}
if (types & X509Credential::RESOLVE_CRLS) {
+ DOMNode* x509Node;
+ DOMElement* crlElement;
for (DSIGKeyInfoList::size_type i=0; i<sz; ++i) {
if (keyInfo->item(i)->getKeyInfoType()==DSIGKeyInfo::KEYINFO_X509) {
- auto_ptr_char buf(static_cast<DSIGKeyInfoX509*>(keyInfo->item(i))->getX509CRL());
- if (buf.get()) {
- try {
- auto_ptr<XSECCryptoX509CRL> crlobj(XMLToolingConfig::getConfig().X509CRL());
- crlobj->loadX509CRLBase64Bin(buf.get(), strlen(buf.get()));
- m_crls.push_back(crlobj.release());
- }
- catch(XSECException& e) {
- auto_ptr_char temp(e.getMsg());
- Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver."INLINE_KEYINFO_RESOLVER).error("caught XML-Security exception loading CRL: %s", temp.get());
- }
- catch(XSECCryptoException& e) {
- Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver."INLINE_KEYINFO_RESOLVER).error("caught XML-Security exception loading CRL: %s", e.getMsg());
+ // The current xmlsec API is limited to one CRL per KeyInfo.
+ // For now, I'm going to process the DOM directly.
+ x509Node = keyInfo->item(i)->getKeyInfoDOMNode();
+ crlElement = x509Node ? XMLHelper::getFirstChildElement(x509Node, xmlconstants::XMLSIG_NS, X509CRL::LOCAL_NAME) : NULL;
+ while (crlElement) {
+ if (crlElement->hasChildNodes()) {
+ auto_ptr_char buf(crlElement->getFirstChild()->getNodeValue());
+ if (buf.get()) {
+ try {
+ auto_ptr<XSECCryptoX509CRL> crlobj(XMLToolingConfig::getConfig().X509CRL());
+ crlobj->loadX509CRLBase64Bin(buf.get(), strlen(buf.get()));
+ m_crls.push_back(crlobj.release());
+ }
+ catch(XSECException& e) {
+ auto_ptr_char temp(e.getMsg());
+ Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver."INLINE_KEYINFO_RESOLVER).error("caught XML-Security exception loading CRL: %s", temp.get());
+ }
+ catch(XSECCryptoException& e) {
+ Category::getInstance(XMLTOOLING_LOGCAT".KeyResolver."INLINE_KEYINFO_RESOLVER).error("caught XML-Security exception loading CRL: %s", e.getMsg());
+ }
+ }
}
+ crlElement = XMLHelper::getNextSiblingElement(crlElement, xmlconstants::XMLSIG_NS, X509CRL::LOCAL_NAME);
}
}
}