-/*
- * Copyright 2001-2010 Internet2
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
*
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
*/
/**
};
FilesystemCredentialResolver::FilesystemCredentialResolver(const DOMElement* e)
- : m_lock(nullptr), m_credential(nullptr), m_usage(Credential::UNSPECIFIED_CREDENTIAL), m_extractNames(true)
+ : m_lock(nullptr), m_credential(nullptr), m_keyinfomask(XMLHelper::getAttrInt(e, 0, keyInfoMask)),
+ m_usage(Credential::UNSPECIFIED_CREDENTIAL), m_extractNames(true)
{
#ifdef _DEBUG
NDC ndc("FilesystemCredentialResolver");
#endif
Category& log=Category::getInstance(XMLTOOLING_LOGCAT".CredentialResolver."FILESYSTEM_CREDENTIAL_RESOLVER);
- // Default to disable X509IssuerSerial due to schema validation issues.
- m_keyinfomask = XMLHelper::getAttrInt(e,
- Credential::KEYINFO_KEY_NAME |
- Credential::KEYINFO_KEY_VALUE |
- X509Credential::KEYINFO_X509_CERTIFICATE |
- X509Credential::KEYINFO_X509_SUBJECTNAME,
- keyInfoMask
- );
-
if (e && (e->hasAttributeNS(nullptr,_certificate) || e->hasAttributeNS(nullptr,_key))) {
// Dummy up a simple file resolver config using these attributes.
DOMElement* dummy = e->getOwnerDocument()->createElementNS(nullptr,_CredentialResolver);
if (e->hasAttributeNS(nullptr, extractNames))
child->setAttributeNS(nullptr, extractNames, e->getAttributeNS(nullptr, extractNames));
}
+ if (e->hasAttributeNS(nullptr, _use)) {
+ dummy->setAttributeNS(nullptr, _use, e->getAttributeNS(nullptr, _use));
+ }
+
e = dummy; // reset "root" to the dummy config element
}
m_key.backing = XMLHelper::getAttrString(e, nullptr, backingFilePath);
if (m_key.backing.empty())
throw XMLSecurityException("FilesystemCredentialResolver can't access key, backingFilePath missing from URL element.");
- XMLToolingConfig::getConfig().getPathResolver()->resolve(m_key.backing, PathResolver::XMLTOOLING_RUN_FILE);
+ XMLToolingConfig::getConfig().getPathResolver()->resolve(m_key.backing, PathResolver::XMLTOOLING_CACHE_FILE);
m_key.reloadInterval = XMLHelper::getAttrInt(e, 0, _reloadInterval);
}
else {
crl.backing = XMLHelper::getAttrString(e, nullptr, backingFilePath);
if (crl.backing.empty())
throw XMLSecurityException("FilesystemCredentialResolver can't access CRL, backingFilePath missing from URL element.");
- XMLToolingConfig::getConfig().getPathResolver()->resolve(crl.backing, PathResolver::XMLTOOLING_RUN_FILE);
+ XMLToolingConfig::getConfig().getPathResolver()->resolve(crl.backing, PathResolver::XMLTOOLING_CACHE_FILE);
crl.reloadInterval = XMLHelper::getAttrInt(e, 0, _reloadInterval);
}
e = XMLHelper::getNextSiblingElement(e, _URL);
cert.backing = XMLHelper::getAttrString(e, nullptr, backingFilePath);
if (cert.backing.empty())
throw XMLSecurityException("FilesystemCredentialResolver can't access certificate, backingFilePath missing from URL element.");
- XMLToolingConfig::getConfig().getPathResolver()->resolve(cert.backing, PathResolver::XMLTOOLING_RUN_FILE);
+ XMLToolingConfig::getConfig().getPathResolver()->resolve(cert.backing, PathResolver::XMLTOOLING_CACHE_FILE);
cert.reloadInterval = XMLHelper::getAttrInt(e, 0, _reloadInterval);
}
e = XMLHelper::getNextSiblingElement(e);
auto_ptr<Credential> credential(getCredential());
m_lock = RWLock::create();
m_credential = credential.release();
+ if (m_credential->getPrivateKey() == nullptr) {
+ log.info("no private key resolved, usable for verification/trust only");
+ }
}
FilesystemCredentialResolver::~FilesystemCredentialResolver()
projects / shibboleth / cpp-xmltooling.git / blobdiff