You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by sc...@apache.org on 2017/12/14 02:07:01 UTC
svn commit: r1818088 - in /santuario/xml-security-cpp/trunk/xsec:
dsig/DSIGAlgorithmHandlerDefault.cpp dsig/DSIGConstants.cpp
dsig/DSIGConstants.hpp utils/XSECAlgorithmSupport.cpp
utils/XSECAlgorithmSupport.hpp
Author: scantor
Date: Thu Dec 14 02:07:00 2017
New Revision: 1818088
URL: http://svn.apache.org/viewvc?rev=1818088&view=rev
Log:
Eliminate signature type enum.
Modified:
santuario/xml-security-cpp/trunk/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp
santuario/xml-security-cpp/trunk/xsec/dsig/DSIGConstants.cpp
santuario/xml-security-cpp/trunk/xsec/dsig/DSIGConstants.hpp
santuario/xml-security-cpp/trunk/xsec/utils/XSECAlgorithmSupport.cpp
santuario/xml-security-cpp/trunk/xsec/utils/XSECAlgorithmSupport.hpp
Modified: santuario/xml-security-cpp/trunk/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp?rev=1818088&r1=1818087&r2=1818088&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/dsig/DSIGAlgorithmHandlerDefault.cpp Thu Dec 14 02:07:00 2017
@@ -53,8 +53,8 @@ XERCES_CPP_NAMESPACE_USE
// --------------------------------------------------------------------------------
-bool compareBase64StringToRaw(const char * b64Str,
- unsigned char * raw,
+bool compareBase64StringToRaw(const char* b64Str,
+ unsigned char* raw,
unsigned int rawLen,
unsigned int maxCompare = 0) {
// Decode a base64 buffer and then compare the result to a raw buffer
@@ -148,8 +148,8 @@ bool compareBase64StringToRaw(const char
}
-void convertRawToBase64String(safeBuffer &b64SB,
- unsigned char * raw,
+void convertRawToBase64String(safeBuffer& b64SB,
+ unsigned char* raw,
unsigned int rawLen,
unsigned int maxBits = 0) {
@@ -162,10 +162,8 @@ void convertRawToBase64String(safeBuffer
XSECCryptoBase64 * b64 = XSECPlatformUtils::g_cryptoProvider->base64();
if (!b64) {
-
throw XSECException(XSECException::CryptoProviderError,
"Error requesting Base64 object from Crypto Provider");
-
}
Janitor<XSECCryptoBase64> j_b64(b64);
@@ -200,9 +198,9 @@ void convertRawToBase64String(safeBuffer
// Clone
// --------------------------------------------------------------------------------
-XSECAlgorithmHandler * DSIGAlgorithmHandlerDefault::clone(void) const {
+XSECAlgorithmHandler* DSIGAlgorithmHandlerDefault::clone() const {
- DSIGAlgorithmHandlerDefault * ret;
+ DSIGAlgorithmHandlerDefault* ret;
XSECnew(ret, DSIGAlgorithmHandlerDefault);
return ret;
@@ -212,23 +210,13 @@ XSECAlgorithmHandler * DSIGAlgorithmHand
// Add a hash txfm
// --------------------------------------------------------------------------------
-TXFMBase * addHashTxfm(signatureMethod sm, XSECCryptoHash::HashType hashType, const XSECCryptoKey * key,
- DOMDocument * doc) {
+TXFMBase* addHashTxfm(XSECCryptoHash::HashType hashType, const XSECCryptoKey* key, DOMDocument* doc) {
// Given a hash method and signature method, create an appropriate TXFM
- TXFMBase * txfm;
+ TXFMBase* txfm;
- if (sm == SIGNATURE_HMAC){
- if (key->getKeyType() != XSECCryptoKey::KEY_HMAC) {
- throw XSECException(XSECException::AlgorithmMapperError,
- "DSIGAlgorithmHandlerDefault::addHashTxfm - non HMAC key passed in to HMAC signature");
- }
