xmltooling/security/impl/InlineKeyResolver.cpp

   1 /*
   2  *  Copyright 2001-2010 Internet2
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *     http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 /**
  18  * InlineKeyResolver.cpp
  19  *
  20  * Resolves key information directly from recognized KeyInfo structures.
  21  */
  22
  23 #include "internal.h"
  24 #include "logging.h"
  25 #include "security/BasicX509Credential.h"
  26 #include "security/KeyInfoCredentialContext.h"
  27 #include "security/KeyInfoResolver.h"
  28 #include "security/XSECCryptoX509CRL.h"
  29 #include "signature/KeyInfo.h"
  30 #include "signature/Signature.h"
  31 #include "util/NDC.h"
  32 #include "util/Threads.h"
  33 #include "util/XMLConstants.h"
  34 #include "validation/ValidatorSuite.h"
  35
  36 #include <xercesc/util/XMLUniDefs.hpp>
  37 #include <xsec/dsig/DSIGKeyInfoX509.hpp>
  38 #include <xsec/enc/XSECKeyInfoResolverDefault.hpp>
  39 #include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>
  40 #include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp>
  41 #include <xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.hpp>
  42 #include <xsec/enc/XSECCryptoException.hpp>
  43 #include <xsec/framework/XSECException.hpp>
  44
  45 using namespace xmlsignature;
  46 using namespace xmltooling::logging;
  47 using namespace xmltooling;
  48 using namespace xercesc;
  49 using namespace std;
  50
  51 namespace xmltooling {
  52
  53     class XMLTOOL_DLLLOCAL InlineCredential : public BasicX509Credential
  54     {
  55     public:
  56         InlineCredential(const KeyInfo* keyInfo=nullptr) : BasicX509Credential(keyInfo!=nullptr), m_credctx(new KeyInfoCredentialContext(keyInfo)) {
  57         }
  58         InlineCredential(DSIGKeyInfoList* keyInfo) : BasicX509Credential(false), m_credctx(new KeyInfoCredentialContext(keyInfo)) {
  59         }
  60         InlineCredential(KeyInfoCredentialContext* context) : BasicX509Credential(context->getKeyInfo()!=nullptr), m_credctx(nullptr) {
  61         }
  62         virtual ~InlineCredential() {
  63             delete m_credctx;
  64         }
  65
  66         XSECCryptoKey* getPrivateKey() const {
  67             return nullptr;
  68         }
  69
  70         KeyInfo* getKeyInfo(bool compact=false) const {
  71             KeyInfo* ret = m_credctx->getKeyInfo() ? m_credctx->getKeyInfo()->cloneKeyInfo() : nullptr;
  72             if (ret) {
  73                 ret->setId(nullptr);
  74                 ret->getRetrievalMethods().clear();
  75                 if (compact) {
  76                     ret->getKeyValues().clear();
  77                     ret->getSPKIDatas().clear();
  78                     ret->getPGPDatas().clear();
  79                     ret->getUnknownXMLObjects().clear();
  80                     VectorOf(X509Data) x509Datas=ret->getX509Datas();
  81                     for (VectorOf(X509Data)::size_type pos = 0; pos < x509Datas.size();) {
  82                         x509Datas[pos]->getX509Certificates().clear();
  83                         x509Datas[pos]->getX509CRLs().clear();
  84                         x509Datas[pos]->getUnknownXMLObjects().clear();
  85                         if (x509Datas[pos]->hasChildren())
  86                             ++pos;
  87                         else
  88                             x509Datas.erase(x509Datas.begin() + pos);
  89                     }
  90                 }
  91             }
  92             if (!ret->hasChildren()) {
  93                 delete ret;
  94                 ret = nullptr;
  95             }
  96             return ret;
  97         }
  98
