#include "internal.h"
#include <openssl/x509.h>
+#include <xsec/enc/XSECCryptoException.hpp>
#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.hpp>
#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp>
#include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>
continue;
Iterator<KeyInfoResolver*> resolvers(m_resolvers);
while (resolvers.hasNext()) {
- XSECCryptoKey* key=((XSECKeyInfoResolver*)*resolvers.next())->resolveKey(KIL);
+ XSECCryptoKey* key=NULL;
+ try {
+ key=((XSECKeyInfoResolver*)*resolvers.next())->resolveKey(KIL);
+ }
+ catch (XSECCryptoException& ex) {
+ log.error("caught an XMLSec crypto exception while resolving key: %s", ex.getMsg());
+ }
if (key) {
log.debug("KeyDescriptor resolved into a key, comparing it...");
if (key->getProviderName()!=DSIGConstants::s_unicodeStrPROVOpenSSL) {
continue;
Iterator<KeyInfoResolver*> resolvers(m_resolvers);
while (resolvers.hasNext()) {
- XSECCryptoKey* key=((XSECKeyInfoResolver*)*resolvers.next())->resolveKey(KIL);
+ XSECCryptoKey* key=NULL;
+ try {
+ key=((XSECKeyInfoResolver*)*resolvers.next())->resolveKey(KIL);
+ }
+ catch (XSECCryptoException& ex) {
+ log.error("caught an XMLSec crypto exception while resolving key: %s", ex.getMsg());
+ }
if (key) {
log.debug("KeyDescriptor resolved into a key, trying it...");
try {
#include <openssl/x509_vfy.h>
#include <openssl/x509v3.h>
#include <xsec/dsig/DSIGKeyInfoX509.hpp>
+#include <xsec/enc/XSECCryptoException.hpp>
#include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>
using namespace shibboleth::logging;
x->loadX509Base64Bin(cert.get(),strlen(cert.get()));
certs.push_back(x.release());
}
- catch (...) {
+ catch (XSECCryptoException&) {
log.error("unable to load certificate from signature, skipping it");
}
}
}
// Dry run...can we resolve to a key?
- XSECCryptoKey* key=resolver.resolveKey(KIL);
+ XSECCryptoKey* key=NULL;
+ try {
+ key = resolver.resolveKey(KIL);
+ }
+ catch (XSECCryptoException& xe) {
+ log.error("unable to resolver key from ds:KeyInfo element (%d): %s", count, xe.getMsg());
+ }
if (key) {
// So far so good, now look for the name binding(s).
delete key;
// Any inline KeyInfo should ostensibly resolve to a key we can try.
Iterator<KeyInfoResolver*> resolvers(m_resolvers);
while (resolvers.hasNext()) {
- XSECCryptoKey* key=((XSECKeyInfoResolver*)*resolvers.next())->resolveKey(KIL);
+ XSECCryptoKey* key=NULL;
+ try {
+ key=((XSECKeyInfoResolver*)*resolvers.next())->resolveKey(KIL);
+ }
+ catch (XSECCryptoException& xe) {
+ log.error("unable to resolver ds:KeyInfo element into key: %s", xe.getMsg());
+ }
if (key) {
log.debug("resolved key, trying it...");
try {