xmltooling/util/ReloadableXMLFile.cpp

   1 /*
   2  *  Copyright 2001-2010 Internet2
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *     http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 /**
  18  * @file ReloadableXMLFile.cpp
  19  *
  20  * Base class for file-based XML configuration.
  21  */
  22
  23 #include "internal.h"
  24 #include "io/HTTPResponse.h"
  25 #ifndef XMLTOOLING_LITE
  26 # include "security/Credential.h"
  27 # include "security/CredentialCriteria.h"
  28 # include "security/CredentialResolver.h"
  29 # include "security/SignatureTrustEngine.h"
  30 # include "signature/Signature.h"
  31 # include "signature/SignatureValidator.h"
  32 #endif
  33 #include "util/NDC.h"
  34 #include "util/PathResolver.h"
  35 #include "util/ReloadableXMLFile.h"
  36 #include "util/Threads.h"
  37 #include "util/XMLConstants.h"
  38 #include "util/XMLHelper.h"
  39
  40 #if defined(XMLTOOLING_LOG4SHIB)
  41 # include <log4shib/NDC.hh>
  42 #elif defined(XMLTOOLING_LOG4CPP)
  43 # include <log4cpp/NDC.hh>
  44 #endif
  45
  46 #include <memory>
  47 #include <fstream>
  48 #include <sys/types.h>
  49 #include <sys/stat.h>
  50
  51 #include <xercesc/framework/LocalFileInputSource.hpp>
  52 #include <xercesc/framework/Wrapper4InputSource.hpp>
  53 #include <xercesc/util/XMLUniDefs.hpp>
  54
  55 #ifndef XMLTOOLING_LITE
  56 # include <xsec/dsig/DSIGReference.hpp>
  57 # include <xsec/dsig/DSIGTransformList.hpp>
  58 using namespace xmlsignature;
  59 #endif
  60
  61 using namespace xmltooling::logging;
  62 using namespace xmltooling;
  63 using namespace xercesc;
  64 using namespace std;
  65
  66 #ifndef XMLTOOLING_LITE
  67 namespace {
  68     class XMLTOOL_DLLLOCAL DummyCredentialResolver : public CredentialResolver
  69     {
  70     public:
  71         DummyCredentialResolver() {}
  72         ~DummyCredentialResolver() {}
  73
  74         Lockable* lock() {return this;}
  75         void unlock() {}
  76
  77         const Credential* resolve(const CredentialCriteria* criteria=nullptr) const {return nullptr;}
  78         vector<const Credential*>::size_type resolve(
  79             vector<const Credential*>& results, const CredentialCriteria* criteria=nullptr
  80             ) const {return 0;}
  81     };
  82 };
  83 #endif
  84
  85 static const XMLCh id[] =               UNICODE_LITERAL_2(i,d);
  86 static const XMLCh uri[] =              UNICODE_LITERAL_3(u,r,i);
  87 static const XMLCh url[] =              UNICODE_LITERAL_3(u,r,l);
  88 static const XMLCh path[] =             UNICODE_LITERAL_4(p,a,t,h);
  89 static const XMLCh pathname[] =         UNICODE_LITERAL_8(p,a,t,h,n,a,m,e);
  90 static const XMLCh file[] =             UNICODE_LITERAL_4(f,i,l,e);
  91 static const XMLCh filename[] =         UNICODE_LITERAL_8(f,i,l,e,n,a,m,e);
  92 static const XMLCh validate[] =         UNICODE_LITERAL_8(v,a,l,i,d,a,t,e);
  93 static const XMLCh reloadChanges[] =    UNICODE_LITERAL_13(r,e,l,o,a,d,C,h,a,n,g,e,s);
  94 static const XMLCh reloadInterval[] =   UNICODE_LITERAL_14(r,e,l,o,a,d,I,n,t,e,r,v,a,l);
  95 static const XMLCh maxRefreshDelay[] =  UNICODE_LITERAL_15(m,a,x,R,e,f,r,e,s,h,D,e,l,a,y);
  96 static const XMLCh backingFilePath[] =  UNICODE_LITERAL_15(b,a,c,k,i,n,g,F,i,l,e,P,a,t,h);
  97 static const XMLCh type[] =             UNICODE_LITERAL_4(t,y,p,e);
  98 static const XMLCh certificate[] =      UNICODE_LITERAL_11(c,e,r,t,i,f,i,c,a,t,e);
  99 static const XMLCh signerName[] =       UNICODE_LITERAL_10(s,i,g,n,e,r,N,a,m,e);
 100 static const XMLCh _TrustEngine[] =     UNICODE_LITERAL_11(T,r,u,s,t,E,n,g,i,n,e);
 101 static const XMLCh _CredentialResolver[] = UNICODE_LITERAL_18(C,r,e,d,e,n,t,i,a,l,R,e,s,o,l,v,e,r);
 102
 103
 104 ReloadableXMLFile::ReloadableXMLFile(const DOMElement* e, Category& log, bool startReloadThread)
 105     : m_root(e), m_local(true), m_validate(false), m_filestamp(0), m_reloadInterval(0),
 106       m_lock(nullptr), m_loaded(false), m_log(log),
 107 #ifndef XMLTOOLING_LITE
 108       m_credResolver(nullptr), m_trust(nullptr),
