/*
- * Copyright 2001-2007 Internet2
+ * Copyright 2001-2010 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include "security/BasicX509Credential.h"
#include "security/KeyInfoCredentialContext.h"
#include "security/KeyInfoResolver.h"
+#include "security/XSECCryptoX509CRL.h"
#include "signature/KeyInfo.h"
#include "signature/Signature.h"
#include "util/NDC.h"
using namespace xmlsignature;
using namespace xmltooling::logging;
using namespace xmltooling;
+using namespace xercesc;
using namespace std;
namespace xmltooling {
class XMLTOOL_DLLLOCAL InlineCredential : public BasicX509Credential
{
public:
- InlineCredential(const KeyInfo* keyInfo=NULL) : BasicX509Credential(keyInfo!=NULL), m_credctx(new KeyInfoCredentialContext(keyInfo)) {
+ InlineCredential(const KeyInfo* keyInfo=nullptr) : BasicX509Credential(keyInfo!=nullptr), m_credctx(new KeyInfoCredentialContext(keyInfo)) {
}
InlineCredential(DSIGKeyInfoList* keyInfo) : BasicX509Credential(false), m_credctx(new KeyInfoCredentialContext(keyInfo)) {
}
- InlineCredential(KeyInfoCredentialContext* context) : BasicX509Credential(context->getKeyInfo()!=NULL), m_credctx(NULL) {
+ InlineCredential(KeyInfoCredentialContext* context) : BasicX509Credential(context->getKeyInfo()!=nullptr), m_credctx(nullptr) {
}
virtual ~InlineCredential() {
delete m_credctx;
}
XSECCryptoKey* getPrivateKey() const {
- return NULL;
+ return nullptr;
}
KeyInfo* getKeyInfo(bool compact=false) const {
- KeyInfo* ret = m_credctx->getKeyInfo() ? m_credctx->getKeyInfo()->cloneKeyInfo() : NULL;
+ KeyInfo* ret = m_credctx->getKeyInfo() ? m_credctx->getKeyInfo()->cloneKeyInfo() : nullptr;
if (ret) {
- ret->setId(NULL);
+ ret->setId(nullptr);
ret->getRetrievalMethods().clear();
if (compact) {
ret->getKeyValues().clear();
}
if (!ret->hasChildren()) {
delete ret;
- ret = NULL;
+ ret = nullptr;
}
return ret;
}
- const CredentialContext* getCredentialContext() const {
+ const CredentialContext* getCredentalContext() const {
return m_credctx;
}
Credential* resolve(const KeyInfo* keyInfo, int types=0) const {
if (!keyInfo)
- return NULL;
+ return nullptr;
if (types == 0)
types = Credential::RESOLVE_KEYS|X509Credential::RESOLVE_CERTS|X509Credential::RESOLVE_CRLS;
auto_ptr<InlineCredential> credential(new InlineCredential(keyInfo));
}
Credential* resolve(DSIGKeyInfoList* keyInfo, int types=0) const {
if (!keyInfo)
- return NULL;
+ return nullptr;
if (types == 0)
types = Credential::RESOLVE_KEYS|X509Credential::RESOLVE_CERTS|X509Credential::RESOLVE_CRLS;
auto_ptr<InlineCredential> credential(new InlineCredential(keyInfo));
}
Credential* resolve(KeyInfoCredentialContext* context, int types=0) const {
if (!context)
- return NULL;
+ return nullptr;
if (types == 0)
types = Credential::RESOLVE_KEYS|X509Credential::RESOLVE_CERTS|X509Credential::RESOLVE_CRLS;
auto_ptr<InlineCredential> credential(new InlineCredential(context));
}
if (types & X509Credential::RESOLVE_CRLS) {
- DOMNode* x509Node;
- DOMElement* crlElement;
for (DSIGKeyInfoList::size_type i=0; i<sz; ++i) {
if (keyInfo->item(i)->getKeyInfoType()==DSIGKeyInfo::KEYINFO_X509) {
+#ifdef XMLTOOLING_XMLSEC_MULTIPLECRL
+ DSIGKeyInfoX509* x509 = static_cast<DSIGKeyInfoX509*>(keyInfo->item(i));
+ int count = x509->getX509CRLListSize();
+ for (int j=0; j<count; ++j) {
+ auto_ptr_char buf(x509->getX509CRLItem(j));
+ if (buf.get()) {
+ try {
+ auto_ptr<XSECCryptoX509CRL> crlobj(XMLToolingConfig::getConfig().X509CRL());
+ crlobj->loadX509CRLBase64Bin(buf.get(), strlen(buf.get()));
+ m_crls.push_back(crlobj.release());
+ }
+ catch(XSECException& e) {
+ auto_ptr_char temp(e.getMsg());
+ Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver."INLINE_KEYINFO_RESOLVER).error("caught XML-Security exception loading CRL: %s", temp.get());
+ }
+ catch(XSECCryptoException& e) {
+ Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver."INLINE_KEYINFO_RESOLVER).error("caught XML-Security exception loading CRL: %s", e.getMsg());
+ }
+ }
+ }
+#else
// The current xmlsec API is limited to one CRL per KeyInfo.
// For now, I'm going to process the DOM directly.
- x509Node = keyInfo->item(i)->getKeyInfoDOMNode();
- crlElement = x509Node ? XMLHelper::getFirstChildElement(x509Node, xmlconstants::XMLSIG_NS, X509CRL::LOCAL_NAME) : NULL;
+ DOMNode* x509Node = keyInfo->item(i)->getKeyInfoDOMNode();
+ DOMElement* crlElement = x509Node ? XMLHelper::getFirstChildElement(x509Node, xmlconstants::XMLSIG_NS, X509CRL::LOCAL_NAME) : nullptr;
while (crlElement) {
if (crlElement->hasChildNodes()) {
auto_ptr_char buf(crlElement->getFirstChild()->getNodeValue());
}
crlElement = XMLHelper::getNextSiblingElement(crlElement, xmlconstants::XMLSIG_NS, X509CRL::LOCAL_NAME);
}
+#endif
}
}
}
projects / shibboleth / cpp-xmltooling.git / blobdiff