summaryrefslogtreecommitdiff
path: root/src/vcore/XmlsecAdapter.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/vcore/XmlsecAdapter.cpp')
-rw-r--r--src/vcore/XmlsecAdapter.cpp18
1 files changed, 13 insertions, 5 deletions
diff --git a/src/vcore/XmlsecAdapter.cpp b/src/vcore/XmlsecAdapter.cpp
index 2eb1574..15d57c9 100644
--- a/src/vcore/XmlsecAdapter.cpp
+++ b/src/vcore/XmlsecAdapter.cpp
@@ -273,7 +273,8 @@ void XmlSec::validateFile(XmlSecContext &context, xmlSecKeysMngrPtr mngrPtr)
fileOpenCallback,
fileReadCallback,
fileCloseCallback);
- CustomPtr<xmlDocPtr> docPtr(xmlParseFile(context.signatureFile.c_str()), xmlFreeDoc);
+ CustomPtr<xmlDocPtr> docPtr(xmlParseFile(context.signatureFile.c_str()),
+ xmlFreeDoc);
if (!docPtr || xmlDocGetRootElement(docPtr.get()) == nullptr)
ThrowMsg(Exception::InvalidFormat,
@@ -288,7 +289,12 @@ void XmlSec::validateFile(XmlSecContext &context, xmlSecKeysMngrPtr mngrPtr)
ThrowMsg(Exception::InvalidFormat,
"Start node not found in " << context.signatureFile);
- CustomPtr<xmlSecDSigCtxPtr> dsigCtx(xmlSecDSigCtxCreate(mngrPtr), xmlSecDSigCtxDestroy);
+ CustomPtr<xmlSecDSigCtxPtr> dsigCtx(xmlSecDSigCtxCreate(mngrPtr),
+ [](xmlSecDSigCtxPtr dsigCtx) {
+ xmlSecProxyCtxDestroy(dsigCtx->skipReferences);
+ xmlSecProxyCtxDestroy(dsigCtx->checkReferences);
+ xmlSecDSigCtxDestroy(dsigCtx);
+ });
if (!dsigCtx)
ThrowMsg(Exception::OutOfMemory, "Failed to create signature context.");
@@ -308,7 +314,7 @@ void XmlSec::validateFile(XmlSecContext &context, xmlSecKeysMngrPtr mngrPtr)
if (!strcmp(data.c_str(), "#prop"))
continue;
- if(xmlSecProxyCtxAdd(&(dsigCtx.get()->proxyCtxPtr),
+ if(xmlSecProxyCtxAdd(&(dsigCtx.get()->skipReferences),
reinterpret_cast<const xmlChar *>(data.c_str())))
ThrowMsg(Exception::InternalError, "Failed to add proxy data.");
@@ -332,14 +338,16 @@ void XmlSec::validateFile(XmlSecContext &context, xmlSecKeysMngrPtr mngrPtr)
break;
case ValidateMode::PARTIAL_HASH: {
+ if (context.isProxyMode)
+ dsigCtx.get()->flags |= XMLSEC_DSIG_FLAGS_SKIP_PROXY;
+
dsigCtx.get()->flags |= XMLSEC_DSIG_FLAGS_CHECK_PROXY;
for (auto uri : *m_pList) {
- if(xmlSecProxyCtxAdd(&(dsigCtx.get()->proxyCtxPtr),
+ if(xmlSecProxyCtxAdd(&(dsigCtx.get()->checkReferences),
reinterpret_cast<const xmlChar *>(uri.c_str())))
ThrowMsg(Exception::InternalError, "PARTIAL_HASH mode failed.");
}
res = xmlSecDSigCtxVerify(dsigCtx.get(), node);
- xmlSecProxyCtxDestroy(dsigCtx.get()->proxyCtxPtr);
break;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-26 13:31:32 +0000