 109 #endif
 110       m_shutdown(false), m_reload_wait(nullptr), m_reload_thread(nullptr)
 111 {
 112 #ifdef _DEBUG
 113     NDC ndc("ReloadableXMLFile");
 114 #endif
 115
 116     // Establish source of data...
 117     const XMLCh* source=e->getAttributeNS(nullptr,uri);
 118     if (!source || !*source) {
 119         source=e->getAttributeNS(nullptr,url);
 120         if (!source || !*source) {
 121             source=e->getAttributeNS(nullptr,path);
 122             if (!source || !*source) {
 123                 source=e->getAttributeNS(nullptr,pathname);
 124                 if (!source || !*source) {
 125                     source=e->getAttributeNS(nullptr,file);
 126                     if (!source || !*source) {
 127                         source=e->getAttributeNS(nullptr,filename);
 128                     }
 129                 }
 130             }
 131         }
 132         else {
 133             m_local=false;
 134         }
 135     }
 136     else {
 137         m_local=false;
 138     }
 139
 140     if (source && *source) {
 141         m_validate = XMLHelper::getAttrBool(e, false, validate);
 142
 143         auto_ptr_char temp(source);
 144         m_source = temp.get();
 145
 146         if (!m_local && !strstr(m_source.c_str(),"://")) {
 147             log.warn("deprecated usage of uri/url attribute for a local resource, use path instead");
 148             m_local = true;
 149         }
 150
 151 #ifndef XMLTOOLING_LITE
 152         // Check for signature bits.
 153         if (e->hasAttributeNS(nullptr, certificate)) {
 154             // Use a file-based credential resolver rooted here.
 155             m_credResolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(FILESYSTEM_CREDENTIAL_RESOLVER, e);
 156         }
 157         else {
 158             const DOMElement* sub = XMLHelper::getFirstChildElement(e, _CredentialResolver);
 159             string t(XMLHelper::getAttrString(sub, nullptr, type));
 160             if (!t.empty()) {
 161                 m_credResolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(t.c_str(), sub);
 162             }
 163             else {
 164                 sub = XMLHelper::getFirstChildElement(e, _TrustEngine);
 165                 t = XMLHelper::getAttrString(sub, nullptr, type);
 166                 if (!t.empty()) {
 167                     TrustEngine* trust = XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(t.c_str(), sub);
 168                     if (!(m_trust = dynamic_cast<SignatureTrustEngine*>(trust))) {
 169                         delete trust;
 170                         throw XMLToolingException("TrustEngine-based ReloadableXMLFile requires a SignatureTrustEngine plugin.");
 171                     }
 172
 173                     m_signerName = XMLHelper::getAttrString(e, nullptr, signerName);
 174                 }
 175             }
 176         }
 177 #endif
 178
 179         if (m_local) {
 180             XMLToolingConfig::getConfig().getPathResolver()->resolve(m_source, PathResolver::XMLTOOLING_CFG_FILE);
 181
 182             bool flag = XMLHelper::getAttrBool(e, true, reloadChanges);
 183             if (flag) {
 184 #ifdef WIN32
 185                 struct _stat stat_buf;
 186                 if (_stat(m_source.c_str(), &stat_buf) == 0)
 187 #else
 188                 struct stat stat_buf;
 189                 if (stat(m_source.c_str(), &stat_buf) == 0)
 190 #endif
 191                     m_filestamp = stat_buf.st_mtime;
 192                 else
 193                     throw IOException("Unable to access local file ($1)", params(1,m_source.c_str()));
 194                 m_lock = RWLock::create();
 195             }
 196             log.debug("using local resource (%s), will %smonitor for changes", m_source.c_str(), m_lock ? "" : "not ");
 197         }
 198         else {
 199             log.debug("using remote resource (%s)", m_source.c_str());
 200             m_backing = XMLHelper::getAttrString(e, nullptr, backingFilePath);
 201             if (!m_backing.empty()) {
