From f6dd3b14787e0f3e9da68aede8ddc33d9d774a11 Mon Sep 17 00:00:00 2001 From: Scott Cantor Date: Tue, 7 Oct 2008 14:33:34 +0000 Subject: [PATCH] Move credential locking to per-use to allow for reloadable credentials. --- xmltooling/security/impl/StaticPKIXTrustEngine.cpp | 54 ++++++++++------------ 1 file changed, 24 insertions(+), 30 deletions(-) diff --git a/xmltooling/security/impl/StaticPKIXTrustEngine.cpp b/xmltooling/security/impl/StaticPKIXTrustEngine.cpp index 43699e3..f2432bd 100644 --- a/xmltooling/security/impl/StaticPKIXTrustEngine.cpp +++ b/xmltooling/security/impl/StaticPKIXTrustEngine.cpp @@ -51,10 +51,7 @@ namespace xmltooling { StaticPKIXTrustEngine(const DOMElement* e=NULL); virtual ~StaticPKIXTrustEngine() { - if (m_credResolver) { - m_credResolver->unlock(); - delete m_credResolver; - } + delete m_credResolver; } AbstractPKIXTrustEngine::PKIXValidationInfoIterator* getPKIXValidationInfoIterator( @@ -66,10 +63,8 @@ namespace xmltooling { } private: - CredentialResolver* m_credResolver; int m_depth; - vector m_certs; - vector m_crls; + CredentialResolver* m_credResolver; friend class XMLTOOL_DLLLOCAL StaticPKIXIterator; }; @@ -82,9 +77,26 @@ namespace xmltooling { { public: StaticPKIXIterator(const StaticPKIXTrustEngine& engine) : m_engine(engine), m_done(false) { + // Merge together all X509Credentials we can resolve. + m_engine.m_credResolver->lock(); + try { + vector creds; + m_engine.m_credResolver->resolve(creds); + for (vector::const_iterator i = creds.begin(); i != creds.end(); ++i) { + const X509Credential* xcred = dynamic_cast(*i); + if (xcred) { + m_certs.insert(m_certs.end(), xcred->getEntityCertificateChain().begin(), xcred->getEntityCertificateChain().end()); + m_crls.insert(m_crls.end(), xcred->getCRLs().begin(), xcred->getCRLs().end()); + } + } + } + catch (exception& ex) { + logging::Category::getInstance(XMLTOOLING_LOGCAT".TrustEngine.StaticPKIX").error(ex.what()); + } } virtual ~StaticPKIXIterator() { + m_engine.m_credResolver->unlock(); } bool next() { @@ -99,26 +111,26 @@ namespace xmltooling { } const vector& getTrustAnchors() const { - return m_engine.m_certs; + return m_certs; } const vector& getCRLs() const { - return m_engine.m_crls; + return m_crls; } private: const StaticPKIXTrustEngine& m_engine; + vector m_certs; + vector m_crls; bool m_done; }; }; -StaticPKIXTrustEngine::StaticPKIXTrustEngine(const DOMElement* e) : AbstractPKIXTrustEngine(e) +StaticPKIXTrustEngine::StaticPKIXTrustEngine(const DOMElement* e) : AbstractPKIXTrustEngine(e), m_depth(1), m_credResolver(NULL) { const XMLCh* depth = e ? e->getAttributeNS(NULL, verifyDepth) : NULL; if (depth && *depth) m_depth = XMLString::parseInt(depth); - else - m_depth = 1; if (e && e->hasAttributeNS(NULL,certificate)) { // Simple File resolver config rooted here. @@ -133,24 +145,6 @@ StaticPKIXTrustEngine::StaticPKIXTrustEngine(const DOMElement* e) : AbstractPKIX else throw XMLSecurityException("Missing element, or no type attribute found"); } - - m_credResolver->lock(); - - // Merge together all X509Credentials we can resolve. - try { - vector creds; - m_credResolver->resolve(creds); - for (vector::const_iterator i = creds.begin(); i != creds.end(); ++i) { - const X509Credential* xcred = dynamic_cast(*i); - if (xcred) { - m_certs.insert(m_certs.end(), xcred->getEntityCertificateChain().begin(), xcred->getEntityCertificateChain().end()); - m_crls.insert(m_crls.end(), xcred->getCRLs().begin(), xcred->getCRLs().end()); - } - } - } - catch (exception& ex) { - logging::Category::getInstance(XMLTOOLING_LOGCAT".TrustEngine.StaticPKIX").error(ex.what()); - } } AbstractPKIXTrustEngine::PKIXValidationInfoIterator* StaticPKIXTrustEngine::getPKIXValidationInfoIterator( -- 2.1.4