2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
22 * ChainingTrustEngine.cpp
24 * OpenSSLTrustEngine that uses multiple engines in sequence.
28 #include "exceptions.h"
30 #include "security/ChainingTrustEngine.h"
31 #include "security/CredentialCriteria.h"
32 #include "util/XMLHelper.h"
35 #include <boost/lambda/lambda.hpp>
36 #include <xercesc/util/XMLUniDefs.hpp>
38 using namespace xmlsignature;
39 using namespace xmltooling::logging;
40 using namespace xmltooling;
41 using namespace boost::lambda;
42 using namespace boost;
45 using xercesc::DOMElement;
47 namespace xmltooling {
48 TrustEngine* XMLTOOL_DLLLOCAL ChainingTrustEngineFactory(const DOMElement* const & e)
50 return new ChainingTrustEngine(e);
54 static const XMLCh _TrustEngine[] = UNICODE_LITERAL_11(T,r,u,s,t,E,n,g,i,n,e);
55 static const XMLCh _type[] = UNICODE_LITERAL_4(t,y,p,e);
57 ChainingTrustEngine::ChainingTrustEngine(const DOMElement* e) : TrustEngine(e)
59 Category& log=Category::getInstance(XMLTOOLING_LOGCAT".TrustEngine."CHAINING_TRUSTENGINE);
60 e = e ? XMLHelper::getFirstChildElement(e, _TrustEngine) : nullptr;
63 string t = XMLHelper::getAttrString(e, nullptr, _type);
65 log.info("building TrustEngine of type %s", t.c_str());
66 addTrustEngine(XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(t.c_str(), e));
69 catch (exception& ex) {
70 log.error("error building TrustEngine: %s", ex.what());
72 e = XMLHelper::getNextSiblingElement(e, _TrustEngine);
76 ChainingTrustEngine::~ChainingTrustEngine()
80 void ChainingTrustEngine::addTrustEngine(TrustEngine* newEngine)
82 m_engines.push_back(newEngine);
83 SignatureTrustEngine* sig = dynamic_cast<SignatureTrustEngine*>(newEngine);
85 m_sigEngines.push_back(sig);
86 X509TrustEngine* x509 = dynamic_cast<X509TrustEngine*>(newEngine);
88 m_x509Engines.push_back(x509);
89 OpenSSLTrustEngine* ossl = dynamic_cast<OpenSSLTrustEngine*>(newEngine);
91 m_osslEngines.push_back(ossl);
94 TrustEngine* ChainingTrustEngine::removeTrustEngine(TrustEngine* oldEngine)
96 ptr_vector<TrustEngine>::iterator i =
97 find_if(m_engines.begin(), m_engines.end(), (&_1 == oldEngine));
98 if (i != m_engines.end()) {
99 SignatureTrustEngine* sig = dynamic_cast<SignatureTrustEngine*>(oldEngine);
101 ptr_vector<SignatureTrustEngine>::iterator s =
102 find_if(m_sigEngines.begin(), m_sigEngines.end(), (&_1 == sig));
103 if (s != m_sigEngines.end())
104 m_sigEngines.erase(s);
107 X509TrustEngine* x509 = dynamic_cast<X509TrustEngine*>(oldEngine);
109 ptr_vector<X509TrustEngine>::iterator x =
110 find_if(m_x509Engines.begin(), m_x509Engines.end(), (&_1 == x509));
111 if (x != m_x509Engines.end())
112 m_x509Engines.erase(x);
115 OpenSSLTrustEngine* ossl = dynamic_cast<OpenSSLTrustEngine*>(oldEngine);
117 ptr_vector<OpenSSLTrustEngine>::iterator o =
118 find_if(m_osslEngines.begin(), m_osslEngines.end(), (&_1 == ossl));
119 if (o != m_osslEngines.end())
120 m_osslEngines.erase(o);
123 return (m_engines.release(i)).release();
128 bool ChainingTrustEngine::validate(Signature& sig, const CredentialResolver& credResolver, CredentialCriteria* criteria) const
130 unsigned int usage = criteria ? criteria->getUsage() : 0;
131 for (ptr_vector<SignatureTrustEngine>::const_iterator i=m_sigEngines.begin(); i!=m_sigEngines.end(); ++i) {
132 if (i->validate(sig,credResolver,criteria))
136 criteria->setUsage(usage);
142 bool ChainingTrustEngine::validate(
143 const XMLCh* sigAlgorithm,
148 const CredentialResolver& credResolver,
149 CredentialCriteria* criteria
152 unsigned int usage = criteria ? criteria->getUsage() : 0;
153 for (ptr_vector<SignatureTrustEngine>::const_iterator i=m_sigEngines.begin(); i!=m_sigEngines.end(); ++i) {
154 if (i->validate(sigAlgorithm, sig, keyInfo, in, in_len, credResolver, criteria))
158 criteria->setUsage(usage);
164 bool ChainingTrustEngine::validate(
165 XSECCryptoX509* certEE,
166 const vector<XSECCryptoX509*>& certChain,
167 const CredentialResolver& credResolver,
168 CredentialCriteria* criteria
171 unsigned int usage = criteria ? criteria->getUsage() : 0;
172 for (ptr_vector<X509TrustEngine>::const_iterator i=m_x509Engines.begin(); i!=m_x509Engines.end(); ++i) {
173 if (i->validate(certEE,certChain,credResolver,criteria))
177 criteria->setUsage(usage);
183 bool ChainingTrustEngine::validate(
185 STACK_OF(X509)* certChain,
186 const CredentialResolver& credResolver,
187 CredentialCriteria* criteria
190 unsigned int usage = criteria ? criteria->getUsage() : 0;
191 for (ptr_vector<OpenSSLTrustEngine>::const_iterator i=m_osslEngines.begin(); i!=m_osslEngines.end(); ++i) {
192 if (i->validate(certEE,certChain,credResolver,criteria))
196 criteria->setUsage(usage);