#include "util/XMLConstants.h"
#include "validation/ValidatorSuite.h"
+#include <boost/iterator/indirect_iterator.hpp>
#include <xercesc/util/XMLUniDefs.hpp>
#include <xsec/dsig/DSIGKeyInfoX509.hpp>
#include <xsec/enc/XSECKeyInfoResolverDefault.hpp>
using namespace xmltooling::logging;
using namespace xmltooling;
using namespace xercesc;
+using namespace boost;
using namespace std;
namespace xmltooling {
void resolve(const KeyInfo* keyInfo, int types=0, bool followRefs=false);
void resolve(DSIGKeyInfoList* keyInfo, int types=0, bool followRefs=false);
+ bool isEmpty() const {
+ return (!m_key && m_xseccerts.empty() && m_crls.empty() &&
+ m_keyNames.empty() && m_serial.empty() && m_issuerName.empty());
+ }
+
private:
bool resolveCerts(const KeyInfo* keyInfo, bool followRefs=false);
bool resolveKey(const KeyInfo* keyInfo, bool followRefs=false);
types = Credential::RESOLVE_KEYS|X509Credential::RESOLVE_CERTS|X509Credential::RESOLVE_CRLS;
auto_ptr<InlineCredential> credential(new InlineCredential(keyInfo));
credential->resolve(keyInfo, types, m_followRefs);
- return credential.release();
+ return credential->isEmpty() ? nullptr : credential.release();
}
Credential* resolve(DSIGKeyInfoList* keyInfo, int types=0) const {
if (!keyInfo)
types = Credential::RESOLVE_KEYS|X509Credential::RESOLVE_CERTS|X509Credential::RESOLVE_CRLS;
auto_ptr<InlineCredential> credential(new InlineCredential(keyInfo));
credential->resolve(keyInfo, types, m_followRefs);
- return credential.release();
+ return credential->isEmpty() ? nullptr : credential.release();
}
Credential* resolve(KeyInfoCredentialContext* context, int types=0) const {
if (!context)
credential->resolve(context->getKeyInfo(), types, m_followRefs);
else if (context->getNativeKeyInfo())
credential->resolve(context->getNativeKeyInfo(), types, m_followRefs);
- credential->setCredentialContext(context);
+ if (credential->isEmpty())
+ return nullptr;
+ credential->setCredentialContext(context); // transfers ownership to credential
return credential.release();
}
const XMLCh* n;
char* kn;
const vector<KeyName*>& knames=keyInfo->getKeyNames();
- for (vector<KeyName*>::const_iterator kn_i=knames.begin(); kn_i!=knames.end(); ++kn_i) {
- n=(*kn_i)->getName();
+ for (indirect_iterator<vector<KeyName*>::const_iterator> kn_i = make_indirect_iterator(knames.begin());
+ kn_i != make_indirect_iterator(knames.end()); ++kn_i) {
+ n = kn_i->getName();
if (n && *n) {
- kn=toUTF8(n);
+ kn = toUTF8(n);
m_keyNames.insert(kn);
delete[] kn;
}
bool InlineCredential::resolveKey(const KeyInfo* keyInfo, bool followRefs)
{
- Category& log = Category::getInstance(XMLTOOLING_LOGCAT".KeyInfoResolver."INLINE_KEYINFO_RESOLVER);
+ Category& log = Category::getInstance(XMLTOOLING_LOGCAT ".KeyInfoResolver." INLINE_KEYINFO_RESOLVER);
// Check for ds:KeyValue
const vector<KeyValue*>& keyValues = keyInfo->getKeyValues();
- for (vector<KeyValue*>::const_iterator i = keyValues.begin(); i != keyValues.end(); ++i) {
+ for (indirect_iterator<vector<KeyValue*>::const_iterator> i = make_indirect_iterator(keyValues.begin());
+ i != make_indirect_iterator(keyValues.end()); ++i) {
try {
- SchemaValidators.validate(*i); // see if it's a "valid" key
- RSAKeyValue* rsakv = (*i)->getRSAKeyValue();
+ SchemaValidators.validate(*(i.base())); // see if it's a "valid" key
+ RSAKeyValue* rsakv = i->getRSAKeyValue();
if (rsakv) {
log.debug("resolving ds:RSAKeyValue");
auto_ptr_char mod(rsakv->getModulus()->getValue());
m_key = rsa.release();
return true;
}
- DSAKeyValue* dsakv = (*i)->getDSAKeyValue();