  99         const CredentialContext* getCredentalContext() const {
 100             return m_credctx;
 101         }
 102
 103         void setCredentialContext(KeyInfoCredentialContext* context) {
 104             m_credctx = context;
 105         }
 106
 107         void resolve(const KeyInfo* keyInfo, int types=0, bool followRefs=true);
 108         void resolve(DSIGKeyInfoList* keyInfo, int types=0, bool followRefs=true);
 109
 110     private:
 111         bool resolveCerts(const KeyInfo* keyInfo, bool followRefs=true);
 112         bool resolveKey(const KeyInfo* keyInfo, bool followRefs=true);
 113         bool resolveCRLs(const KeyInfo* keyInfo, bool followRefs=true);
 114
 115         KeyInfoCredentialContext* m_credctx;
 116     };
 117
 118     static const XMLCh keyInfoReferences[] = UNICODE_LITERAL_17(k,e,y,I,n,f,o,R,e,f,e,r,e,n,c,e,s);
 119
 120     class XMLTOOL_DLLLOCAL InlineKeyResolver : public KeyInfoResolver
 121     {
 122     public:
 123         InlineKeyResolver(const DOMElement* e)
 124             : m_followRefs(XMLHelper::getNodeValueAsBool(e ? e->getAttributeNodeNS(nullptr, keyInfoReferences) : nullptr, true)) {
 125         }
 126
 127         virtual ~InlineKeyResolver() {}
 128
 129         Credential* resolve(const KeyInfo* keyInfo, int types=0) const {
 130             if (!keyInfo)
 131                 return nullptr;
 132             if (types == 0)
 133                 types = Credential::RESOLVE_KEYS|X509Credential::RESOLVE_CERTS|X509Credential::RESOLVE_CRLS;
 134             auto_ptr<InlineCredential> credential(new InlineCredential(keyInfo));
 135             credential->resolve(keyInfo, types, m_followRefs);
 136             return credential.release();
 137         }
 138         Credential* resolve(DSIGKeyInfoList* keyInfo, int types=0) const {
 139             if (!keyInfo)
 140                 return nullptr;
 141             if (types == 0)
 142                 types = Credential::RESOLVE_KEYS|X509Credential::RESOLVE_CERTS|X509Credential::RESOLVE_CRLS;
 143             auto_ptr<InlineCredential> credential(new InlineCredential(keyInfo));
 144             credential->resolve(keyInfo, types, m_followRefs);
 145             return credential.release();
 146         }
 147         Credential* resolve(KeyInfoCredentialContext* context, int types=0) const {
 148             if (!context)
 149                 return nullptr;
 150             if (types == 0)
 151                 types = Credential::RESOLVE_KEYS|X509Credential::RESOLVE_CERTS|X509Credential::RESOLVE_CRLS;
 152             auto_ptr<InlineCredential> credential(new InlineCredential(context));
 153             if (context->getKeyInfo())
 154                 credential->resolve(context->getKeyInfo(), types, m_followRefs);
 155             else if (context->getNativeKeyInfo())
 156                 credential->resolve(context->getNativeKeyInfo(), types, m_followRefs);
 157             credential->setCredentialContext(context);
 158             return credential.release();
 159         }
 160
 161     private:
 162         bool m_followRefs;
 163     };
 164
 165     KeyInfoResolver* XMLTOOL_DLLLOCAL InlineKeyInfoResolverFactory(const DOMElement* const & e)
 166     {
 167         return new InlineKeyResolver(e);
 168     }
 169 };
 170
 171 void InlineCredential::resolve(const KeyInfo* keyInfo, int types, bool followRefs)
 172 {
 173 #ifdef _DEBUG
 174     NDC ndc("resolve");
 175 #endif
 176
 177     if (types & X509Credential::RESOLVE_CERTS)
 178         resolveCerts(keyInfo, followRefs);
 179
 180     if (types & Credential::RESOLVE_KEYS) {
 181         if (types & X509Credential::RESOLVE_CERTS) {
 182             // If we have a cert, just use it.
