auto_ptr<Credential> cred (getKeyInfoResolver()->resolve(k, Credential::RESOLVE_KEYS));\r
if (cred.get()) {\r
dest.push_back(string());\r
- dest.back() = SecurityHelper::getDEREncoding(*cred.get());\r
+ dest.back() = SecurityHelper::getDEREncoding(*cred.get(), m_hash);\r
if (dest.back().empty())\r
dest.pop_back();\r
}\r
return m_keyInfoResolver ? m_keyInfoResolver : XMLToolingConfig::getConfig().getKeyInfoResolver();\r
}\r
\r
+ bool m_hash;\r
KeyInfoResolver* m_keyInfoResolver;\r
};\r
\r
}\r
\r
static const XMLCh _KeyInfoResolver[] = UNICODE_LITERAL_15(K,e,y,I,n,f,o,R,e,s,o,l,v,e,r);\r
- static const XMLCh type[] = UNICODE_LITERAL_4(t,y,p,e);\r
+ static const XMLCh _hash[] = UNICODE_LITERAL_4(h,a,s,h);\r
+ static const XMLCh _type[] = UNICODE_LITERAL_4(t,y,p,e);\r
};\r
\r
-KeyInfoAttributeDecoder::KeyInfoAttributeDecoder(const DOMElement* e) : AttributeDecoder(e), m_keyInfoResolver(NULL) {\r
+KeyInfoAttributeDecoder::KeyInfoAttributeDecoder(const DOMElement* e) : AttributeDecoder(e), m_hash(false), m_keyInfoResolver(NULL) {\r
+ const XMLCh* flag = e ? e->getAttributeNS(NULL, _hash) : NULL;\r
+ m_hash = (flag && (*flag == chLatin_t || *flag == chDigit_1));\r
e = e ? XMLHelper::getFirstChildElement(e,_KeyInfoResolver) : NULL;\r
if (e) {\r
- auto_ptr_char t(e->getAttributeNS(NULL,type));\r
+ auto_ptr_char t(e->getAttributeNS(NULL, _type));\r
if (t.get() && *t.get())\r
m_keyInfoResolver = XMLToolingConfig::getConfig().KeyInfoResolverManager.newPlugin(t.get(), e);\r
else\r
) const;
void getAttributeIds(std::vector<std::string>& attributes) const {
+ if (!m_hashId.empty())
+ attributes.push_back(m_hashId.front());
if (!m_signingId.empty())
attributes.push_back(m_signingId.front());
if (!m_encryptionId.empty())
}
private:
+ vector<string> m_hashId;
vector<string> m_signingId;
vector<string> m_encryptionId;
};
}
static const XMLCh encryptionId[] = UNICODE_LITERAL_12(e,n,c,r,y,p,t,i,o,n,I,d);
+ static const XMLCh hashId[] = UNICODE_LITERAL_6(h,a,s,h,I,d);
static const XMLCh signingId[] = UNICODE_LITERAL_9(s,i,g,n,i,n,g,I,d);
};
KeyDescriptorExtractor::KeyDescriptorExtractor(const DOMElement* e)
{
if (e) {
- const XMLCh* a = e->getAttributeNS(NULL, signingId);
+ const XMLCh* a = e->getAttributeNS(NULL, hashId);
+ if (a && *a) {
+ auto_ptr_char temp(a);
+ m_hashId.push_back(temp.get());
+ }
+ a = e->getAttributeNS(NULL, signingId);
if (a && *a) {
auto_ptr_char temp(a);
m_signingId.push_back(temp.get());
m_encryptionId.push_back(temp.get());
}
}
- if (m_signingId.empty() && m_encryptionId.empty())
- throw ConfigurationException("KeyDescriptor AttributeExtractor requires signingId or encryptionId property.");
+ if (m_hashId.empty() && m_signingId.empty() && m_encryptionId.empty())
+ throw ConfigurationException("KeyDescriptor AttributeExtractor requires hashId, signingId, or encryptionId property.");
}
void KeyDescriptorExtractor::extractAttributes(
vector<const Credential*> creds;
MetadataCredentialCriteria mcc(*role);
- if (!m_signingId.empty()) {
+ if (!m_signingId.empty() || !m_hashId.empty()) {
mcc.setUsage(Credential::SIGNING_CREDENTIAL);
if (application.getMetadataProvider()->resolve(creds, &mcc)) {
- auto_ptr<SimpleAttribute> attr(new SimpleAttribute(m_signingId));
- vector<string>& vals = attr->getValues();
- for (vector<const Credential*>::const_iterator c = creds.begin(); c != creds.end(); ++c) {
- if (vals.empty() || !vals.back().empty())
- vals.push_back(string());
- vals.back() = SecurityHelper::getDEREncoding(*(*c));
+ if (!m_hashId.empty()) {
+ auto_ptr<SimpleAttribute> attr(new SimpleAttribute(m_hashId));
+ vector<string>& vals = attr->getValues();
+ for (vector<const Credential*>::const_iterator c = creds.begin(); c != creds.end(); ++c) {
+ if (vals.empty() || !vals.back().empty())
+ vals.push_back(string());
+ vals.back() = SecurityHelper::getDEREncoding(*(*c), true);
+ }
+ if (vals.back().empty())
+ vals.pop_back();
+ if (!vals.empty())
+ attributes.push_back(attr.release());
+ }
+ if (!m_signingId.empty()) {
+ auto_ptr<SimpleAttribute> attr(new SimpleAttribute(m_signingId));
+ vector<string>& vals = attr->getValues();
+ for (vector<const Credential*>::const_iterator c = creds.begin(); c != creds.end(); ++c) {
+ if (vals.empty() || !vals.back().empty())
+ vals.push_back(string());
+ vals.back() = SecurityHelper::getDEREncoding(*(*c));
+ }
+ if (vals.back().empty())
+ vals.pop_back();
+ if (!vals.empty())
+ attributes.push_back(attr.release());
}
- if (vals.back().empty())
- vals.pop_back();
- if (!vals.empty())
- attributes.push_back(attr.release());
creds.clear();
}
}