-/*\r
- * Copyright 2001-2005 Internet2\r
- * \r
- * Licensed under the Apache License, Version 2.0 (the "License");\r
- * you may not use this file except in compliance with the License.\r
- * You may obtain a copy of the License at\r
- *\r
- * http://www.apache.org/licenses/LICENSE-2.0\r
- *\r
- * Unless required by applicable law or agreed to in writing, software\r
- * distributed under the License is distributed on an "AS IS" BASIS,\r
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * See the License for the specific language governing permissions and\r
- * limitations under the License.\r
- */\r
-\r
-/**\r
- * ExplicitKeyTrustEngine.cpp\r
- * \r
- * TrustEngine based on explicit knowledge of peer key information.\r
- */\r
-\r
-#include "internal.h"\r
-#include "exceptions.h"\r
-#include "security/MetadataKeyInfoIterator.h"\r
-#include "security/X509TrustEngine.h"\r
-#include "signature/SignatureProfileValidator.h"\r
-\r
-#include <log4cpp/Category.hh>\r
-#include <xmltooling/security/X509TrustEngine.h>\r
-#include <xmltooling/util/NDC.h>\r
-\r
-using namespace opensaml::saml2md;\r
-using namespace opensaml;\r
-using namespace xmlsignature;\r
-using namespace log4cpp;\r
-using namespace std;\r
-\r
-namespace opensaml {\r
- class SAML_DLLLOCAL ExplicitKeyTrustEngine : public X509TrustEngine\r
- {\r
- public:\r
- ExplicitKeyTrustEngine(const DOMElement* e) : X509TrustEngine(e), m_engine(NULL) {\r
- auto_ptr<xmltooling::TrustEngine> engine(\r
- xmltooling::XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(EXPLICIT_KEY_TRUSTENGINE, e)\r
- );\r
- if (m_engine=dynamic_cast<xmltooling::X509TrustEngine*>(engine.get()))\r
- engine.release();\r
- else\r
- throw xmltooling::UnknownExtensionException("Embedded trust engine does not support required interface.");\r
- }\r
- \r
- virtual ~ExplicitKeyTrustEngine() {\r
- delete m_engine;\r
- }\r
-\r
- virtual bool validate(\r
- Signature& sig,\r
- const RoleDescriptor& role,\r
- const KeyResolver* keyResolver=NULL\r
- ) const;\r
- virtual bool validate(\r
- XSECCryptoX509* certEE,\r
- const vector<XSECCryptoX509*>& certChain,\r
- const RoleDescriptor& role,\r
- bool checkName=true,\r
- const KeyResolver* keyResolver=NULL\r
- ) const;\r
-\r
- private:\r
- xmltooling::X509TrustEngine* m_engine;\r
- };\r
-\r
- TrustEngine* SAML_DLLLOCAL ExplicitKeyTrustEngineFactory(const DOMElement* const & e)\r
- {\r
- return new ExplicitKeyTrustEngine(e);\r
- }\r
-};\r
-\r
-bool ExplicitKeyTrustEngine::validate(\r
- Signature& sig,\r
- const RoleDescriptor& role,\r
- const KeyResolver* keyResolver\r
- ) const\r
-{\r
-#ifdef _DEBUG\r
- xmltooling::NDC ndc("validate");\r
-#endif\r
- Category& log=Category::getInstance(SAML_LOGCAT".TrustEngine");\r
- \r
- log.debug("attempting to validate signature profile");\r
- SignatureProfileValidator sigValidator;\r
- try {\r
- sigValidator.validate(&sig);\r
- log.debug("signature profile validated");\r
- }\r
- catch (xmltooling::ValidationException& e) {\r
- if (log.isDebugEnabled()) {\r
- log.debug("signature profile failed to validate: %s", e.what());\r
- }\r
- return false;\r
- }\r
-\r
- MetadataKeyInfoIterator keys(role);\r
- return static_cast<xmltooling::TrustEngine*>(m_engine)->validate(sig,keys,keyResolver);\r
-}\r
-\r
-bool ExplicitKeyTrustEngine::validate(\r
- XSECCryptoX509* certEE,\r
- const vector<XSECCryptoX509*>& certChain,\r
- const RoleDescriptor& role,\r
- bool checkName,\r
- const KeyResolver* keyResolver\r
- ) const\r
-{\r
- MetadataKeyInfoIterator keys(role);\r
- return m_engine->validate(certEE,certChain,keys,checkName,keyResolver);\r
-}\r
+/*
+ * Copyright 2001-2005 Internet2
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * ExplicitKeyTrustEngine.cpp
+ *
+ * TrustEngine based on explicit knowledge of peer key information.
