#if !defined(__xmltooling_keyres_h__) && !defined(XMLTOOLING_NO_XMLSEC)\r
#define __xmltooling_keyres_h__\r
\r
+#include <xmltooling/security/XSECCryptoX509CRL.h>\r
#include <xmltooling/signature/KeyInfo.h>\r
\r
#include <xsec/dsig/DSIGKeyInfoList.hpp>\r
DSIGKeyInfoList* keyInfo, std::vector<XSECCryptoX509*>& certs \r
) const;\r
\r
+ /**\r
+ * Returns a CRL based on the supplied KeyInfo information.\r
+ * The caller must delete the CRL when done with it.\r
+ * \r
+ * @param keyInfo the key information\r
+ * @return the resolved CRL\r
+ */\r
+ virtual xmltooling::XSECCryptoX509CRL* resolveCRL(const KeyInfo* keyInfo) const;\r
+ \r
+ /**\r
+ * Returns a CRL based on the supplied KeyInfo information.\r
+ * The caller must delete the CRL when done with it.\r
+ * \r
+ * @param keyInfo the key information\r
+ * @return the resolved CRL\r
+ */\r
+ virtual xmltooling::XSECCryptoX509CRL* resolveCRL(DSIGKeyInfoList* keyInfo) const;\r
+\r
protected:\r
XSECCryptoKey* m_key;\r
};\r
XSECCryptoKey* resolveKey(DSIGKeyInfoList* keyInfo) const;\r
vector<XSECCryptoX509*>::size_type resolveCertificates(const KeyInfo* keyInfo, vector<XSECCryptoX509*>& certs) const;\r
vector<XSECCryptoX509*>::size_type resolveCertificates(DSIGKeyInfoList* keyInfo, vector<XSECCryptoX509*>& certs) const;\r
+ XSECCryptoX509CRL* resolveCRL(const KeyInfo* keyInfo) const;\r
+ XSECCryptoX509CRL* resolveCRL(DSIGKeyInfoList* keyInfo) const;\r
\r
void clearCache() {\r
if (m_lock)\r
\r
private:\r
struct XMLTOOL_DLLLOCAL CacheEntry {\r
- CacheEntry() : m_key(NULL) {}\r
+ CacheEntry() : m_key(NULL), m_crl(NULL) {}\r
~CacheEntry() {\r
delete m_key;\r
for_each(m_certs.begin(),m_certs.end(),xmltooling::cleanup<XSECCryptoX509>());\r
+ delete m_crl;\r
}\r
XSECCryptoKey* m_key;\r
vector<XSECCryptoX509*> m_certs;\r
+ XSECCryptoX509CRL* m_crl;\r
};\r
\r
void _resolve(const KeyInfo* keyInfo, CacheEntry& entry) const;\r
XSECCryptoKey* _resolveKey(const KeyInfo* keyInfo) const;\r
vector<XSECCryptoX509*>::size_type _resolveCertificates(const KeyInfo* keyInfo, vector<XSECCryptoX509*>& certs) const;\r
+ XSECCryptoX509CRL* _resolveCRL(const KeyInfo* keyInfo) const;\r
\r
RWLock* m_lock;\r
mutable map<const KeyInfo*,CacheEntry> m_cache;\r
entry.m_key = entry.m_certs.front()->clonePublicKey();\r
else\r
entry.m_key = _resolveKey(keyInfo);\r
+ entry.m_crl = _resolveCRL(keyInfo);\r
}\r
\r
XSECCryptoKey* InlineKeyResolver::_resolveKey(const KeyInfo* keyInfo) const\r
return certs.size();\r
}\r
\r
+XSECCryptoX509CRL* InlineKeyResolver::_resolveCRL(const KeyInfo* keyInfo) const\r
+{\r
+#ifdef _DEBUG\r
+ NDC ndc("_resolveCRL");\r
+#endif\r
+ Category& log=Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver");\r
+\r
+ // Check for ds:X509Data\r
+ const vector<X509Data*>& x509Datas=keyInfo->getX509Datas();\r
+ for (vector<X509Data*>::const_iterator j=x509Datas.begin(); j!=x509Datas.end(); ++j) {\r
+ const vector<X509CRL*> x509CRLs=const_cast<const X509Data*>(*j)->getX509CRLs();\r
+ for (vector<X509CRL*>::const_iterator k=x509CRLs.begin(); k!=x509CRLs.end(); ++k) {\r
+ try {\r