 183             if (!m_xseccerts.empty())
 184                 m_key = m_xseccerts.front()->clonePublicKey();
 185             else
 186                 resolveKey(keyInfo, followRefs);
 187         }
 188         // Otherwise try directly for a key and then go for certs if none is found.
 189         else if (!resolveKey(keyInfo, followRefs) && resolveCerts(keyInfo, followRefs)) {
 190             m_key = m_xseccerts.front()->clonePublicKey();
 191         }
 192     }
 193
 194     if (types & X509Credential::RESOLVE_CRLS)
 195         resolveCRLs(keyInfo, followRefs);
 196
 197     const XMLCh* n;
 198     char* kn;
 199     const vector<KeyName*>& knames=keyInfo->getKeyNames();
 200     for (vector<KeyName*>::const_iterator kn_i=knames.begin(); kn_i!=knames.end(); ++kn_i) {
 201         n=(*kn_i)->getName();
 202         if (n && *n) {
 203             kn=toUTF8(n);
 204             m_keyNames.insert(kn);
 205             delete[] kn;
 206         }
 207     }
 208     const vector<X509Data*> datas=keyInfo->getX509Datas();
 209     for (vector<X509Data*>::const_iterator x_i=datas.begin(); x_i!=datas.end(); ++x_i) {
 210         const vector<X509SubjectName*> snames = const_cast<const X509Data*>(*x_i)->getX509SubjectNames();
 211         for (vector<X509SubjectName*>::const_iterator sn_i = snames.begin(); sn_i!=snames.end(); ++sn_i) {
 212             n = (*sn_i)->getName();
 213             if (n && *n) {
 214                 kn=toUTF8(n);
 215                 m_keyNames.insert(kn);
 216                 m_subjectName = kn;
 217                 delete[] kn;
 218             }
 219         }
 220
 221         const vector<X509IssuerSerial*> inames = const_cast<const X509Data*>(*x_i)->getX509IssuerSerials();
 222         if (!inames.empty()) {
 223             const X509IssuerName* iname = inames.front()->getX509IssuerName();
 224             if (iname) {
 225                 kn = toUTF8(iname->getName());
 226                 if (kn)
 227                     m_issuerName = kn;
 228                 delete[] kn;
 229             }
 230
 231             const X509SerialNumber* ser = inames.front()->getX509SerialNumber();
 232             if (ser) {
 233                 auto_ptr_char sn(ser->getSerialNumber());
 234                 m_serial = sn.get();
 235             }
 236         }
 237     }
 238 }
 239
 240 bool InlineCredential::resolveKey(const KeyInfo* keyInfo, bool followRefs)
 241 {
 242     Category& log = Category::getInstance(XMLTOOLING_LOGCAT".KeyInfoResolver."INLINE_KEYINFO_RESOLVER);
 243
 244     // Check for ds:KeyValue
 245     const vector<KeyValue*>& keyValues = keyInfo->getKeyValues();
 246     for (vector<KeyValue*>::const_iterator i=keyValues.begin(); i!=keyValues.end(); ++i) {
 247         try {
 248             SchemaValidators.validate(*i);    // see if it's a "valid" key
 249             RSAKeyValue* rsakv = (*i)->getRSAKeyValue();
 250             if (rsakv) {
 251                 log.debug("resolving ds:RSAKeyValue");
 252                 auto_ptr_char mod(rsakv->getModulus()->getValue());
 253                 auto_ptr_char exp(rsakv->getExponent()->getValue());
 254                 auto_ptr<XSECCryptoKeyRSA> rsa(XSECPlatformUtils::g_cryptoProvider->keyRSA());
 255                 rsa->loadPublicModulusBase64BigNums(mod.get(), strlen(mod.get()));
 256                 rsa->loadPublicExponentBase64BigNums(exp.get(), strlen(exp.get()));
 257                 m_key = rsa.release();
 258                 return true;
 259             }
 260             DSAKeyValue* dsakv = (*i)->getDSAKeyValue();
 261             if (dsakv) {
 262                 log.debug("resolving ds:DSAKeyValue");
 263                 auto_ptr<XSECCryptoKeyDSA> dsa(XSECPlatformUtils::g_cryptoProvider->keyDSA());
 264                 auto_ptr_char y(dsakv->getY()->getValue());
 265                 dsa->loadYBase64BigNums(y.get(), strlen(y.get()));
 266                 if (dsakv->getP()) {
 267                     auto_ptr_char p(dsakv->getP()->getValue());
 268                     dsa->loadPBase64BigNums(p.get(), strlen(p.get()));
