/*
- * Copyright 2001-2007 Internet2
+ * Copyright 2001-2010 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
/**
* PKIXTrustEngine.cpp
*
- * Shibboleth-specific PKIX-validation TrustEngine
+ * Shibboleth-specific PKIX-validation TrustEngine.
*/
#include "internal.h"
#include <xmltooling/security/AbstractPKIXTrustEngine.h>
#include <xmltooling/security/KeyInfoResolver.h>
#include <xmltooling/security/X509Credential.h>
+#include <xmltooling/util/Threads.h>
using namespace shibsp;
using namespace opensaml::saml2md;
class SHIBSP_DLLLOCAL PKIXTrustEngine : public AbstractPKIXTrustEngine, public ObservableMetadataProvider::Observer
{
public:
- PKIXTrustEngine(const DOMElement* e=NULL) : AbstractPKIXTrustEngine(e), m_credLock(RWLock::create()) {
+ PKIXTrustEngine(const DOMElement* e=nullptr) : AbstractPKIXTrustEngine(e), m_credLock(RWLock::create()) {
}
virtual ~PKIXTrustEngine() {
for (map<const ObservableMetadataProvider*,credmap_t>::iterator i=m_credentialMap.begin(); i!=m_credentialMap.end(); ++i) {
}
AbstractPKIXTrustEngine::PKIXValidationInfoIterator* getPKIXValidationInfoIterator(
- const CredentialResolver& pkixSource, CredentialCriteria* criteria=NULL
+ const CredentialResolver& pkixSource, CredentialCriteria* criteria=nullptr
) const;
void onEvent(const ObservableMetadataProvider& metadata) const {
mutable map<const ObservableMetadataProvider*,credmap_t> m_credentialMap;
};
- SHIBSP_DLLLOCAL PluginManager<TrustEngine,const DOMElement*>::Factory PKIXTrustEngineFactory;
+ SHIBSP_DLLLOCAL PluginManager<TrustEngine,string,const DOMElement*>::Factory PKIXTrustEngineFactory;
TrustEngine* SHIBSP_DLLLOCAL PKIXTrustEngineFactory(const DOMElement* const & e)
{
MetadataPKIXIterator::MetadataPKIXIterator(
const PKIXTrustEngine& engine, const MetadataProvider& pkixSource, MetadataCredentialCriteria& criteria
- ) : m_caching(false), m_engine(engine), m_obj(criteria.getRole().getParent()), m_extBlock(NULL), m_current(NULL)
+ ) : m_caching(false), m_engine(engine), m_obj(criteria.getRole().getParent()), m_extBlock(nullptr), m_current(nullptr)
{
// If we can't hook the metadata for changes, then we can't do any caching and the rest of this is academic.
const ObservableMetadataProvider* observable = dynamic_cast<const ObservableMetadataProvider*>(&pkixSource);
// If we get here, we hit the end of this Extensions block.
// Climb a level, if possible.
m_obj = m_obj->getParent();
- m_current = NULL;
- m_extBlock = NULL;
+ m_current = nullptr;
+ m_extBlock = nullptr;
}
// If we get here, we try and find an Extensions block.
// Copy over the information.
for (vector<X509Credential*>::const_iterator c=cached->second.begin(); c!=cached->second.end(); ++c) {
m_certs.insert(m_certs.end(), (*c)->getEntityCertificateChain().begin(), (*c)->getEntityCertificateChain().end());
- m_crls.push_back((*c)->getCRL());
+ if ((*c)->getCRL())
+ m_crls.push_back((*c)->getCRL());
}
return;
}
// Copy over the new information.
for (vector<X509Credential*>::const_iterator c=m_ownedCreds.begin(); c!=m_ownedCreds.end(); ++c) {
m_certs.insert(m_certs.end(), (*c)->getEntityCertificateChain().begin(), (*c)->getEntityCertificateChain().end());
- m_crls.push_back((*c)->getCRL());
+ if ((*c)->getCRL())
+ m_crls.push_back((*c)->getCRL());
}
// As a last step, if we're caching, try and elevate to a write lock for cache insertion.
if (m_caching) {
m_engine.m_credLock->unlock();
m_engine.m_credLock->wrlock();
- PKIXTrustEngine::credmap_t::iterator cached = m_credCache->second.find(m_current);
if (m_credCache->second.count(m_current)==0) {
// Transfer objects into cache.
m_credCache->second[m_current] = m_ownedCreds;