From 7588dfaa49c55fd522e46f0be1f965145164487e Mon Sep 17 00:00:00 2001 From: Scott Cantor Date: Mon, 23 Nov 2009 15:34:57 +0000 Subject: [PATCH] https://issues.shibboleth.net/jira/browse/CPPXT-48 --- xmltooling/security/impl/CredentialCriteria.cpp | 31 +++++++++++++++++----- .../security/impl/FilesystemCredentialResolver.cpp | 2 +- 2 files changed, 26 insertions(+), 7 deletions(-) diff --git a/xmltooling/security/impl/CredentialCriteria.cpp b/xmltooling/security/impl/CredentialCriteria.cpp index 2e9a635..6fbcd92 100644 --- a/xmltooling/security/impl/CredentialCriteria.cpp +++ b/xmltooling/security/impl/CredentialCriteria.cpp @@ -37,6 +37,7 @@ using xmlsignature::KeyInfo; using xmlsignature::Signature; +using namespace xmltooling::logging; using namespace xmltooling; using namespace std; @@ -191,25 +192,37 @@ void CredentialCriteria::setSignature(const Signature& sig, int extraction) bool CredentialCriteria::matches(const Credential& credential) const { + Category& log = Category::getInstance(XMLTOOLING_LOGCAT".CredentialCriteria"); + // Usage check, if specified and we have one, compare masks. if (getUsage() != Credential::UNSPECIFIED_CREDENTIAL) { if (credential.getUsage() != Credential::UNSPECIFIED_CREDENTIAL) - if ((getUsage() & credential.getUsage()) == 0) + if ((getUsage() & credential.getUsage()) == 0) { + if (log.isDebugEnabled()) + log.debug("usage didn't match (%u != %u)", getUsage(), credential.getUsage()); return false; + } } // Algorithm check, if specified and we have one. const char* alg = getKeyAlgorithm(); if (alg && *alg) { const char* alg2 = credential.getAlgorithm(); - if (alg2 && *alg2) - if (strcmp(alg,alg2)) + if (alg2 && *alg2) { + if (strcmp(alg,alg2)) { + if (log.isDebugEnabled()) + log.debug("key algorithm didn't match ('%s' != '%s')", getKeyAlgorithm(), credential.getAlgorithm()); return false; + } + } } // KeySize check, if specified and we have one. - if (credential.getKeySize()>0 && getKeySize()>0 && credential.getKeySize() != getKeySize()) + if (credential.getKeySize()>0 && getKeySize()>0 && credential.getKeySize() != getKeySize()) { + if (log.isDebugEnabled()) + log.debug("key size didn't match (%u != %u)", getKeySize(), credential.getKeySize()); return false; + } // See if we can test key names. set critnames = getKeyNames(); @@ -224,8 +237,10 @@ bool CredentialCriteria::matches(const Credential& credential) const break; } } - if (!found) + if (!found) { + log.debug("credential name(s) didn't overlap"); return false; + } } // See if we have to match a specific key. @@ -239,5 +254,9 @@ bool CredentialCriteria::matches(const Credential& credential) const if (!key2) return true; // no key here, so we can't test it - return SecurityHelper::matches(*key1, *key2); + if (SecurityHelper::matches(*key1, *key2)) + return true; + + log.debug("keys didn't match"); + return false; } diff --git a/xmltooling/security/impl/FilesystemCredentialResolver.cpp b/xmltooling/security/impl/FilesystemCredentialResolver.cpp index 42b6ed0..ef620bf 100644 --- a/xmltooling/security/impl/FilesystemCredentialResolver.cpp +++ b/xmltooling/security/impl/FilesystemCredentialResolver.cpp @@ -250,7 +250,7 @@ namespace xmltooling { FilesystemCredential( FilesystemCredentialResolver* resolver, XSECCryptoKey* key, const vector& xseccerts, const vector& crls ) : BasicX509Credential(key ? key : (xseccerts.empty() ? NULL : xseccerts.front()->clonePublicKey()), xseccerts, crls), m_resolver(resolver) { - extract(); + //extract(); m_keyNames.insert(m_resolver->m_keynames.begin(), m_resolver->m_keynames.end()); } -- 2.1.4