# Boost
BOOST_REQUIRE
-BOOST_STRING_ALGO
+BOOST_BIND
BOOST_LAMBDA
+BOOST_STRING_ALGO
# are covariant methods allowed?
AC_LINK_IFELSE(
m4\acinclude.m4 = m4\acinclude.m4\r
m4\acx_pthread.m4 = m4\acx_pthread.m4\r
m4\ax_create_pkgconfig_info.m4 = m4\ax_create_pkgconfig_info.m4\r
+ ..\cpp-sp-ext\m4\boost.m4 = ..\cpp-sp-ext\m4\boost.m4\r
config_win32.h = config_win32.h\r
configure.ac = configure.ac\r
doxygen.am = doxygen.am\r
#include <stdexcept>
#include <boost/algorithm/string.hpp>
-#include <boost/lambda/bind.hpp>
-#include <boost/lambda/lambda.hpp>
+#include <boost/bind.hpp>
+#include <boost/ptr_container/ptr_vector.hpp>
#if defined(XMLTOOLING_LOG4SHIB)
# include <log4shib/PropertyConfigurator.hh>
using namespace xmltooling::logging;
using namespace xmltooling;
using namespace xercesc;
-using namespace boost::lambda;
using namespace boost;
using namespace std;
namespace {
static XMLToolingInternalConfig g_config;
#ifndef XMLTOOLING_NO_XMLSEC
- static vector<Mutex*> g_openssl_locks;
+ static ptr_vector<Mutex> g_openssl_locks;
extern "C" void openssl_locking_callback(int mode,int n,const char *file,int line)
{
if (mode & CRYPTO_LOCK)
- g_openssl_locks[n]->lock();
+ g_openssl_locks[n].lock();
else
- g_openssl_locks[n]->unlock();
+ g_openssl_locks[n].unlock();
}
# ifndef WIN32
for_each(
catpaths.begin(), catpaths.end(),
// Call loadCatalog with an inner call to s->c_str() on each entry.
- lambda::bind(static_cast<bool (ParserPool::*)(const char*)>(&ParserPool::loadCatalog), m_validatingPool, lambda::bind(&string::c_str,_1))
+ boost::bind(static_cast<bool (ParserPool::*)(const char*)>(&ParserPool::loadCatalog), m_validatingPool, boost::bind(&string::c_str,_1))
);
}
#ifndef XMLTOOLING_NO_XMLSEC
CRYPTO_set_locking_callback(nullptr);
- for_each(g_openssl_locks.begin(), g_openssl_locks.end(), xmltooling::cleanup<Mutex>());
- g_openssl_locks.clear();
+ g_openssl_locks.release();
#endif
SchemaValidators.destroyValidators();
}
map<string,Context> m_contextMap;
- RWLock* m_lock;
- CondWait* shutdown_wait;
- Thread* cleanup_thread;
+ auto_ptr<RWLock> m_lock;
+ auto_ptr<CondWait> shutdown_wait;
+ auto_ptr<Thread> cleanup_thread;
static void* cleanup_fn(void*);
bool shutdown;
int m_cleanupInterval;
static const XMLCh cleanupInterval[] = UNICODE_LITERAL_15(c,l,e,a,n,u,p,I,n,t,e,r,v,a,l);
MemoryStorageService::MemoryStorageService(const DOMElement* e)
- : m_lock(nullptr), shutdown_wait(nullptr), cleanup_thread(nullptr), shutdown(false),
+ : m_lock(RWLock::create()), shutdown_wait(CondWait::create()), shutdown(false),
m_cleanupInterval(XMLHelper::getAttrInt(e, 900, cleanupInterval)),
m_log(Category::getInstance(XMLTOOLING_LOGCAT".StorageService"))
{
- m_lock = RWLock::create();
- shutdown_wait = CondWait::create();
- cleanup_thread = Thread::create(&cleanup_fn, (void*)this);
+ cleanup_thread.reset(Thread::create(&cleanup_fn, (void*)this));
}
MemoryStorageService::~MemoryStorageService()
shutdown = true;
shutdown_wait->signal();
cleanup_thread->join(nullptr);
-
- delete cleanup_thread;
- delete shutdown_wait;
- delete m_lock;
}
void* MemoryStorageService::cleanup_fn(void* pv)
unsigned long count=0;
time_t now = time(nullptr);
cache->m_lock->wrlock();
- SharedLock locker(cache->m_lock, false);
+ SharedLock locker(cache->m_lock.get(), false);
for (map<string,Context>::iterator i=cache->m_contextMap.begin(); i!=cache->m_contextMap.end(); ++i)
count += i->second.reap(now);
void MemoryStorageService::reap(const char* context)
{
Context& ctx = writeContext(context);
- SharedLock locker(m_lock, false);
+ SharedLock locker(m_lock.get(), false);
ctx.reap(time(nullptr));
}
bool MemoryStorageService::createString(const char* context, const char* key, const char* value, time_t expiration)
{
Context& ctx = writeContext(context);
- SharedLock locker(m_lock, false);
+ SharedLock locker(m_lock.get(), false);
// Check for a duplicate.
