2 * Copyright 2001-2005 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * ChainingTrustEngine.cpp
20 * TrustEngine that uses multiple engines in sequence.
24 #include "exceptions.h"
25 #include "security/ChainingTrustEngine.h"
27 #include <xercesc/util/XMLUniDefs.hpp>
29 using namespace xmlsignature;
30 using namespace xmltooling;
33 namespace xmltooling {
34 TrustEngine* XMLTOOL_DLLLOCAL ChainingTrustEngineFactory(const DOMElement* const & e)
36 return new ChainingTrustEngine(e);
40 static const XMLCh GenericTrustEngine[] = UNICODE_LITERAL_11(T,r,u,s,t,E,n,g,i,n,e);
41 static const XMLCh type[] = UNICODE_LITERAL_4(t,y,p,e);
43 ChainingTrustEngine::ChainingTrustEngine(const DOMElement* e) : X509TrustEngine(e) {
45 e = e ? xmltooling::XMLHelper::getFirstChildElement(e, GenericTrustEngine) : NULL;
47 xmltooling::auto_ptr_char temp(e->getAttributeNS(NULL,type));
49 auto_ptr<TrustEngine> engine(
50 XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(temp.get(), e)
52 X509TrustEngine* x509 = dynamic_cast<X509TrustEngine*>(engine.get());
54 m_engines.push_back(x509);
58 throw xmltooling::UnknownExtensionException("Embedded trust engine does not support required interface.");
61 e = xmltooling::XMLHelper::getNextSiblingElement(e, GenericTrustEngine);
64 catch (xmltooling::XMLToolingException&) {
65 for_each(m_engines.begin(), m_engines.end(), xmltooling::cleanup<X509TrustEngine>());
70 ChainingTrustEngine::~ChainingTrustEngine() {
71 for_each(m_engines.begin(), m_engines.end(), xmltooling::cleanup<X509TrustEngine>());
74 bool ChainingTrustEngine::validate(
76 const KeyInfoSource& keyInfoSource,
77 const KeyResolver* keyResolver
80 for (vector<X509TrustEngine*>::const_iterator i=m_engines.begin(); i!=m_engines.end(); ++i) {
81 if (static_cast<TrustEngine*>(*i)->validate(sig,keyInfoSource,keyResolver))
87 bool ChainingTrustEngine::validate(
88 const XMLCh* sigAlgorithm,
93 const KeyInfoSource& keyInfoSource,
94 const KeyResolver* keyResolver
97 for (vector<X509TrustEngine*>::const_iterator i=m_engines.begin(); i!=m_engines.end(); ++i) {
98 if (static_cast<TrustEngine*>(*i)->validate(sigAlgorithm, sig, keyInfo, in, in_len, keyInfoSource, keyResolver))
104 bool ChainingTrustEngine::validate(
105 XSECCryptoX509* certEE,
106 const vector<XSECCryptoX509*>& certChain,
107 const KeyInfoSource& keyInfoSource,
109 const KeyResolver* keyResolver
112 for (vector<X509TrustEngine*>::const_iterator i=m_engines.begin(); i!=m_engines.end(); ++i) {
113 if ((*i)->validate(certEE,certChain,keyInfoSource,checkName,keyResolver))