xmltooling/security/impl/ChainingTrustEngine.cpp

   1 /*
   2  *  Copyright 2001-2007 Internet2
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *     http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 /**
  18  * ChainingTrustEngine.cpp
  19  *
  20  * TrustEngine that uses multiple engines in sequence.
  21  */
  22
  23 #include "internal.h"
  24 #include "exceptions.h"
  25 #include "security/ChainingTrustEngine.h"
  26 #include "util/XMLHelper.h"
  27
  28 #include <log4cpp/Category.hh>
  29 #include <xercesc/util/XMLUniDefs.hpp>
  30
  31 using namespace xmlsignature;
  32 using namespace xmltooling;
  33 using namespace log4cpp;
  34 using namespace std;
  35
  36 namespace xmltooling {
  37     TrustEngine* XMLTOOL_DLLLOCAL ChainingTrustEngineFactory(const DOMElement* const & e)
  38     {
  39         return new ChainingTrustEngine(e);
  40     }
  41 };
  42
  43 static const XMLCh _TrustEngine[] =                 UNICODE_LITERAL_11(T,r,u,s,t,E,n,g,i,n,e);
  44 static const XMLCh type[] =                         UNICODE_LITERAL_4(t,y,p,e);
  45
  46 ChainingTrustEngine::ChainingTrustEngine(const DOMElement* e) : TrustEngine(e) {
  47     Category& log=Category::getInstance(XMLTOOLING_LOGCAT".TrustEngine."CHAINING_TRUSTENGINE);
  48     e = e ? XMLHelper::getFirstChildElement(e, _TrustEngine) : NULL;
  49     while (e) {
  50         try {
  51             auto_ptr_char temp(e->getAttributeNS(NULL,type));
  52             if (temp.get() && *temp.get()) {
  53                 log.info("building TrustEngine of type %s", temp.get());
  54                 TrustEngine* engine = XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(temp.get(), e);
  55                 m_engines.push_back(engine);
  56                 SignatureTrustEngine* sig = dynamic_cast<SignatureTrustEngine*>(engine);
  57                 if (sig)
  58                     m_sigEngines.push_back(sig);
  59                 X509TrustEngine* x509 = dynamic_cast<X509TrustEngine*>(engine);
  60                 if (x509)
  61                     m_x509Engines.push_back(x509);
  62                 OpenSSLTrustEngine* ossl = dynamic_cast<OpenSSLTrustEngine*>(engine);
  63                 if (ossl)
  64                     m_osslEngines.push_back(ossl);
  65             }
  66         }
  67         catch (exception& ex) {
  68             log.error("error building TrustEngine: %s", ex.what());
  69         }
  70         e = XMLHelper::getNextSiblingElement(e, _TrustEngine);
  71     }
  72 }
  73
  74 ChainingTrustEngine::~ChainingTrustEngine() {
  75     for_each(m_engines.begin(), m_engines.end(), xmltooling::cleanup<TrustEngine>());
  76 }
  77
  78 bool ChainingTrustEngine::validate(Signature& sig, const CredentialResolver& credResolver, CredentialCriteria* criteria) const
  79 {
  80     for (vector<SignatureTrustEngine*>::const_iterator i=m_sigEngines.begin(); i!=m_sigEngines.end(); ++i) {
  81         if ((*i)->validate(sig,credResolver,criteria))
  82             return true;
  83     }
  84     return false;
  85 }
  86
  87 bool ChainingTrustEngine::validate(
  88     const XMLCh* sigAlgorithm,
  89     const char* sig,
  90     KeyInfo* keyInfo,
  91     const char* in,
  92     unsigned int in_len,
  93     const CredentialResolver& credResolver,
  94     CredentialCriteria* criteria
  95     ) const
  96 {
  97     for (vector<SignatureTrustEngine*>::const_iterator i=m_sigEngines.begin(); i!=m_sigEngines.end(); ++i) {
  98         if ((*i)->validate(sigAlgorithm, sig, keyInfo, in, in_len, credResolver, criteria))
  99             return true;
 100     }
 101     return false;
 102 }
 103
 104 bool ChainingTrustEngine::validate(
 105     XSECCryptoX509* certEE,
 106     const vector<XSECCryptoX509*>& certChain,
 107     const CredentialResolver& credResolver,
 108     CredentialCriteria* criteria
 109     ) const
 110 {
 111     for (vector<X509TrustEngine*>::const_iterator i=m_x509Engines.begin(); i!=m_x509Engines.end(); ++i) {
 112         if ((*i)->validate(certEE,certChain,credResolver,criteria))
 113             return true;
 114     }
 115     return false;
 116 }
 117
 118 bool ChainingTrustEngine::validate(
 119     X509* certEE,
 120     STACK_OF(X509)* certChain,
 121     const CredentialResolver& credResolver,
 122     CredentialCriteria* criteria
 123     ) const
 124 {
 125     for (vector<OpenSSLTrustEngine*>::const_iterator i=m_osslEngines.begin(); i!=m_osslEngines.end(); ++i) {
 126         if ((*i)->validate(certEE,certChain,credResolver,criteria))
 127             return true;
 128     }
 129     return false;
 130 }