saml/security/impl/ExplicitKeyTrustEngine.cpp

   1 /*
   2  *  Copyright 2001-2005 Internet2
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *     http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 /**
  18  * ExplicitKeyTrustEngine.cpp
  19  *
  20  * TrustEngine based on explicit knowledge of peer key information.
  21  */
  22
  23 #include "internal.h"
  24 #include "exceptions.h"
  25 #include "security/MetadataKeyInfoIterator.h"
  26 #include "security/X509TrustEngine.h"
  27 #include "signature/SignatureProfileValidator.h"
  28
  29 #include <log4cpp/Category.hh>
  30 #include <xmltooling/security/X509TrustEngine.h>
  31 #include <xmltooling/util/NDC.h>
  32
  33 using namespace opensaml::saml2md;
  34 using namespace opensaml;
  35 using namespace xmlsignature;
  36 using namespace log4cpp;
  37 using namespace std;
  38
  39 namespace opensaml {
  40     class SAML_DLLLOCAL ExplicitKeyTrustEngine : public X509TrustEngine
  41     {
  42     public:
  43         ExplicitKeyTrustEngine(const DOMElement* e) : X509TrustEngine(e), m_engine(NULL) {
  44             auto_ptr<xmltooling::TrustEngine> engine(
  45                 xmltooling::XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(EXPLICIT_KEY_TRUSTENGINE, e)
  46                 );
  47             if (m_engine=dynamic_cast<xmltooling::X509TrustEngine*>(engine.get()))
  48                 engine.release();
  49             else
  50                 throw xmltooling::UnknownExtensionException("Embedded trust engine does not support required interface.");
  51         }
  52
  53         virtual ~ExplicitKeyTrustEngine() {
  54             delete m_engine;
  55         }
  56
  57         virtual bool validate(
  58             Signature& sig,
  59             const RoleDescriptor& role,
  60             const KeyResolver* keyResolver=NULL
  61             ) const;
  62         virtual bool validate(
  63             const XMLCh* sigAlgorithm,
  64             const char* sig,
  65             KeyInfo* keyInfo,
  66             const char* in,
  67             unsigned int in_len,
  68             const RoleDescriptor& role,
  69             const KeyResolver* keyResolver=NULL
  70             ) const;
  71         virtual bool validate(
  72             XSECCryptoX509* certEE,
  73             const vector<XSECCryptoX509*>& certChain,
  74             const RoleDescriptor& role,
  75             bool checkName=true,
  76             const KeyResolver* keyResolver=NULL
  77             ) const;
  78
  79     private:
  80         xmltooling::X509TrustEngine* m_engine;
  81     };
  82
  83     TrustEngine* SAML_DLLLOCAL ExplicitKeyTrustEngineFactory(const DOMElement* const & e)
  84     {
  85         return new ExplicitKeyTrustEngine(e);
  86     }
  87 };
  88
  89 bool ExplicitKeyTrustEngine::validate(
  90     Signature& sig,
  91     const RoleDescriptor& role,
  92     const KeyResolver* keyResolver
  93     ) const
  94 {
  95 #ifdef _DEBUG
  96     xmltooling::NDC ndc("validate");
  97 #endif
  98     Category& log=Category::getInstance(SAML_LOGCAT".TrustEngine");
  99
 100     log.debug("attempting to validate signature profile");
 101     SignatureProfileValidator sigValidator;
 102     try {
 103         sigValidator.validate(&sig);
 104         log.debug("signature profile validated");
 105     }
 106     catch (xmltooling::ValidationException& e) {
 107         if (log.isDebugEnabled()) {
 108             log.debug("signature profile failed to validate: %s", e.what());
 109         }
 110         return false;
 111     }
 112
 113     MetadataKeyInfoIterator keys(role);
 114     return static_cast<xmltooling::TrustEngine*>(m_engine)->validate(sig,keys,keyResolver);
 115 }
 116
 117 bool ExplicitKeyTrustEngine::validate(
 118     const XMLCh* sigAlgorithm,
 119     const char* sig,
 120     KeyInfo* keyInfo,
 121     const char* in,
 122     unsigned int in_len,
 123     const RoleDescriptor& role,
 124     const KeyResolver* keyResolver
 125     ) const
 126 {
 127     MetadataKeyInfoIterator keys(role);
 128     return static_cast<xmltooling::TrustEngine*>(m_engine)->validate(sigAlgorithm,sig,keyInfo,in,in_len,keys,keyResolver);
 129 }
 130
 131 bool ExplicitKeyTrustEngine::validate(
 132     XSECCryptoX509* certEE,
 133     const vector<XSECCryptoX509*>& certChain,
 134     const RoleDescriptor& role,
 135     bool checkName,
 136     const KeyResolver* keyResolver
 137     ) const
 138 {
 139     MetadataKeyInfoIterator keys(role);
 140     return m_engine->validate(certEE,certChain,keys,checkName,keyResolver);
 141 }