X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-xmltooling.git;a=blobdiff_plain;f=xmltooling%2FXMLToolingConfig.cpp;h=bcd6ebad95621f932f62439c6f8fdce89d51cfd1;hp=5dcfaaf18f34607862a8fce62826bcbc295fdd6c;hb=e93ce2c962c535ff88f26427e9aeb572f83976e1;hpb=084322ba84a3ba54486e4d532aee55cb19c9ede8 diff --git a/xmltooling/XMLToolingConfig.cpp b/xmltooling/XMLToolingConfig.cpp index 5dcfaaf..bcd6eba 100644 --- a/xmltooling/XMLToolingConfig.cpp +++ b/xmltooling/XMLToolingConfig.cpp @@ -1,17 +1,21 @@ -/* - * Copyright 2001-2010 Internet2 +/** + * Licensed to the University Corporation for Advanced Internet + * Development, Inc. (UCAID) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for + * additional information regarding copyright ownership. * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at + * UCAID licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the + * License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. */ /** @@ -32,9 +36,11 @@ #include "security/OpenSSLCryptoX509CRL.h" #include "security/CredentialResolver.h" #include "security/KeyInfoResolver.h" +#include "security/PathValidator.h" #include "signature/KeyInfo.h" #include "signature/Signature.h" #include "soap/SOAP.h" +#include "soap/SOAPTransport.h" #include "util/NDC.h" #include "util/PathResolver.h" #include "util/ReplayCache.h" @@ -49,6 +55,10 @@ #endif #include +#include +#include +#include + #if defined(XMLTOOLING_LOG4SHIB) # include # include @@ -61,6 +71,7 @@ #ifndef XMLTOOLING_NO_XMLSEC # include # include +# include # include # include # include @@ -71,8 +82,15 @@ using namespace soap11; using namespace xmltooling::logging; using namespace xmltooling; using namespace xercesc; +using namespace boost; using namespace std; +#ifdef WIN32 +# if (OPENSSL_VERSION_NUMBER >= 0x00908000) +# define XMLTOOLING_OPENSSL_HAVE_SHA2 1 +# endif +#endif + DECL_XMLTOOLING_EXCEPTION_FACTORY(XMLParserException,xmltooling); DECL_XMLTOOLING_EXCEPTION_FACTORY(XMLObjectException,xmltooling); @@ -95,14 +113,14 @@ using namespace xmlsignature; namespace { static XMLToolingInternalConfig g_config; #ifndef XMLTOOLING_NO_XMLSEC - static vector g_openssl_locks; + static ptr_vector g_openssl_locks; extern "C" void openssl_locking_callback(int mode,int n,const char *file,int line) { if (mode & CRYPTO_LOCK) - g_openssl_locks[n]->lock(); + g_openssl_locks[n].lock(); else - g_openssl_locks[n]->unlock(); + g_openssl_locks[n].unlock(); } # ifndef WIN32 @@ -211,6 +229,76 @@ XMLToolingConfig::~XMLToolingConfig() { } +#ifndef XMLTOOLING_LITE +const KeyInfoResolver* XMLToolingConfig::getKeyInfoResolver() const +{ + return m_keyInfoResolver; +} + +ReplayCache* XMLToolingConfig::getReplayCache() const +{ + return m_replayCache; +} + +void XMLToolingConfig::setKeyInfoResolver(xmltooling::KeyInfoResolver *keyInfoResolver) +{ + delete m_keyInfoResolver; + m_keyInfoResolver = keyInfoResolver; +} + +void XMLToolingConfig::setReplayCache(ReplayCache* replayCache) +{ + delete m_replayCache; + m_replayCache = replayCache; +} +#endif + +PathResolver* XMLToolingConfig::getPathResolver() const +{ + return m_pathResolver; +} + +TemplateEngine* XMLToolingConfig::getTemplateEngine() const +{ + return m_templateEngine; +} + +const URLEncoder* XMLToolingConfig::getURLEncoder() const +{ + return m_urlEncoder; +} + +void XMLToolingConfig::setPathResolver(PathResolver* pathResolver) +{ + delete m_pathResolver; + m_pathResolver = pathResolver; +} + +void