 269                 }
 270                 if (dsakv->getQ()) {
 271                     auto_ptr_char q(dsakv->getQ()->getValue());
 272                     dsa->loadQBase64BigNums(q.get(), strlen(q.get()));
 273                 }
 274                 if (dsakv->getG()) {
 275                     auto_ptr_char g(dsakv->getG()->getValue());
 276                     dsa->loadGBase64BigNums(g.get(), strlen(g.get()));
 277                 }
 278                 m_key = dsa.release();
 279                 return true;
 280             }
 281         }
 282         catch (ValidationException& ex) {
 283             log.warn("skipping invalid ds:KeyValue (%s)", ex.what());
 284         }
 285         catch(XSECException& e) {
 286             auto_ptr_char temp(e.getMsg());
 287             log.error("caught XML-Security exception loading key: %s", temp.get());
 288         }
 289         catch(XSECCryptoException& e) {
 290             log.error("caught XML-Security exception loading key: %s", e.getMsg());
 291         }
 292     }
 293
 294     if (followRefs) {
 295         // Check for KeyInfoReference.
 296         const XMLCh* fragID=NULL;
 297         const XMLObject* treeRoot=NULL;
 298         const vector<KeyInfoReference*>& refs = keyInfo->getKeyInfoReferences();
 299         for (vector<KeyInfoReference*>::const_iterator ref = refs.begin(); ref != refs.end(); ++ref) {
 300             fragID = (*ref)->getURI();
 301             if (!fragID || *fragID != chPound || !*(fragID+1)) {
 302                 log.warn("skipping ds11:KeyInfoReference with an empty or non-local reference");
 303                 continue;
 304             }
 305             if (!treeRoot) {
 306                 treeRoot = keyInfo;
 307                 while (treeRoot->getParent())
 308                     treeRoot = treeRoot->getParent();
 309             }
 310             keyInfo = dynamic_cast<const KeyInfo*>(XMLHelper::getXMLObjectById(*treeRoot, fragID+1));
 311             if (!keyInfo) {
 312                 log.warn("skipping ds11:KeyInfoReference, local reference did not resolve to a ds:KeyInfo");
 313                 continue;
 314             }
 315             if (resolveKey(keyInfo, false))
 316                 return true;
 317         }
 318     }
 319
 320     return false;
 321 }
 322
 323 bool InlineCredential::resolveCerts(const KeyInfo* keyInfo, bool followRefs)
 324 {
 325     Category& log = Category::getInstance(XMLTOOLING_LOGCAT".KeyInfoResolver."INLINE_KEYINFO_RESOLVER);
 326
 327     // Check for ds:X509Data
 328     const vector<X509Data*>& x509Datas=keyInfo->getX509Datas();
 329     for (vector<X509Data*>::const_iterator j=x509Datas.begin(); m_xseccerts.empty() && j!=x509Datas.end(); ++j) {
 330         const vector<X509Certificate*> x509Certs=const_cast<const X509Data*>(*j)->getX509Certificates();
 331         for (vector<X509Certificate*>::const_iterator k=x509Certs.begin(); k!=x509Certs.end(); ++k) {
 332             try {
 333                 auto_ptr_char x((*k)->getValue());
 334                 if (!x.get()) {
 335                     log.warn("skipping empty ds:X509Certificate");
 336                 }
 337                 else {
 338                     log.debug("resolving ds:X509Certificate");
 339                     auto_ptr<XSECCryptoX509> x509(XSECPlatformUtils::g_cryptoProvider->X509());
 340                     x509->loadX509Base64Bin(x.get(), strlen(x.get()));
 341                     m_xseccerts.push_back(x509.release());
 342                 }
 343             }
 344             catch(XSECException& e) {
 345                 auto_ptr_char temp(e.getMsg());
 346                 log.error("caught XML-Security exception loading certificate: %s", temp.get());
 347             }
 348             catch(XSECCryptoException& e) {
 349                 log.error("caught XML-Security exception loading certificate: %s", e.getMsg());
 350             }
 351         }
 352     }
 353
 354     if (followRefs && m_xseccerts.empty()) {
 355         // Check for KeyInfoReference.
