized too many times"); return false; } @@ -413,21 +420,9 @@ bool XMLToolingInternalConfig::init() m_parserPool=new ParserPool(); m_validatingPool=new ParserPool(true,true); - // Load catalogs from path. - if (!catalog_path.empty()) { - char* catpath=strdup(catalog_path.c_str()); - char* sep=nullptr; - char* start=catpath; - while (start && *start) { - sep=strchr(start,PATH_SEPARATOR_CHAR); - if (sep) - *sep=0; - auto_ptr_XMLCh temp(start); - m_validatingPool->loadCatalog(temp.get()); - start = sep ? sep + 1 : nullptr; - } - free(catpath); - } + // Load catalogs from deprecated path setting. + if (!catalog_path.empty()) + m_validatingPool->loadCatalogs(catalog_path.c_str()); // default registrations XMLObjectBuilder::registerDefaultBuilder(new UnknownElementBuilder()); @@ -450,16 +445,20 @@ bool XMLToolingInternalConfig::init() REGISTER_XMLTOOLING_EXCEPTION_FACTORY(EncryptionException,xmlencryption); registerKeyInfoClasses(); registerEncryptionClasses(); - registerKeyInfoResolvers(); registerCredentialResolvers(); + registerKeyInfoResolvers(); + registerPathValidators(); registerTrustEngines(); registerXMLAlgorithms(); - registerSOAPTransports(); - initSOAPTransports(); - registerStorageServices(); m_keyInfoResolver = KeyInfoResolverManager.newPlugin(INLINE_KEYINFO_RESOLVER,nullptr); #endif +#ifndef XMLTOOLING_LITE + registerStorageServices(); +#endif + registerSOAPTransports(); + initSOAPTransports(); + m_pathResolver = new PathResolver(); m_urlEncoder = new URLEncoder(); @@ -510,7 +509,6 @@ void XMLToolingInternalConfig::term() #ifndef XMLTOOLING_NO_XMLSEC CRYPTO_set_locking_callback(nullptr); - for_each(g_openssl_locks.begin(), g_openssl_locks.end(), xmltooling::cleanup()); g_openssl_locks.clear(); #endif @@ -519,10 +517,14 @@ void XMLToolingInternalConfig::term() XMLToolingException::deregisterFactories(); AttributeExtensibleXMLObject::deregisterIDAttributes(); -#ifndef XMLTOOLING_NO_XMLSEC - StorageServiceManager.deregisterFactories(); termSOAPTransports(); SOAPTransportManager.deregisterFactories(); + +#ifndef XMLTOOLING_LITE + StorageServiceManager.deregisterFactories(); +#endif + +#ifndef XMLTOOLING_NO_XMLSEC TrustEngineManager.deregisterFactories(); CredentialResolverManager.deregisterFactories(); KeyInfoResolverManager.deregisterFactories(); @@ -566,6 +568,9 @@ void XMLToolingInternalConfig::term() delete m_validatingPool; m_validatingPool=nullptr; + for_each(m_namedLocks.begin(), m_namedLocks.end(), cleanup_pair()); + m_namedLocks.clear(); + #ifndef XMLTOOLING_NO_XMLSEC delete m_xsecProvider; m_xsecProvider=nullptr; @@ -591,6 +596,17 @@ void XMLToolingInternalConfig::unlock() m_lock->unlock(); } +Mutex& XMLToolingInternalConfig::getNamedMutex(const char* name) +{ + Locker glock(this); + map::const_iterator m = m_namedLocks.find(name); + if (m != m_namedLocks.end()) + return *(m->second); + Mutex* newlock = Mutex::create(); + m_namedLocks[name] = newlock; + return *newlock; +} + bool XMLToolingInternalConfig::load_library(const char* path, void* context) { #ifdef _DEBUG @@ -624,7 +640,7 @@ bool XMLToolingInternalConfig::load_library(const char* path, void* context) throw runtime_error(string("detected error in xmltooling_extension_init: ") + resolved); SetErrorMode(em); } - catch(exception&) { + catch(std::exception&) { if (handle) FreeLibrary(handle); SetErrorMode(em); @@ -647,7 +663,7 @@ bool XMLToolingInternalConfig::load_library(const char* path, void* context) if (fn(context)!