/**\r
* @file KeyResolver.h\r
* \r
- * Resolves keys based on KeyInfo information or other external factors. \r
+ * Resolves public keys and certificates based on KeyInfo information or\r
+ * external factors. \r
*/\r
\r
#if !defined(__xmltooling_keyres_h__) && !defined(XMLTOOLING_NO_XMLSEC)\r
\r
#include <xsec/dsig/DSIGKeyInfoList.hpp>\r
#include <xsec/enc/XSECCryptoKey.hpp>\r
+#include <xsec/enc/XSECCryptoX509.hpp>\r
+\r
+#include <vector>\r
\r
namespace xmlsignature {\r
\r
/**\r
- * An API for resolving keys.\r
+ * An API for resolving keys. The default/simple implementation\r
+ * allows a hard-wired key to be supplied. This is mostly\r
+ * useful for testing, or to adapt another mechanism for supplying\r
+ * keys to this interface.\r
*/\r
class XMLTOOL_API KeyResolver {\r
MAKE_NONCOPYABLE(KeyResolver);\r
* @param keyInfo the key information\r
* @return the resolved key\r
*/\r
- virtual XSECCryptoKey* resolveKey(KeyInfo* keyInfo) {\r
+ virtual XSECCryptoKey* resolveKey(const KeyInfo* keyInfo) const {\r
return m_key ? m_key->clone() : NULL;\r
}\r
\r
* @param keyInfo the key information\r
* @return the resolved key\r
*/\r
- virtual XSECCryptoKey* resolveKey(DSIGKeyInfoList* keyInfo=NULL) {\r
+ virtual XSECCryptoKey* resolveKey(DSIGKeyInfoList* keyInfo) const {\r
return m_key ? m_key->clone() : NULL;\r
}\r
+\r
+ /**\r
+ * Returns a set of certificates based on the supplied KeyInfo information.\r
+ * The certificates must be cloned if kept beyond the lifetime of the KeyInfo source.\r
+ * \r
+ * @param keyInfo the key information\r
+ * @param certs reference to vector to store certificates\r
+ * @return number of certificates returned\r
+ */\r
+ virtual std::vector<XSECCryptoX509*>::size_type resolveCertificates(\r
+ const KeyInfo* keyInfo, std::vector<XSECCryptoX509*>& certs\r
+ ) const;\r
\r
+ /**\r
+ * Returns a set of certificates based on the supplied KeyInfo information.\r
+ * The certificates must be cloned if kept beyond the lifetime of the KeyInfo source.\r
+ * \r
+ * @param keyInfo the key information\r
+ * @param certs reference to vector to store certificates\r
+ * @return number of certificates returned\r
+ */\r
+ virtual std::vector<XSECCryptoX509*>::size_type resolveCertificates(\r
+ DSIGKeyInfoList* keyInfo, std::vector<XSECCryptoX509*>& certs \r
+ ) const;\r
+\r
protected:\r
XSECCryptoKey* m_key;\r
};\r
\r
+ /**\r
+ * Registers KeyResolver classes into the runtime.\r
+ */\r
+ void XMLTOOL_API registerKeyResolvers();\r
+\r
+ /** KeyResolver based on hard-wired key */\r
+ #define FILESYSTEM_KEY_RESOLVER "org.opensaml.xmlooling.FilesystemKeyResolver"\r
+\r
+ /** KeyResolver based on extracting information directly out of a KeyInfo */\r
+ #define INLINE_KEY_RESOLVER "org.opensaml.xmlooling.InlineKeyResolver"\r
};\r
\r
#endif /* __xmltooling_keyres_h__ */\r
*/\r
\r
#include "internal.h"\r
+#include "signature/KeyResolver.h"\r
#include "signature/OpenSSLCredentialResolver.h"\r
#include "util/NDC.h"\r
#include "util/XMLHelper.h"\r
\r
-using namespace xmlsignature;\r
