saml/security/impl/ChainingTrustEngine.cpp

   1 /*\r
   2  *  Copyright 2001-2005 Internet2\r
   3  * \r
   4  * Licensed under the Apache License, Version 2.0 (the "License");\r
   5  * you may not use this file except in compliance with the License.\r
   6  * You may obtain a copy of the License at\r
   7  *\r
   8  *     http://www.apache.org/licenses/LICENSE-2.0\r
   9  *\r
  10  * Unless required by applicable law or agreed to in writing, software\r
  11  * distributed under the License is distributed on an "AS IS" BASIS,\r
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
  13  * See the License for the specific language governing permissions and\r
  14  * limitations under the License.\r
  15  */\r
  16 \r
  17 /**\r
  18  * ChainingTrustEngine.cpp\r
  19  * \r
  20  * TrustEngine that uses multiple engines in sequence.\r
  21  */\r
  22 \r
  23 #include "internal.h"\r
  24 #include "exceptions.h"\r
  25 #include "security/ChainingTrustEngine.h"\r
  26 \r
  27 using namespace opensaml::saml2md;\r
  28 using namespace opensaml;\r
  29 using namespace xmlsignature;\r
  30 using namespace std;\r
  31 \r
  32 namespace opensaml {\r
  33     TrustEngine* SAML_DLLLOCAL ChainingTrustEngineFactory(const DOMElement* const & e)\r
  34     {\r
  35         return new ChainingTrustEngine(e);\r
  36     }\r
  37 };\r
  38 \r
  39 static const XMLCh GenericTrustEngine[] =           UNICODE_LITERAL_11(T,r,u,s,t,E,n,g,i,n,e);\r
  40 static const XMLCh type[] =                         UNICODE_LITERAL_4(t,y,p,e);\r
  41 \r
  42 ChainingTrustEngine::ChainingTrustEngine(const DOMElement* e) {\r
  43     try {\r
  44         e = e ? xmltooling::XMLHelper::getFirstChildElement(e, GenericTrustEngine) : NULL;\r
  45         while (e) {\r
  46             xmltooling::auto_ptr_char temp(e->getAttributeNS(NULL,type));\r
  47             if (temp.get()) {\r
  48                 auto_ptr<TrustEngine> engine(\r
  49                     SAMLConfig::getConfig().TrustEngineManager.newPlugin(temp.get(), e)\r
  50                     );\r
  51                 X509TrustEngine* x509 = dynamic_cast<X509TrustEngine*>(engine.get());\r
  52                 if (x509) {\r
  53                     m_engines.push_back(x509);\r
  54                     engine.release();\r
  55                 }\r
  56                 else {\r
  57                     throw xmltooling::UnknownExtensionException("Embedded trust engine does not support required interface.");\r
  58                 }\r
  59             }\r
  60             e = xmltooling::XMLHelper::getNextSiblingElement(e, GenericTrustEngine);\r
  61         }\r
  62     }\r
  63     catch (xmltooling::XMLToolingException&) {\r
  64         for_each(m_engines.begin(), m_engines.end(), xmltooling::cleanup<X509TrustEngine>());\r
  65         throw;\r
  66     }\r
  67 }\r
  68 \r
  69 ChainingTrustEngine::~ChainingTrustEngine() {\r
  70     for_each(m_engines.begin(), m_engines.end(), xmltooling::cleanup<X509TrustEngine>());\r
  71 }\r
  72 \r
  73 bool ChainingTrustEngine::validate(\r
  74     Signature& sig,\r
  75     const RoleDescriptor& role,\r
  76     const KeyResolver* keyResolver\r
  77     )\r
  78 {\r
  79     for (vector<X509TrustEngine*>::iterator i=m_engines.begin(); i!=m_engines.end(); ++i) {\r
  80         if (static_cast<TrustEngine*>(*i)->validate(sig,role,keyResolver))\r
  81             return true;\r
  82     }\r
  83     return false;\r
  84 }\r
  85 \r
  86 bool ChainingTrustEngine::validate(\r
  87     XSECCryptoX509* certEE,\r
  88     const vector<XSECCryptoX509*>& certChain,\r
  89     const RoleDescriptor& role,\r
  90     bool checkName,\r
  91     const KeyResolver* keyResolver\r
  92     )\r
  93 {\r
  94     for (vector<X509TrustEngine*>::iterator i=m_engines.begin(); i!=m_engines.end(); ++i) {\r
  95         if ((*i)->validate(certEE,certChain,role,checkName,keyResolver))\r
  96             return true;\r
  97     }\r
  98     return false;\r
  99 }\r