You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by bl...@apache.org on 2004/07/03 10:49:51 UTC
cvs commit: xml-security/c/src/xkms/impl XKMSMessageAbstractTypeImpl.cpp XKMSMessageAbstractTypeImpl.hpp XKMSRequestAbstractTypeImpl.hpp
blautenb 2004/07/03 01:49:51
Modified: c/src/tools/xklient xklient.cpp
c/src/xkms XKMSMessageAbstractType.hpp
c/src/xkms/impl XKMSMessageAbstractTypeImpl.cpp
XKMSMessageAbstractTypeImpl.hpp
XKMSRequestAbstractTypeImpl.hpp
Log:
Support for adding a signature to a MessageAbstractType
Revision Changes Path
1.8 +146 -2 xml-security/c/src/tools/xklient/xklient.cpp
Index: xklient.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/tools/xklient/xklient.cpp,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- xklient.cpp 19 Jun 2004 23:05:30 -0000 1.7
+++ xklient.cpp 3 Jul 2004 08:49:51 -0000 1.8
@@ -27,12 +27,14 @@
#include <xsec/utils/XSECPlatformUtils.hpp>
#include <xsec/framework/XSECProvider.hpp>
+#include <xsec/framework/XSECError.hpp>
#include <xsec/canon/XSECC14n20010315.hpp>
#include <xsec/dsig/DSIGSignature.hpp>
#include <xsec/dsig/DSIGKeyInfoX509.hpp>
#include <xsec/dsig/DSIGKeyInfoValue.hpp>
#include <xsec/framework/XSECException.hpp>
#include <xsec/enc/XSECCryptoException.hpp>
+#include <xsec/enc/XSCrypt/XSCryptCryptoBase64.hpp>
#include <xsec/utils/XSECDOMUtils.hpp>
#include <xsec/enc/XSECKeyInfoResolverDefault.hpp>
@@ -90,6 +92,16 @@
// OpenSSL
# include <openssl/err.h>
+# include <xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.hpp>
+# include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp>
+# include <xsec/enc/OpenSSL/OpenSSLCryptoKeyHMAC.hpp>
+# include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>
+
+# include <openssl/bio.h>
+# include <openssl/dsa.h>
+# include <openssl/err.h>
+# include <openssl/evp.h>
+# include <openssl/pem.h>
#endif
@@ -208,6 +220,40 @@
}
+#if defined (HAVE_OPENSSL)
+
+XMLCh * BN2b64(BIGNUM * bn) {
+
+ int bytes = BN_num_bytes(bn);
+ unsigned char * binbuf = new unsigned char[bytes + 1];
+ ArrayJanitor<unsigned char> j_binbuf(binbuf);
+
+ bytes = BN_bn2bin(bn, binbuf);
+
+
+ int bufLen = bytes * 4;
+ int len = bufLen;
+ unsigned char * buf;
+ XSECnew(buf, unsigned char[bufLen]);
+ ArrayJanitor<unsigned char> j_buf(buf);
+
+ XSCryptCryptoBase64 *b64;
+ XSECnew(b64, XSCryptCryptoBase64);
+ Janitor<XSCryptCryptoBase64> j_b64(b64);
+
+ b64->encodeInit();
+ bufLen = b64->encode(binbuf, bytes, buf, bufLen);
+ bufLen += b64->encodeFinish(&buf[bufLen], len-bufLen);
+ buf[bufLen] = '\0';
+
+ // Now translate to a bignum
+ return XMLString::transcode((char *) buf);
+
+}
+
+#endif
+
+
// --------------------------------------------------------------------------------
// Create a LocateRequest
// --------------------------------------------------------------------------------
@@ -219,7 +265,9 @@
cerr << " --add-cert/-a <filename> : add cert in filename as a KeyInfo\n";
cerr << " --add-name/-n <name> : Add name as a KeyInfoName\n\n";
cerr << " --add-usekeywith/-u <Application URI> <Identifier>\n";
- cerr << " : Add a UseKeyWith element\n\n";
+ cerr << " : Add a UseKeyWith element\n";
+ cerr << " --sign-dsa/-sd <filename> <passphrase>\n";
+ cerr << " : Sign using the DSA key in file protected by passphrase\n\n";
}
@@ -288,6 +336,102 @@
qkb->appendUseKeyWithItem(MAKE_UNICODE_STRING(argv[paramCount]), MAKE_UNICODE_STRING(argv[paramCount + 1]));
paramCount += 2;
}
+#if defined (HAVE_OPENSSL)
+ else if (stricmp(argv[paramCount], "--sign-dsa") == 0 || stricmp(argv[paramCount], "-sd") == 0 ||