+ */
+
+#include "internal.h"
+#include "exceptions.h"
+#include "security/MetadataKeyInfoIterator.h"
+#include "security/X509TrustEngine.h"
+#include "signature/SignatureProfileValidator.h"
+
+#include <log4cpp/Category.hh>
+#include <xmltooling/security/X509TrustEngine.h>
+#include <xmltooling/util/NDC.h>
+
+using namespace opensaml::saml2md;
+using namespace opensaml;
+using namespace xmlsignature;
+using namespace log4cpp;
+using namespace std;
+
+namespace opensaml {
+ class SAML_DLLLOCAL ExplicitKeyTrustEngine : public X509TrustEngine
+ {
+ public:
+ ExplicitKeyTrustEngine(const DOMElement* e) : X509TrustEngine(e), m_engine(NULL) {
+ auto_ptr<xmltooling::TrustEngine> engine(
+ xmltooling::XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(EXPLICIT_KEY_TRUSTENGINE, e)
+ );
+ if (m_engine=dynamic_cast<xmltooling::X509TrustEngine*>(engine.get()))
+ engine.release();
+ else
+ throw xmltooling::UnknownExtensionException("Embedded trust engine does not support required interface.");
+ }
+
+ virtual ~ExplicitKeyTrustEngine() {
+ delete m_engine;
+ }
+
+ virtual bool validate(
+ Signature& sig,
+ const RoleDescriptor& role,
+ const KeyResolver* keyResolver=NULL
+ ) const;
+ virtual bool validate(
+ XSECCryptoX509* certEE,
+ const vector<XSECCryptoX509*>& certChain,
+ const RoleDescriptor& role,
+ bool checkName=true,
+ const KeyResolver* keyResolver=NULL
+ ) const;
+
+ private:
+ xmltooling::X509TrustEngine* m_engine;
+ };
+
+ TrustEngine* SAML_DLLLOCAL ExplicitKeyTrustEngineFactory(const DOMElement* const & e)
+ {
+ return new ExplicitKeyTrustEngine(e);
+ }
+};
+
+bool ExplicitKeyTrustEngine::validate(
+ Signature& sig,
+ const RoleDescriptor& role,
+ const KeyResolver* keyResolver
+ ) const
+{
+#ifdef _DEBUG
+ xmltooling::NDC ndc("validate");
+#endif
+ Category& log=Category::getInstance(SAML_LOGCAT".TrustEngine");
+
+ log.debug("attempting to validate signature profile");
+ SignatureProfileValidator sigValidator;
+ try {
+ sigValidator.validate(&sig);
+ log.debug("signature profile validated");
+ }
+ catch (xmltooling::ValidationException& e) {
+ if (log.isDebugEnabled()) {
+ log.debug("signature profile failed to validate: %s", e.what());
+ }
+ return false;
+ }
+
+ MetadataKeyInfoIterator keys(role);
+ return static_cast<xmltooling::TrustEngine*>(m_engine)->validate(sig,keys,keyResolver);
+}
+
+bool ExplicitKeyTrustEngine::validate(
+ XSECCryptoX509* certEE,
+ const vector<XSECCryptoX509*>& certChain,
+ const RoleDescriptor& role,
+ bool checkName,
+ const KeyResolver* keyResolver
+ ) const
+{
+ MetadataKeyInfoIterator keys(role);
+ return m_engine->validate(certEE,certChain,keys,checkName,keyResolver);
+}