 202                 XMLToolingConfig::getConfig().getPathResolver()->resolve(m_backing, PathResolver::XMLTOOLING_RUN_FILE);
 203                 log.debug("backup remote resource to (%s)", m_backing.c_str());
 204                 try {
 205                     ifstream backer(m_backing + ".tag");
 206                     if (backer) {
 207                         char cachebuf[256];
 208                         if (backer.getline(cachebuf, 255)) {
 209                             m_cacheTag = cachebuf;
 210                             log.debug("loaded initial cache tag (%s)", m_cacheTag.c_str());
 211                         }
 212                     }
 213                 }
 214                 catch (exception&) {
 215                 }
 216             }
 217             m_reloadInterval = XMLHelper::getAttrInt(e, 0, reloadInterval);
 218             if (m_reloadInterval == 0)
 219                 m_reloadInterval = XMLHelper::getAttrInt(e, 0, maxRefreshDelay);
 220             if (m_reloadInterval > 0) {
 221                 m_log.debug("will reload remote resource at most every %d seconds", m_reloadInterval);
 222                 m_lock = RWLock::create();
 223             }
 224             m_filestamp = time(nullptr);   // assume it gets loaded initially
 225         }
 226
 227         if (startReloadThread)
 228             startup();
 229     }
 230     else {
 231         log.debug("no resource uri/path/name supplied, will load inline configuration");
 232     }
 233
 234     m_id = XMLHelper::getAttrString(e, nullptr, id);
 235 }
 236
 237 ReloadableXMLFile::~ReloadableXMLFile()
 238 {
 239     shutdown();
 240     delete m_lock;
 241 }
 242
 243 void ReloadableXMLFile::startup()
 244 {
 245     if (m_lock && !m_reload_thread) {
 246         m_reload_wait = CondWait::create();
 247         m_reload_thread = Thread::create(&reload_fn, this);
 248     }
 249 }
 250
 251 void ReloadableXMLFile::shutdown()
 252 {
 253     if (m_reload_thread) {
 254         // Shut down the reload thread and let it know.
 255         m_shutdown = true;
 256         m_reload_wait->signal();
 257         m_reload_thread->join(nullptr);
 258         delete m_reload_thread;
 259         delete m_reload_wait;
 260         m_reload_thread = nullptr;
 261         m_reload_wait = nullptr;
 262     }
 263 }
 264
 265 void* ReloadableXMLFile::reload_fn(void* pv)
 266 {
 267     ReloadableXMLFile* r = reinterpret_cast<ReloadableXMLFile*>(pv);
 268
 269 #ifndef WIN32
 270     // First, let's block all signals
 271     Thread::mask_all_signals();
 272 #endif
 273
 274     if (!r->m_id.empty()) {
 275         string threadid("[");
 276         threadid += r->m_id + ']';
 277         logging::NDC::push(threadid);
 278     }
 279
 280 #ifdef _DEBUG
 281     NDC ndc("reload");
 282 #endif
 283
 284     auto_ptr<Mutex> mutex(Mutex::create());
 285     mutex->lock();
 286
 287     if (r->m_local)
 288         r->m_log.info("reload thread started...running when signaled");
 289     else
 290         r->m_log.info("reload thread started...running every %d seconds", r->m_reloadInterval);
 291
 292     while (!r->m_shutdown) {
 293         if (r->m_local)
 294             r->m_reload_wait->wait(mutex.get());
 295         else
 296             r->m_reload_wait->timedwait(mutex.get(), r->m_reloadInterval);
 297         if (r->m_shutdown)
 298             break;
 299
 300         try {
 301             r->m_log.info("reloading %s resource...", r->m_local ? "local" : "remote");
 302             pair<bool,DOMElement*> ret = r->background_load();
 303             if (ret.first)
 304                 ret.second->getOwnerDocument()->release();
 305         }
 306         catch (long& ex) {
 307             if (ex == HTTPResponse::XMLTOOLING_HTTP_STATUS_NOTMODIFIED) {
 308                 r->m_log.info("remote resource (%s) unchanged from cached version", r->m_source.c_str());
 309             }
 310             else {
 311                 // Shouldn't happen, we should only get codes intended to be gracefully handled.