- XSECnew(txfm, TXFMHash(doc, hashType, key));
- }
- else {
- XSECnew(txfm, TXFMHash(doc, hashType));
- }
+ XSECnew(txfm, TXFMHash(doc, hashType, key));
return txfm;
}
@@ -237,18 +225,17 @@ TXFMBase * addHashTxfm(signatureMethod s
// Map a Signature hash
// --------------------------------------------------------------------------------
-bool DSIGAlgorithmHandlerDefault::appendSignatureHashTxfm(TXFMChain * inputBytes,
- const XMLCh * URI,
- const XSECCryptoKey * key) const {
+bool DSIGAlgorithmHandlerDefault::appendSignatureHashTxfm(TXFMChain* inputBytes,
+ const XMLCh* URI,
+ const XSECCryptoKey* key) const {
- signatureMethod sm;
XSECCryptoHash::HashType hashType;
// Map to internal constants
- if (!XSECmapURIToSignatureMethods(URI, sm, hashType)) {
+ if (!XSECAlgorithmSupport::evalSignatureMethod(URI, key, hashType)) {
safeBuffer sb;
- sb.sbTranscodeIn("DSIGAlgorithmHandlerDefault - Unknown URI : ");
+ sb.sbTranscodeIn("DSIGAlgorithmHandlerDefault - Unknown or key-incompatible URI : ");
sb.sbXMLChCat(URI);
throw XSECException(XSECException::AlgorithmMapperError,
@@ -258,7 +245,10 @@ bool DSIGAlgorithmHandlerDefault::append
// Now append the appropriate hash transform onto the end of the chain
// If this is an HMAC of some kind - this function will add the appropriate key
- TXFMBase * htxfm = addHashTxfm(sm, hashType, key, inputBytes->getLastTxfm()->getDocument());
+ TXFMBase* htxfm = addHashTxfm(
+ hashType,
+ (key->getKeyType() == XSECCryptoKey::KEY_HMAC ? key : NULL),
+ inputBytes->getLastTxfm()->getDocument());
inputBytes->appendTxfm(htxfm);
return true;
@@ -270,20 +260,19 @@ bool DSIGAlgorithmHandlerDefault::append
// --------------------------------------------------------------------------------
unsigned int DSIGAlgorithmHandlerDefault::signToSafeBuffer(
- TXFMChain * inputBytes,
- const XMLCh * URI,
- const XSECCryptoKey * key,
+ TXFMChain* inputBytes,
+ const XMLCh* URI,
+ const XSECCryptoKey* key,
unsigned int outputLength,
- safeBuffer & result) const {
+ safeBuffer& result) const {
- signatureMethod sm;
XSECCryptoHash::HashType hashType;
// Map to internal constants
- if (!XSECmapURIToSignatureMethods(URI, sm, hashType)) {
+ if (!XSECAlgorithmSupport::evalSignatureMethod(URI, key, hashType)) {
safeBuffer sb;
- sb.sbTranscodeIn("DSIGAlgorithmHandlerDefault - Unknown URI : ");
+ sb.sbTranscodeIn("DSIGAlgorithmHandlerDefault - Unknown or key-incompatible URI : ");
sb.sbXMLChCat(URI);
throw XSECException(XSECException::AlgorithmMapperError,
@@ -293,7 +282,10 @@ unsigned int DSIGAlgorithmHandlerDefault
// Now append the appropriate hash transform onto the end of the chain
// If this is an HMAC of some kind - this function will add the appropriate key
- TXFMBase * htxfm = addHashTxfm(sm, hashType, key, inputBytes->getLastTxfm()->getDocument());
+ TXFMBase * htxfm = addHashTxfm(
+ hashType,
+ (key->getKeyType() == XSECCryptoKey::KEY_HMAC ? key : NULL),
+ inputBytes->getLastTxfm()->getDocument());
inputBytes->appendTxfm(htxfm);
unsigned char hash[4096];
@@ -314,13 +306,6 @@ unsigned int DSIGAlgorithmHandlerDefault
case (XSECCryptoKey::KEY_DSA_PRIVATE) :
case (XSECCryptoKey::KEY_DSA_PAIR) :
- if (sm != SIGNATURE_DSA) {
-