map<string,Record>::iterator i=ctx.m_dataMap.find(key);
int MemoryStorageService::readString(const char* context, const char* key, string* pvalue, time_t* pexpiration, int version)
{
Context& ctx = readContext(context);
- SharedLock locker(m_lock, false);
+ SharedLock locker(m_lock.get(), false);
map<string,Record>::iterator i=ctx.m_dataMap.find(key);
if (i==ctx.m_dataMap.end())
int MemoryStorageService::updateString(const char* context, const char* key, const char* value, time_t expiration, int version)
{
Context& ctx = writeContext(context);
- SharedLock locker(m_lock, false);
+ SharedLock locker(m_lock.get(), false);
map<string,Record>::iterator i=ctx.m_dataMap.find(key);
if (i==ctx.m_dataMap.end())
bool MemoryStorageService::deleteString(const char* context, const char* key)
{
Context& ctx = writeContext(context);
- SharedLock locker(m_lock, false);
+ SharedLock locker(m_lock.get(), false);
// Find the record.
map<string,Record>::iterator i=ctx.m_dataMap.find(key);
void MemoryStorageService::updateContext(const char* context, time_t expiration)
{
Context& ctx = writeContext(context);
- SharedLock locker(m_lock, false);
+ SharedLock locker(m_lock.get(), false);
time_t now = time(nullptr);
map<string,Record>::iterator stop=ctx.m_dataMap.end();
#include "internal.h"
#include "HTTPRequest.h"
+#include <boost/algorithm/string.hpp>
+#include <boost/bind.hpp>
+
using namespace xmltooling;
+using namespace boost;
using namespace std;
GenericRequest::GenericRequest()
return strcmp(getScheme(),"https")==0;
}
+namespace {
+ void handle_cookie_fn(map<string,string>& cookieMap, vector<string>& nvpair, const string& s) {
+ nvpair.clear();
+ split(nvpair, s, is_any_of("="));
+ if (nvpair.size() == 2) {
+ trim(nvpair[0]);
+ cookieMap[nvpair[0]] = nvpair[1];
+ }
+ }
+}
+
const char* HTTPRequest::getCookie(const char* name) const
{
if (m_cookieMap.empty()) {
string cookies=getHeader("Cookie");
-
- string::size_type pos=0,cname,namelen,val,vallen;
- while (pos !=string::npos && pos < cookies.length()) {
- while (isspace(cookies[pos])) pos++;
- cname=pos;
- pos=cookies.find_first_of("=",pos);
- if (pos == string::npos)
- break;
- namelen=pos-cname;
- pos++;
- if (pos==cookies.length())
- break;
- val=pos;
- pos=cookies.find_first_of(";",pos);
- if (pos != string::npos) {
- vallen=pos-val;
- pos++;
- m_cookieMap.insert(make_pair(cookies.substr(cname,namelen),cookies.substr(val,vallen)));
- }
- else
- m_cookieMap.insert(make_pair(cookies.substr(cname,namelen),cookies.substr(val)));
- }
+ vector<string> nvpairs, nvpair;
+ split(nvpairs, cookies, is_any_of(";"), algorithm::token_compress_on);
+ for_each(nvpairs.begin(), nvpairs.end(), boost::bind(handle_cookie_fn, boost::ref(m_cookieMap), boost::ref(nvpair), _1));
}
map<string,string>::const_iterator lookup=m_cookieMap.find(name);
return (lookup==m_cookieMap.end()) ? nullptr : lookup->second.c_str();
#include "internal.h"
#include "HTTPResponse.h"
+#include <boost/algorithm/string/predicate.hpp>
+#include <boost/bind.hpp>
+
using namespace xmltooling;
+using namespace boost;