XMLToolingConfig::setTemplateEngine(TemplateEngine* templateEngine) +{ + delete m_templateEngine; + m_templateEngine = templateEngine; +} + +void XMLToolingConfig::setURLEncoder(URLEncoder* urlEncoder) +{ + delete m_urlEncoder; + m_urlEncoder = urlEncoder; +} + +XMLToolingInternalConfig::XMLToolingInternalConfig() : +#ifndef XMLTOOLING_NO_XMLSEC + m_xsecProvider(nullptr), +#endif + m_initCount(0), m_lock(Mutex::create()), m_parserPool(nullptr), m_validatingPool(nullptr) +{ +} + +XMLToolingInternalConfig::~XMLToolingInternalConfig() +{ + delete m_lock; +} + bool XMLToolingInternalConfig::log_config(const char* config) { try { @@ -264,9 +352,13 @@ bool XMLToolingInternalConfig::log_config(const char* config) string path(config); PropertyConfigurator::configure(m_pathResolver ? m_pathResolver->resolve(path, PathResolver::XMLTOOLING_CFG_FILE) : path); } - } + +#ifndef XMLTOOLING_NO_XMLSEC + Category::getInstance(XMLTOOLING_LOGCAT".Signature.Debugger").setAdditivity(false); +#endif + } catch (const ConfigureFailure& e) { - string msg = string("failed to configure logging: ") + e.what(); + string msg = string("error in file permissions or logging configuration: ") + e.what(); Category::getInstance(XMLTOOLING_LOGCAT".Logging").crit(msg); #ifdef WIN32 LogEvent(nullptr, EVENTLOG_ERROR_TYPE, 2100, nullptr, msg.c_str()); @@ -277,69 +369,25 @@ bool XMLToolingInternalConfig::log_config(const char* config) return true; } -#ifndef XMLTOOLING_LITE -const KeyInfoResolver* XMLToolingConfig::getKeyInfoResolver() const -{ - return m_keyInfoResolver; -} - -ReplayCache* XMLToolingConfig::getReplayCache() const -{ - return m_replayCache; -} - -void XMLToolingConfig::setKeyInfoResolver(xmltooling::KeyInfoResolver *keyInfoResolver) -{ - delete m_keyInfoResolver; - m_keyInfoResolver = keyInfoResolver; -} - -void XMLToolingConfig::setReplayCache(ReplayCache* replayCache) +bool XMLToolingInternalConfig::init() { - delete m_replayCache; - m_replayCache = replayCache; -} +#ifdef _DEBUG + xmltooling::NDC ndc("init"); #endif + Category& log=Category::getInstance(XMLTOOLING_LOGCAT".Config"); -PathResolver* XMLToolingConfig::getPathResolver() const -{ - return m_pathResolver; -} + Lock initLock(m_lock); -TemplateEngine* XMLToolingConfig::getTemplateEngine() const -{ - return m_templateEngine; -} - -const URLEncoder* XMLToolingConfig::getURLEncoder() const -{ - return m_urlEncoder; -} - -void XMLToolingConfig::setPathResolver(PathResolver* pathResolver) -{ - delete m_pathResolver; - m_pathResolver = pathResolver; -} - -void XMLToolingConfig::setTemplateEngine(TemplateEngine* templateEngine) -{ - delete m_templateEngine; - m_templateEngine = templateEngine; -} + if (m_initCount == INT_MAX) { + log.crit("library initialized too many times"); + return false; + } -void XMLToolingConfig::setURLEncoder(URLEncoder* urlEncoder) -{ - delete m_urlEncoder; - m_urlEncoder = urlEncoder; -} + if (m_initCount >= 1) { + ++m_initCount; + return true; + } -bool XMLToolingInternalConfig::init() -{ -#ifdef _DEBUG - xmltooling::NDC ndc("init"); -#endif - Category& log=Category::getInstance(XMLTOOLING_LOGCAT".XMLToolingConfig"); try { log.debug("library initialization started"); @@ -348,7 +396,16 @@ bool XMLToolingInternalConfig::init() log.fatal("failed to initialize libcurl, OpenSSL, or Winsock"); return false; } - log.debug("libcurl %s initialization complete", LIBCURL_VERSION); + curl_version_info_data* curlver = curl_version_info(CURLVERSION_NOW); + if (curlver) { + log.debug("libcurl %s initialization complete", curlver->version); + if (!