https://bugs.internet2.edu/jira/browse/CPPXT-22

author cantor <cantor@de75baf8-a10c-0410-a50a-987c0e22f00f>

Tue, 23 Sep 2008 21:54:23 +0000 (21:54 +0000)

committer cantor <cantor@de75baf8-a10c-0410-a50a-987c0e22f00f>

Tue, 23 Sep 2008 21:54:23 +0000 (21:54 +0000)
author cantor <cantor@de75baf8-a10c-0410-a50a-987c0e22f00f>
Tue, 23 Sep 2008 21:54:23 +0000 (21:54 +0000)
committer cantor <cantor@de75baf8-a10c-0410-a50a-987c0e22f00f>
Tue, 23 Sep 2008 21:54:23 +0000 (21:54 +0000)
diff --git a/xmltooling/security/impl/InlineKeyResolver.cpp b/xmltooling/security/impl/InlineKeyResolver.cpp

index eb5d937..130c754 100644 (file)
--- a/xmltooling/security/impl/InlineKeyResolver.cpp
+++ b/xmltooling/security/impl/InlineKeyResolver.cpp
@@ -392,22 +392,33 @@ void InlineCredential::resolve(DSIGKeyInfoList* keyInfo, int types)
      }
  
      if (types & X509Credential::RESOLVE_CRLS) {
+        DOMNode* x509Node;
+        DOMElement* crlElement;
          for (DSIGKeyInfoList::size_type i=0; i<sz; ++i) {
              if (keyInfo->item(i)->getKeyInfoType()==DSIGKeyInfo::KEYINFO_X509) {
-                auto_ptr_char buf(static_cast<DSIGKeyInfoX509*>(keyInfo->item(i))->getX509CRL());
-                if (buf.get()) {
-                    try {
-                        auto_ptr<XSECCryptoX509CRL> crlobj(XMLToolingConfig::getConfig().X509CRL());
-                        crlobj->loadX509CRLBase64Bin(buf.get(), strlen(buf.get()));
-                        m_crls.push_back(crlobj.release());
-                    }
-                    catch(XSECException& e) {
-                        auto_ptr_char temp(e.getMsg());
-                        Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver."INLINE_KEYINFO_RESOLVER).error("caught XML-Security exception loading CRL: %s", temp.get());
-                    }
-                    catch(XSECCryptoException& e) {
-                        Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver."INLINE_KEYINFO_RESOLVER).error("caught XML-Security exception loading CRL: %s", e.getMsg());
+                // The current xmlsec API is limited to one CRL per KeyInfo.
+                // For now, I'm going to process the DOM directly.
+                x509Node = keyInfo->item(i)->getKeyInfoDOMNode();
+                crlElement = x509Node ? XMLHelper::getFirstChildElement(x509Node, xmlconstants::XMLSIG_NS, X509CRL::LOCAL_NAME) : NULL;
+                while (crlElement) {
+                    if (crlElement->hasChildNodes()) {
+                        auto_ptr_char buf(crlElement->getFirstChild()->getNodeValue());
+                        if (buf.get()) {
+                            try {
+                                auto_ptr<XSECCryptoX509CRL> crlobj(XMLToolingConfig::getConfig().X509CRL());
+                                crlobj->loadX509CRLBase64Bin(buf.get(), strlen(buf.get()));
+                                m_crls.push_back(crlobj.release());
+                            }
+                            catch(XSECException& e) {
+                                auto_ptr_char temp(e.getMsg());
+                                Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver."INLINE_KEYINFO_RESOLVER).error("caught XML-Security exception loading CRL: %s", temp.get());
+                            }
+                            catch(XSECCryptoException& e) {
+                                Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver."INLINE_KEYINFO_RESOLVER).error("caught XML-Security exception loading CRL: %s", e.getMsg());
+                            }
+                        }
                      }
+                    crlElement = XMLHelper::getNextSiblingElement(crlElement, xmlconstants::XMLSIG_NS, X509CRL::LOCAL_NAME);
                  }
              }
          }
author	cantor <cantor@de75baf8-a10c-0410-a50a-987c0e22f00f>
	Tue, 23 Sep 2008 21:54:23 +0000 (21:54 +0000)
committer	cantor <cantor@de75baf8-a10c-0410-a50a-987c0e22f00f>
	Tue, 23 Sep 2008 21:54:23 +0000 (21:54 +0000)