using namespace std;
GenericResponse::GenericResponse()
void HTTPResponse::sanitizeURL(const char* url)
{
+ // predicate for checking scheme below
+ static bool (*fn)(const string&, const string&, const std::locale&) = iequals;
+
const char* ch;
for (ch=url; *ch; ++ch) {
if (iscntrl((unsigned char)(*ch))) // convert to unsigned to allow full range from 00-FF
if (!ch)
throw IOException("URL is malformed.");
string s(url, ch - url);
- for (vector<string>::const_iterator i = m_allowedSchemes.begin(); i != m_allowedSchemes.end(); ++i) {
-#ifdef HAVE_STRCASECMP
- if (!strcasecmp(s.c_str(), i->c_str()))
-#else
- if (!stricmp(s.c_str(), i->c_str()))
-#endif
- return;
- }
+ vector<string>::const_iterator i =
+ find_if(m_allowedSchemes.begin(), m_allowedSchemes.end(), boost::bind(fn, boost::cref(s), _1, boost::cref(std::locale())));
+ if (i != m_allowedSchemes.end())
+ return;
throw IOException("URL contains invalid scheme ($1).", params(1, s.c_str()));
}
#include <set>
#include <string>
+#include <boost/ptr_container/ptr_vector.hpp>
namespace xmltooling {
AbstractPKIXTrustEngine(const xercesc::DOMElement* e=nullptr);
/** Plugins used to perform path validation. */
- std::vector<OpenSSLPathValidator*> m_pathValidators;
+ boost::ptr_vector<OpenSSLPathValidator> m_pathValidators;
/** Controls revocation checking, currently limited to CRLs and supports "off", "entityOnly", "fullChain". */
std::string m_checkRevocation;
#include <xmltooling/security/OpenSSLTrustEngine.h>
#include <xmltooling/security/SignatureTrustEngine.h>
-#include <vector>
+#include <boost/ptr_container/ptr_vector.hpp>
namespace xmltooling {
CredentialCriteria* criteria=nullptr
) const;
private:
- std::vector<TrustEngine*> m_engines;
- std::vector<SignatureTrustEngine*> m_sigEngines;
- std::vector<X509TrustEngine*> m_x509Engines;
- std::vector<OpenSSLTrustEngine*> m_osslEngines;
+ boost::ptr_vector<TrustEngine> m_engines;
+ boost::ptr_vector<SignatureTrustEngine,boost::view_clone_allocator> m_sigEngines;
+ boost::ptr_vector<X509TrustEngine,boost::view_clone_allocator> m_x509Engines;
+ boost::ptr_vector<OpenSSLTrustEngine,boost::view_clone_allocator> m_osslEngines;
};
};
using namespace xmltooling::logging;
using namespace xmltooling;
using namespace std;
-
+using boost::ptr_vector;
namespace xmltooling {
// Adapter between TrustEngine and PathValidator
AbstractPKIXTrustEngine::~AbstractPKIXTrustEngine()
{
- for_each(m_pathValidators.begin(), m_pathValidators.end(), xmltooling::cleanup<PathValidator>());
}
bool AbstractPKIXTrustEngine::checkEntityNames(
auto_ptr<PKIXValidationInfoIterator> pkix(getPKIXValidationInfoIterator(credResolver, criteria));
while (pkix->next()) {
PKIXParams params(*this, *pkix.get(), inlineCRLs);
- for (vector<OpenSSLPathValidator*>::const_iterator v = m_pathValidators.begin(); v != m_pathValidators.end(); ++v) {
- if ((*v)->validate(certEE, certChain, params)) {
+ for (ptr_vector<OpenSSLPathValidator>::const_iterator v = m_pathValidators.begin(); v != m_pathValidators.end(); ++v) {
+ if (v->validate(certEE, certChain, params)) {
return true;
