2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
22 * ChainingTrustEngine.cpp
24 * OpenSSLTrustEngine that uses multiple engines in sequence.
28 #include "exceptions.h"
30 #include "security/ChainingTrustEngine.h"
31 #include "security/CredentialCriteria.h"
32 #include "util/XMLHelper.h"
35 #include <xercesc/util/XMLUniDefs.hpp>
37 using namespace xmlsignature;
38 using namespace xmltooling::logging;
39 using namespace xmltooling;
42 using xercesc::DOMElement;
44 namespace xmltooling {
45 TrustEngine* XMLTOOL_DLLLOCAL ChainingTrustEngineFactory(const DOMElement* const & e)
47 return new ChainingTrustEngine(e);
51 static const XMLCh _TrustEngine[] = UNICODE_LITERAL_11(T,r,u,s,t,E,n,g,i,n,e);
52 static const XMLCh type[] = UNICODE_LITERAL_4(t,y,p,e);
54 ChainingTrustEngine::ChainingTrustEngine(const DOMElement* e) : TrustEngine(e) {
55 Category& log=Category::getInstance(XMLTOOLING_LOGCAT".TrustEngine."CHAINING_TRUSTENGINE);
56 e = e ? XMLHelper::getFirstChildElement(e, _TrustEngine) : nullptr;
59 string t = XMLHelper::getAttrString(e, nullptr, type);
61 log.info("building TrustEngine of type %s", t.c_str());
62 addTrustEngine(XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(t.c_str(), e));
65 catch (exception& ex) {
66 log.error("error building TrustEngine: %s", ex.what());
68 e = XMLHelper::getNextSiblingElement(e, _TrustEngine);
72 ChainingTrustEngine::~ChainingTrustEngine() {
73 for_each(m_engines.begin(), m_engines.end(), xmltooling::cleanup<TrustEngine>());
76 void ChainingTrustEngine::addTrustEngine(TrustEngine* newEngine)
78 m_engines.push_back(newEngine);
79 SignatureTrustEngine* sig = dynamic_cast<SignatureTrustEngine*>(newEngine);
81 m_sigEngines.push_back(sig);
82 X509TrustEngine* x509 = dynamic_cast<X509TrustEngine*>(newEngine);
84 m_x509Engines.push_back(x509);
85 OpenSSLTrustEngine* ossl = dynamic_cast<OpenSSLTrustEngine*>(newEngine);
87 m_osslEngines.push_back(ossl);
90 TrustEngine* ChainingTrustEngine::removeTrustEngine(TrustEngine* oldEngine)
92 vector<TrustEngine*>::iterator i = find(m_engines.begin(), m_engines.end(), oldEngine);
93 if (i != m_engines.end()) {
96 SignatureTrustEngine* sig = dynamic_cast<SignatureTrustEngine*>(oldEngine);
98 vector<SignatureTrustEngine*>::iterator s = find(m_sigEngines.begin(), m_sigEngines.end(), sig);
99 if (s != m_sigEngines.end())
100 m_sigEngines.erase(s);
103 X509TrustEngine* x509 = dynamic_cast<X509TrustEngine*>(oldEngine);
105 vector<X509TrustEngine*>::iterator x = find(m_x509Engines.begin(), m_x509Engines.end(), x509);
106 if (x != m_x509Engines.end())
107 m_x509Engines.erase(x);
110 OpenSSLTrustEngine* ossl = dynamic_cast<OpenSSLTrustEngine*>(oldEngine);
112 vector<OpenSSLTrustEngine*>::iterator o = find(m_osslEngines.begin(), m_osslEngines.end(), ossl);
113 if (o != m_osslEngines.end())
114 m_osslEngines.erase(o);
122 bool ChainingTrustEngine::validate(Signature& sig, const CredentialResolver& credResolver, CredentialCriteria* criteria) const
124 unsigned int usage = criteria ? criteria->getUsage() : 0;
125 for (vector<SignatureTrustEngine*>::const_iterator i=m_sigEngines.begin(); i!=m_sigEngines.end(); ++i) {
126 if ((*i)->validate(sig,credResolver,criteria))
130 criteria->setUsage(usage);
136 bool ChainingTrustEngine::validate(
137 const XMLCh* sigAlgorithm,
142 const CredentialResolver& credResolver,
143 CredentialCriteria* criteria
146 unsigned int usage = criteria ? criteria->getUsage() : 0;
147 for (vector<SignatureTrustEngine*>::const_iterator i=m_sigEngines.begin(); i!=m_sigEngines.end(); ++i) {
148 if ((*i)->validate(sigAlgorithm, sig, keyInfo, in, in_len, credResolver, criteria))
152 criteria->setUsage(usage);
158 bool ChainingTrustEngine::validate(
159 XSECCryptoX509* certEE,
160 const vector<XSECCryptoX509*>& certChain,
161 const CredentialResolver& credResolver,
162 CredentialCriteria* criteria
165 unsigned int usage = criteria ? criteria->getUsage() : 0;
166 for (vector<X509TrustEngine*>::const_iterator i=m_x509Engines.begin(); i!=m_x509Engines.end(); ++i) {
167 if ((*i)->validate(certEE,certChain,credResolver,criteria))
171 criteria->setUsage(usage);
177 bool ChainingTrustEngine::validate(
179 STACK_OF(X509)* certChain,
180 const CredentialResolver& credResolver,
181 CredentialCriteria* criteria
184 unsigned int usage = criteria ? criteria->getUsage() : 0;
185 for (vector<OpenSSLTrustEngine*>::const_iterator i=m_osslEngines.begin(); i!=m_osslEngines.end(); ++i) {
186 if ((*i)->validate(certEE,certChain,credResolver,criteria))
190 criteria->setUsage(usage);