Address certificate object lifetime with wrapper class.

[shibboleth/cpp-xmltooling.git] / xmltooling / security / impl / ExplicitKeyTrustEngine.cpp

diff --git a/xmltooling/security/impl/ExplicitKeyTrustEngine.cpp b/xmltooling/security/impl/ExplicitKeyTrustEngine.cpp
index 69c381a..f0833a4 100644 (file)
--- a/xmltooling/security/impl/ExplicitKeyTrustEngine.cpp
+++ b/xmltooling/security/impl/ExplicitKeyTrustEngine.cpp
@@ -136,20 +136,19 @@ bool ExplicitKeyTrustEngine::validate(
     // role interface to verify the EE certificate.\r
 \r
     log.debug("attempting to match key information from peer with end-entity certificate");\r
-    vector<XSECCryptoX509*> resolvedCerts;\r
     while (keyInfoSource.hasNext()) {\r
-        resolvedCerts.clear();\r
+        KeyResolver::ResolvedCertificates resolvedCerts;\r
         if (0 == (keyResolver ? keyResolver : m_keyResolver)->resolveCertificates(keyInfoSource.next(),resolvedCerts)) {\r
             log.debug("key information does not resolve to a certificate, skipping it");\r
             continue;\r
         }\r
 \r
         log.debug("checking if certificates contained within key information match end-entity certificate");\r
-        if (resolvedCerts.front()->getProviderName()!=DSIGConstants::s_unicodeStrPROVOpenSSL) {\r
+        if (resolvedCerts.v().front()->getProviderName()!=DSIGConstants::s_unicodeStrPROVOpenSSL) {\r
             log.error("only the OpenSSL XSEC provider is supported");\r
             continue;\r
         }\r
-        else if (!X509_cmp(static_cast<OpenSSLCryptoX509*>(certEE)->getOpenSSLX509(),static_cast<OpenSSLCryptoX509*>(resolvedCerts.front())->getOpenSSLX509())) {\r
+        else if (!X509_cmp(static_cast<OpenSSLCryptoX509*>(certEE)->getOpenSSLX509(),static_cast<OpenSSLCryptoX509*>(resolvedCerts.v().front())->getOpenSSLX509())) {\r
             log.info("end-entity certificate matches certificate from peer key information");\r
             return true;\r
         }\r