-using namespace xmltooling;\r
-\r
#include <sys/types.h>\r
#include <sys/stat.h>\r
#include <algorithm>\r
}\r
\r
namespace xmlsignature {\r
- class FilesystemCredentialResolver : public CredentialResolver\r
+ class FilesystemCredentialResolver : public OpenSSLCredentialResolver, public KeyResolver\r
{\r
public:\r
FilesystemCredentialResolver(const DOMElement* e);\r
- ~FilesystemCredentialResolver();\r
+ virtual ~FilesystemCredentialResolver();\r
\r
Lockable* lock() { return this; }\r
void unlock() {}\r
\r
XSECCryptoKey* loadKey();\r
\r
- void attach(SSL_CTX* ctx) const;\r
- XSECCryptoKey* getKey() const { return m_key->clone(); }\r
+ XSECCryptoKey* getKey() const { return m_key ? m_key->clone() : NULL; }\r
const vector<XSECCryptoX509*>& getCertificates() const { return m_xseccerts; }\r
+ void attach(SSL_CTX* ctx) const;\r
+ \r
+ XSECCryptoKey* resolveKey(const KeyInfo* keyInfo) const { return m_key ? m_key->clone() : NULL; }\r
+ XSECCryptoKey* resolveKey(DSIGKeyInfoList* keyInfo) const { return m_key ? m_key->clone() : NULL; }\r
+ vector<XSECCryptoX509*>::size_type resolveCertificates(const KeyInfo* keyInfo, vector<XSECCryptoX509*>& certs) const {\r
+ certs.assign(m_xseccerts.begin(), m_xseccerts.end());\r
+ return certs.size();\r
+ }\r
+ vector<XSECCryptoX509*>::size_type resolveCertificates(DSIGKeyInfoList* keyInfo, vector<XSECCryptoX509*>& certs) const {\r
+ certs.assign(m_xseccerts.begin(), m_xseccerts.end());\r
+ return certs.size();\r
+ }\r
\r
private:\r
enum format_t { PEM=SSL_FILETYPE_PEM, DER=SSL_FILETYPE_ASN1, _PKCS12, UNKNOWN };\r
{\r
return new FilesystemCredentialResolver(e);\r
}\r
+\r
+ KeyResolver* XMLTOOL_DLLLOCAL FilesystemKeyResolverFactory(const DOMElement* const & e)\r
+ {\r
+ return new FilesystemCredentialResolver(e);\r
+ }\r
};\r
\r
static const XMLCh CAPath[] = UNICODE_LITERAL_6(C,A,P,a,t,h);\r
static const XMLCh password[] = UNICODE_LITERAL_8(p,a,s,s,w,o,r,d);\r
static const XMLCh Path[] = UNICODE_LITERAL_4(P,a,t,h);\r
\r
-FilesystemCredentialResolver::FilesystemCredentialResolver(const DOMElement* e)\r
+FilesystemCredentialResolver::FilesystemCredentialResolver(const DOMElement* e) : m_key(NULL)\r
{\r
#ifdef _DEBUG\r
NDC ndc("FilesystemCredentialResolver");\r
\r
FilesystemCredentialResolver::~FilesystemCredentialResolver()\r
{\r
+ delete m_key;\r
for_each(m_certs.begin(),m_certs.end(),X509_free);\r
for_each(m_xseccerts.begin(),m_xseccerts.end(),xmltooling::cleanup<XSECCryptoX509>());\r
}\r
--- /dev/null
+/*\r
+ * Copyright 2001-2005 Internet2\r
+ * \r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ */\r
+\r
+/**\r
+ * InlineKeyResolver.cpp\r
+ * \r
+ * Resolves key information directly from recognized KeyInfo structures.\r
+ */\r
+\r
+#include "internal.h"\r
+#include "signature/KeyResolver.h"\r
+#include "util/NDC.h"\r
+#include "util/Threads.h"\r
+\r
+#include <algorithm>\r
+#include <log4cpp/Category.hh>\r
+#include <xercesc/util/XMLUniDefs.hpp>\r
+#include <xsec/dsig/DSIGKeyInfoX509.hpp>\r