 312                 r->m_log.crit("maintaining existing configuration, remote resource fetch returned atypical status code (%d)", ex);
 313             }
 314         }
 315         catch (exception& ex) {
 316             r->m_log.crit("maintaining existing configuration, error reloading resource (%s): %s", r->m_source.c_str(), ex.what());
 317         }
 318     }
 319
 320     r->m_log.info("reload thread finished");
 321
 322     mutex->unlock();
 323
 324     if (!r->m_id.empty()) {
 325         logging::NDC::pop();
 326     }
 327
 328     return nullptr;
 329 }
 330
 331 Lockable* ReloadableXMLFile::lock()
 332 {
 333     if (!m_lock)
 334         return this;
 335
 336     m_lock->rdlock();
 337
 338     if (m_local) {
 339     // Check if we need to refresh.
 340 #ifdef WIN32
 341         struct _stat stat_buf;
 342         if (_stat(m_source.c_str(), &stat_buf) != 0)
 343             return this;
 344 #else
 345         struct stat stat_buf;
 346         if (stat(m_source.c_str(), &stat_buf) != 0)
 347             return this;
 348 #endif
 349         if (m_filestamp >= stat_buf.st_mtime)
 350             return this;
 351
 352         // Elevate lock and recheck.
 353         m_log.debug("timestamp of local resource changed, elevating to a write lock");
 354         m_lock->unlock();
 355         m_lock->wrlock();
 356         if (m_filestamp >= stat_buf.st_mtime) {
 357             // Somebody else handled it, just downgrade.
 358             m_log.debug("update of local resource handled by another thread, downgrading lock");
 359             m_lock->unlock();
 360             m_lock->rdlock();
 361             return this;
 362         }
 363
 364         // Update the timestamp regardless.
 365         m_filestamp = stat_buf.st_mtime;
 366         if (m_reload_wait) {
 367             m_log.info("change detected, signaling reload thread...");
 368             m_reload_wait->signal();
 369         }
 370         else {
 371             m_log.warn("change detected, but reload thread not started");
 372         }
 373     }
 374
 375     return this;
 376 }
 377
 378 void ReloadableXMLFile::unlock()
 379 {
 380     if (m_lock)
 381         m_lock->unlock();
 382 }
 383
 384 pair<bool,DOMElement*> ReloadableXMLFile::load(bool backup)
 385 {
 386 #ifdef _DEBUG
 387     NDC ndc("load");
 388 #endif
 389
 390     try {
 391         if (m_source.empty()) {
 392             // Data comes from the DOM we were handed.
 393             m_log.debug("loading inline configuration...");
 394             return make_pair(false, XMLHelper::getFirstChildElement(m_root));
 395         }
 396         else {
 397             // Data comes from a file we have to parse.
 398             if (backup)
 399                 m_log.warn("using local backup of remote resource");
 400             else
 401                 m_log.debug("loading configuration from external resource...");
 402
 403             DOMDocument* doc=nullptr;
 404             if (m_local || backup) {
 405                 auto_ptr_XMLCh widenit(backup ? m_backing.c_str() : m_source.c_str());
 406                 // Use library-wide lock for now, nothing else is using it anyway.