+ DSAKeyValue* dsakv = i->getDSAKeyValue();
if (dsakv) {
log.debug("resolving ds:DSAKeyValue");
auto_ptr<XSECCryptoKeyDSA> dsa(XSECPlatformUtils::g_cryptoProvider->keyDSA());
return true;
}
#ifdef XMLTOOLING_XMLSEC_ECC
- ECKeyValue* eckv = (*i)->getECKeyValue();
+ ECKeyValue* eckv = i->getECKeyValue();
if (eckv && eckv->getNamedCurve() && eckv->getPublicKey()) {
log.warn("resolving ds11:ECKeyValue");
auto_ptr<XSECCryptoKeyEC> ec(XSECPlatformUtils::g_cryptoProvider->keyEC());
// Check for ds11:DEREncodedKeyValue
const vector<DEREncodedKeyValue*>& derValues = keyInfo->getDEREncodedKeyValues();
- for (vector<DEREncodedKeyValue*>::const_iterator j = derValues.begin(); j != derValues.end(); ++j) {
+ for (indirect_iterator<vector<DEREncodedKeyValue*>::const_iterator> j = make_indirect_iterator(derValues.begin());
+ j != make_indirect_iterator(derValues.end()); ++j) {
log.debug("resolving ds11:DEREncodedKeyValue");
- m_key = SecurityHelper::fromDEREncoding((*j)->getValue());
+ m_key = SecurityHelper::fromDEREncoding(j->getValue());
if (m_key)
return true;
log.warn("failed to resolve ds11:DEREncodedKeyValue");
const XMLCh* fragID=nullptr;
const XMLObject* treeRoot=nullptr;
const vector<KeyInfoReference*>& refs = keyInfo->getKeyInfoReferences();
- for (vector<KeyInfoReference*>::const_iterator ref = refs.begin(); ref != refs.end(); ++ref) {
- fragID = (*ref)->getURI();
+ for (indirect_iterator<vector<KeyInfoReference*>::const_iterator> ref = make_indirect_iterator(refs.begin());
+ ref != make_indirect_iterator(refs.end()); ++ref) {
+ fragID = ref->getURI();
if (!fragID || *fragID != chPound || !*(fragID+1)) {
log.warn("skipping ds11:KeyInfoReference with an empty or non-local reference");
continue;
bool InlineCredential::resolveCerts(const KeyInfo* keyInfo, bool followRefs)
{
- Category& log = Category::getInstance(XMLTOOLING_LOGCAT".KeyInfoResolver."INLINE_KEYINFO_RESOLVER);
+ Category& log = Category::getInstance(XMLTOOLING_LOGCAT ".KeyInfoResolver." INLINE_KEYINFO_RESOLVER);
// Check for ds:X509Data
const vector<X509Data*>& x509Datas=keyInfo->getX509Datas();
- for (vector<X509Data*>::const_iterator j=x509Datas.begin(); m_xseccerts.empty() && j!=x509Datas.end(); ++j) {
+ for (vector<X509Data*>::const_iterator j = x509Datas.begin(); m_xseccerts.empty() && j != x509Datas.end(); ++j) {
const vector<X509Certificate*> x509Certs=const_cast<const X509Data*>(*j)->getX509Certificates();
- for (vector<X509Certificate*>::const_iterator k=x509Certs.begin(); k!=x509Certs.end(); ++k) {
+ for (indirect_iterator<vector<X509Certificate*>::const_iterator> k = make_indirect_iterator(x509Certs.begin());
+ k != make_indirect_iterator(x509Certs.end()); ++k) {
try {
- auto_ptr_char x((*k)->getValue());
+ auto_ptr_char x(k->getValue());
if (!x.get()) {
log.warn("skipping empty ds:X509Certificate");
}
const XMLCh* fragID=NULL;
const XMLObject* treeRoot=NULL;
const vector<KeyInfoReference*>& refs = keyInfo->getKeyInfoReferences();
- for (vector<KeyInfoReference*>::const_iterator ref = refs.begin(); ref != refs.end(); ++ref) {
- fragID = (*ref)->getURI();
+ for (indirect_iterator<vector<KeyInfoReference*>::const_iterator> ref = make_indirect_iterator(refs.begin());
+ ref != make_indirect_iterator(refs.end()); ++ref) {
+ fragID = ref->getURI();
if (!fragID || *fragID != chPound || !*(fragID+1)) {
log.warn("skipping ds11:KeyInfoReference with an empty or non-local reference");
continue;
bool InlineCredential::resolveCRLs(const KeyInfo* keyInfo, bool followRefs)
{
- Category& log = Category::getInstance(XMLTOOLING_LOGCAT".KeyInfoResolver."INLINE_KEYINFO_RESOLVER);
