/*
- * Copyright 2001-2007 Internet2
+ * Copyright 2001-2010 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
/**
* PKIXTrustEngine.cpp
*
- * Shibboleth-specific PKIX-validation TrustEngine
+ * Shibboleth-specific PKIX-validation TrustEngine.
*/
#include "internal.h"
namespace xmltooling {
- static const XMLCh _CredentialResolver[] = UNICODE_LITERAL_18(C,r,e,d,e,n,t,i,a,l,R,e,s,o,l,v,e,r);\r
- static const XMLCh type[] = UNICODE_LITERAL_4(t,y,p,e);\r
- static const XMLCh certificate[] = UNICODE_LITERAL_11(c,e,r,t,i,f,i,c,a,t,e);\r
- static const XMLCh Certificate[] = UNICODE_LITERAL_11(C,e,r,t,i,f,i,c,a,t,e);\r
- static const XMLCh Path[] = UNICODE_LITERAL_4(P,a,t,h);\r
+ static const XMLCh _CredentialResolver[] = UNICODE_LITERAL_18(C,r,e,d,e,n,t,i,a,l,R,e,s,o,l,v,e,r);
+ static const XMLCh type[] = UNICODE_LITERAL_4(t,y,p,e);
+ static const XMLCh certificate[] = UNICODE_LITERAL_11(c,e,r,t,i,f,i,c,a,t,e);
+ static const XMLCh Certificate[] = UNICODE_LITERAL_11(C,e,r,t,i,f,i,c,a,t,e);
+ static const XMLCh Path[] = UNICODE_LITERAL_4(P,a,t,h);
static const XMLCh verifyDepth[] = UNICODE_LITERAL_11(v,e,r,i,f,y,D,e,p,t,h);
-\r
+
class XMLTOOL_DLLLOCAL StaticPKIXTrustEngine : public AbstractPKIXTrustEngine
{
public:
- StaticPKIXTrustEngine(const DOMElement* e=NULL);
+ StaticPKIXTrustEngine(const DOMElement* e=nullptr);
virtual ~StaticPKIXTrustEngine() {
- if (m_credResolver) {
- m_credResolver->unlock();
- delete m_credResolver;
- }
+ delete m_credResolver;
}
AbstractPKIXTrustEngine::PKIXValidationInfoIterator* getPKIXValidationInfoIterator(
- const CredentialResolver& pkixSource, CredentialCriteria* criteria=NULL
+ const CredentialResolver& pkixSource, CredentialCriteria* criteria=nullptr
) const;
const KeyInfoResolver* getKeyInfoResolver() const {
}
private:
- CredentialResolver* m_credResolver;
int m_depth;
- vector<XSECCryptoX509*> m_certs;
- vector<XSECCryptoX509CRL*> m_crls;
+ CredentialResolver* m_credResolver;
friend class XMLTOOL_DLLLOCAL StaticPKIXIterator;
};
{
public:
StaticPKIXIterator(const StaticPKIXTrustEngine& engine) : m_engine(engine), m_done(false) {
+ // Merge together all X509Credentials we can resolve.
+ m_engine.m_credResolver->lock();
+ try {
+ vector<const Credential*> creds;
+ m_engine.m_credResolver->resolve(creds);
+ for (vector<const Credential*>::const_iterator i = creds.begin(); i != creds.end(); ++i) {
+ const X509Credential* xcred = dynamic_cast<const X509Credential*>(*i);
+ if (xcred) {
+ m_certs.insert(m_certs.end(), xcred->getEntityCertificateChain().begin(), xcred->getEntityCertificateChain().end());
+ m_crls.insert(m_crls.end(), xcred->getCRLs().begin(), xcred->getCRLs().end());
+ }
+ }
+ }
+ catch (exception& ex) {
+ logging::Category::getInstance(XMLTOOLING_LOGCAT".TrustEngine.StaticPKIX").error(ex.what());
+ }
}
virtual ~StaticPKIXIterator() {
+ m_engine.m_credResolver->unlock();
}
bool next() {
}
const vector<XSECCryptoX509*>& getTrustAnchors() const {
- return m_engine.m_certs;
+ return m_certs;
}
const vector<XSECCryptoX509CRL*>& getCRLs() const {
- return m_engine.m_crls;
+ return m_crls;
}
private:
const StaticPKIXTrustEngine& m_engine;
+ vector<XSECCryptoX509*> m_certs;
+ vector<XSECCryptoX509CRL*> m_crls;
bool m_done;
};
};
-StaticPKIXTrustEngine::StaticPKIXTrustEngine(const DOMElement* e) : AbstractPKIXTrustEngine(e)
+StaticPKIXTrustEngine::StaticPKIXTrustEngine(const DOMElement* e) : AbstractPKIXTrustEngine(e), m_depth(1), m_credResolver(nullptr)
{
- const XMLCh* depth = e ? e->getAttributeNS(NULL, verifyDepth) : NULL;
+ const XMLCh* depth = e ? e->getAttributeNS(nullptr, verifyDepth) : nullptr;
if (depth && *depth)
m_depth = XMLString::parseInt(depth);
- else
- m_depth = 1;
-
- if (e && e->hasAttributeNS(NULL,certificate)) {\r
- // Simple File resolver config rooted here.\r
- m_credResolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(FILESYSTEM_CREDENTIAL_RESOLVER,e);\r
- }\r
- else {\r
- e = e ? XMLHelper::getFirstChildElement(e, _CredentialResolver) : NULL;\r
- auto_ptr_char t(e ? e->getAttributeNS(NULL,type) : NULL);\r
- if (t.get()) {\r
- m_credResolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(t.get(),e);\r
- }\r
- else\r
- throw XMLSecurityException("Missing <CredentialResolver> element, or no type attribute found");\r
- }\r
-\r
- m_credResolver->lock();\r
-
- // Merge together all X509Credentials we can resolve.
- try {
- vector<const Credential*> creds;
- m_credResolver->resolve(creds);
- for (vector<const Credential*>::const_iterator i = creds.begin(); i != creds.end(); ++i) {
- const X509Credential* xcred = dynamic_cast<const X509Credential*>(*i);
- if (xcred) {
- m_certs.insert(m_certs.end(), xcred->getEntityCertificateChain().begin(), xcred->getEntityCertificateChain().end());
- if (xcred->getCRL())
- m_crls.push_back(xcred->getCRL());
- }
- }
+
+ if (e && e->hasAttributeNS(nullptr,certificate)) {
+ // Simple File resolver config rooted here.
+ m_credResolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(FILESYSTEM_CREDENTIAL_RESOLVER,e);
}
- catch (exception& ex) {
- logging::Category::getInstance(XMLTOOLING_LOGCAT".TrustEngine.StaticPKIX").error(ex.what());
+ else {
+ e = e ? XMLHelper::getFirstChildElement(e, _CredentialResolver) : nullptr;
+ auto_ptr_char t(e ? e->getAttributeNS(nullptr,type) : nullptr);
+ if (t.get()) {
+ m_credResolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(t.get(),e);
+ }
+ else
+ throw XMLSecurityException("Missing <CredentialResolver> element, or no type attribute found");
}
}
projects / shibboleth / cpp-xmltooling.git / blobdiff