- throw XSECException(XSECException::AlgorithmMapperError,
- "Key type does not match <SignedInfo> signature type");
-
- }
-
b64Len = ((XSECCryptoKeyDSA *) key)->signBase64Signature(
hash,
hashLen,
@@ -328,16 +313,12 @@ unsigned int DSIGAlgorithmHandlerDefault
MAXB64BUFSIZE);
if (b64Len <= 0) {
-
throw XSECException(XSECException::AlgorithmMapperError,
"Unknown error occurred during a DSA Signing operation");
-
}
else if (b64Len >= MAXB64BUFSIZE) {
-
throw XSECException(XSECException::AlgorithmMapperError,
"DSA Signing operation exceeded size of buffer");
-
}
if (b64Buf[b64Len-1] == '\n')
@@ -350,13 +331,6 @@ unsigned int DSIGAlgorithmHandlerDefault
case (XSECCryptoKey::KEY_RSA_PRIVATE) :
case (XSECCryptoKey::KEY_RSA_PAIR) :
- if (sm != SIGNATURE_RSA) {
-
- throw XSECException(XSECException::AlgorithmMapperError,
- "Key type does not match <SignedInfo> signature type");
-
- }
-
b64Len = ((XSECCryptoKeyRSA *) key)->signSHA1PKCS1Base64Signature(
hash,
hashLen,
@@ -365,16 +339,12 @@ unsigned int DSIGAlgorithmHandlerDefault
hashType);
if (b64Len <= 0) {
-
throw XSECException(XSECException::AlgorithmMapperError,
"Unknown error occurred during a RSA Signing operation");
-
}
else if (b64Len >= MAXB64BUFSIZE) {
-
throw XSECException(XSECException::AlgorithmMapperError,
"RSA Signing operation exceeded size of buffer");
-
}
// Clean up some "funnies" and make sure the string is NULL terminated
@@ -389,13 +359,6 @@ unsigned int DSIGAlgorithmHandlerDefault
case (XSECCryptoKey::KEY_EC_PRIVATE) :
case (XSECCryptoKey::KEY_EC_PAIR) :
- if (sm != SIGNATURE_ECDSA) {
-
- throw XSECException(XSECException::AlgorithmMapperError,
- "Key type does not match <SignedInfo> signature type");
-
- }
-
b64Len = ((XSECCryptoKeyEC *) key)->signBase64SignatureDSA(
hash,
hashLen,
@@ -403,16 +366,12 @@ unsigned int DSIGAlgorithmHandlerDefault
MAXB64BUFSIZE);
if (b64Len <= 0) {
-
throw XSECException(XSECException::AlgorithmMapperError,
"Unknown error occurred during an ECDSA Signing operation");
-
}
else if (b64Len >= MAXB64BUFSIZE) {
-
throw XSECException(XSECException::AlgorithmMapperError,
"ECDSA Signing operation exceeded size of buffer");
-
}
if (b64Buf[b64Len-1] == '\n')
@@ -424,13 +383,6 @@ unsigned int DSIGAlgorithmHandlerDefault
case (XSECCryptoKey::KEY_HMAC) :
- if (sm != SIGNATURE_HMAC) {
-
- throw XSECException(XSECException::AlgorithmMapperError,
- "Key type does not match <SignedInfo> signature type");
-
- }
-
// Signature already created, so just translate to base 64 and enter string
// FIX: CVE-2009-0217
@@ -448,7 +400,6 @@ unsigned int DSIGAlgorithmHandlerDefault
break;
default :
-
throw XSECException(XSECException::AlgorithmMapperError,
"Key found, but don't know how to sign the document using it");
@@ -457,27 +408,25 @@ unsigned int DSIGAlgorithmHandlerDefault
result = b64Buf;
return (unsigned int) strlen(b64Buf);
-
}
// --------------------------------------------------------------------------------
// Verify
// --------------------------------------------------------------------------------
bool DSIGAlgorithmHandlerDefault::verifyBase64Signature(
- TXFMChain * inputBytes,
- const XMLCh * URI,
- const char * sig,
+ TXFMChain* inputBytes,
+ const XMLCh* URI,
+ const char* sig,