}
}
#include <algorithm>
#include <functional>
+#include <boost/bind.hpp>
+#include <boost/ptr_container/ptr_vector.hpp>
#include <xercesc/util/XMLUniDefs.hpp>
using namespace xmltooling::logging;
using namespace xmltooling;
+using namespace boost;
using namespace std;
using xercesc::DOMElement;
{
public:
ChainingCredentialResolver(const DOMElement* e);
- virtual ~ChainingCredentialResolver() {
- for_each(m_resolvers.begin(), m_resolvers.end(), xmltooling::cleanup<CredentialResolver>());
- }
+ virtual ~ChainingCredentialResolver() {}
Lockable* lock() {
- for_each(m_resolvers.begin(), m_resolvers.end(), mem_fun(&Lockable::lock));
+ for_each(m_resolvers.begin(), m_resolvers.end(), mem_fun_ref(&Lockable::lock));
return this;
}
void unlock() {
- for_each(m_resolvers.begin(), m_resolvers.end(), mem_fun(&Lockable::unlock));
+ for_each(m_resolvers.begin(), m_resolvers.end(), mem_fun_ref(&Lockable::unlock));
}
const Credential* resolve(const CredentialCriteria* criteria=nullptr) const {
const Credential* cred = nullptr;
- for (vector<CredentialResolver*>::const_iterator cr = m_resolvers.begin(); !cred && cr!=m_resolvers.end(); ++cr)
- cred = (*cr)->resolve(criteria);
+ for (ptr_vector<CredentialResolver>::const_iterator cr = m_resolvers.begin(); !cred && cr!=m_resolvers.end(); ++cr)
+ cred = cr->resolve(criteria);
return cred;
}
virtual vector<const Credential*>::size_type resolve(
vector<const Credential*>& results, const CredentialCriteria* criteria=nullptr
) const {
- for (vector<CredentialResolver*>::const_iterator cr = m_resolvers.begin(); cr!=m_resolvers.end(); ++cr)
- (*cr)->resolve(results, criteria);
+
+ // Member function pointer to method to call.
+ static vector<const Credential*>::size_type (CredentialResolver::* fn)
+ (vector<const Credential*>& results, const CredentialCriteria* criteria) const = &CredentialResolver::resolve;
+
+ // ref() converts pass by copy to pass by reference for output parameter
+ for_each(m_resolvers.begin(), m_resolvers.end(), boost::bind(fn, _1, boost::ref(results), criteria));
return results.size();
}
private:
- vector<CredentialResolver*> m_resolvers;
+ ptr_vector<CredentialResolver> m_resolvers;
};
CredentialResolver* XMLTOOL_DLLLOCAL ChainingCredentialResolverFactory(const DOMElement* const & e)
#include "util/XMLHelper.h"
#include <algorithm>
+#include <boost/lambda/lambda.hpp>
#include <xercesc/util/XMLUniDefs.hpp>
using namespace xmlsignature;
using namespace xmltooling::logging;
using namespace xmltooling;
+using namespace boost::lambda;
+using namespace boost;
using namespace std;
using xercesc::DOMElement;
static const XMLCh _TrustEngine[] = UNICODE_LITERAL_11(T,r,u,s,t,E,n,g,i,n,e);
static const XMLCh type[] = UNICODE_LITERAL_4(t,y,p,e);
-ChainingTrustEngine::ChainingTrustEngine(const DOMElement* e) : TrustEngine(e) {
+ChainingTrustEngine::ChainingTrustEngine(const DOMElement* e) : TrustEngine(e)
+{
Category& log=Category::getInstance(XMLTOOLING_LOGCAT".TrustEngine."CHAINING_TRUSTENGINE);
e = e ? XMLHelper::getFirstChildElement(e, _TrustEngine) : nullptr;
while (e) {