(curlver->features & CURL_VERSION_SSL)) { + log.warn("libcurl lacks TLS/SSL support, this will greatly limit functionality"); + } + } + else { + log.debug("libcurl %s initialization complete", LIBCURL_VERSION); + } #endif XMLPlatformUtils::Initialize(); @@ -365,22 +422,16 @@ bool XMLToolingInternalConfig::init() m_parserPool=new ParserPool(); m_validatingPool=new ParserPool(true,true); - m_lock=XMLPlatformUtils::makeMutex(); // Load catalogs from path. if (!catalog_path.empty()) { - char* catpath=strdup(catalog_path.c_str()); - char* sep=nullptr; - char* start=catpath; - while (start && *start) { - sep=strchr(start,PATH_SEPARATOR_CHAR); - if (sep) - *sep=0; - auto_ptr_XMLCh temp(start); - m_validatingPool->loadCatalog(temp.get()); - start = sep ? sep + 1 : nullptr; - } - free(catpath); + boost::tokenizer< char_separator > catpaths(catalog_path, char_separator(PATH_SEPARATOR_STR)); + for_each( + catpaths.begin(), catpaths.end(), + // Call loadCatalog with an inner call to s->c_str() on each entry. + boost::bind(static_cast(&ParserPool::loadCatalog), + m_validatingPool, boost::bind(&string::c_str,_1)) + ); } // default registrations @@ -404,16 +455,20 @@ bool XMLToolingInternalConfig::init() REGISTER_XMLTOOLING_EXCEPTION_FACTORY(EncryptionException,xmlencryption); registerKeyInfoClasses(); registerEncryptionClasses(); - registerKeyInfoResolvers(); registerCredentialResolvers(); + registerKeyInfoResolvers(); + registerPathValidators(); registerTrustEngines(); registerXMLAlgorithms(); - registerSOAPTransports(); - initSOAPTransports(); - registerStorageServices(); m_keyInfoResolver = KeyInfoResolverManager.newPlugin(INLINE_KEYINFO_RESOLVER,nullptr); #endif +#ifndef XMLTOOLING_LITE + registerStorageServices(); +#endif + registerSOAPTransports(); + initSOAPTransports(); + m_pathResolver = new PathResolver(); m_urlEncoder = new URLEncoder(); @@ -443,14 +498,27 @@ bool XMLToolingInternalConfig::init() #endif log.info("%s library initialization complete", PACKAGE_STRING); + ++m_initCount; return true; } void XMLToolingInternalConfig::term() { +#ifdef _DEBUG + xmltooling::NDC ndc("term"); +#endif + + Lock initLock(m_lock); + if (m_initCount == 0) { + Category::getInstance(XMLTOOLING_LOGCAT".Config").crit("term without corresponding init"); + return; + } + else if (--m_initCount > 0) { + return; + } + #ifndef XMLTOOLING_NO_XMLSEC CRYPTO_set_locking_callback(nullptr); - for_each(g_openssl_locks.begin(), g_openssl_locks.end(), xmltooling::cleanup()); g_openssl_locks.clear(); #endif @@ -459,10 +527,14 @@ void XMLToolingInternalConfig::term() XMLToolingException::deregisterFactories(); AttributeExtensibleXMLObject::deregisterIDAttributes(); -#ifndef XMLTOOLING_NO_XMLSEC - StorageServiceManager.deregisterFactories(); termSOAPTransports(); SOAPTransportManager.deregisterFactories(); + +#ifndef XMLTOOLING_LITE + StorageServiceManager.deregisterFactories(); +#endif + +#ifndef XMLTOOLING_NO_XMLSEC TrustEngineManager.deregisterFactories(); CredentialResolverManager.deregisterFactories(); KeyInfoResolverManager.deregisterFactories(); @@ -506,34 +578,43 @@ void XMLToolingInternalConfig::term() delete m_validatingPool; m_validatingPool=nullptr; + for_each(m_namedLocks.begin(), m_namedLocks.end(), cleanup_pair()); + m_namedLocks.clear(); + #ifndef XMLTOOLING_NO_XMLSEC delete m_xsecProvider; m_xsecProvider=nullptr; XSECPlatformUtils::Terminate(); #endif - XMLPlatformUtils::closeMutex(m_lock); - m_lock=nullptr; XMLPlatformUtils::Terminate(); #ifndef XMLTOOLING_NO_XMLSEC curl_global_cleanup(); #endif -#ifdef _DEBUG - xmltooling::NDC ndc("term"); -#endif - Category::getInstance(XMLTOOLING_LOGCAT".XMLToolingConfig").info("%s library shutdown complete", PACKAGE_STRING); + Category::getInstance(XMLTOOLING_LOGCAT".Config").info("%s library shutdown complete", PACKAGE_STRING); } Lockable* XMLToolingInternalConfig::lock() { - xercesc::XMLPlatformUtils::lockMutex(m_lock); + m_lock->lock(); return this; } void XMLToolingInternalConfig::unlock() { - xercesc::XMLPlatformUtils::unlockMutex(m_lock); + m_lock->unlock(); +} + +Mutex& XMLToolingInternalConfig::getNamedMutex(const char* name) +{ + Locker glock(this); + map::const_iterator m = m_namedLocks.find(name); + if (m != m_namedLocks.end()) + return *(m->second); + Mutex* newlock = Mutex::create(); + m_namedLocks[name] = newlock; + return *newlock; } bool XMLToolingInternalConfig::load_library(const char* path, void* context) @@ -541,7 +622,7 @@ bool XMLToolingInternalConfig::load_library(const char* path, void* context) #ifdef _DEBUG xmltooling::NDC ndc("LoadLibrary"); #endif - Category& log=Category::getInstance(XMLTOOLING_LOGCAT".XMLToolingConfig"); + Category& log=Category::getInstance(XMLTOOLING_LOGCAT".Config"); log.info("loading extension: %s", path); Locker locker(this); @@ -569,7 +650,7 @@ bool XMLToolingInternalConfig::load_library(const char* path, void* context) throw runtime_error(string("detected error in xmltooling_extension_init: ") + resolved); SetErrorMode(em); } - catch(exception&) { + catch(std::exception&) { if (handle) FreeLibrary(handle); SetErrorMode(em); @@ -592,7 +673,7 @@ bool XMLToolingInternalConfig::load_library(const char* path, void* context) if (fn(context)!=0) throw runtime_error(string("detected error in xmltooling_extension_init in ") + resolved); } - catch(exception&) { + catch(std::exception&) { if (handle) dlclose(handle); throw; @@ -628,11 +709,36 @@ XSECCryptoX509CRL* XMLToolingInternalConfig::X509CRL() const return new OpenSSLCryptoX509CRL(); } -bool XMLToolingInternalConfig::isXMLAlgorithmSupported(const XMLCh* xmlAlgorithm) +pair XMLToolingInternalConfig::mapXMLAlgorithmToKeyAlgorithm(const XMLCh* xmlAlgorithm) const +{ + for (algmap_t::const_iterator i = m_algorithmMap.begin(); i != m_algorithmMap.end(); ++i) { + algmap_t::value_type::second_type::const_iterator j = i->second.find(xmlAlgorithm); + if (j != i->second.end()) + return pair(j->second.first.c_str(), j->second.second); + } + return pair(nullptr, 0); +} + +void XMLToolingInternalConfig::registerXMLAlgorithm( + const XMLCh* xmlAlgorithm, const char* keyAlgorithm, unsigned int size, XMLSecurityAlgorithmType type + ) +{ + m_algorithmMap[type][xmlAlgorithm] = pair((keyAlgorithm ? keyAlgorithm : ""), size); +} + +bool XMLToolingInternalConfig::isXMLAlgorithmSupported(const XMLCh* xmlAlgorithm, XMLSecurityAlgorithmType type) { try { - if (XSECPlatformUtils::g_algorithmMapper->mapURIToHandler(xmlAlgorithm)) - return true; + // First check for basic support from the xmlsec layer. + if (XSECPlatformUtils::g_algorithmMapper->mapURIToHandler(xmlAlgorithm)) { + // Make sure the algorithm is registered. + algmap_t::const_iterator i = m_algorithmMap.find(type); + if (i != m_algorithmMap.end()) { + algmap_t::value_type::second_type::const_iterator j = i->second.find(xmlAlgorithm); + if (j != i->second.end()) + return true; + } + } } catch (XSECException&) { } @@ -641,40 +747,78 @@ bool XMLToolingInternalConfig::isXMLAlgorithmSupported(const XMLCh* xmlAlgorithm void XMLToolingInternalConfig::registerXMLAlgorithms() { - registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIRSA_MD5, "RSA", 0); - registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIRSA_SHA1, "RSA", 0); - registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIRSA_SHA224, "RSA", 0); - registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIRSA_SHA256, "RSA", 0); - registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIRSA_SHA384, "RSA", 0); - registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIRSA_SHA512, "RSA", 0); + // The deal with all the macros is to try and figure out with no false positives whether + // the OpenSSL version *and* the XML-Security version support the algorithms. + + // With ECDSA, XML-Security exports a public macro for OpenSSL's support, and any + // versions of XML-Security that didn't provide the macro don't handle ECDSA anyway. + + // With AES, all supported XML-Security versions export a macro for OpenSSL's support. - registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIRSA_1_5, "RSA", 0); - registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1, "RSA", 0); + // With SHA2, only the very latest XML-Security exports a macro, but all the versions + // will handle SHA2 *if* OpenSSL does. So we use our own macro to check OpenSSL's + // support, and then add checks to see if specific versions are compiled out. - registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIDSA_SHA1, "DSA", 0); + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIMD5, nullptr, 0, ALGTYPE_DIGEST); + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURISHA1, nullptr, 0, ALGTYPE_DIGEST); +#if defined(XMLTOOLING_OPENSSL_HAVE_SHA2) && !defined(OPENSSL_NO_SHA256) + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURISHA224, nullptr, 0, ALGTYPE_DIGEST); + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURISHA256, nullptr, 0, ALGTYPE_DIGEST); +#endif +#if defined(XMLTOOLING_OPENSSL_HAVE_SHA2) && !defined(OPENSSL_NO_SHA512) + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURISHA384, nullptr, 0, ALGTYPE_DIGEST); + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURISHA512, nullptr, 0, ALGTYPE_DIGEST); +#endif + + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIDSA_SHA1, "DSA", 0, ALGTYPE_SIGN); + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIRSA_MD5, "RSA", 0, ALGTYPE_SIGN); + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIRSA_SHA1, "RSA", 0, ALGTYPE_SIGN); +#if defined(XMLTOOLING_OPENSSL_HAVE_SHA2) && !defined(OPENSSL_NO_SHA256) + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIRSA_SHA224, "RSA", 0, ALGTYPE_SIGN); + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIRSA_SHA256, "RSA", 0, ALGTYPE_SIGN); +#endif +#if defined(XMLTOOLING_OPENSSL_HAVE_SHA2) && !defined(OPENSSL_NO_SHA512) + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIRSA_SHA384, "RSA", 0, ALGTYPE_SIGN); + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIRSA_SHA512, "RSA", 0, ALGTYPE_SIGN); +#endif + +#ifdef XSEC_OPENSSL_HAVE_EC + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIECDSA_SHA1, "EC", 0, ALGTYPE_SIGN); +#if defined(XMLTOOLING_OPENSSL_HAVE_SHA2) && !defined(OPENSSL_NO_SHA256) + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIECDSA_SHA256, "EC", 