 356         const XMLCh* fragID=NULL;
 357         const XMLObject* treeRoot=NULL;
 358         const vector<KeyInfoReference*>& refs = keyInfo->getKeyInfoReferences();
 359         for (vector<KeyInfoReference*>::const_iterator ref = refs.begin(); ref != refs.end(); ++ref) {
 360             fragID = (*ref)->getURI();
 361             if (!fragID || *fragID != chPound || !*(fragID+1)) {
 362                 log.warn("skipping ds11:KeyInfoReference with an empty or non-local reference");
 363                 continue;
 364             }
 365             if (!treeRoot) {
 366                 treeRoot = keyInfo;
 367                 while (treeRoot->getParent())
 368                     treeRoot = treeRoot->getParent();
 369             }
 370             keyInfo = dynamic_cast<const KeyInfo*>(XMLHelper::getXMLObjectById(*treeRoot, fragID+1));
 371             if (!keyInfo) {
 372                 log.warn("skipping ds11:KeyInfoReference, local reference did not resolve to a ds:KeyInfo");
 373                 continue;
 374             }
 375             if (resolveCerts(keyInfo, false))
 376                 return true;
 377         }
 378         return false;
 379     }
 380
 381     log.debug("resolved %d certificate(s)", m_xseccerts.size());
 382     return !m_xseccerts.empty();
 383 }
 384
 385 bool InlineCredential::resolveCRLs(const KeyInfo* keyInfo, bool followRefs)
 386 {
 387     Category& log = Category::getInstance(XMLTOOLING_LOGCAT".KeyInfoResolver."INLINE_KEYINFO_RESOLVER);
 388
 389     // Check for ds:X509Data
 390     const vector<X509Data*>& x509Datas=keyInfo->getX509Datas();
 391     for (vector<X509Data*>::const_iterator j=x509Datas.begin(); j!=x509Datas.end(); ++j) {
 392         const vector<X509CRL*> x509CRLs=const_cast<const X509Data*>(*j)->getX509CRLs();
 393         for (vector<X509CRL*>::const_iterator k=x509CRLs.begin(); k!=x509CRLs.end(); ++k) {
 394             try {
 395                 auto_ptr_char x((*k)->getValue());
 396                 if (!x.get()) {
 397                     log.warn("skipping empty ds:X509CRL");
 398                 }
 399                 else {
 400                     log.debug("resolving ds:X509CRL");
 401                     auto_ptr<XSECCryptoX509CRL> crl(XMLToolingConfig::getConfig().X509CRL());
 402                     crl->loadX509CRLBase64Bin(x.get(), strlen(x.get()));
 403                     m_crls.push_back(crl.release());
 404                 }
 405             }
 406             catch(XSECException& e) {
 407                 auto_ptr_char temp(e.getMsg());
 408                 log.error("caught XML-Security exception loading CRL: %s", temp.get());
 409             }
 410             catch(XSECCryptoException& e) {
 411                 log.error("caught XML-Security exception loading CRL: %s", e.getMsg());
 412             }
 413         }
 414     }
 415
 416     if (followRefs && m_crls.empty()) {
 417         // Check for KeyInfoReference.
