From 5916e886cce251c27293e3e4772563abcc7951d0 Mon Sep 17 00:00:00 2001 From: Scott Cantor Date: Tue, 15 Jul 2008 15:49:55 +0000 Subject: [PATCH] https://issues.shibboleth.net/jira/browse/SSPCPP-119 --- shib/BasicTrust.cpp | 17 +++++++++++++++-- shib/ShibbolethTrust.cpp | 3 ++- xmlproviders/XMLTrust.cpp | 16 ++++++++++++++-- 3 files changed, 31 insertions(+), 5 deletions(-) diff --git a/shib/BasicTrust.cpp b/shib/BasicTrust.cpp index 195d002..de742d3 100644 --- a/shib/BasicTrust.cpp +++ b/shib/BasicTrust.cpp @@ -25,6 +25,7 @@ #include "internal.h" #include +#include #include #include #include @@ -117,7 +118,13 @@ bool BasicTrust::validate(void* certEE, const Iterator& certChain, const continue; Iterator resolvers(m_resolvers); while (resolvers.hasNext()) { - XSECCryptoKey* key=((XSECKeyInfoResolver*)*resolvers.next())->resolveKey(KIL); + XSECCryptoKey* key=NULL; + try { + key=((XSECKeyInfoResolver*)*resolvers.next())->resolveKey(KIL); + } + catch (XSECCryptoException& ex) { + log.error("caught an XMLSec crypto exception while resolving key: %s", ex.getMsg()); + } if (key) { log.debug("KeyDescriptor resolved into a key, comparing it..."); if (key->getProviderName()!=DSIGConstants::s_unicodeStrPROVOpenSSL) { @@ -197,7 +204,13 @@ bool BasicTrust::validate(const saml::SAMLSignedObject& token, const IRoleDescri continue; Iterator resolvers(m_resolvers); while (resolvers.hasNext()) { - XSECCryptoKey* key=((XSECKeyInfoResolver*)*resolvers.next())->resolveKey(KIL); + XSECCryptoKey* key=NULL; + try { + key=((XSECKeyInfoResolver*)*resolvers.next())->resolveKey(KIL); + } + catch (XSECCryptoException& ex) { + log.error("caught an XMLSec crypto exception while resolving key: %s", ex.getMsg()); + } if (key) { log.debug("KeyDescriptor resolved into a key, trying it..."); try { diff --git a/shib/ShibbolethTrust.cpp b/shib/ShibbolethTrust.cpp index 3cd839d..e6ad31e 100644 --- a/shib/ShibbolethTrust.cpp +++ b/shib/ShibbolethTrust.cpp @@ -28,6 +28,7 @@ #include #include #include +#include #include using namespace shibboleth::logging; @@ -496,7 +497,7 @@ bool ShibbolethTrust::validate(const saml::SAMLSignedObject& token, const IRoleD x->loadX509Base64Bin(cert.get(),strlen(cert.get())); certs.push_back(x.release()); } - catch (...) { + catch (XSECCryptoException&) { log.error("unable to load certificate from signature, skipping it"); } } diff --git a/xmlproviders/XMLTrust.cpp b/xmlproviders/XMLTrust.cpp index 5642ea3..2fa508a 100644 --- a/xmlproviders/XMLTrust.cpp +++ b/xmlproviders/XMLTrust.cpp @@ -298,7 +298,13 @@ void XMLTrustImpl::init() } // Dry run...can we resolve to a key? - XSECCryptoKey* key=resolver.resolveKey(KIL); + XSECCryptoKey* key=NULL; + try { + key = resolver.resolveKey(KIL); + } + catch (XSECCryptoException& xe) { + log.error("unable to resolver key from ds:KeyInfo element (%d): %s", count, xe.getMsg()); + } if (key) { // So far so good, now look for the name binding(s). delete key; @@ -754,7 +760,13 @@ bool XMLTrust::validate(const saml::SAMLSignedObject& token, const IRoleDescript // Any inline KeyInfo should ostensibly resolve to a key we can try. Iterator resolvers(m_resolvers); while (resolvers.hasNext()) { - XSECCryptoKey* key=((XSECKeyInfoResolver*)*resolvers.next())->resolveKey(KIL); + XSECCryptoKey* key=NULL; + try { + key=((XSECKeyInfoResolver*)*resolvers.next())->resolveKey(KIL); + } + catch (XSECCryptoException& xe) { + log.error("unable to resolver ds:KeyInfo element into key: %s", xe.getMsg()); + } if (key) { log.debug("resolved key, trying it..."); try { -- 2.1.4