X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=xmltooling%2Fsecurity%2Fimpl%2FChainingTrustEngine.cpp;h=358d3b916847834474cb3450317874907e58a58e;hb=a5e86d37cf40004e6a43a21ab67d26695fa8619c;hp=41e04b17685584115834f5307f4787118f1d55a2;hpb=085daff2d0c1d078f006f23808b4092130110eb9;p=shibboleth%2Fcpp-xmltooling.git diff --git a/xmltooling/security/impl/ChainingTrustEngine.cpp b/xmltooling/security/impl/ChainingTrustEngine.cpp index 41e04b1..358d3b9 100644 --- a/xmltooling/security/impl/ChainingTrustEngine.cpp +++ b/xmltooling/security/impl/ChainingTrustEngine.cpp @@ -22,16 +22,19 @@ #include "internal.h" #include "exceptions.h" +#include "logging.h" #include "security/ChainingTrustEngine.h" +#include "util/XMLHelper.h" -#include #include using namespace xmlsignature; +using namespace xmltooling::logging; using namespace xmltooling; -using namespace log4cpp; using namespace std; +using xercesc::DOMElement; + namespace xmltooling { TrustEngine* XMLTOOL_DLLLOCAL ChainingTrustEngineFactory(const DOMElement* const & e) { @@ -42,22 +45,31 @@ namespace xmltooling { static const XMLCh _TrustEngine[] = UNICODE_LITERAL_11(T,r,u,s,t,E,n,g,i,n,e); static const XMLCh type[] = UNICODE_LITERAL_4(t,y,p,e); -ChainingTrustEngine::ChainingTrustEngine(const DOMElement* e) : OpenSSLTrustEngine(e) { - Category& log=Category::getInstance(XMLTOOLING_LOGCAT".TrustEngine"); - try { - e = e ? XMLHelper::getFirstChildElement(e, _TrustEngine) : NULL; - while (e) { +ChainingTrustEngine::ChainingTrustEngine(const DOMElement* e) : TrustEngine(e) { + Category& log=Category::getInstance(XMLTOOLING_LOGCAT".TrustEngine."CHAINING_TRUSTENGINE); + e = e ? XMLHelper::getFirstChildElement(e, _TrustEngine) : NULL; + while (e) { + try { auto_ptr_char temp(e->getAttributeNS(NULL,type)); if (temp.get() && *temp.get()) { log.info("building TrustEngine of type %s", temp.get()); - m_engines.push_back(XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(temp.get(), e)); + TrustEngine* engine = XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(temp.get(), e); + m_engines.push_back(engine); + SignatureTrustEngine* sig = dynamic_cast(engine); + if (sig) + m_sigEngines.push_back(sig); + X509TrustEngine* x509 = dynamic_cast(engine); + if (x509) + m_x509Engines.push_back(x509); + OpenSSLTrustEngine* ossl = dynamic_cast(engine); + if (ossl) + m_osslEngines.push_back(ossl); } - e = XMLHelper::getNextSiblingElement(e, _TrustEngine); } - } - catch (exception&) { - for_each(m_engines.begin(), m_engines.end(), xmltooling::cleanup()); - throw; + catch (exception& ex) { + log.error("error building TrustEngine: %s", ex.what()); + } + e = XMLHelper::getNextSiblingElement(e, _TrustEngine); } } @@ -65,14 +77,10 @@ ChainingTrustEngine::~ChainingTrustEngine() { for_each(m_engines.begin(), m_engines.end(), xmltooling::cleanup()); } -bool ChainingTrustEngine::validate( - Signature& sig, - const KeyInfoSource& keyInfoSource, - const KeyResolver* keyResolver - ) const +bool ChainingTrustEngine::validate(Signature& sig, const CredentialResolver& credResolver, CredentialCriteria* criteria) const { - for (vector::const_iterator i=m_engines.begin(); i!=m_engines.end(); ++i) { - if ((*i)->validate(sig,keyInfoSource,keyResolver)) + for (vector::const_iterator i=m_sigEngines.begin(); i!=m_sigEngines.end(); ++i) { + if ((*i)->validate(sig,credResolver,criteria)) return true; } return false; @@ -84,12 +92,12 @@ bool ChainingTrustEngine::validate( KeyInfo* keyInfo, const char* in, unsigned int in_len, - const KeyInfoSource& keyInfoSource, - const KeyResolver* keyResolver + const CredentialResolver& credResolver, + CredentialCriteria* criteria ) const { - for (vector::const_iterator i=m_engines.begin(); i!=m_engines.end(); ++i) { - if ((*i)->validate(sigAlgorithm, sig, keyInfo, in, in_len, keyInfoSource, keyResolver)) + for (vector::const_iterator i=m_sigEngines.begin(); i!=m_sigEngines.end(); ++i) { + if ((*i)->validate(sigAlgorithm, sig, keyInfo, in, in_len, credResolver, criteria)) return true; } return false; @@ -98,15 +106,12 @@ bool ChainingTrustEngine::validate( bool ChainingTrustEngine::validate( XSECCryptoX509* certEE, const vector& certChain, - const KeyInfoSource& keyInfoSource, - bool checkName, - const KeyResolver* keyResolver + const CredentialResolver& credResolver, + CredentialCriteria* criteria ) const { - X509TrustEngine* down; - for (vector::const_iterator i=m_engines.begin(); i!=m_engines.end(); ++i) { - if ((down = dynamic_cast(*i)) && - down->validate(certEE,certChain,keyInfoSource,checkName,keyResolver)) + for (vector::const_iterator i=m_x509Engines.begin(); i!=m_x509Engines.end(); ++i) { + if ((*i)->validate(certEE,certChain,credResolver,criteria)) return true; } return false; @@ -115,15 +120,12 @@ bool ChainingTrustEngine::validate( bool ChainingTrustEngine::validate( X509* certEE, STACK_OF(X509)* certChain, - const KeyInfoSource& keyInfoSource, - bool checkName, - const KeyResolver* keyResolver + const CredentialResolver& credResolver, + CredentialCriteria* criteria ) const { - OpenSSLTrustEngine* down; - for (vector::const_iterator i=m_engines.begin(); i!=m_engines.end(); ++i) { - if ((down = dynamic_cast(*i)) && - down->validate(certEE,certChain,keyInfoSource,checkName,keyResolver)) + for (vector::const_iterator i=m_osslEngines.begin(); i!=m_osslEngines.end(); ++i) { + if ((*i)->validate(certEE,certChain,credResolver,criteria)) return true; } return false;