+#include <xsec/enc/XSECKeyInfoResolverDefault.hpp>\r
+#include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>\r
+#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp>\r
+#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.hpp>\r
+#include <xsec/enc/XSECCryptoException.hpp>\r
+#include <xsec/framework/XSECException.hpp>\r
+\r
+using namespace xmlsignature;\r
+using namespace xmltooling;\r
+using namespace log4cpp;\r
+using namespace std;\r
+\r
+namespace xmlsignature {\r
+ class XMLTOOL_DLLLOCAL InlineKeyResolver : public KeyResolver\r
+ {\r
+ public:\r
+ InlineKeyResolver(const DOMElement* e);\r
+ virtual ~InlineKeyResolver();\r
+\r
+ XSECCryptoKey* resolveKey(const KeyInfo* keyInfo) const;\r
+ XSECCryptoKey* resolveKey(DSIGKeyInfoList* keyInfo) const;\r
+ vector<XSECCryptoX509*>::size_type resolveCertificates(const KeyInfo* keyInfo, vector<XSECCryptoX509*>& certs) const;\r
+ vector<XSECCryptoX509*>::size_type resolveCertificates(DSIGKeyInfoList* keyInfo, vector<XSECCryptoX509*>& certs) const;\r
+ \r
+ private:\r
+ struct XMLTOOL_DLLLOCAL CacheEntry {\r
+ CacheEntry() : m_key(NULL) {}\r
+ ~CacheEntry() {\r
+ delete m_key;\r
+ for_each(m_certs.begin(),m_certs.end(),xmltooling::cleanup<XSECCryptoX509>());\r
+ }\r
+ XSECCryptoKey* m_key;\r
+ vector<XSECCryptoX509*> m_certs;\r
+ };\r
+\r
+ void _resolve(const KeyInfo* keyInfo, CacheEntry& entry) const;\r
+ XSECCryptoKey* _resolveKey(const KeyInfo* keyInfo) const;\r
+ vector<XSECCryptoX509*>::size_type _resolveCertificates(const KeyInfo* keyInfo, vector<XSECCryptoX509*>& certs) const;\r
+\r
+ RWLock* m_lock;\r
+ mutable map<const KeyInfo*,CacheEntry> m_cache;\r
+ };\r
+\r
+ KeyResolver* XMLTOOL_DLLLOCAL InlineKeyResolverFactory(const DOMElement* const & e)\r
+ {\r
+ return new InlineKeyResolver(e);\r
+ }\r
+};\r
+\r
+static const XMLCh cache[] = UNICODE_LITERAL_5(c,a,c,h,e);\r
+\r
+InlineKeyResolver::InlineKeyResolver(const DOMElement* e) : m_lock(NULL)\r
+{\r
+ const XMLCh* flag = e ? e->getAttributeNS(NULL,cache) : NULL;\r
+ if (flag && XMLString::equals(flag,XMLConstants::XML_TRUE) || XMLString::equals(flag,XMLConstants::XML_ONE))\r
+ m_lock=RWLock::create();\r
+}\r
+\r
+InlineKeyResolver::~InlineKeyResolver()\r
+{\r
+ m_cache.clear();\r
+ delete m_lock;\r
+}\r
+\r
+void InlineKeyResolver::_resolve(const KeyInfo* keyInfo, CacheEntry& entry) const\r
+{\r
+ if (_resolveCertificates(keyInfo, entry.m_certs)>0)\r
+ entry.m_key = entry.m_certs.front()->clonePublicKey();\r
+ else\r
+ entry.m_key = _resolveKey(keyInfo);\r
+}\r
+\r
+XSECCryptoKey* InlineKeyResolver::_resolveKey(const KeyInfo* keyInfo) const\r
+{\r
+#ifdef _DEBUG\r
+ NDC ndc("_resolveKey");\r
+#endif\r
+ Category& log=Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver");\r
+\r
+ // Check for ds:X509Data\r
+ const vector<X509Data*>& x509Datas=keyInfo->getX509Datas();\r
+ for (vector<X509Data*>::const_iterator j=x509Datas.begin(); j!=x509Datas.end(); ++j) {\r
+ try {\r
+ const vector<X509Certificate*> x509Certs=const_cast<const X509Data*>(*j)->getX509Certificates();\r
