-/*
- * Copyright 2001-2007 Internet2
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
*/
/**
* PKIXTrustEngine.cpp
*
- * Shibboleth-specific PKIX-validation TrustEngine
+ * Shibboleth-specific PKIX-validation TrustEngine.
*/
#include "internal.h"
namespace xmltooling {
- static const XMLCh _CredentialResolver[] = UNICODE_LITERAL_18(C,r,e,d,e,n,t,i,a,l,R,e,s,o,l,v,e,r);\r
- static const XMLCh type[] = UNICODE_LITERAL_4(t,y,p,e);\r
- static const XMLCh certificate[] = UNICODE_LITERAL_11(c,e,r,t,i,f,i,c,a,t,e);\r
- static const XMLCh Certificate[] = UNICODE_LITERAL_11(C,e,r,t,i,f,i,c,a,t,e);\r
- static const XMLCh Path[] = UNICODE_LITERAL_4(P,a,t,h);\r
+ static const XMLCh _CredentialResolver[] = UNICODE_LITERAL_18(C,r,e,d,e,n,t,i,a,l,R,e,s,o,l,v,e,r);
+ static const XMLCh type[] = UNICODE_LITERAL_4(t,y,p,e);
+ static const XMLCh certificate[] = UNICODE_LITERAL_11(c,e,r,t,i,f,i,c,a,t,e);
+ static const XMLCh Certificate[] = UNICODE_LITERAL_11(C,e,r,t,i,f,i,c,a,t,e);
+ static const XMLCh Path[] = UNICODE_LITERAL_4(P,a,t,h);
static const XMLCh verifyDepth[] = UNICODE_LITERAL_11(v,e,r,i,f,y,D,e,p,t,h);
-\r
+
class XMLTOOL_DLLLOCAL StaticPKIXTrustEngine : public AbstractPKIXTrustEngine
{
public:
- StaticPKIXTrustEngine(const DOMElement* e=NULL);
+ StaticPKIXTrustEngine(const DOMElement* e=nullptr);
virtual ~StaticPKIXTrustEngine() {
- if (m_credResolver) {
- m_credResolver->unlock();
- delete m_credResolver;
- }
+ delete m_credResolver;
}
AbstractPKIXTrustEngine::PKIXValidationInfoIterator* getPKIXValidationInfoIterator(
- const CredentialResolver& pkixSource, CredentialCriteria* criteria=NULL
+ const CredentialResolver& pkixSource, CredentialCriteria* criteria=nullptr
) const;
const KeyInfoResolver* getKeyInfoResolver() const {
}
private:
- CredentialResolver* m_credResolver;
int m_depth;
- vector<XSECCryptoX509*> m_certs;
- vector<XSECCryptoX509CRL*> m_crls;
+ CredentialResolver* m_credResolver;
friend class XMLTOOL_DLLLOCAL StaticPKIXIterator;
};
{
public:
StaticPKIXIterator(const StaticPKIXTrustEngine& engine) : m_engine(engine), m_done(false) {
+ // Merge together all X509Credentials we can resolve.
+ m_engine.m_credResolver->lock();
+ try {
+ vector<const Credential*> creds;
+ m_engine.m_credResolver->resolve(creds);
+ for (vector<const Credential*>::const_iterator i = creds.begin(); i != creds.end(); ++i) {
+ const X509Credential* xcred = dynamic_cast<const X509Credential*>(*i);
+ if (xcred) {
+ m_certs.insert(m_certs.end(), xcred->getEntityCertificateChain().begin(), xcred->getEntityCertificateChain().end());
+ m_crls.insert(m_crls.end(), xcred->getCRLs().begin(), xcred->getCRLs().end());
+ }
+ }
+ }
+ catch (exception& ex) {
+ logging::Category::getInstance(XMLTOOLING_LOGCAT".TrustEngine.StaticPKIX").error(ex.what());
+ }
}
virtual ~StaticPKIXIterator() {
+ m_engine.m_credResolver->unlock();
}
bool next() {
}
const vector<XSECCryptoX509*>& getTrustAnchors() const {
- return m_engine.m_certs;
+ return m_certs;
}
const vector<XSECCryptoX509CRL*>& getCRLs() const {
- return m_engine.m_crls;
+ return m_crls;
}
private:
const StaticPKIXTrustEngine& m_engine;
+ vector<XSECCryptoX509*> m_certs;
+ vector<XSECCryptoX509CRL*> m_crls;
bool m_done;
};
};
-StaticPKIXTrustEngine::StaticPKIXTrustEngine(const DOMElement* e) : AbstractPKIXTrustEngine(e)
+StaticPKIXTrustEngine::StaticPKIXTrustEngine(const DOMElement* e)
+ : AbstractPKIXTrustEngine(e), m_depth(XMLHelper::getAttrInt(e, 1, verifyDepth)), m_credResolver(nullptr)
{
- const XMLCh* depth = e ? e->getAttributeNS(NULL, verifyDepth) : NULL;
- if (depth && *depth)
- m_depth = XMLString::parseInt(depth);
- else
- m_depth = 1;
-
- if (e && e->hasAttributeNS(NULL,certificate)) {\r
- // Dummy up a file resolver.\r
- DOMElement* dummy = e->getOwnerDocument()->createElementNS(NULL,_CredentialResolver);\r
- DOMElement* child = e->getOwnerDocument()->createElementNS(NULL,Certificate);\r
- dummy->appendChild(child);\r
- DOMElement* path = e->getOwnerDocument()->createElementNS(NULL,Path);\r
- child->appendChild(path);\r
- path->appendChild(e->getOwnerDocument()->createTextNode(e->getAttributeNS(NULL,certificate)));\r
- m_credResolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(FILESYSTEM_CREDENTIAL_RESOLVER,dummy);\r
- }\r
- else {\r
- e = e ? XMLHelper::getFirstChildElement(e, _CredentialResolver) : NULL;\r
- auto_ptr_char t(e ? e->getAttributeNS(NULL,type) : NULL);\r
- if (t.get()) {\r
- m_credResolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(t.get(),e);\r
- }\r
- else\r
- throw XMLSecurityException("Missing <CredentialResolver> element, or no type attribute found");\r
- }\r
-\r
- m_credResolver->lock();\r
-
- // Merge together all X509Credentials we can resolve.
- try {
- vector<const Credential*> creds;
- m_credResolver->resolve(creds);
- for (vector<const Credential*>::const_iterator i = creds.begin(); i != creds.end(); ++i) {
- const X509Credential* xcred = dynamic_cast<const X509Credential*>(*i);
- if (xcred) {
- m_certs.insert(m_certs.end(), xcred->getEntityCertificateChain().begin(), xcred->getEntityCertificateChain().end());
- if (xcred->getCRL())
- m_crls.push_back(xcred->getCRL());
- }
- }
+ if (e && e->hasAttributeNS(nullptr, certificate)) {
+ // Simple File resolver config rooted here.
+ m_credResolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(FILESYSTEM_CREDENTIAL_RESOLVER, e);
}
- catch (exception& ex) {
- logging::Category::getInstance(XMLTOOLING_LOGCAT".TrustEngine.StaticPKIX").error(ex.what());
+ else {
+ e = e ? XMLHelper::getFirstChildElement(e, _CredentialResolver) : nullptr;
+ string t = XMLHelper::getAttrString(e, nullptr, type);
+ if (!t.empty())
+ m_credResolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(t.c_str(), e);
+ else
+ throw XMLSecurityException("Missing <CredentialResolver> element, or no type attribute found");
}
}