}
}
-ChainingTrustEngine::~ChainingTrustEngine() {
- for_each(m_engines.begin(), m_engines.end(), xmltooling::cleanup<TrustEngine>());
+ChainingTrustEngine::~ChainingTrustEngine()
+{
}
void ChainingTrustEngine::addTrustEngine(TrustEngine* newEngine)
TrustEngine* ChainingTrustEngine::removeTrustEngine(TrustEngine* oldEngine)
{
- vector<TrustEngine*>::iterator i = find(m_engines.begin(), m_engines.end(), oldEngine);
+ ptr_vector<TrustEngine>::iterator i =
+ find_if(m_engines.begin(), m_engines.end(), (&_1 == oldEngine));
if (i != m_engines.end()) {
- m_engines.erase(i);
-
SignatureTrustEngine* sig = dynamic_cast<SignatureTrustEngine*>(oldEngine);
if (sig) {
- vector<SignatureTrustEngine*>::iterator s = find(m_sigEngines.begin(), m_sigEngines.end(), sig);
+ ptr_vector<SignatureTrustEngine>::iterator s =
+ find_if(m_sigEngines.begin(), m_sigEngines.end(), (&_1 == sig));
if (s != m_sigEngines.end())
m_sigEngines.erase(s);
}
X509TrustEngine* x509 = dynamic_cast<X509TrustEngine*>(oldEngine);
if (x509) {
- vector<X509TrustEngine*>::iterator x = find(m_x509Engines.begin(), m_x509Engines.end(), x509);
+ ptr_vector<X509TrustEngine>::iterator x =
+ find_if(m_x509Engines.begin(), m_x509Engines.end(), (&_1 == x509));
if (x != m_x509Engines.end())
m_x509Engines.erase(x);
}
OpenSSLTrustEngine* ossl = dynamic_cast<OpenSSLTrustEngine*>(oldEngine);
if (ossl) {
- vector<OpenSSLTrustEngine*>::iterator o = find(m_osslEngines.begin(), m_osslEngines.end(), ossl);
+ ptr_vector<OpenSSLTrustEngine>::iterator o =
+ find_if(m_osslEngines.begin(), m_osslEngines.end(), (&_1 == ossl));
if (o != m_osslEngines.end())
m_osslEngines.erase(o);
}
- return oldEngine;
+ return (m_engines.release(i)).release();
}
return nullptr;
}
bool ChainingTrustEngine::validate(Signature& sig, const CredentialResolver& credResolver, CredentialCriteria* criteria) const
{
unsigned int usage = criteria ? criteria->getUsage() : 0;
- for (vector<SignatureTrustEngine*>::const_iterator i=m_sigEngines.begin(); i!=m_sigEngines.end(); ++i) {
- if ((*i)->validate(sig,credResolver,criteria))
+ for (ptr_vector<SignatureTrustEngine>::const_iterator i=m_sigEngines.begin(); i!=m_sigEngines.end(); ++i) {
+ if (i->validate(sig,credResolver,criteria))
return true;
if (criteria) {
criteria->reset();
) const
{
unsigned int usage = criteria ? criteria->getUsage() : 0;
- for (vector<SignatureTrustEngine*>::const_iterator i=m_sigEngines.begin(); i!=m_sigEngines.end(); ++i) {
- if ((*i)->validate(sigAlgorithm, sig, keyInfo, in, in_len, credResolver, criteria))
+ for (ptr_vector<SignatureTrustEngine>::const_iterator i=m_sigEngines.begin(); i!=m_sigEngines.end(); ++i) {
+ if (i->validate(sigAlgorithm, sig, keyInfo, in, in_len, credResolver, criteria))
return true;
if (criteria) {
criteria->reset();
) const
{
unsigned int usage = criteria ? criteria->getUsage() : 0;
- for (vector<X509TrustEngine*>::const_iterator i=m_x509Engines.begin(); i!=m_x509Engines.end(); ++i) {
- if ((*i)->validate(certEE,certChain,credResolver,criteria))
+ for (ptr_vector<X509TrustEngine>::const_iterator i=m_x509Engines.begin(); i!=m_x509Engines.end(); ++i) {
