/* Define if you wish to disable Xalan-dependent features. */
#define XSEC_NO_XALAN
+#ifndef XMLTOOLING_NO_XMLSEC
+# include <xsec/framework/XSECDefs.hpp>
+# if (_XSEC_VERSION_FULL >= 10600)
+# define XMLTOOLING_XMLSEC_MULTIPLECRL 1
+# define XMLTOOLING_XMLSEC_SIGALGORITHM 1
+# endif
+#endif
+
/* Define to empty if `const' does not conform to ANSI C. */
/* #undef const */
[AC_MSG_ERROR([unable to link with XML-Security])])
AC_CHECK_TYPE([xsecsize_t],[AC_DEFINE([HAVE_XSECSIZE_T], [1], [Define to 1 if you have the 'xsecsize_t' type.])])
+ AC_MSG_CHECKING([whether XML-Security-C has multiple CRL support])
+ AC_TRY_COMPILE([#include <xsec/dsig/DSIGKeyInfoList.hpp>],
+ [DSIGKeyInfoList* klist; klist->getX509CRLListSize();],
+ [AC_MSG_RESULT([yes])]
+ [AC_DEFINE([XMLTOOLING_XMLSEC_MULTIPLECRL], [1], [Define to 1 if XML-Security-C handles multiple CRLs.])],
+ [AC_MSG_RESULT([no])])
+
+ AC_MSG_CHECKING([whether XML-Security-C exposes the signature algorithm URI])
+ AC_TRY_COMPILE([#include <xsec/dsig/DSIGSignature.hpp>],
+ [DSIGSignature* sig; sig->getAlgorithmURI();],
+ [AC_MSG_RESULT([yes])]
+ [AC_DEFINE([XMLTOOLING_XMLSEC_SIGALGORITHM], [1], [Define to 1 if XML-Security-C exposes the signature algorithm URI.])],
+ [AC_MSG_RESULT([no])])
+
# restore master libs
LIBS="$save_LIBS"
/*
- * Copyright 2001-2009 Internet2
+ * Copyright 2001-2010 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
}
if (types & X509Credential::RESOLVE_CRLS) {
- DOMNode* x509Node;
- DOMElement* crlElement;
for (DSIGKeyInfoList::size_type i=0; i<sz; ++i) {
if (keyInfo->item(i)->getKeyInfoType()==DSIGKeyInfo::KEYINFO_X509) {
+#ifdef XMLTOOLING_XMLSEC_MULTIPLECRL
+ DSIGKeyInfoX509* x509 = static_cast<DSIGKeyInfoX509*>(keyInfo->item(i));
+ int count = x509->getX509CRLListSize();
+ for (int j=0; j<count; ++j) {
+ auto_ptr_char buf(x509->getX509CRLItem(j));
+ if (buf.get()) {
+ try {
+ auto_ptr<XSECCryptoX509CRL> crlobj(XMLToolingConfig::getConfig().X509CRL());
+ crlobj->loadX509CRLBase64Bin(buf.get(), strlen(buf.get()));
+ m_crls.push_back(crlobj.release());
+ }
+ catch(XSECException& e) {
+ auto_ptr_char temp(e.getMsg());
+ Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver."INLINE_KEYINFO_RESOLVER).error("caught XML-Security exception loading CRL: %s", temp.get());
+ }
+ catch(XSECCryptoException& e) {
+ Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver."INLINE_KEYINFO_RESOLVER).error("caught XML-Security exception loading CRL: %s", e.getMsg());
+ }
+ }
+ }
+#else
// The current xmlsec API is limited to one CRL per KeyInfo.
// For now, I'm going to process the DOM directly.
