From 24ffecfb05f15162250618d3c8aa96bfe88b37c3 Mon Sep 17 00:00:00 2001 From: Scott Cantor Date: Tue, 12 Jun 2007 01:38:22 +0000 Subject: [PATCH] Refactor signature engines. --- saml/binding/impl/SimpleSigningRule.cpp | 9 ++++++--- saml/binding/impl/XMLSigningRule.cpp | 9 ++++++--- samltest/security/AbstractPKIXTrustEngineTest.h | 4 ++-- samltest/security/ExplicitKeyTrustEngineTest.h | 6 +++--- 4 files changed, 17 insertions(+), 11 deletions(-) diff --git a/saml/binding/impl/SimpleSigningRule.cpp b/saml/binding/impl/SimpleSigningRule.cpp index 2c5a805..5d52df9 100644 --- a/saml/binding/impl/SimpleSigningRule.cpp +++ b/saml/binding/impl/SimpleSigningRule.cpp @@ -31,6 +31,7 @@ #include #include #include +#include using namespace opensaml::saml2md; using namespace opensaml; @@ -96,8 +97,10 @@ void SimpleSigningRule::evaluate(const XMLObject& message, const GenericRequest* log.debug("ignoring message, no issuer metadata supplied"); return; } - else if (!policy.getTrustEngine()) { - log.debug("ignoring message, no TrustEngine supplied"); + + const SignatureTrustEngine* sigtrust; + if (!(sigtrust=dynamic_cast(policy.getTrustEngine()))) { + log.debug("ignoring message, no SignatureTrustEngine supplied"); return; } @@ -193,7 +196,7 @@ void SimpleSigningRule::evaluate(const XMLObject& message, const GenericRequest* MetadataCredentialCriteria cc(*(policy.getIssuerMetadata())); cc.setXMLAlgorithm(alg.get()); - if (!policy.getTrustEngine()->validate(alg.get(), signature, keyInfo, input.c_str(), input.length(), *(policy.getMetadataProvider()), &cc)) { + if (!sigtrust->validate(alg.get(), signature, keyInfo, input.c_str(), input.length(), *(policy.getMetadataProvider()), &cc)) { log.error("unable to verify message signature with supplied trust engine"); if (m_errorsFatal) throw SignatureException("Message was signed, but signature could not be verified."); diff --git a/saml/binding/impl/XMLSigningRule.cpp b/saml/binding/impl/XMLSigningRule.cpp index 989cb05..3cb3daf 100644 --- a/saml/binding/impl/XMLSigningRule.cpp +++ b/saml/binding/impl/XMLSigningRule.cpp @@ -30,6 +30,7 @@ #include "signature/SignatureProfileValidator.h" #include +#include using namespace opensaml::saml2md; using namespace opensaml; @@ -76,8 +77,10 @@ void XMLSigningRule::evaluate(const XMLObject& message, const GenericRequest* re log.debug("ignoring message, no issuer metadata supplied"); return; } - else if (!policy.getTrustEngine()) { - log.debug("ignoring message, no TrustEngine supplied"); + + const SignatureTrustEngine* sigtrust; + if (!(sigtrust=dynamic_cast(policy.getTrustEngine()))) { + log.debug("ignoring message, no SignatureTrustEngine supplied"); return; } @@ -100,7 +103,7 @@ void XMLSigningRule::evaluate(const XMLObject& message, const GenericRequest* re // Set up criteria object. MetadataCredentialCriteria cc(*(policy.getIssuerMetadata())); - if (!policy.getTrustEngine()->validate(*(signable->getSignature()), *(policy.getMetadataProvider()), &cc)) { + if (!sigtrust->validate(*(signable->getSignature()), *(policy.getMetadataProvider()), &cc)) { log.error("unable to verify message signature with supplied trust engine"); if (m_errorsFatal) throw SignatureException("Message was signed, but signature could not be verified."); diff --git a/samltest/security/AbstractPKIXTrustEngineTest.h b/samltest/security/AbstractPKIXTrustEngineTest.h index 7188a1d..f627a71 100644 --- a/samltest/security/AbstractPKIXTrustEngineTest.h +++ b/samltest/security/AbstractPKIXTrustEngineTest.h @@ -141,7 +141,7 @@ public: MetadataCredentialCriteria cc(*role); cc.setPeerName("https://idp.example.org"); - TSM_ASSERT("Signature failed to validate.", trustEngine->validate(*sig, *metadataProvider, &cc)); + TSM_ASSERT("Signature failed to validate.", dynamic_cast(trustEngine.get())->validate(*sig, *metadataProvider, &cc)); descriptor = metadataProvider->getEntityDescriptor("https://idp2.example.org"); TSM_ASSERT("Retrieved entity descriptor was null", descriptor!=NULL); @@ -151,6 +151,6 @@ public: MetadataCredentialCriteria cc2(*role); cc2.setPeerName("https://idp2.example.org"); - TSM_ASSERT("Signature validated.", !trustEngine->validate(*sig, *metadataProvider, &cc2)); + TSM_ASSERT("Signature validated.", !dynamic_cast(trustEngine.get())->validate(*sig, *metadataProvider, &cc2)); } }; diff --git a/samltest/security/ExplicitKeyTrustEngineTest.h b/samltest/security/ExplicitKeyTrustEngineTest.h index 5753c45..0af1958 100644 --- a/samltest/security/ExplicitKeyTrustEngineTest.h +++ b/samltest/security/ExplicitKeyTrustEngineTest.h @@ -20,7 +20,7 @@ #include #include #include -#include +#include using namespace opensaml::saml2; using namespace opensaml::saml2md; @@ -84,7 +84,7 @@ public: MetadataCredentialCriteria cc(*role); cc.setPeerName("https://idp.example.org"); - TSM_ASSERT("Signature failed to validate.", trustEngine->validate(*sig, *metadataProvider, &cc)); + TSM_ASSERT("Signature failed to validate.", dynamic_cast(trustEngine.get())->validate(*sig, *metadataProvider, &cc)); descriptor = metadataProvider->getEntityDescriptor("https://idp2.example.org"); TSM_ASSERT("Retrieved entity descriptor was null", descriptor!=NULL); @@ -94,6 +94,6 @@ public: MetadataCredentialCriteria cc2(*role); cc2.setPeerName("https://idp2.example.org"); - TSM_ASSERT("Signature validated.", !trustEngine->validate(*sig, *metadataProvider, &cc2)); + TSM_ASSERT("Signature validated.", !dynamic_cast(trustEngine.get())->validate(*sig, *metadataProvider, &cc2)); } }; -- 2.1.4