+ if (i->validate(certEE,certChain,credResolver,criteria))
return true;
if (criteria) {
criteria->reset();
) const
{
unsigned int usage = criteria ? criteria->getUsage() : 0;
- for (vector<OpenSSLTrustEngine*>::const_iterator i=m_osslEngines.begin(); i!=m_osslEngines.end(); ++i) {
- if ((*i)->validate(certEE,certChain,credResolver,criteria))
+ for (ptr_vector<OpenSSLTrustEngine>::const_iterator i=m_osslEngines.begin(); i!=m_osslEngines.end(); ++i) {
+ if (i->validate(certEE,certChain,credResolver,criteria))
return true;
if (criteria) {
criteria->reset();
class XMLTOOL_DLLLOCAL InlineCredential : public BasicX509Credential
{
public:
- InlineCredential(const KeyInfo* keyInfo=nullptr) : BasicX509Credential(keyInfo!=nullptr), m_credctx(new KeyInfoCredentialContext(keyInfo)) {
- }
- InlineCredential(DSIGKeyInfoList* keyInfo) : BasicX509Credential(false), m_credctx(new KeyInfoCredentialContext(keyInfo)) {
- }
- InlineCredential(KeyInfoCredentialContext* context) : BasicX509Credential(context->getKeyInfo()!=nullptr), m_credctx(nullptr) {
- }
- virtual ~InlineCredential() {
- delete m_credctx;
- }
+ InlineCredential(const KeyInfo* keyInfo=nullptr) : BasicX509Credential(keyInfo!=nullptr), m_credctx(new KeyInfoCredentialContext(keyInfo)) {}
+ InlineCredential(DSIGKeyInfoList* keyInfo) : BasicX509Credential(false), m_credctx(new KeyInfoCredentialContext(keyInfo)) {}
+ InlineCredential(KeyInfoCredentialContext* context) : BasicX509Credential(context->getKeyInfo()!=nullptr) {}
+ virtual ~InlineCredential() {}
XSECCryptoKey* getPrivateKey() const {
return nullptr;
}
const CredentialContext* getCredentalContext() const {
- return m_credctx;
+ return m_credctx.get();
}
void setCredentialContext(KeyInfoCredentialContext* context) {
- m_credctx = context;
+ m_credctx.reset(context);
}
void resolve(const KeyInfo* keyInfo, int types=0, bool followRefs=false);
bool resolveKey(const KeyInfo* keyInfo, bool followRefs=false);
bool resolveCRLs(const KeyInfo* keyInfo, bool followRefs=false);
- KeyInfoCredentialContext* m_credctx;
+ auto_ptr<KeyInfoCredentialContext> m_credctx;
};
static const XMLCh keyInfoReferences[] = UNICODE_LITERAL_17(k,e,y,I,n,f,o,R,e,f,e,r,e,n,c,e,s);
public:
StaticPKIXTrustEngine(const DOMElement* e=nullptr);
- virtual ~StaticPKIXTrustEngine() {
- delete m_credResolver;
- }
+ virtual ~StaticPKIXTrustEngine() {}
AbstractPKIXTrustEngine::PKIXValidationInfoIterator* getPKIXValidationInfoIterator(
const CredentialResolver& pkixSource, CredentialCriteria* criteria=nullptr
private:
int m_depth;
- CredentialResolver* m_credResolver;
+ auto_ptr<CredentialResolver> m_credResolver;
friend class XMLTOOL_DLLLOCAL StaticPKIXIterator;
};
};
StaticPKIXTrustEngine::StaticPKIXTrustEngine(const DOMElement* e)
- : AbstractPKIXTrustEngine(e), m_depth(XMLHelper::getAttrInt(e, 1, verifyDepth)), m_credResolver(nullptr)
+ : AbstractPKIXTrustEngine(e), m_depth(XMLHelper::getAttrInt(e, 1, verifyDepth))
{
if (e && e->hasAttributeNS(nullptr, certificate)) {
// Simple File resolver config rooted here.
