2 * Copyright 2001-2005 Internet2
\r
4 * Licensed under the Apache License, Version 2.0 (the "License");
\r
5 * you may not use this file except in compliance with the License.
\r
6 * You may obtain a copy of the License at
\r
8 * http://www.apache.org/licenses/LICENSE-2.0
\r
10 * Unless required by applicable law or agreed to in writing, software
\r
11 * distributed under the License is distributed on an "AS IS" BASIS,
\r
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
13 * See the License for the specific language governing permissions and
\r
14 * limitations under the License.
\r
18 * ChainingTrustEngine.cpp
\r
20 * TrustEngine that uses multiple engines in sequence.
\r
23 #include "internal.h"
\r
24 #include "exceptions.h"
\r
25 #include "security/ChainingTrustEngine.h"
\r
27 using namespace opensaml::saml2md;
\r
28 using namespace opensaml;
\r
29 using namespace xmlsignature;
\r
30 using namespace std;
\r
32 namespace opensaml {
\r
33 TrustEngine* SAML_DLLLOCAL ChainingTrustEngineFactory(const DOMElement* const & e)
\r
35 return new ChainingTrustEngine(e);
\r
39 static const XMLCh GenericTrustEngine[] = UNICODE_LITERAL_11(T,r,u,s,t,E,n,g,i,n,e);
\r
40 static const XMLCh type[] = UNICODE_LITERAL_4(t,y,p,e);
\r
42 ChainingTrustEngine::ChainingTrustEngine(const DOMElement* e) {
\r
44 e = e ? xmltooling::XMLHelper::getFirstChildElement(e, GenericTrustEngine) : NULL;
\r
46 xmltooling::auto_ptr_char temp(e->getAttributeNS(NULL,type));
\r
48 auto_ptr<TrustEngine> engine(
\r
49 SAMLConfig::getConfig().TrustEngineManager.newPlugin(temp.get(), e)
\r
51 X509TrustEngine* x509 = dynamic_cast<X509TrustEngine*>(engine.get());
\r
53 m_engines.push_back(x509);
\r
57 throw xmltooling::UnknownExtensionException("Embedded trust engine does not support required interface.");
\r
60 e = xmltooling::XMLHelper::getNextSiblingElement(e, GenericTrustEngine);
\r
63 catch (xmltooling::XMLToolingException&) {
\r
64 for_each(m_engines.begin(), m_engines.end(), xmltooling::cleanup<X509TrustEngine>());
\r
69 ChainingTrustEngine::~ChainingTrustEngine() {
\r
70 for_each(m_engines.begin(), m_engines.end(), xmltooling::cleanup<X509TrustEngine>());
\r
73 bool ChainingTrustEngine::validate(
\r
75 const RoleDescriptor& role,
\r
76 const KeyResolver* keyResolver
\r
79 for (vector<X509TrustEngine*>::iterator i=m_engines.begin(); i!=m_engines.end(); ++i) {
\r
80 if (static_cast<TrustEngine*>(*i)->validate(sig,role,keyResolver))
\r
86 bool ChainingTrustEngine::validate(
\r
87 XSECCryptoX509* certEE,
\r
88 const vector<XSECCryptoX509*>& certChain,
\r
89 const RoleDescriptor& role,
\r
91 const KeyResolver* keyResolver
\r
94 for (vector<X509TrustEngine*>::iterator i=m_engines.begin(); i!=m_engines.end(); ++i) {
\r
95 if ((*i)->validate(certEE,certChain,role,checkName,keyResolver))
\r