+ auto_ptr_char x((*k)->getValue());\r
+ if (!x.get()) {\r
+ log.warn("skipping empty ds:X509CRL");\r
+ }\r
+ else {\r
+ log.debug("resolving ds:X509CRL");\r
+ auto_ptr<XSECCryptoX509CRL> crl(XMLToolingConfig::getConfig().X509CRL());\r
+ crl->loadX509CRLBase64Bin(x.get(), strlen(x.get()));\r
+ return crl.release();\r
+ }\r
+ }\r
+ catch(XSECException& e) {\r
+ auto_ptr_char temp(e.getMsg());\r
+ log.error("caught XML-Security exception loading certificate: %s", temp.get());\r
+ }\r
+ catch(XSECCryptoException& e) {\r
+ log.error("caught XML-Security exception loading certificate: %s", e.getMsg());\r
+ }\r
+ }\r
+ }\r
+ return NULL;\r
+}\r
+\r
XSECCryptoKey* InlineKeyResolver::resolveKey(const KeyInfo* keyInfo) const\r
{\r
// Caching?\r
return _resolveKey(keyInfo);\r
}\r
\r
+XSECCryptoX509CRL* InlineKeyResolver::resolveCRL(const KeyInfo* keyInfo) const\r
+{\r
+ // Caching?\r
+ if (m_lock) {\r
+ // Get read lock.\r
+ m_lock->rdlock();\r
+ map<const KeyInfo*,CacheEntry>::iterator i=m_cache.find(keyInfo);\r
+ if (i != m_cache.end()) {\r
+ // Found in cache, so just return the results.\r
+ SharedLock locker(m_lock,false);\r
+ return i->second.m_crl ? i->second.m_crl->clone() : NULL;\r
+ }\r
+ else {\r
+ // Elevate lock.\r
+ m_lock->unlock();\r
+ m_lock->wrlock();\r
+ SharedLock locker(m_lock,false);\r
+ // Recheck cache.\r
+ i=m_cache.find(keyInfo);\r
+ if (i == m_cache.end()) {\r
+ i = m_cache.insert(make_pair(keyInfo,CacheEntry())).first;\r
+ _resolve(i->first, i->second);\r
+ }\r
+ return i->second.m_crl ? i->second.m_crl->clone() : NULL;\r
+ }\r
+ }\r
+ return _resolveCRL(keyInfo);\r
+}\r
+\r
vector<XSECCryptoX509*>::size_type InlineKeyResolver::resolveCertificates(\r
const KeyInfo* keyInfo, vector<XSECCryptoX509*>& certs\r
) const\r
XSECCryptoKey* InlineKeyResolver::resolveKey(DSIGKeyInfoList* keyInfo) const\r
{\r
#ifdef _DEBUG\r
- NDC ndc("_resolveKey");\r
+ NDC ndc("resolveKey");\r
#endif\r
\r
// Default resolver handles RSA/DSAKeyValue and X509Certificate elements.\r
}\r
return certs.size();\r
}\r
+\r
+XSECCryptoX509CRL* InlineKeyResolver::resolveCRL(DSIGKeyInfoList* keyInfo) const\r
+{\r
+#ifdef _DEBUG\r
+ NDC ndc("resolveCRL");\r
+#endif\r
+\r
+ DSIGKeyInfoList::size_type sz = keyInfo->getSize();\r
+ for (DSIGKeyInfoList::size_type i=0; i<sz; ++i) {\r
+ if (keyInfo->item(i)->getKeyInfoType()==DSIGKeyInfo::KEYINFO_X509) {\r
+ auto_ptr_char buf(static_cast<DSIGKeyInfoX509*>(keyInfo->item(i))->getX509CRL());\r
+ if (buf.get()) {\r
+ try {\r
+ auto_ptr<XSECCryptoX509CRL> crlobj(XMLToolingConfig::getConfig().X509CRL());\r
+ crlobj->loadX509CRLBase64Bin(buf.get(), strlen(buf.get()));\r
+ return crlobj.release();\r
+ }\r
+ catch(XSECException& e) {\r
+ auto_ptr_char temp(e.getMsg());\r
+ Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver").error("caught XML-Security exception loading CRL: %s", temp.get());\r
+ }\r
+ catch(XSECCryptoException& e) {\r
+ Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver").error("caught XML-Security exception loading CRL: %s", e.getMsg());\r
+ }\r
+ }\r
+ }\r
+ }\r
+ return NULL;\r
+}\r