xmltooling/security/impl/ChainingTrustEngine.cpp

   1 /*
   2  *  Copyright 2001-2007 Internet2
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *     http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 /**
  18  * ChainingTrustEngine.cpp
  19  *
  20  * TrustEngine that uses multiple engines in sequence.
  21  */
  22
  23 #include "internal.h"
  24 #include "exceptions.h"
  25 #include "security/ChainingTrustEngine.h"
  26
  27 #include <log4cpp/Category.hh>
  28 #include <xercesc/util/XMLUniDefs.hpp>
  29
  30 using namespace xmlsignature;
  31 using namespace xmltooling;
  32 using namespace log4cpp;
  33 using namespace std;
  34
  35 namespace xmltooling {
  36     TrustEngine* XMLTOOL_DLLLOCAL ChainingTrustEngineFactory(const DOMElement* const & e)
  37     {
  38         return new ChainingTrustEngine(e);
  39     }
  40 };
  41
  42 static const XMLCh _TrustEngine[] =                 UNICODE_LITERAL_11(T,r,u,s,t,E,n,g,i,n,e);
  43 static const XMLCh type[] =                         UNICODE_LITERAL_4(t,y,p,e);
  44
  45 ChainingTrustEngine::ChainingTrustEngine(const DOMElement* e) : OpenSSLTrustEngine(e) {
  46     Category& log=Category::getInstance(XMLTOOLING_LOGCAT".TrustEngine");
  47     try {
  48         e = e ? XMLHelper::getFirstChildElement(e, _TrustEngine) : NULL;
  49         while (e) {
  50             auto_ptr_char temp(e->getAttributeNS(NULL,type));
  51             if (temp.get() && *temp.get()) {
  52                 log.info("building TrustEngine of type %s", temp.get());
  53                 m_engines.push_back(XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(temp.get(), e));
  54             }
  55             e = XMLHelper::getNextSiblingElement(e, _TrustEngine);
  56         }
  57     }
  58     catch (exception&) {
  59         for_each(m_engines.begin(), m_engines.end(), xmltooling::cleanup<TrustEngine>());
  60         throw;
  61     }
  62 }
  63
  64 ChainingTrustEngine::~ChainingTrustEngine() {
  65     for_each(m_engines.begin(), m_engines.end(), xmltooling::cleanup<TrustEngine>());
  66 }
  67
  68 bool ChainingTrustEngine::validate(
  69     Signature& sig,
  70     const KeyInfoSource& keyInfoSource,
  71     const KeyResolver* keyResolver
  72     ) const
  73 {
  74     for (vector<TrustEngine*>::const_iterator i=m_engines.begin(); i!=m_engines.end(); ++i) {
  75         if ((*i)->validate(sig,keyInfoSource,keyResolver))
  76             return true;
  77     }
  78     return false;
  79 }
  80
  81 bool ChainingTrustEngine::validate(
  82     const XMLCh* sigAlgorithm,
  83     const char* sig,
  84     KeyInfo* keyInfo,
  85     const char* in,
  86     unsigned int in_len,
  87     const KeyInfoSource& keyInfoSource,
  88     const KeyResolver* keyResolver
  89     ) const
  90 {
  91     for (vector<TrustEngine*>::const_iterator i=m_engines.begin(); i!=m_engines.end(); ++i) {
  92         if ((*i)->validate(sigAlgorithm, sig, keyInfo, in, in_len, keyInfoSource, keyResolver))
  93             return true;
  94     }
  95     return false;
  96 }
  97
  98 bool ChainingTrustEngine::validate(
  99     XSECCryptoX509* certEE,
 100     const vector<XSECCryptoX509*>& certChain,
 101     const KeyInfoSource& keyInfoSource,
 102     bool checkName,
 103     const KeyResolver* keyResolver
 104     ) const
 105 {
 106     X509TrustEngine* down;
 107     for (vector<TrustEngine*>::const_iterator i=m_engines.begin(); i!=m_engines.end(); ++i) {
 108         if ((down = dynamic_cast<X509TrustEngine*>(*i)) &&
 109                 down->validate(certEE,certChain,keyInfoSource,checkName,keyResolver))
 110             return true;
 111     }
 112     return false;
 113 }
 114
 115 bool ChainingTrustEngine::validate(
 116     X509* certEE,
 117     STACK_OF(X509)* certChain,
 118     const KeyInfoSource& keyInfoSource,
 119     bool checkName,
 120     const xmlsignature::KeyResolver* keyResolver
 121     ) const
 122 {
 123     OpenSSLTrustEngine* down;
 124     for (vector<TrustEngine*>::const_iterator i=m_engines.begin(); i!=m_engines.end(); ++i) {
 125         if ((down = dynamic_cast<OpenSSLTrustEngine*>(*i)) &&
 126                 down->validate(certEE,certChain,keyInfoSource,checkName,keyResolver))
 127             return true;
 128     }
 129     return false;
 130 }