unsigned int outputLength,
- const XSECCryptoKey * key) const {
+ const XSECCryptoKey* key) const {
- signatureMethod sm;
XSECCryptoHash::HashType hashType;
// Map to internal constants
- if (!XSECmapURIToSignatureMethods(URI, sm, hashType)) {
+ if (!XSECAlgorithmSupport::evalSignatureMethod(URI, key, hashType)) {
safeBuffer sb;
- sb.sbTranscodeIn("DSIGAlgorithmHandlerDefault - Unknown URI : ");
+ sb.sbTranscodeIn("DSIGAlgorithmHandlerDefault - Unknown or key-incompatible URI : ");
sb.sbXMLChCat(URI);
throw XSECException(XSECException::AlgorithmMapperError,
@@ -487,7 +436,10 @@ bool DSIGAlgorithmHandlerDefault::verify
// Now append the appropriate hash transform onto the end of the chain
// If this is an HMAC of some kind - this function will add the appropriate key
- TXFMBase * htxfm = addHashTxfm(sm, hashType, key, inputBytes->getLastTxfm()->getDocument());
+ TXFMBase * htxfm = addHashTxfm(
+ hashType,
+ (key->getKeyType() == XSECCryptoKey::KEY_HMAC ? key : NULL),
+ inputBytes->getLastTxfm()->getDocument());
inputBytes->appendTxfm(htxfm);
unsigned char hash[4096];
@@ -502,11 +454,6 @@ bool DSIGAlgorithmHandlerDefault::verify
case (XSECCryptoKey::KEY_DSA_PUBLIC) :
case (XSECCryptoKey::KEY_DSA_PAIR) :
- if (sm != SIGNATURE_DSA) {
- throw XSECException(XSECException::AlgorithmMapperError,
- "Key type does not match <SignedInfo> signature type");
- }
-
sigVfyRet = ((XSECCryptoKeyDSA *) key)->verifyBase64Signature(
hash,
hashLen,
@@ -518,13 +465,6 @@ bool DSIGAlgorithmHandlerDefault::verify
case (XSECCryptoKey::KEY_RSA_PUBLIC) :
case (XSECCryptoKey::KEY_RSA_PAIR) :
- if (sm != SIGNATURE_RSA) {
-
- throw XSECException(XSECException::AlgorithmMapperError,
- "Key type does not match <SignedInfo> signature type");
-
- }
-
sigVfyRet = ((XSECCryptoKeyRSA *) key)->verifySHA1PKCS1Base64Signature(
hash,
hashLen,
@@ -537,13 +477,6 @@ bool DSIGAlgorithmHandlerDefault::verify
case (XSECCryptoKey::KEY_EC_PUBLIC) :
case (XSECCryptoKey::KEY_EC_PAIR) :
- if (sm != SIGNATURE_ECDSA) {
-
- throw XSECException(XSECException::AlgorithmMapperError,
- "Key type does not match <SignedInfo> signature type");
-
- }
-
sigVfyRet = ((XSECCryptoKeyEC *) key)->verifyBase64SignatureDSA(
hash,
hashLen,
@@ -554,7 +487,7 @@ bool DSIGAlgorithmHandlerDefault::verify
case (XSECCryptoKey::KEY_HMAC) :
- // Already done - just compare calculated value with read value
+ // Already done - just compare calculated value with read value
// FIX: CVE-2009-0217
if (outputLength > 0 && (outputLength > (unsigned int)hashLen || outputLength < 80 || outputLength < (unsigned int)hashLen / 2)) {
@@ -570,9 +503,8 @@ bool DSIGAlgorithmHandlerDefault::verify
break;
default :
-
throw XSECException(XSECException::AlgorithmMapperError,
- "Key found, but don't know how to check the signature using it");
+ "Key found, but don't know how to verify the signature using it");
}
@@ -584,10 +516,10 @@ bool DSIGAlgorithmHandlerDefault::verify
// --------------------------------------------------------------------------------
bool DSIGAlgorithmHandlerDefault::appendHashTxfm(
- TXFMChain * inputBytes,
- const XMLCh * URI) const {
+ TXFMChain* inputBytes,
+ const XMLCh* URI) const {
- // Is this a URI we recognise?
