Handle null criteria when trusted names are set

author Scott Cantor <cantor.2@osu.edu>

Thu, 11 Aug 2011 18:56:40 +0000 (18:56 +0000)

committer Scott Cantor <cantor.2@osu.edu>

Thu, 11 Aug 2011 18:56:40 +0000 (18:56 +0000)
author Scott Cantor <cantor.2@osu.edu>
Thu, 11 Aug 2011 18:56:40 +0000 (18:56 +0000)
committer Scott Cantor <cantor.2@osu.edu>
Thu, 11 Aug 2011 18:56:40 +0000 (18:56 +0000)
diff --git a/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp b/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp

index 25cdcb1..5d7a598 100644 (file)
--- a/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp
+++ b/xmltooling/security/impl/AbstractPKIXTrustEngine.cpp
@@ -692,7 +692,7 @@ bool AbstractPKIXTrustEngine::validateWithCRLs(
          return false;
      }
  
-    if ((criteria && criteria->getPeerName() && *(criteria->getPeerName())) || !m_trustedNames.empty()) {
+    if (criteria && criteria->getPeerName() && *(criteria->getPeerName())) {
          log.debug("checking that the certificate name is acceptable");
          if (criteria && criteria->getUsage()==Credential::UNSPECIFIED_CREDENTIAL)
              criteria->setUsage(Credential::SIGNING_CREDENTIAL);
@@ -701,6 +701,15 @@ bool AbstractPKIXTrustEngine::validateWithCRLs(
              return false;
          }
      }
+    else if (!m_trustedNames.empty()) {
+        log.debug("checking that the certificate name is acceptable");
+        CredentialCriteria cc;
+        cc.setUsage(Credential::SIGNING_CREDENTIAL);
+        if (!checkEntityNames(certEE,credResolver,cc)) {
+            log.error("certificate name was not acceptable");
+            return false;
+        }
+    }
      
      log.debug("performing certificate path validation...");
author	Scott Cantor <cantor.2@osu.edu>
	Thu, 11 Aug 2011 18:56:40 +0000 (18:56 +0000)
committer	Scott Cantor <cantor.2@osu.edu>
	Thu, 11 Aug 2011 18:56:40 +0000 (18:56 +0000)