Integrated credential resolver API with signing context.

[shibboleth/cpp-xmltooling.git] / xmltooling / signature / impl / XMLSecSignatureImpl.cpp

diff --git a/xmltooling/signature/impl/XMLSecSignatureImpl.cpp b/xmltooling/signature/impl/XMLSecSignatureImpl.cpp
index bf169bb..cf3afd2 100644 (file)
--- a/xmltooling/signature/impl/XMLSecSignatureImpl.cpp
+++ b/xmltooling/signature/impl/XMLSecSignatureImpl.cpp
@@ -57,6 +57,7 @@ namespace xmlsignature {
         \r
         void releaseDOM();\r
         XMLObject* clone() const;\r
+        Signature* cloneSignature() const;\r
 \r
         DOMElement* marshall(DOMDocument* document=NULL, MarshallingContext* ctx=NULL) const;\r
         DOMElement* marshall(DOMElement* parentElement, MarshallingContext* ctx=NULL) const;\r
@@ -70,7 +71,7 @@ namespace xmlsignature {
         void setCanonicalizationMethod(const XMLCh* c14n) { m_c14n = prepareForAssignment(m_c14n,c14n); }\r
         void setSignatureAlgorithm(const XMLCh* sm) { m_sm = prepareForAssignment(m_sm,sm); }\r
 \r
-        void sign(const SigningContext& ctx);\r
+        void sign(SigningContext& ctx);\r
         void verify(const VerifyingContext& ctx) const;\r
 \r
     private:\r
@@ -109,6 +110,11 @@ void XMLSecSignatureImpl::releaseDOM()
 \r
 XMLObject* XMLSecSignatureImpl::clone() const\r
 {\r
+    return cloneSignature();\r
+}\r
+\r
+Signature* XMLSecSignatureImpl::cloneSignature() const\r
+{\r
     XMLSecSignatureImpl* ret=new XMLSecSignatureImpl();\r
 \r
     ret->m_c14n=XMLString::replicate(m_c14n);\r
@@ -131,7 +137,7 @@ public:
     }\r
 };\r
 \r
-void XMLSecSignatureImpl::sign(const SigningContext& ctx)\r
+void XMLSecSignatureImpl::sign(SigningContext& ctx)\r
 {\r
     Category& log=Category::getInstance(XMLTOOLING_LOGCAT".Signature");\r
     log.debug("applying signature");\r
@@ -141,15 +147,29 @@ void XMLSecSignatureImpl::sign(const SigningContext& ctx)
 \r
     try {\r
         log.debug("creating signature content");\r
-        ctx.createSignature(m_signature);\r
-        const std::vector<XSECCryptoX509*>& certs=ctx.getX509Certificates();\r
-        if (!certs.empty()) {\r
-            DSIGKeyInfoX509* x509Data=m_signature->appendX509Data();\r
-            for_each(certs.begin(),certs.end(),bind1st(_addcert(),x509Data));\r
+        CredentialResolver& cr=ctx.getCredentialResolver();\r
+        if (!ctx.createSignature(m_signature)) {\r
+            auto_ptr<KeyInfo> keyInfo(ctx.getKeyInfo());\r
+            if (keyInfo.get()) {\r
+                DOMElement* domElement=keyInfo->marshall(m_signature->getParentDocument());\r
+                getDOM()->appendChild(domElement);\r
+            }\r
+            else {\r
+                Locker locker1(cr);\r
+                const std::vector<XSECCryptoX509*>* certs=cr.getX509Certificates();\r
+                if (certs && !certs->empty()) {\r
+                    DSIGKeyInfoX509* x509Data=m_signature->appendX509Data();\r
+                    for_each(certs->begin(),certs->end(),bind1st(_addcert(),x509Data));\r
+                }\r
+            }\r
         }\r
         \r
         log.debug("computing signature");\r
-        m_signature->setSigningKey(ctx.getSigningKey());\r
+        Locker locker2(cr);\r
+        XSECCryptoKey* key=cr.getPrivateKey();\r
+        if (!key)\r
+            throw SignatureException(string("Unable to obtain signing key from CredentialResolver (") + cr.getId() + ")");\r
+        m_signature->setSigningKey(key->clone());\r
         m_signature->sign();\r
     }\r
     catch(XSECException& e) {\r