- x509Node = keyInfo->item(i)->getKeyInfoDOMNode();
- crlElement = x509Node ? XMLHelper::getFirstChildElement(x509Node, xmlconstants::XMLSIG_NS, X509CRL::LOCAL_NAME) : NULL;
+ DOMNode* x509Node = keyInfo->item(i)->getKeyInfoDOMNode();
+ DOMElement* crlElement = x509Node ? XMLHelper::getFirstChildElement(x509Node, xmlconstants::XMLSIG_NS, X509CRL::LOCAL_NAME) : NULL;
while (crlElement) {
if (crlElement->hasChildNodes()) {
auto_ptr_char buf(crlElement->getFirstChild()->getNodeValue());
}
crlElement = XMLHelper::getNextSiblingElement(crlElement, xmlconstants::XMLSIG_NS, X509CRL::LOCAL_NAME);
}
+#endif
}
}
}
/*
- * Copyright 2001-2009 Internet2
+ * Copyright 2001-2010 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
/**
* Gets the signing algorithm for the signature.
*
- * @return the signature algorithm
+ * @return the signature algorithm, or NULL if indeterminate
*/
virtual const XMLCh* getSignatureAlgorithm() const=0;
}
const XMLCh* getSignatureAlgorithm() const {
if (!m_sm && m_signature) {
+#ifdef XMLTOOLING_XMLSEC_SIGALGORITHM
+ m_sm = XMLString::replicate(m_signature->getAlgorithmURI());
+#else
safeBuffer sURI;
- if (signatureHashMethod2URI(sURI, m_signature->getSignatureMethod(), m_signature->getHashMethod()) == false)
- return NULL;
- m_sm = XMLString::replicate(sURI.sbStrToXMLCh());
+ if (signatureHashMethod2URI(sURI, m_signature->getSignatureMethod(), m_signature->getHashMethod()))
+ m_sm = XMLString::replicate(sURI.sbStrToXMLCh());
+#endif
}
- return m_sm ? m_sm : DSIGConstants::s_unicodeStrURIRSA_SHA1;
+ return m_sm;
}
KeyInfo* getKeyInfo() const { return m_keyInfo; }
}
DSIGSignature* temp=XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->newSignature();
temp->setDSIGNSPrefix(XMLSIG_PREFIX);
- cachedDOM=temp->createBlankSignature(document, getCanonicalizationMethod(), getSignatureAlgorithm());
+ const XMLCh* alg = getSignatureAlgorithm();
+ if (!alg)
+ alg = DSIGConstants::s_unicodeStrURIRSA_SHA1;
+ cachedDOM=temp->createBlankSignature(document, getCanonicalizationMethod(), alg);
m_signature = temp;
}
else {
log.debug("creating empty Signature element");
DSIGSignature* temp=XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->newSignature();
temp->setDSIGNSPrefix(XMLSIG_PREFIX);
- cachedDOM=temp->createBlankSignature(parentElement->getOwnerDocument(), getCanonicalizationMethod(), getSignatureAlgorithm());
+ const XMLCh* alg = getSignatureAlgorithm();
+ if (!alg)
+ alg = DSIGConstants::s_unicodeStrURIRSA_SHA1;
+ cachedDOM=temp->createBlankSignature(parentElement->getOwnerDocument(), getCanonicalizationMethod(), alg);
m_signature = temp;
}
else {
/*
- * Copyright 2001-2009 Internet2