=0) throw runtime_error(string("detected error in xmltooling_extension_init in ") + resolved); } - catch(exception&) { + catch(std::exception&) { if (handle) dlclose(handle); throw; @@ -698,6 +714,9 @@ void XMLToolingInternalConfig::registerXMLAlgorithm( ) { m_algorithmMap[type][xmlAlgorithm] = pair((keyAlgorithm ? keyAlgorithm : ""), size); + // Authenticated encryption algorithms are also generic encryption algorithms. + if (type == ALGTYPE_AUTHNENCRYPT) + m_algorithmMap[ALGTYPE_ENCRYPT][xmlAlgorithm] = pair((keyAlgorithm ? keyAlgorithm : ""), size); } bool XMLToolingInternalConfig::isXMLAlgorithmSupported(const XMLCh* xmlAlgorithm, XMLSecurityAlgorithmType type) @@ -726,8 +745,9 @@ void XMLToolingInternalConfig::registerXMLAlgorithms() // With ECDSA, XML-Security exports a public macro for OpenSSL's support, and any // versions of XML-Security that didn't provide the macro don't handle ECDSA anyway. + // However, the SHA-224 variant was left out of the initial XML-Security release. - // With AES, all supported XML-Security versions export a macro for OpenSSL's support. + // With AES and GCM, all supported XML-Security versions export a macro for OpenSSL's support. // With SHA2, only the very latest XML-Security exports a macro, but all the versions // will handle SHA2 *if* OpenSSL does. So we use our own macro to check OpenSSL's @@ -745,6 +765,10 @@ void XMLToolingInternalConfig::registerXMLAlgorithms() #endif registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIDSA_SHA1, "DSA", 0, ALGTYPE_SIGN); +#if defined(URI_ID_DSA_SHA256) && defined(XMLTOOLING_OPENSSL_HAVE_SHA2) && !defined(OPENSSL_NO_SHA256) + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIDSA_SHA256, "DSA", 0, ALGTYPE_SIGN); +#endif + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIRSA_MD5, "RSA", 0, ALGTYPE_SIGN); registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIRSA_SHA1, "RSA", 0, ALGTYPE_SIGN); #if defined(XMLTOOLING_OPENSSL_HAVE_SHA2) && !defined(OPENSSL_NO_SHA256) @@ -758,10 +782,13 @@ void XMLToolingInternalConfig::registerXMLAlgorithms() #ifdef XSEC_OPENSSL_HAVE_EC registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIECDSA_SHA1, "EC", 0, ALGTYPE_SIGN); -#if defined(XMLTOOLING_OPENSSL_HAVE_SHA2) && !defined(OPENSSL_NO_SHA256) +# if defined(XMLTOOLING_OPENSSL_HAVE_SHA2) && !defined(OPENSSL_NO_SHA256) registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIECDSA_SHA256, "EC", 0, ALGTYPE_SIGN); +# ifdef URI_ID_ECDSA_SHA224 + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIECDSA_SHA224, "EC", 0, ALGTYPE_SIGN); +# endif # endif -#if defined(XMLTOOLING_OPENSSL_HAVE_SHA2) && !defined(OPENSSL_NO_SHA512) +# if defined(XMLTOOLING_OPENSSL_HAVE_SHA2) && !defined(OPENSSL_NO_SHA512) registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIECDSA_SHA384, "EC", 0, ALGTYPE_SIGN); registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIECDSA_SHA512, "EC", 0, ALGTYPE_SIGN); # endif @@ -779,6 +806,9 @@ void XMLToolingInternalConfig::registerXMLAlgorithms() registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIRSA_1_5, "RSA", 0, ALGTYPE_KEYENCRYPT); registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1, "RSA", 0, ALGTYPE_KEYENCRYPT); +#ifdef URI_ID_RSA_OAEP + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIRSA_OAEP, "RSA", 0, ALGTYPE_KEYENCRYPT); +#endif registerXMLAlgorithm(DSIGConstants::s_unicodeStrURI3DES_CBC, "DESede", 192, ALGTYPE_ENCRYPT); registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIKW_3DES, "DESede", 192, ALGTYPE_KEYENCRYPT); @@ -793,6 +823,12 @@ void XMLToolingInternalConfig::registerXMLAlgorithms() registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIAES256_CBC, "AES", 256, ALGTYPE_ENCRYPT); registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIKW_AES256, "AES", 256, ALGTYPE_KEYENCRYPT); #endif + +#ifdef XSEC_OPENSSL_HAVE_GCM + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIAES128_GCM, "AES", 128, ALGTYPE_AUTHNENCRYPT); + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIAES192_GCM, "AES", 192, ALGTYPE_AUTHNENCRYPT); + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIAES256_GCM, "AES", 256, ALGTYPE_AUTHNENCRYPT); +#endif } #endif