+ Category& log = Category::getInstance(XMLTOOLING_LOGCAT ".KeyInfoResolver." INLINE_KEYINFO_RESOLVER);
// Check for ds:X509Data
const vector<X509Data*>& x509Datas=keyInfo->getX509Datas();
for (vector<X509Data*>::const_iterator j=x509Datas.begin(); j!=x509Datas.end(); ++j) {
const vector<X509CRL*> x509CRLs=const_cast<const X509Data*>(*j)->getX509CRLs();
- for (vector<X509CRL*>::const_iterator k=x509CRLs.begin(); k!=x509CRLs.end(); ++k) {
+ for (indirect_iterator<vector<X509CRL*>::const_iterator> k = make_indirect_iterator(x509CRLs.begin());
+ k != make_indirect_iterator(x509CRLs.end()); ++k) {
try {
- auto_ptr_char x((*k)->getValue());
+ auto_ptr_char x(k->getValue());
if (!x.get()) {
log.warn("skipping empty ds:X509CRL");
}
const XMLCh* fragID=NULL;
const XMLObject* treeRoot=NULL;
const vector<KeyInfoReference*>& refs = keyInfo->getKeyInfoReferences();
- for (vector<KeyInfoReference*>::const_iterator ref = refs.begin(); ref != refs.end(); ++ref) {
- fragID = (*ref)->getURI();
+ for (indirect_iterator<vector<KeyInfoReference*>::const_iterator> ref = make_indirect_iterator(refs.begin());
+ ref != make_indirect_iterator(refs.end()); ++ref) {
+ fragID = ref->getURI();
if (!fragID || *fragID != chPound || !*(fragID+1)) {
log.warn("skipping ds11:KeyInfoReference with an empty or non-local reference");
continue;
}
catch(XSECException& e) {
auto_ptr_char temp(e.getMsg());
- Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver."INLINE_KEYINFO_RESOLVER).error("caught XML-Security exception loading certificate: %s", temp.get());
+ Category::getInstance(XMLTOOLING_LOGCAT ".KeyResolver." INLINE_KEYINFO_RESOLVER).error(
+ "caught XML-Security exception loading certificate: %s", temp.get());
}
catch(XSECCryptoException& e) {
- Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver."INLINE_KEYINFO_RESOLVER).error("caught XML-Security exception loading certificate: %s", e.getMsg());
+ Category::getInstance(XMLTOOLING_LOGCAT ".KeyResolver." INLINE_KEYINFO_RESOLVER).error(
+ "caught XML-Security exception loading certificate: %s", e.getMsg());
}
}
}
catch(XSECException& e) {
auto_ptr_char temp(e.getMsg());
- Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver."INLINE_KEYINFO_RESOLVER).error("caught XML-Security exception loading CRL: %s", temp.get());
+ Category::getInstance(XMLTOOLING_LOGCAT ".KeyResolver." INLINE_KEYINFO_RESOLVER).error(
+ "caught XML-Security exception loading CRL: %s", temp.get());
}
catch(XSECCryptoException& e) {
- Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver."INLINE_KEYINFO_RESOLVER).error("caught XML-Security exception loading CRL: %s", e.getMsg());
+ Category::getInstance(XMLTOOLING_LOGCAT ".KeyResolver." INLINE_KEYINFO_RESOLVER).error(
+ "caught XML-Security exception loading CRL: %s", e.getMsg());
}
}
}
}
catch(XSECException& e) {
auto_ptr_char temp(e.getMsg());
- Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver."INLINE_KEYINFO_RESOLVER).error("caught XML-Security exception loading CRL: %s", temp.get());
+ Category::getInstance(XMLTOOLING_LOGCAT ".KeyResolver." INLINE_KEYINFO_RESOLVER).error(
+ "caught XML-Security exception loading CRL: %s", temp.get());
}
catch(XSECCryptoException& e) {
- Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver."INLINE_KEYINFO_RESOLVER).error("caught XML-Security exception loading CRL: %s", e.getMsg());
+ Category::getInstance(XMLTOOLING_LOGCAT ".KeyResolver." INLINE_KEYINFO_RESOLVER).error(
+ "caught XML-Security exception loading CRL: %s", e.getMsg());
}
}
}