+ if (!x509Certs.empty()) {\r
+ auto_ptr_char x(x509Certs.front()->getValue());\r
+ if (!x.get()) {\r
+ log.warn("skipping empty ds:X509Certificate");\r
+ }\r
+ else {\r
+ log.debug("resolving ds:X509Certificate");\r
+ auto_ptr<XSECCryptoX509> x509(XSECPlatformUtils::g_cryptoProvider->X509());\r
+ x509->loadX509Base64Bin(x.get(), strlen(x.get()));\r
+ return x509->clonePublicKey();\r
+ }\r
+ }\r
+ }\r
+ catch(XSECException& e) {\r
+ auto_ptr_char temp(e.getMsg());\r
+ log.error("caught XML-Security exception loading certificate: %s", temp.get());\r
+ }\r
+ catch(XSECCryptoException& e) {\r
+ log.error("caught XML-Security exception loading certificate: %s", e.getMsg());\r
+ }\r
+ }\r
+\r
+ // Check for ds:KeyValue\r
+ const vector<KeyValue*>& keyValues = keyInfo->getKeyValues();\r
+ for (vector<KeyValue*>::const_iterator i=keyValues.begin(); i!=keyValues.end(); ++i) {\r
+ try {\r
+ KeyInfoSchemaValidators.validate(*i); // see if it's a "valid" key\r
+ RSAKeyValue* rsakv = (*i)->getRSAKeyValue();\r
+ if (rsakv) {\r
+ log.debug("resolving ds:RSAKeyValue");\r
+ auto_ptr_char mod(rsakv->getModulus()->getValue());\r
+ auto_ptr_char exp(rsakv->getExponent()->getValue());\r
+ auto_ptr<XSECCryptoKeyRSA> rsa(XSECPlatformUtils::g_cryptoProvider->keyRSA());\r
+ rsa->loadPublicModulusBase64BigNums(mod.get(), strlen(mod.get()));\r
+ rsa->loadPublicExponentBase64BigNums(exp.get(), strlen(exp.get()));\r
+ return rsa.release();\r
+ }\r
+ DSAKeyValue* dsakv = (*i)->getDSAKeyValue();\r
+ if (dsakv) {\r
+ log.debug("resolving ds:DSAKeyValue");\r
+ auto_ptr<XSECCryptoKeyDSA> dsa(XSECPlatformUtils::g_cryptoProvider->keyDSA());\r
+ auto_ptr_char y(dsakv->getY()->getValue());\r
+ dsa->loadYBase64BigNums(y.get(), strlen(y.get()));\r
+ if (dsakv->getP()) {\r
+ auto_ptr_char p(dsakv->getP()->getValue());\r
+ dsa->loadPBase64BigNums(p.get(), strlen(p.get()));\r
+ }\r
+ if (dsakv->getQ()) {\r
+ auto_ptr_char q(dsakv->getQ()->getValue());\r
+ dsa->loadQBase64BigNums(q.get(), strlen(q.get()));\r
+ }\r
+ if (dsakv->getG()) {\r
+ auto_ptr_char g(dsakv->getG()->getValue());\r
+ dsa->loadGBase64BigNums(g.get(), strlen(g.get()));\r
+ }\r
+ return dsa.release();\r
+ }\r
+ }\r
+ catch (ValidationException& ex) {\r
+ log.warn("skipping invalid ds:KeyValue (%s)", ex.what());\r
+ }\r
+ catch(XSECException& e) {\r
+ auto_ptr_char temp(e.getMsg());\r
+ log.error("caught XML-Security exception loading key: %s", temp.get());\r
+ }\r
+ catch(XSECCryptoException& e) {\r
+ log.error("caught XML-Security exception loading key: %s", e.getMsg());\r
+ }\r
+ }\r
+\r
+ log.warn("unable to resolve key");\r
+ return NULL;\r
+}\r
+\r
+vector<XSECCryptoX509*>::size_type InlineKeyResolver::_resolveCertificates(\r
+ const KeyInfo* keyInfo, vector<XSECCryptoX509*>& certs\r
+ ) const\r
+{\r
+#ifdef _DEBUG\r
+ NDC ndc("_resolveCertificates");\r
+#endif\r
+ Category& log=Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver");\r
+\r
+ // Check for ds:X509Data\r
+ const vector<X509Data*>& x509Datas=keyInfo->getX509Datas();\r