+ * Copyright 2001-2010 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
TSM_ASSERT("Unable to resolve public key.", cred->getPublicKey()!=NULL);
TSM_ASSERT_EQUALS("Unexpected key type.", cred->getPublicKey()->getKeyType(), XSECCryptoKey::KEY_RSA_PUBLIC);
TSM_ASSERT_EQUALS("Wrong certificate count.", cred->getEntityCertificateChain().size(), 1);
- TSM_ASSERT("Unable to resolve CRL.", cred->getCRL()!=NULL);
+ TSM_ASSERT_EQUALS("Wrong CRL count.", cred->getCRLs().size(), 3);
}
};
/*
- * Copyright 2001-2007 Internet2
+ * Copyright 2001-2010 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
auto_ptr<KeyInfo> kiObject(dynamic_cast<KeyInfo*>(b->buildFromDocument(doc)));
TS_ASSERT(kiObject.get()!=NULL);
TSM_ASSERT_EQUALS("Number of child elements was not expected value",
- 3, kiObject->getOrderedChildren().size());
+ 4, kiObject->getOrderedChildren().size());
TSM_ASSERT_EQUALS("Number of child elements was not expected value",
1, kiObject->getKeyValues().size());
TSM_ASSERT_EQUALS("Number of child elements was not expected value",
/50cy2EUSe6YtzA8pGXzSP67YC/3U0D8U4A=
</ds:X509CRL>
</ds:X509Data>
+ <ds:X509Data>
+ <ds:X509CRL>
+ MIICKjCCARICAQEwDQYJKoZIhvcNAQEFBQAwdzELMAkGA1UEBhMCQ0gxQDA+BgNVBAoTN1N3aXRj
+ aCAtIFRlbGVpbmZvcm1hdGlrZGllbnN0ZSBmdWVyIExlaHJlIHVuZCBGb3JzY2h1bmcxJjAkBgNV
+ BAMTHVNXSVRDSGFhaSBNZXRhZGF0YSBTaWduaW5nIENBFw0wODA5MDIwNDAwMDdaFw0wODA5MjMw
+ NDAwMDdaMDYwNAIVSWITCHaaiMetadataSignerTest0Fw0wODA1MjcwODE3NTlaMAwwCgYDVR0V
+ BAMKAQSgLzAtMB8GA1UdIwQYMBaAFG6idTQyfos1XdiTIq2IvM82okZmMAoGA1UdFAQDAgFCMA0G
+ CSqGSIb3DQEBBQUAA4IBAQCJfSE0x/Gu6zjEfEviR+s568qgRwHLmgTigz3iY0GNfgNTOFttZM0+
+ 3AjApSI2FGQHm4K+69MLJNfiH/drNMMnAjY1F2Y8YNkujeyamWBL0HljH8z7lH0uWePFbXje5JTg
+ sCyGARWq46Ted7kekgUdSwNIzreMlLrcdSiEcPw4cTPrMLMj4FbiJVcjn8O1mkBhJOvQTF0Em9Qn
+ g3AeJVx9QzfJTK5B8qZRF7eJDxe+lHsC8UU7HHT0p4cgrBiiBJi+kypFMZepmJi0OJ6fkEHCbAhI
+ IEjDrLGetw0Bq0otJHwueaKcqL2/J2krrsDWUniRyw6X6CK/YtFrAf8RJ9GK
+ </ds:X509CRL>
+ <ds:X509CRL>
+ MIIB5TCBzgIBATANBgkqhkiG9w0BAQUFADBrMQswCQYDVQQGEwJDSDFAMD4GA1UEChM3U3dpdGNo
+ IC0gVGVsZWluZm9ybWF0aWtkaWVuc3RlIGZ1ZXIgTGVocmUgdW5kIEZvcnNjaHVuZzEaMBgGA1UE
+ AxMRU1dJVENIYWFpIFJvb3QgQ0EXDTA4MDUxNTA2MzA1NVoXDTA5MTExNDA2MzA1NVqgLzAtMB8G
+ A1UdIwQYMBaAFOma4gZY6w/XgQNdXJe5sbWTfTuEMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBBQUA
+ A4IBAQCjTKxJjysq8pl799mPu+m/90hKGZ+nu3YBR8yStYFVm/7WvDW62c2OalRlFipcA/cU4lpU
+ cbb1698/XHLfVX4UiZ6+90rQPRtM3VG0fB8Dz/perhCjvjGLB7PWVI/1KKg+b4VFLDqoU/WMbR3O
+ FF6tK+Gfvk3xFhSgaUIpJXVwgJWGYEXbfr6hHaIJ0VjKxvLGUcpRrfsVPNVZVNfYfaHvH2BsdWhq
+ vDMyK3mhySRlYQX0dvi7majHpwzUPQcyr1a5c+hl50Lo0TJ7pIgZn1kc0oj1bxZHt6dGUQz9mhxU
+ M9ZChStEJ32+ghr/sK/2DA3nkIcCZ/Ou4btRgsG1F8yG
+ </ds:X509CRL>
+ </ds:X509Data>
</ds:KeyInfo>