 407                 Locker locker(backup ? getBackupLock() : nullptr);
 408                 LocalFileInputSource src(widenit.get());
 409                 Wrapper4InputSource dsrc(&src, false);
 410                 if (m_validate)
 411                     doc=XMLToolingConfig::getConfig().getValidatingParser().parse(dsrc);
 412                 else
 413                     doc=XMLToolingConfig::getConfig().getParser().parse(dsrc);
 414             }
 415             else {
 416                 URLInputSource src(m_root, nullptr, &m_cacheTag);
 417                 Wrapper4InputSource dsrc(&src, false);
 418                 if (m_validate)
 419                     doc=XMLToolingConfig::getConfig().getValidatingParser().parse(dsrc);
 420                 else
 421                     doc=XMLToolingConfig::getConfig().getParser().parse(dsrc);
 422
 423                 // Check for a response code signal.
 424                 if (XMLHelper::isNodeNamed(doc->getDocumentElement(), xmlconstants::XMLTOOLING_NS, URLInputSource::utf16StatusCodeElementName)) {
 425                     int responseCode = XMLString::parseInt(doc->getDocumentElement()->getFirstChild()->getNodeValue());
 426                     doc->release();
 427                     if (responseCode == HTTPResponse::XMLTOOLING_HTTP_STATUS_NOTMODIFIED)
 428                         throw (long)responseCode; // toss out as a "known" case to handle gracefully
 429                     else {
 430                         m_log.warn("remote resource fetch returned atypical status code (%d)", responseCode);
 431                         throw IOException("remote resource fetch failed, check log for status code of response");
 432                     }
 433                 }
 434             }
 435
 436             m_log.infoStream() << "loaded XML resource (" << (backup ? m_backing : m_source) << ")" << logging::eol;
 437 #ifndef XMLTOOLING_LITE
 438             if (m_credResolver || m_trust) {
 439                 m_log.debug("checking signature on XML resource");
 440                 try {
 441                     DOMElement* sigel = XMLHelper::getFirstChildElement(doc->getDocumentElement(), xmlconstants::XMLSIG_NS, Signature::LOCAL_NAME);
 442                     if (!sigel)
 443                         throw XMLSecurityException("Signature validation required, but no signature found.");
 444
 445                     // Wrap and unmarshall the signature for the duration of the check.
 446                     auto_ptr<Signature> sigobj(dynamic_cast<Signature*>(SignatureBuilder::buildOneFromElement(sigel)));    // don't bind to document
 447                     validateSignature(*sigobj.get());
 448                 }
 449                 catch (exception&) {
 450                     doc->release();
 451                     throw;
 452                 }
 453
 454             }
 455 #endif
 456             return make_pair(true, doc->getDocumentElement());
 457         }
 458     }
 459     catch (XMLException& e) {
 460         auto_ptr_char msg(e.getMessage());
 461         m_log.errorStream() << "Xerces error while loading resource (" << (backup ? m_backing : m_source) << "): "
 462             << msg.get() << logging::eol;
 463         throw XMLParserException(msg.get());
 464     }
 465     catch (exception& e) {
 466         m_log.errorStream() << "error while loading resource ("
 467             << (m_source.empty() ? "inline" : (backup ? m_backing : m_source)) << "): " << e.what() << logging::eol;
 468         throw;
 469     }
 470 }
 471
 472 pair<bool,DOMElement*> ReloadableXMLFile::load()
 473 {
 474     // If this method is used, we're responsible for managing failover to a
 475     // backup of a remote resource (if available), and for backing up remote
 476     // resources.
 477     try {
 478         pair<bool,DOMElement*> ret = load(false);
 479         if (!m_backing.empty()) {
 480             m_log.debug("backing up remote resource to (%s)", m_backing.c_str());
 481             try {
 482                 Locker locker(getBackupLock());
 483                 ofstream backer(m_backing);
 484                 backer << *(ret.second->getOwnerDocument());
 485                 preserveCacheTag();
 486             }
 487             catch (exception& ex) {
 488                 m_log.crit("exception while backing up resource: %s", ex.what());
 489             }
 490         }
 491         return ret;
 492     }
 493     catch (long& responseCode) {
 494         // If there's an HTTP error or the document hasn't changed,
 495         // use the backup iff we have no "valid" resource in place.
 496         // That prevents reload of the backup copy any time the document
 497         // hasn't changed.
 498         if (responseCode == HTTPResponse::XMLTOOLING_HTTP_STATUS_NOTMODIFIED)
 499             m_log.info("remote resource (%s) unchanged from cached version", m_source.c_str());
 500         if (!m_loaded && !m_backing.empty())
 501             return load(true);
 502         throw;
 503     }
 504     catch (exception&) {
 505         // Same as above, but for general load/parse errors.