0, ALGTYPE_SIGN); +# endif +#if defined(XMLTOOLING_OPENSSL_HAVE_SHA2) && !defined(OPENSSL_NO_SHA512) + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIECDSA_SHA384, "EC", 0, ALGTYPE_SIGN); + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIECDSA_SHA512, "EC", 0, ALGTYPE_SIGN); +# endif +#endif - registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIECDSA_SHA1, "EC", 0); - registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIECDSA_SHA256, "EC", 0); - registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIECDSA_SHA384, "EC", 0); - registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIECDSA_SHA512, "EC", 0); + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIHMAC_SHA1, "HMAC", 0, ALGTYPE_SIGN); +#if defined(XMLTOOLING_OPENSSL_HAVE_SHA2) && !defined(OPENSSL_NO_SHA256) + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIHMAC_SHA224, "HMAC", 0, ALGTYPE_SIGN); + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIHMAC_SHA256, "HMAC", 0, ALGTYPE_SIGN); +#endif +#if defined(XMLTOOLING_OPENSSL_HAVE_SHA2) && !defined(OPENSSL_NO_SHA512) + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIHMAC_SHA384, "HMAC", 0, ALGTYPE_SIGN); + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIHMAC_SHA512, "HMAC", 0, ALGTYPE_SIGN); +#endif - registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIHMAC_SHA1, "HMAC", 0); - registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIHMAC_SHA224, "HMAC", 0); - registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIHMAC_SHA256, "HMAC", 0); - registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIHMAC_SHA384, "HMAC", 0); - registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIHMAC_SHA512, "HMAC", 0); + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIRSA_1_5, "RSA", 0, ALGTYPE_KEYENCRYPT); + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIRSA_OAEP_MGFP1, "RSA", 0, ALGTYPE_KEYENCRYPT); - registerXMLAlgorithm(DSIGConstants::s_unicodeStrURI3DES_CBC, "DESede", 192); - registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIKW_3DES, "DESede", 192); + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURI3DES_CBC, "DESede", 192, ALGTYPE_ENCRYPT); + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIKW_3DES, "DESede", 192, ALGTYPE_KEYENCRYPT); - registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIAES128_CBC, "AES", 128); - registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIKW_AES128, "AES", 128); +#ifdef XSEC_OPENSSL_HAVE_AES + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIAES128_CBC, "AES", 128, ALGTYPE_ENCRYPT); + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIKW_AES128, "AES", 128, ALGTYPE_KEYENCRYPT); - registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIAES192_CBC, "AES", 192); - registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIKW_AES192, "AES", 192); + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIAES192_CBC, "AES", 192, ALGTYPE_ENCRYPT); + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIKW_AES192, "AES", 192, ALGTYPE_KEYENCRYPT); - registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIAES256_CBC, "AES", 256); - registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIKW_AES256, "AES", 256); + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIAES256_CBC, "AES", 256, ALGTYPE_ENCRYPT); + registerXMLAlgorithm(DSIGConstants::s_unicodeStrURIKW_AES256, "AES", 256, ALGTYPE_KEYENCRYPT); +#endif } #endif