+ for (vector<X509Data*>::const_iterator j=x509Datas.begin(); certs.empty() && j!=x509Datas.end(); ++j) {\r
+ const vector<X509Certificate*> x509Certs=const_cast<const X509Data*>(*j)->getX509Certificates();\r
+ for (vector<X509Certificate*>::const_iterator k=x509Certs.begin(); k!=x509Certs.end(); ++k) {\r
+ try {\r
+ auto_ptr_char x((*k)->getValue());\r
+ if (!x.get()) {\r
+ log.warn("skipping empty ds:X509Certificate");\r
+ }\r
+ else {\r
+ log.debug("resolving ds:X509Certificate");\r
+ auto_ptr<XSECCryptoX509> x509(XSECPlatformUtils::g_cryptoProvider->X509());\r
+ x509->loadX509Base64Bin(x.get(), strlen(x.get()));\r
+ certs.push_back(x509.release());\r
+ }\r
+ }\r
+ catch(XSECException& e) {\r
+ auto_ptr_char temp(e.getMsg());\r
+ log.error("caught XML-Security exception loading certificate: %s", temp.get());\r
+ }\r
+ catch(XSECCryptoException& e) {\r
+ log.error("caught XML-Security exception loading certificate: %s", e.getMsg());\r
+ }\r
+ }\r
+ }\r
+ if (log.isDebugEnabled()) {\r
+ log.debug("resolved %d certificate%s", certs.size(), certs.size()==1 ? "" : "s");\r
+ }\r
+ return certs.size();\r
+}\r
+\r
+XSECCryptoKey* InlineKeyResolver::resolveKey(const KeyInfo* keyInfo) const\r
+{\r
+ // Caching?\r
+ if (m_lock) {\r
+ // Get read lock.\r
+ m_lock->rdlock();\r
+ map<const KeyInfo*,CacheEntry>::iterator i=m_cache.find(keyInfo);\r
+ if (i != m_cache.end()) {\r
+ // Found in cache, so just return the results.\r
+ SharedLock locker(m_lock,false);\r
+ return i->second.m_key ? i->second.m_key->clone() : NULL;\r
+ }\r
+ else {\r
+ // Elevate lock.\r
+ m_lock->unlock();\r
+ m_lock->wrlock();\r
+ SharedLock locker(m_lock,false);\r
+ // Recheck cache.\r
+ i=m_cache.find(keyInfo);\r
+ if (i == m_cache.end()) {\r
+ i = m_cache.insert(make_pair(keyInfo,CacheEntry())).first;\r
+ _resolve(i->first, i->second);\r
+ }\r
+ return i->second.m_key ? i->second.m_key->clone() : NULL;\r
+ }\r
+ }\r
+ return _resolveKey(keyInfo);\r
+}\r
+\r
+vector<XSECCryptoX509*>::size_type InlineKeyResolver::resolveCertificates(\r
+ const KeyInfo* keyInfo, vector<XSECCryptoX509*>& certs\r
+ ) const\r
+{\r
+ // Caching?\r
+ if (m_lock) {\r
+ // Get read lock.\r
+ m_lock->rdlock();\r
+ map<const KeyInfo*,CacheEntry>::iterator i=m_cache.find(keyInfo);\r
+ if (i != m_cache.end()) {\r
+ // Found in cache, so just return the results.\r
+ SharedLock locker(m_lock,false);\r
+ certs.assign(i->second.m_certs.begin(), i->second.m_certs.end());\r
+ return certs.size();\r
+ }\r
+ else {\r
+ // Elevate lock.\r
+ m_lock->unlock();\r
+ m_lock->wrlock();\r
+ SharedLock locker(m_lock,false);\r
+ // Recheck cache.\r
+ i=m_cache.find(keyInfo);\r
+ if (i == m_cache.end()) {\r
+ i = m_cache.insert(make_pair(keyInfo,CacheEntry())).first;\r
+ _resolve(i->first, i->second);\r
+ }\r
+ certs.assign(i->second.m_certs.begin(), i->second.m_certs.end());\r
+ return certs.size();\r
+ }\r
+ }\r
+ return _resolveCertificates(keyInfo, certs);\r
+}\r
+\r
+XSECCryptoKey* InlineKeyResolver::resolveKey(DSIGKeyInfoList* keyInfo) const\r