+ stricmp(argv[paramCount], "--sign-rsa") == 0 || stricmp(argv[paramCount], "-sr") == 0) {
+ if (paramCount >= argc + 2) {
+ printLocateRequestUsage();
+ delete lr;
+ return NULL;
+ }
+
+ // DSA or RSA OpenSSL Key
+ // For now just read a particular file
+
+ BIO * bioKey;
+ if ((bioKey = BIO_new(BIO_s_file())) == NULL) {
+
+ cerr << "Error opening private key file\n\n";
+ return NULL;
+
+ }
+
+ if (BIO_read_filename(bioKey, argv[paramCount+1]) <= 0) {
+
+ cerr << "Error opening private key file : " << argv[paramCount+1] << endl;
+ return NULL;
+
+ }
+
+ EVP_PKEY * pkey;
+ pkey = PEM_read_bio_PrivateKey(bioKey,NULL,NULL,argv[paramCount + 2]);
+
+ if (pkey == NULL) {
+
+ BIO * bio_err;
+
+ if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ cerr << "Error loading private key\n\n";
+ ERR_print_errors(bio_err);
+ return NULL;
+
+ }
+ XSECCryptoKey *key;
+ DSIGSignature * sig;
+ if (stricmp(argv[paramCount], "--sign-dsa") == 0 || stricmp(argv[paramCount], "-sd") == 0) {
+
+ // Check type is correct
+
+ if (pkey->type != EVP_PKEY_DSA) {
+ cerr << "DSA Key requested, but OpenSSL loaded something else\n";
+ return NULL;
+ }
+
+ sig = lr->addSignature(CANON_C14N_NOC, SIGNATURE_DSA, HASH_SHA1);
+ // Create the XSEC OpenSSL interface
+ key = new OpenSSLCryptoKeyDSA(pkey);
+
+ XMLCh * P = BN2b64(pkey->pkey.dsa->p);
+ XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
+ XMLCh * G = BN2b64(pkey->pkey.dsa->g);
+ XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
+
+ sig->appendDSAKeyValue(P,Q,G,Y);
+
+ XMLString::release(&P);
+ XMLString::release(&Q);
+ XMLString::release(&G);
+ XMLString::release(&Y);
+ }
+ else {
+ if (pkey->type != EVP_PKEY_RSA) {
+ cerr << "RSA Key requested, but OpenSSL loaded something else\n";
+ exit (1);
+ }
+ sig = lr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1);
+ key = new OpenSSLCryptoKeyRSA(pkey);
+
+ XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
+ XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
+ sig->appendRSAKeyValue(mod, exp);
+ XMLString::release(&mod);
+ XMLString::release(&exp);
+
+ }
+
+ sig->setSigningKey(key);
+ sig->sign();
+
+ EVP_PKEY_free(pkey);
+ BIO_free(bioKey);
+
+ paramCount += 3;
+
+
+ } /* argv[1] = "dsa/rsa" */
+
+#endif
else {
printLocateRequestUsage();
delete lr;
1.3 +15 -1 xml-security/c/src/xkms/XKMSMessageAbstractType.hpp
Index: XKMSMessageAbstractType.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/xkms/XKMSMessageAbstractType.hpp,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- XKMSMessageAbstractType.hpp 9 Jun 2004 04:04:17 -0000 1.2
+++ XKMSMessageAbstractType.hpp 3 Jul 2004 08:49:51 -0000 1.3
@@ -29,6 +29,7 @@
// XSEC Includes
#include <xsec/framework/XSECDefs.hpp>
+#include <xsec/dsig/DSIGConstants.hpp>
class DSIGSignature;
@@ -219,6 +220,19 @@
*/
virtual void setNonce(const XMLCh * uri) = 0;
+
+ /**
+ * \brief Add a signature to the message
+ *
+ * Allows an application to sign the message
+ *
+ * @returns the new Signature structure
+ */
+
+ virtual DSIGSignature * addSignature(
+ canonicalizationMethod cm = CANON_C14N_NOC,
+ signatureMethod sm = SIGNATURE_DSA,
+ hashMethod hm = HASH_SHA1) = 0;
//@}
1.4 +36 -1 xml-security/c/src/xkms/impl/XKMSMessageAbstractTypeImpl.cpp
Index: XKMSMessageAbstractTypeImpl.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/xkms/impl/XKMSMessageAbstractTypeImpl.cpp,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- XKMSMessageAbstractTypeImpl.cpp 19 Jun 2004 23:05:30 -0000 1.3
+++ XKMSMessageAbstractTypeImpl.cpp 3 Jul 2004 08:49:51 -0000 1.4
