2 * Copyright 2001-2007 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * ChainingTrustEngine.cpp
20 * TrustEngine that uses multiple engines in sequence.
24 #include "exceptions.h"
25 #include "security/ChainingTrustEngine.h"
27 #include <log4cpp/Category.hh>
28 #include <xercesc/util/XMLUniDefs.hpp>
30 using namespace xmlsignature;
31 using namespace xmltooling;
32 using namespace log4cpp;
35 namespace xmltooling {
36 TrustEngine* XMLTOOL_DLLLOCAL ChainingTrustEngineFactory(const DOMElement* const & e)
38 return new ChainingTrustEngine(e);
42 static const XMLCh _TrustEngine[] = UNICODE_LITERAL_11(T,r,u,s,t,E,n,g,i,n,e);
43 static const XMLCh type[] = UNICODE_LITERAL_4(t,y,p,e);
45 ChainingTrustEngine::ChainingTrustEngine(const DOMElement* e) : OpenSSLTrustEngine(e) {
46 Category& log=Category::getInstance(XMLTOOLING_LOGCAT".TrustEngine");
48 e = e ? XMLHelper::getFirstChildElement(e, _TrustEngine) : NULL;
50 auto_ptr_char temp(e->getAttributeNS(NULL,type));
51 if (temp.get() && *temp.get()) {
52 log.info("building TrustEngine of type %s", temp.get());
53 m_engines.push_back(XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(temp.get(), e));
55 e = XMLHelper::getNextSiblingElement(e, _TrustEngine);
59 for_each(m_engines.begin(), m_engines.end(), xmltooling::cleanup<TrustEngine>());
64 ChainingTrustEngine::~ChainingTrustEngine() {
65 for_each(m_engines.begin(), m_engines.end(), xmltooling::cleanup<TrustEngine>());
68 bool ChainingTrustEngine::validate(
70 const KeyInfoSource& keyInfoSource,
71 const KeyResolver* keyResolver
74 for (vector<TrustEngine*>::const_iterator i=m_engines.begin(); i!=m_engines.end(); ++i) {
75 if ((*i)->validate(sig,keyInfoSource,keyResolver))
81 bool ChainingTrustEngine::validate(
82 const XMLCh* sigAlgorithm,
87 const KeyInfoSource& keyInfoSource,
88 const KeyResolver* keyResolver
91 for (vector<TrustEngine*>::const_iterator i=m_engines.begin(); i!=m_engines.end(); ++i) {
92 if ((*i)->validate(sigAlgorithm, sig, keyInfo, in, in_len, keyInfoSource, keyResolver))
98 bool ChainingTrustEngine::validate(
99 XSECCryptoX509* certEE,
100 const vector<XSECCryptoX509*>& certChain,
101 const KeyInfoSource& keyInfoSource,
103 const KeyResolver* keyResolver
106 X509TrustEngine* down;
107 for (vector<TrustEngine*>::const_iterator i=m_engines.begin(); i!=m_engines.end(); ++i) {
108 if ((down = dynamic_cast<X509TrustEngine*>(*i)) &&
109 down->validate(certEE,certChain,keyInfoSource,checkName,keyResolver))
115 bool ChainingTrustEngine::validate(
117 STACK_OF(X509)* certChain,
118 const KeyInfoSource& keyInfoSource,
120 const xmlsignature::KeyResolver* keyResolver
123 OpenSSLTrustEngine* down;
124 for (vector<TrustEngine*>::const_iterator i=m_engines.begin(); i!=m_engines.end(); ++i) {
125 if ((down = dynamic_cast<OpenSSLTrustEngine*>(*i)) &&
126 down->validate(certEE,certChain,keyInfoSource,checkName,keyResolver))