- m_credResolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(FILESYSTEM_CREDENTIAL_RESOLVER, e);
+ m_credResolver.reset(XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(FILESYSTEM_CREDENTIAL_RESOLVER, e));
}
else {
e = e ? XMLHelper::getFirstChildElement(e, _CredentialResolver) : nullptr;
string t = XMLHelper::getAttrString(e, nullptr, type);
if (!t.empty())
- m_credResolver = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(t.c_str(), e);
+ m_credResolver.reset(XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(t.c_str(), e));
else
throw XMLSecurityException("Missing <CredentialResolver> element, or no type attribute found");
}
#include "XMLObjectBaseTestCase.h"
+#include <xmltooling/security/ChainingTrustEngine.h>
#include <xmltooling/security/CredentialResolver.h>
#include <xmltooling/security/SecurityHelper.h>
-#include <xmltooling/security/X509TrustEngine.h>
#include <fstream>
#include <xsec/enc/XSECCryptoKey.hpp>
}
CredentialResolver* m_dummy;
+ ChainingTrustEngine* m_chain;
XSECCryptoX509* m_ee; // end entity
XSECCryptoX509* m_int1; // any policy
XSECCryptoX509* m_int2; // explicit policy
public:
void setUp() {
m_dummy = XMLToolingConfig::getConfig().CredentialResolverManager.newPlugin(DUMMY_CREDENTIAL_RESOLVER, nullptr);
+ m_chain = dynamic_cast<ChainingTrustEngine*>(XMLToolingConfig::getConfig().TrustEngineManager.newPlugin(CHAINING_TRUSTENGINE, nullptr));
m_ee = m_int1 = m_int2 = m_int3 = nullptr;
vector<XSECCryptoX509*> certs;
}
void tearDown() {
+ delete m_chain;
delete m_dummy;
delete m_ee;
delete m_int1;
void testAnyPolicy() {
- auto_ptr<X509TrustEngine> trust(buildTrustEngine("AnyPolicy"));
+ TrustEngine* trust = buildTrustEngine("AnyPolicy");
+ m_chain->addTrustEngine(trust);
vector<XSECCryptoX509*> untrusted(1, m_int1);
- TSM_ASSERT("PKIX validation failed", trust->validate(m_ee, untrusted, *m_dummy));
+ TSM_ASSERT("PKIX validation failed", m_chain->validate(m_ee, untrusted, *m_dummy));
+
+ TSM_ASSERT_EQUALS("Trust engine removal failed", m_chain->removeTrustEngine(trust), trust);
+ delete trust;
}
void testExplicitPolicy() {
- auto_ptr<X509TrustEngine> trust(buildTrustEngine("ExplicitPolicy"));
+ TrustEngine* trust = buildTrustEngine("ExplicitPolicy");
+ m_chain->addTrustEngine(trust);
vector<XSECCryptoX509*> untrusted(1, m_int1);
- TSM_ASSERT("PKIX validation succeeded despite anyPolicyInhibit", !trust->validate(m_ee, untrusted, *m_dummy));
+ TSM_ASSERT("PKIX validation succeeded despite anyPolicyInhibit", !m_chain->validate(m_ee, untrusted, *m_dummy));
untrusted[0] = m_int2;
- TSM_ASSERT("PKIX validation failed", trust->validate(m_ee, untrusted, *m_dummy));
+ TSM_ASSERT("PKIX validation failed", m_chain->validate(m_ee, untrusted, *m_dummy));
untrusted[0] = m_int3;
- TSM_ASSERT("PKIX validation failed", trust->validate(m_ee, untrusted, *m_dummy));
+ TSM_ASSERT("PKIX validation failed", m_chain->validate(m_ee, untrusted, *m_dummy));
+
+ TSM_ASSERT_EQUALS("Trust engine removal failed", m_chain->removeTrustEngine(trust), trust);
+ delete trust;
}
void testExplicitPolicyMap() {
- auto_ptr<X509TrustEngine> trust(buildTrustEngine("ExplicitPolicyMap"));
+ TrustEngine* trust = buildTrustEngine("ExplicitPolicyMap");
+ m_chain->addTrustEngine(trust);
vector<XSECCryptoX509*> untrusted(1, m_int3);
- TSM_ASSERT("PKIX validation failed", trust->validate(m_ee, untrusted, *m_dummy));
+ TSM_ASSERT("PKIX validation failed", m_chain->validate(m_ee, untrusted, *m_dummy));
+
+ TSM_ASSERT_EQUALS("Trust engine removal failed", m_chain->removeTrustEngine(trust), trust);
+ delete trust;
}
void testExplicitPolicyNoMap() {
- auto_ptr<X509TrustEngine> trust(buildTrustEngine("ExplicitPolicyNoMap"));
+ TrustEngine* trust = buildTrustEngine("ExplicitPolicyNoMap");
+ m_chain->addTrustEngine(trust);
vector<XSECCryptoX509*> untrusted(1, m_int3);
- TSM_ASSERT("PKIX validation succeeded despite policyMappingInhibit", !trust->validate(m_ee, untrusted, *m_dummy));
+ TSM_ASSERT("PKIX validation succeeded despite policyMappingInhibit", !m_chain->validate(m_ee, untrusted, *m_dummy));
+
+ TSM_ASSERT_EQUALS("Trust engine removal failed", m_chain->removeTrustEngine(trust), trust);
+ delete trust;
}
};