@@ -28,6 +28,7 @@
#include <xsec/framework/XSECError.hpp>
#include <xsec/utils/XSECDOMUtils.hpp>
#include <xsec/dsig/DSIGSignature.hpp>
+#include <xsec/dsig/DSIGReference.hpp>
#include <xsec/xkms/XKMSConstants.hpp>
#include <xercesc/dom/DOM.hpp>
@@ -248,4 +249,38 @@
void XKMSMessageAbstractTypeImpl::setId(const XMLCh * id) {}
void XKMSMessageAbstractTypeImpl::setService(const XMLCh * service) {}
void XKMSMessageAbstractTypeImpl::setNonce(const XMLCh * uri) {}
+
+DSIGSignature * XKMSMessageAbstractTypeImpl::addSignature(
+ canonicalizationMethod cm,
+ signatureMethod sm,
+ hashMethod hm) {
+
+ DSIGSignature * ret = m_prov.newSignature();
+ DOMElement * elt = ret->createBlankSignature(mp_env->getParentDocument(), cm, sm, hm);
+
+ /* Create the enveloping reference */
+ safeBuffer sb;
+ sb.sbXMLChIn(DSIGConstants::s_unicodeStrEmpty);
+ sb.sbXMLChAppendCh(chPound);
+ sb.sbXMLChCat(getId());
+
+ DSIGReference *ref = ret->createReference(sb.rawXMLChBuffer());
+ ref->appendEnvelopedSignatureTransform();
+ ref->appendCanonicalizationTransform(CANON_C14NE_COM);
+
+ /* Embed the signature in the document */
+ DOMNode * c = mp_messageAbstractTypeElement->getFirstChild();
+ if (c != NULL) {
+ if (mp_env->getPrettyPrintFlag() == true) {
+ mp_messageAbstractTypeElement->insertBefore(
+ mp_env->getParentDocument()->createTextNode(DSIGConstants::s_unicodeStrNL),
+ c);
+ }
+ mp_messageAbstractTypeElement->insertBefore(elt, c);
+ }
+ else
+ mp_messageAbstractTypeElement->appendChild(elt);
+
+ return ret;
+}
1.4 +10 -2 xml-security/c/src/xkms/impl/XKMSMessageAbstractTypeImpl.hpp
Index: XKMSMessageAbstractTypeImpl.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/xkms/impl/XKMSMessageAbstractTypeImpl.hpp,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- XKMSMessageAbstractTypeImpl.hpp 9 Jun 2004 04:04:18 -0000 1.3
+++ XKMSMessageAbstractTypeImpl.hpp 3 Jul 2004 08:49:51 -0000 1.4
@@ -83,6 +83,10 @@
virtual void setId(const XMLCh * id);
virtual void setService(const XMLCh * service);
virtual void setNonce(const XMLCh * uri);
+ virtual DSIGSignature * addSignature(
+ canonicalizationMethod cm = CANON_C14N_NOC,
+ signatureMethod sm = SIGNATURE_DSA,
+ hashMethod hm = HASH_SHA1);
protected:
@@ -132,6 +136,10 @@
{XKMSMessageAbstractTypeImpl::setService(service);} \
virtual void setNonce(const XMLCh * uri) \
{XKMSMessageAbstractTypeImpl::setNonce(uri);} \
-
+ virtual DSIGSignature * addSignature( \
+ canonicalizationMethod cm = CANON_C14N_NOC, \
+ signatureMethod sm = SIGNATURE_DSA, \
+ hashMethod hm = HASH_SHA1) \
+ {return XKMSMessageAbstractTypeImpl::addSignature(cm,sm,hm);}
#endif /* XKMSMESSAGEABSTRACTTYPEIMPL_INCLUDE */
1.3 +4 -2 xml-security/c/src/xkms/impl/XKMSRequestAbstractTypeImpl.hpp
Index: XKMSRequestAbstractTypeImpl.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/xkms/impl/XKMSRequestAbstractTypeImpl.hpp,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- XKMSRequestAbstractTypeImpl.hpp 19 Apr 2004 10:55:38 -0000 1.2
+++ XKMSRequestAbstractTypeImpl.hpp 3 Jul 2004 08:49:51 -0000 1.3
@@ -78,6 +78,8 @@
virtual messageType getMessageType(void) = 0;
/* Forced inheritance from XKMSMessageAbstractTypeImpl */
+ XKMS_MESSAGEABSTRACTYPE_IMPL_METHODS
+#if 0
virtual XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * getElement(void) const
{return XKMSMessageAbstractTypeImpl::getElement();}
@@ -97,7 +99,7 @@
{XKMSMessageAbstractTypeImpl::setService(service);}
virtual void setNonce(const XMLCh * uri)
{XKMSMessageAbstractTypeImpl::setNonce(uri);}
-
+#endif
private: