projects / shibboleth / cpp-xmltooling.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Major revamp of credential and trust handling code, PKIX engine still needs work.
[shibboleth/cpp-xmltooling.git] / xmltooling / security / impl / ChainingTrustEngine.cpp
diff --git a/xmltooling/security/impl/ChainingTrustEngine.cpp b/xmltooling/security/impl/ChainingTrustEngine.cpp
index ee2cf7a..1834aab 100644 (file)
--- a/xmltooling/security/impl/ChainingTrustEngine.cpp
+++ b/xmltooling/security/impl/ChainingTrustEngine.cpp
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2005 Internet2
+ *  Copyright 2001-2007 Internet2
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -23,11 +23,14 @@
 #include "internal.h"
 #include "exceptions.h"
 #include "security/ChainingTrustEngine.h"
+#include "util/XMLHelper.h"
 
+#include <log4cpp/Category.hh>
 #include <xercesc/util/XMLUniDefs.hpp>
 
 using namespace xmlsignature;
 using namespace xmltooling;
+using namespace log4cpp;
 using namespace std;
 
 namespace xmltooling {
@@ -37,20 +40,23 @@ namespace xmltooling {
     }
 };
 
-static const XMLCh GenericTrustEngine[] =           UNICODE_LITERAL_11(T,r,u,s,t,E,n,g,i,n,e);
+static const XMLCh _TrustEngine[] =                 UNICODE_LITERAL_11(T,r,u,s,t,E,n,g,i,n,e);
 static const XMLCh type[] =                         UNICODE_LITERAL_4(t,y,p,e);
 
 ChainingTrustEngine::ChainingTrustEngine(const DOMElement* e) : OpenSSLTrustEngine(e) {
+    Category& log=Category::getInstance(XMLTOOLING_LOGCAT".TrustEngine");
     try {
-        e = e ? xmltooling::XMLHelper::getFirstChildElement(e, GenericTrustEngine) : NULL;
+        e = e ? XMLHelper::getFirstChildElement(e, _TrustEngine) : NULL;
         while (e) {
             auto_ptr_char temp(e->getAttributeNS(NULL,type));
-            if (temp.get())
+            if (temp.get() && *temp.get()) {
+                log.info("building TrustEngine of type %s", temp.get());
                 m_engines.push_back(XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(temp.get(), e));
-            e = xmltooling::XMLHelper::getNextSiblingElement(e, GenericTrustEngine);
+            }
+            e = XMLHelper::getNextSiblingElement(e, _TrustEngine);
         }
     }
-    catch (xmltooling::XMLToolingException&) {
+    catch (exception&) {
         for_each(m_engines.begin(), m_engines.end(), xmltooling::cleanup<TrustEngine>());
         throw;
     }
@@ -60,14 +66,10 @@ ChainingTrustEngine::~ChainingTrustEngine() {
     for_each(m_engines.begin(), m_engines.end(), xmltooling::cleanup<TrustEngine>());
 }
 
-bool ChainingTrustEngine::validate(
-    Signature& sig,
-    const KeyInfoSource& keyInfoSource,
-    const KeyResolver* keyResolver
-    ) const
+bool ChainingTrustEngine::validate(Signature& sig, const CredentialResolver& credResolver, CredentialCriteria* criteria) const
 {
     for (vector<TrustEngine*>::const_iterator i=m_engines.begin(); i!=m_engines.end(); ++i) {
-        if ((*i)->validate(sig,keyInfoSource,keyResolver))
+        if ((*i)->validate(sig,credResolver,criteria))
             return true;
     }
     return false;
@@ -79,12 +81,12 @@ bool ChainingTrustEngine::validate(
     KeyInfo* keyInfo,
     const char* in,
     unsigned int in_len,
-    const KeyInfoSource& keyInfoSource,
-    const KeyResolver* keyResolver
+    const CredentialResolver& credResolver,
+    CredentialCriteria* criteria
     ) const
 {
     for (vector<TrustEngine*>::const_iterator i=m_engines.begin(); i!=m_engines.end(); ++i) {
-        if ((*i)->validate(sigAlgorithm, sig, keyInfo, in, in_len, keyInfoSource, keyResolver))
+        if ((*i)->validate(sigAlgorithm, sig, keyInfo, in, in_len, credResolver, criteria))
             return true;
     }
     return false;
@@ -93,15 +95,14 @@ bool ChainingTrustEngine::validate(
 bool ChainingTrustEngine::validate(
     XSECCryptoX509* certEE,
     const vector<XSECCryptoX509*>& certChain,
-    const KeyInfoSource& keyInfoSource,
-    bool checkName,
-    const KeyResolver* keyResolver
+    const CredentialResolver& credResolver,
+    CredentialCriteria* criteria
     ) const
 {
     X509TrustEngine* down;
     for (vector<TrustEngine*>::const_iterator i=m_engines.begin(); i!=m_engines.end(); ++i) {
         if ((down = dynamic_cast<X509TrustEngine*>(*i)) &&
-                down->validate(certEE,certChain,keyInfoSource,checkName,keyResolver))
+                down->validate(certEE,certChain,credResolver,criteria))
             return true;
     }
     return false;
@@ -110,15 +111,13 @@ bool ChainingTrustEngine::validate(
 bool ChainingTrustEngine::validate(
     X509* certEE,
     STACK_OF(X509)* certChain,
-    const KeyInfoSource& keyInfoSource,
-    bool checkName,
-    const xmlsignature::KeyResolver* keyResolver
+    const CredentialResolver& credResolver,
+    CredentialCriteria* criteria
     ) const
 {
     OpenSSLTrustEngine* down;
     for (vector<TrustEngine*>::const_iterator i=m_engines.begin(); i!=m_engines.end(); ++i) {
-        if ((down = dynamic_cast<OpenSSLTrustEngine*>(*i)) &&
-                down->validate(certEE,certChain,keyInfoSource,checkName,keyResolver))
+        if ((down = dynamic_cast<OpenSSLTrustEngine*>(*i)) && down->validate(certEE,certChain,credResolver,criteria))
             return true;
     }
     return false;
Unnamed repository; edit this file 'description' to name the repository.