 418         const XMLCh* fragID=NULL;
 419         const XMLObject* treeRoot=NULL;
 420         const vector<KeyInfoReference*>& refs = keyInfo->getKeyInfoReferences();
 421         for (vector<KeyInfoReference*>::const_iterator ref = refs.begin(); ref != refs.end(); ++ref) {
 422             fragID = (*ref)->getURI();
 423             if (!fragID || *fragID != chPound || !*(fragID+1)) {
 424                 log.warn("skipping ds11:KeyInfoReference with an empty or non-local reference");
 425                 continue;
 426             }
 427             if (!treeRoot) {
 428                 treeRoot = keyInfo;
 429                 while (treeRoot->getParent())
 430                     treeRoot = treeRoot->getParent();
 431             }
 432             keyInfo = dynamic_cast<const KeyInfo*>(XMLHelper::getXMLObjectById(*treeRoot, fragID+1));
 433             if (!keyInfo) {
 434                 log.warn("skipping ds11:KeyInfoReference, local reference did not resolve to a ds:KeyInfo");
 435                 continue;
 436             }
 437             if (resolveCRLs(keyInfo, false))
 438                 return true;
 439         }
 440         return false;
 441     }
 442
 443     log.debug("resolved %d CRL(s)", m_crls.size());
 444     return !m_crls.empty();
 445 }
 446
 447 void InlineCredential::resolve(DSIGKeyInfoList* keyInfo, int types, bool followRefs)
 448 {
 449 #ifdef _DEBUG
 450     NDC ndc("resolve");
 451 #endif
 452
 453     if (types & Credential::RESOLVE_KEYS) {
 454         // Default resolver handles RSA/DSAKeyValue and X509Certificate elements.
 455         try {
 456             XSECKeyInfoResolverDefault def;
 457             m_key = def.resolveKey(keyInfo);
 458         }
 459         catch(XSECException& e) {
 460             auto_ptr_char temp(e.getMsg());
 461             Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver."INLINE_KEYINFO_RESOLVER).error("caught XML-Security exception loading certificate: %s", temp.get());
 462         }
 463         catch(XSECCryptoException& e) {
 464             Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver."INLINE_KEYINFO_RESOLVER).error("caught XML-Security exception loading certificate: %s", e.getMsg());
 465         }
 466     }
 467
 468         DSIGKeyInfoList::size_type sz = keyInfo->getSize();
 469
 470     if (types & X509Credential::RESOLVE_CERTS) {
 471         for (DSIGKeyInfoList::size_type i=0; i<sz; ++i) {
 472             if (keyInfo->item(i)->getKeyInfoType()==DSIGKeyInfo::KEYINFO_X509) {
 473                 DSIGKeyInfoX509* x509 = static_cast<DSIGKeyInfoX509*>(keyInfo->item(i));
 474                 int count = x509->getCertificateListSize();
 475                 if (count) {
 476                     for (int j=0; j<count; ++j)
 477                         m_xseccerts.push_back(x509->getCertificateCryptoItem(j));
 478                     break;
 479                 }
 480             }
 481         }
 482     }
 483
 484     if (types & X509Credential::RESOLVE_CRLS) {
 485         for (DSIGKeyInfoList::size_type i=0; i<sz; ++i) {
 486             if (keyInfo->item(i)->getKeyInfoType()==DSIGKeyInfo::KEYINFO_X509) {
 487 #ifdef XMLTOOLING_XMLSEC_MULTIPLECRL
 488                 DSIGKeyInfoX509* x509 = static_cast<DSIGKeyInfoX509*>(keyInfo->item(i));
 489                 int count = x509->getX509CRLListSize();
 490                 for (int j=0; j<count; ++j) {
 491                     auto_ptr_char buf(x509->getX509CRLItem(j));
 492                     if (buf.get()) {
 493                         try {
 494                             auto_ptr<XSECCryptoX509CRL> crlobj(XMLToolingConfig::getConfig().X509CRL());
 495                             crlobj->loadX509CRLBase64Bin(buf.get(), strlen(buf.get()));
 496                             m_crls.push_back(crlobj.release());
 497                         }
 498                         catch(XSECException& e) {
 499                             auto_ptr_char temp(e.getMsg());
 500                             Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver."INLINE_KEYINFO_RESOLVER).error("caught XML-Security exception loading CRL: %s", temp.get());
 501                         }
 502                         catch(XSECCryptoException& e) {
 503                             Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver."INLINE_KEYINFO_RESOLVER).error("caught XML-Security exception loading CRL: %s", e.getMsg());
 504                         }
 505                     }
 506                 }
 507 #else
 508                 // The current xmlsec API is limited to one CRL per KeyInfo.