+{\r
+#ifdef _DEBUG\r
+ NDC ndc("_resolveKey");\r
+#endif\r
+\r
+ // Default resolver handles RSA/DSAKeyValue and X509Certificate elements.\r
+ try {\r
+ XSECKeyInfoResolverDefault def;\r
+ return def.resolveKey(keyInfo);\r
+ }\r
+ catch(XSECException& e) {\r
+ auto_ptr_char temp(e.getMsg());\r
+ Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver").error("caught XML-Security exception loading certificate: %s", temp.get());\r
+ }\r
+ catch(XSECCryptoException& e) {\r
+ Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver").error("caught XML-Security exception loading certificate: %s", e.getMsg());\r
+ }\r
+ return NULL;\r
+}\r
+\r
+vector<XSECCryptoX509*>::size_type InlineKeyResolver::resolveCertificates(\r
+ DSIGKeyInfoList* keyInfo, vector<XSECCryptoX509*>& certs\r
+ ) const\r
+{\r
+ certs.clear();\r
+ DSIGKeyInfoList::size_type sz = keyInfo->getSize();\r
+ for (DSIGKeyInfoList::size_type i=0; certs.empty() && i<sz; ++i) {\r
+ if (keyInfo->item(i)->getKeyInfoType()==DSIGKeyInfo::KEYINFO_X509) {\r
+ DSIGKeyInfoX509* x509 = static_cast<DSIGKeyInfoX509*>(keyInfo->item(i));\r
+ int count = x509->getCertificateListSize();\r
+ for (int j=0; j<count; ++j) {\r
+ certs.push_back(x509->getCertificateCryptoItem(j));\r
+ }\r
+ }\r
+ }\r
+ return certs.size();\r
+}\r
--- /dev/null
+/*\r
+ * Copyright 2001-2005 Internet2\r
+ * \r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ */\r
+\r
+#include "XMLObjectBaseTestCase.h"\r
+\r
+#include <fstream>\r
+#include <xmltooling/signature/KeyResolver.h>\r
+\r
+using namespace xmlsignature;\r
+\r
+class InlineKeyResolverTest : public CxxTest::TestSuite {\r
+ KeyResolver* m_resolver;\r
+public:\r
+ InlineKeyResolverTest() : m_resolver(NULL) {}\r
+\r
+ void setUp() {\r
+ string config = data_path + "InlineKeyResolver.xml";\r
+ ifstream in(config.c_str());\r
+ DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in);\r
+ XercesJanitor<DOMDocument> janitor(doc);\r
+ m_resolver=XMLToolingConfig::getConfig().KeyResolverManager.newPlugin(INLINE_KEY_RESOLVER,doc->getDocumentElement());\r
+ }\r
+\r
+ void tearDown() {\r
+ delete m_resolver;\r
+ m_resolver=NULL;\r
+ }\r
+\r
+ void testResolver() {\r
+ string path=data_path + "KeyInfo1.xml";\r
+ ifstream fs(path.c_str());\r
+ DOMDocument* doc=XMLToolingConfig::getConfig().getValidatingParser().parse(fs);\r
+ TS_ASSERT(doc!=NULL);\r
+ const XMLObjectBuilder* b = XMLObjectBuilder::getBuilder(doc->getDocumentElement());\r
+ TS_ASSERT(b!=NULL);\r
+ auto_ptr<KeyInfo> kiObject(dynamic_cast<KeyInfo*>(b->buildFromDocument(doc)));\r
+ TS_ASSERT(kiObject.get()!=NULL);\r
+\r
+ auto_ptr<XSECCryptoKey> key(m_resolver->resolveKey(kiObject.get()));\r
+ TSM_ASSERT("Unable to resolve public key.", key.get()!=NULL);\r
+ TSM_ASSERT_EQUALS("Unexpected key type.", key->getKeyType(), XSECCryptoKey::KEY_RSA_PUBLIC);\r
+\r
+ vector<XSECCryptoX509*> certs;\r
+ TSM_ASSERT_EQUALS("Wrong certificate count.", m_resolver->resolveCertificates(kiObject.get(), certs), 1);\r
+ }\r
+};\r