You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by bl...@apache.org on 2005/07/23 04:11:54 UTC
cvs commit: xml-security/c/src/dsig DSIGSignature.cpp DSIGSignature.hpp DSIGSignedInfo.cpp DSIGSignedInfo.hpp
blautenb 2005/07/22 19:11:54
Modified: c/src/dsig DSIGSignature.cpp DSIGSignature.hpp
DSIGSignedInfo.cpp DSIGSignedInfo.hpp
Log:
Allow caller to define whether references interlock - and by default now assume not
Revision Changes Path
1.42 +5 -3 xml-security/c/src/dsig/DSIGSignature.cpp
Index: DSIGSignature.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/dsig/DSIGSignature.cpp,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -r1.41 -r1.42
--- DSIGSignature.cpp 5 Jul 2005 11:52:43 -0000 1.41
+++ DSIGSignature.cpp 23 Jul 2005 02:11:54 -0000 1.42
@@ -413,6 +413,7 @@
mp_KeyInfoResolver = NULL;
mp_KeyInfoNode = NULL;
m_loaded = false;
+ m_interlockingReferences = false;
// Set up our formatter
XSECnew(mp_formatter, XSECSafeBufferFormatter("UTF-8",XMLFormatter::NoEscapes,
@@ -435,6 +436,7 @@
mp_KeyInfoResolver = NULL;
mp_KeyInfoNode = NULL;
m_loaded = false;
+ m_interlockingReferences = false;
// Set up our formatter
XSECnew(mp_formatter, XSECSafeBufferFormatter("UTF-8",XMLFormatter::NoEscapes,
@@ -1000,7 +1002,7 @@
unsigned int hashBufLen) {
// Set up the reference list hashes - including any manifests
- mp_signedInfo->hash();
+ mp_signedInfo->hash(m_interlockingReferences);
// calculaet signed InfoHash
return calculateSignedInfoHash(hashBuf,hashBufLen);
}
@@ -1145,7 +1147,7 @@
m_errStr.sbXMLChIn(DSIGConstants::s_unicodeStrEmpty);
// Set up the reference list hashes - including any manifests
- mp_signedInfo->hash();
+ mp_signedInfo->hash(m_interlockingReferences);
// Get the SignedInfo input bytes
TXFMChain * chain = getSignedInfoInput();
1.28 +47 -1 xml-security/c/src/dsig/DSIGSignature.hpp
Index: DSIGSignature.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/dsig/DSIGSignature.hpp,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- DSIGSignature.hpp 5 Jul 2005 11:52:43 -0000 1.27
+++ DSIGSignature.hpp 23 Jul 2005 02:11:54 -0000 1.28
@@ -569,6 +569,49 @@
XSECSafeBufferFormatter * getSBFormatter(void) {return mp_formatter;}
+ /**
+ * \brief Set the interlocking references flag
+ *
+ * This flag controls whether the library will cater for "interlocking"
+ * Reference nodes - where the hash of one reference depends on the
+ * hash of another.
+ *
+ * As of Version 1.3, this is, by default, set to false, as it is
+ * fairly unusual to find a Reference node that has as an input the
+ * digest value of another reference node. By setting this value to
+ * true, the library will first calculate all hash values, and then
+ * verify the hash values. If any are incorrect (caused by one
+ * the value of one reference being changed *after* it was used as
+ * the input to another), then the hash values are recalculated. This
+ * is repeated until the reference list "settles".
+ *
+ * @param flag true for interlocking references, false for standalone
+ */
+
+ void setInterlockingReferences(bool flag) {m_interlockingReferences = flag;}
+
+
+ /**
+ * \brief Get the interlocking references flag
+ *
+ * This flag controls whether the library will cater for "interlocking"
+ * Reference nodes - where the hash of one reference depends on the
+ * hash of another.
+ *
+ * As of Version 1.3, this is, by default, set to false, as it is
+ * fairly unusual to find a Reference node that has as an input the
+ * digest value of another reference node. By setting this value to
+ * true, the library will first calculate all hash values, and then
+ * verify the hash values. If any are incorrect (caused by one
+ * the value of one reference being changed *after* it was used as
+ * the input to another), then the hash values are recalculated. This
+ * is repeated until the reference list "settles".
+ *
+ * @return Value of flag - true for interlocking references, false for standalone
+ */
+
+ bool getInterlockingReferences(void) {return m_interlockingReferences;}
+
//@}
/** @name Resolver manipulation */
@@ -915,6 +958,9 @@
ObjectVectorType m_objects;
+ // Interlocking references
+ bool m_interlockingReferences;
+
// Not implemented constructors
DSIGSignature();
1.14 +3 -3 xml-security/c/src/dsig/DSIGSignedInfo.cpp
Index: DSIGSignedInfo.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/dsig/DSIGSignedInfo.cpp,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- DSIGSignedInfo.cpp 5 Jul 2005 11:52:43 -0000 1.13
+++ DSIGSignedInfo.cpp 23 Jul 2005 02:11:54 -0000 1.14
@@ -128,9 +128,9 @@
// Calculate and set hash values for each reference element
// --------------------------------------------------------------------------------
-void DSIGSignedInfo::hash(void) {
+void DSIGSignedInfo::hash(bool interlockingReferences) {
- DSIGReference::hashReferenceList(mp_referenceList);
+ DSIGReference::hashReferenceList(mp_referenceList, interlockingReferences);
}
1.16 +5 -2 xml-security/c/src/dsig/DSIGSignedInfo.hpp
Index: DSIGSignedInfo.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/dsig/DSIGSignedInfo.hpp,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- DSIGSignedInfo.hpp 5 Jul 2005 11:52:43 -0000 1.15
+++ DSIGSignedInfo.hpp 23 Jul 2005 02:11:54 -0000 1.16
@@ -143,9 +143,12 @@
* Goes through each reference in the SignedInfo (including referenced
* manifests), performs the digest operation and adds the digest
* to the reference element
+ *
+ * @param interlockingReferences Set to true if any references depend on other
+ * references
*/
- void hash(void); // Setup hashes for each Reference element
+ void hash(bool interlockingReferences);
/**
* \brief Create an empty SignedInfo