/*
- * Copyright 2001-2005 Internet2
+ * Copyright 2001-2007 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include "internal.h"
#include "exceptions.h"
+#include "logging.h"
#include "security/ChainingTrustEngine.h"
+#include "util/XMLHelper.h"
#include <xercesc/util/XMLUniDefs.hpp>
using namespace xmlsignature;
+using namespace xmltooling::logging;
using namespace xmltooling;
using namespace std;
}
};
-static const XMLCh GenericTrustEngine[] = UNICODE_LITERAL_11(T,r,u,s,t,E,n,g,i,n,e);
+static const XMLCh _TrustEngine[] = UNICODE_LITERAL_11(T,r,u,s,t,E,n,g,i,n,e);
static const XMLCh type[] = UNICODE_LITERAL_4(t,y,p,e);
-ChainingTrustEngine::ChainingTrustEngine(const DOMElement* e) : X509TrustEngine(e) {
- try {
- e = e ? xmltooling::XMLHelper::getFirstChildElement(e, GenericTrustEngine) : NULL;
- while (e) {
- xmltooling::auto_ptr_char temp(e->getAttributeNS(NULL,type));
- if (temp.get()) {
- auto_ptr<TrustEngine> engine(
- XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(temp.get(), e)
- );
- X509TrustEngine* x509 = dynamic_cast<X509TrustEngine*>(engine.get());
- if (x509) {
- m_engines.push_back(x509);
- engine.release();
- }
- else {
- throw xmltooling::UnknownExtensionException("Embedded trust engine does not support required interface.");
- }
+ChainingTrustEngine::ChainingTrustEngine(const DOMElement* e) : TrustEngine(e) {
+ Category& log=Category::getInstance(XMLTOOLING_LOGCAT".TrustEngine."CHAINING_TRUSTENGINE);
+ e = e ? XMLHelper::getFirstChildElement(e, _TrustEngine) : NULL;
+ while (e) {
+ try {
+ auto_ptr_char temp(e->getAttributeNS(NULL,type));
+ if (temp.get() && *temp.get()) {
+ log.info("building TrustEngine of type %s", temp.get());
+ TrustEngine* engine = XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(temp.get(), e);
+ m_engines.push_back(engine);
+ SignatureTrustEngine* sig = dynamic_cast<SignatureTrustEngine*>(engine);
+ if (sig)
+ m_sigEngines.push_back(sig);
+ X509TrustEngine* x509 = dynamic_cast<X509TrustEngine*>(engine);
+ if (x509)
+ m_x509Engines.push_back(x509);
+ OpenSSLTrustEngine* ossl = dynamic_cast<OpenSSLTrustEngine*>(engine);
+ if (ossl)
+ m_osslEngines.push_back(ossl);
}
- e = xmltooling::XMLHelper::getNextSiblingElement(e, GenericTrustEngine);
}
- }
- catch (xmltooling::XMLToolingException&) {
- for_each(m_engines.begin(), m_engines.end(), xmltooling::cleanup<X509TrustEngine>());
- throw;
+ catch (exception& ex) {
+ log.error("error building TrustEngine: %s", ex.what());
+ }
+ e = XMLHelper::getNextSiblingElement(e, _TrustEngine);
}
}
ChainingTrustEngine::~ChainingTrustEngine() {
- for_each(m_engines.begin(), m_engines.end(), xmltooling::cleanup<X509TrustEngine>());
+ for_each(m_engines.begin(), m_engines.end(), xmltooling::cleanup<TrustEngine>());
}
-bool ChainingTrustEngine::validate(
- Signature& sig,
- const KeyInfoSource& keyInfoSource,
- const KeyResolver* keyResolver
- ) const
+bool ChainingTrustEngine::validate(Signature& sig, const CredentialResolver& credResolver, CredentialCriteria* criteria) const
{
- for (vector<X509TrustEngine*>::const_iterator i=m_engines.begin(); i!=m_engines.end(); ++i) {
- if (static_cast<TrustEngine*>(*i)->validate(sig,keyInfoSource,keyResolver))
+ for (vector<SignatureTrustEngine*>::const_iterator i=m_sigEngines.begin(); i!=m_sigEngines.end(); ++i) {
+ if ((*i)->validate(sig,credResolver,criteria))
return true;
}
return false;
KeyInfo* keyInfo,
const char* in,
unsigned int in_len,
- const KeyInfoSource& keyInfoSource,
- const KeyResolver* keyResolver
+ const CredentialResolver& credResolver,
+ CredentialCriteria* criteria
) const
{
- for (vector<X509TrustEngine*>::const_iterator i=m_engines.begin(); i!=m_engines.end(); ++i) {
- if (static_cast<TrustEngine*>(*i)->validate(sigAlgorithm, sig, keyInfo, in, in_len, keyInfoSource, keyResolver))
+ for (vector<SignatureTrustEngine*>::const_iterator i=m_sigEngines.begin(); i!=m_sigEngines.end(); ++i) {
+ if ((*i)->validate(sigAlgorithm, sig, keyInfo, in, in_len, credResolver, criteria))
return true;
}
return false;
bool ChainingTrustEngine::validate(
XSECCryptoX509* certEE,
const vector<XSECCryptoX509*>& certChain,
- const KeyInfoSource& keyInfoSource,
- bool checkName,
- const KeyResolver* keyResolver
+ const CredentialResolver& credResolver,
+ CredentialCriteria* criteria
+ ) const
+{
+ for (vector<X509TrustEngine*>::const_iterator i=m_x509Engines.begin(); i!=m_x509Engines.end(); ++i) {
+ if ((*i)->validate(certEE,certChain,credResolver,criteria))
+ return true;
+ }
+ return false;
+}
+
+bool ChainingTrustEngine::validate(
+ X509* certEE,
+ STACK_OF(X509)* certChain,
+ const CredentialResolver& credResolver,
+ CredentialCriteria* criteria
) const
{
- for (vector<X509TrustEngine*>::const_iterator i=m_engines.begin(); i!=m_engines.end(); ++i) {
- if ((*i)->validate(certEE,certChain,keyInfoSource,checkName,keyResolver))
+ for (vector<OpenSSLTrustEngine*>::const_iterator i=m_osslEngines.begin(); i!=m_osslEngines.end(); ++i) {
+ if ((*i)->validate(certEE,certChain,credResolver,criteria))
return true;
}
return false;