/*
- * Copyright 2001-2007 Internet2
+ * Copyright 2001-2010 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
*/
#include "internal.h"
+#include "security/Credential.h"
+#include "signature/Signature.h"
#include "signature/SignatureValidator.h"
#include <xsec/enc/XSECCryptoException.hpp>
using namespace xmltooling;
using namespace std;
+SignatureValidator::SignatureValidator(XSECCryptoKey* key) : m_key(key), m_credential(nullptr)
+{
+}
+
+SignatureValidator::SignatureValidator(const Credential* credential) : m_key(nullptr), m_credential(credential)
+{
+}
+
+SignatureValidator::~SignatureValidator()
+{
+}
+
+void SignatureValidator::setKey(XSECCryptoKey* key)
+{
+ m_key = key;
+ m_credential = nullptr;
+}
+
+void SignatureValidator::setCredential(const Credential* credential)
+{
+ m_key = nullptr;
+ m_credential = credential;
+}
+
void SignatureValidator::validate(const XMLObject* xmlObject) const
{
const Signature* sigObj=dynamic_cast<const Signature*>(xmlObject);
DSIGSignature* sig=sigObj->getXMLSignature();
if (!sig)
throw ValidationException("Signature does not exist yet.");
- else if (!m_key && !m_resolver)
- throw ValidationException("No KeyResolver or signing key set on Validator.");
+ else if (!m_key && !m_credential)
+ throw ValidationException("No Credential or key set on Validator.");
+
+ XSECCryptoKey* key = m_key ? m_key : (m_credential ? m_credential->getPublicKey() : nullptr);
+ if (!key)
+ throw ValidationException("Credential did not contain a verification key.");
try {
- XSECCryptoKey* key = m_key ? m_key->clone() : m_resolver->resolveKey(sig->getKeyInfoList());
- if (!key)
- throw ValidationException("Unable to resolve signing key.");
- sig->setSigningKey(key);
+ sig->setSigningKey(key->clone());
if (!sig->verify())
- throw ValidationException("Digital signature does not validate with the given key.");
+ throw ValidationException("Digital signature does not validate with the supplied key.");
}
catch(XSECException& e) {
auto_ptr_char temp(e.getMsg());