 509                 // For now, I'm going to process the DOM directly.
 510                 DOMNode* x509Node = keyInfo->item(i)->getKeyInfoDOMNode();
 511                 DOMElement* crlElement = x509Node ? XMLHelper::getFirstChildElement(x509Node, xmlconstants::XMLSIG_NS, X509CRL::LOCAL_NAME) : nullptr;
 512                 while (crlElement) {
 513                     if (crlElement->hasChildNodes()) {
 514                         auto_ptr_char buf(crlElement->getFirstChild()->getNodeValue());
 515                         if (buf.get()) {
 516                             try {
 517                                 auto_ptr<XSECCryptoX509CRL> crlobj(XMLToolingConfig::getConfig().X509CRL());
 518                                 crlobj->loadX509CRLBase64Bin(buf.get(), strlen(buf.get()));
 519                                 m_crls.push_back(crlobj.release());
 520                             }
 521                             catch(XSECException& e) {
 522                                 auto_ptr_char temp(e.getMsg());
 523                                 Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver."INLINE_KEYINFO_RESOLVER).error("caught XML-Security exception loading CRL: %s", temp.get());
 524                             }
 525                             catch(XSECCryptoException& e) {
 526                                 Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver."INLINE_KEYINFO_RESOLVER).error("caught XML-Security exception loading CRL: %s", e.getMsg());
 527                             }
 528                         }
 529                     }
 530                     crlElement = XMLHelper::getNextSiblingElement(crlElement, xmlconstants::XMLSIG_NS, X509CRL::LOCAL_NAME);
 531                 }
 532 #endif
 533             }
 534         }
 535     }
 536
 537     char* kn;
 538     const XMLCh* n;
 539
 540     for (size_t s=0; s<keyInfo->getSize(); s++) {
 541         DSIGKeyInfo* dki = keyInfo->item(s);
 542         n=dki->getKeyName();
 543         if (n && *n) {
 544             kn=toUTF8(n);
 545             m_keyNames.insert(kn);
 546             if (dki->getKeyInfoType() == DSIGKeyInfo::KEYINFO_X509)
 547                 m_subjectName = kn;
 548             delete[] kn;
 549         }
 550
 551         if (dki->getKeyInfoType() == DSIGKeyInfo::KEYINFO_X509) {
 552             DSIGKeyInfoX509* kix = static_cast<DSIGKeyInfoX509*>(dki);
 553             n = kix->getX509IssuerName();
 554             if (n && *n) {
 555                 kn=toUTF8(n);
 556                 m_issuerName = kn;
 557                 delete[] kn;
 558             }
 559             n = kix->getX509IssuerSerialNumber();
 560             if (n && *n) {
 561                 auto_ptr_char sn(n);
 562                 m_serial = sn.get();
 563             }
 564         }
 565     }
 566 }