 506         if (!m_loaded && !m_backing.empty())
 507             return load(true);
 508         throw;
 509     }
 510 }
 511
 512 pair<bool,DOMElement*> ReloadableXMLFile::background_load()
 513 {
 514     // If this method isn't overridden, we acquire a write lock
 515     // and just call the old override.
 516     if (m_lock)
 517         m_lock->wrlock();
 518     SharedLock locker(m_lock, false);
 519     return load();
 520 }
 521
 522 Lockable* ReloadableXMLFile::getBackupLock()
 523 {
 524     return &XMLToolingConfig::getConfig();
 525 }
 526
 527 void ReloadableXMLFile::preserveCacheTag()
 528 {
 529     if (!m_cacheTag.empty() && !m_backing.empty()) {
 530         try {
 531             ofstream backer(m_backing + ".tag");
 532             backer << m_cacheTag;
 533         }
 534         catch (exception&) {
 535         }
 536     }
 537 }
 538
 539 #ifndef XMLTOOLING_LITE
 540
 541 void ReloadableXMLFile::validateSignature(Signature& sigObj) const
 542 {
 543     DSIGSignature* sig=sigObj.getXMLSignature();
 544     if (!sig)
 545         throw XMLSecurityException("Signature does not exist yet.");
 546
 547     // Make sure the whole document was signed.
 548     bool valid=false;
 549     DSIGReferenceList* refs=sig->getReferenceList();
 550     if (refs && refs->getSize()==1) {
 551         DSIGReference* ref=refs->item(0);
 552         if (ref) {
 553             const XMLCh* URI=ref->getURI();
 554             if (URI==nullptr || *URI==0) {
 555                 DSIGTransformList* tlist=ref->getTransforms();
 556                 if (tlist->getSize() <= 2) {
 557                     for (unsigned int i=0; tlist && i<tlist->getSize(); i++) {
 558                         if (tlist->item(i)->getTransformType()==TRANSFORM_ENVELOPED_SIGNATURE)
 559                             valid=true;
 560                         else if (tlist->item(i)->getTransformType()!=TRANSFORM_EXC_C14N &&
 561                                  tlist->item(i)->getTransformType()!=TRANSFORM_C14N &&
 562                                  tlist->item(i)->getTransformType()!=TRANSFORM_C14N11) {
 563                             valid=false;
 564                             break;
 565                         }
 566                     }
 567                 }
 568             }
 569         }
 570     }
 571
 572     if (!valid)
 573         throw XMLSecurityException("Invalid signature profile for signed configuration resource.");
 574
 575     // Set up criteria.
 576     CredentialCriteria cc;
 577     cc.setUsage(Credential::SIGNING_CREDENTIAL);
 578     cc.setSignature(sigObj, CredentialCriteria::KEYINFO_EXTRACTION_KEY);
 579     if (!m_signerName.empty())
 580         cc.setPeerName(m_signerName.c_str());
 581
 582     if (m_credResolver) {
 583         Locker locker(m_credResolver);
 584         vector<const Credential*> creds;
 585         if (m_credResolver->resolve(creds, &cc)) {
 586             SignatureValidator sigValidator;
 587             for (vector<const Credential*>::const_iterator i = creds.begin(); i != creds.end(); ++i) {
 588                 try {
 589                     sigValidator.setCredential(*i);
 590                     sigValidator.validate(&sigObj);
 591                     return; // success!
 592                 }
 593                 catch (exception&) {
 594                 }
 595             }
 596             throw XMLSecurityException("Unable to verify signature with supplied key(s).");
 597         }
 598         else {
 599             throw XMLSecurityException("CredentialResolver did not supply any candidate keys.");
 600         }
 601     }
 602     else if (m_trust) {
 603         DummyCredentialResolver dummy;
 604         if (m_trust->validate(sigObj, dummy, &cc))
 605             return;
 606         throw XMLSecurityException("TrustEngine unable to verify signature.");
 607     }
 608
 609     throw XMLSecurityException("Unable to verify signature.");
 610 }
 611
 612 #endif