+ // Is this a URI we recognize?
XSECCryptoHash::HashType hashType = XSECAlgorithmSupport::getHashType(URI);
@@ -599,8 +531,8 @@ bool DSIGAlgorithmHandlerDefault::append
throw XSECException(XSECException::AlgorithmMapperError, sb.rawXMLChBuffer());
}
- TXFMBase * txfm;
- DOMDocument *d = inputBytes->getLastTxfm()->getDocument();
+ TXFMBase* txfm;
+ DOMDocument* d = inputBytes->getLastTxfm()->getDocument();
XSECnew(txfm, TXFMHash(d, hashType));
inputBytes->appendTxfm(txfm);
@@ -613,11 +545,11 @@ bool DSIGAlgorithmHandlerDefault::append
// --------------------------------------------------------------------------------
unsigned int DSIGAlgorithmHandlerDefault::decryptToSafeBuffer(
- TXFMChain * cipherText,
- XENCEncryptionMethod * encryptionMethod,
- const XSECCryptoKey * key,
- DOMDocument * doc,
- safeBuffer & result
+ TXFMChain* cipherText,
+ XENCEncryptionMethod* encryptionMethod,
+ const XSECCryptoKey* key,
+ DOMDocument* doc,
+ safeBuffer& result
) const {
throw XSECException(XSECException::AlgorithmMapperError,
@@ -625,10 +557,10 @@ unsigned int DSIGAlgorithmHandlerDefault
}
bool DSIGAlgorithmHandlerDefault::appendDecryptCipherTXFM(
- TXFMChain * cipherText,
- XENCEncryptionMethod * encryptionMethod,
- const XSECCryptoKey * key,
- XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument * doc
+ TXFMChain* cipherText,
+ XENCEncryptionMethod* encryptionMethod,
+ const XSECCryptoKey* key,
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument* doc
) const {
throw XSECException(XSECException::AlgorithmMapperError,
@@ -641,11 +573,11 @@ bool DSIGAlgorithmHandlerDefault::append
// --------------------------------------------------------------------------------
bool DSIGAlgorithmHandlerDefault::encryptToSafeBuffer(
- TXFMChain * plainText,
- XENCEncryptionMethod * encryptionMethod,
- const XSECCryptoKey * key,
- XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument * doc,
- safeBuffer & result
+ TXFMChain* plainText,
+ XENCEncryptionMethod* encryptionMethod,
+ const XSECCryptoKey* key,
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument* doc,
+ safeBuffer& result
) const {
throw XSECException(XSECException::AlgorithmMapperError,
@@ -656,9 +588,9 @@ bool DSIGAlgorithmHandlerDefault::encryp
// Key Creation
// --------------------------------------------------------------------------------
-XSECCryptoKey * DSIGAlgorithmHandlerDefault::createKeyForURI(
- const XMLCh * uri,
- const unsigned char * keyBuffer,
+XSECCryptoKey* DSIGAlgorithmHandlerDefault::createKeyForURI(
+ const XMLCh* uri,
+ const unsigned char* keyBuffer,
unsigned int keyLen
) const {
Modified: santuario/xml-security-cpp/trunk/xsec/dsig/DSIGConstants.cpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/dsig/DSIGConstants.cpp?rev=1818088&r1=1818087&r2=1818088&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/dsig/DSIGConstants.cpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/dsig/DSIGConstants.cpp Thu Dec 14 02:07:00 2017
@@ -42,106 +42,6 @@ XERCES_CPP_NAMESPACE_USE
#define XSEC_RELEASE_XMLCH(x) XMLString::release((XMLCh **) &x)
// --------------------------------------------------------------------------------
-// Some useful defines
-// --------------------------------------------------------------------------------
-
-static XMLCh s_dsa[] = {
-
- chLatin_d,
- chLatin_s,
- chLatin_a,
- chNull
-};
-
-static XMLCh s_rsa[] = {
-
- chLatin_r,
- chLatin_s,
- chLatin_a,
- chNull
-};
-
-static XMLCh s_ecdsa[] = {
-
- chLatin_e,
- chLatin_c,
- chLatin_d,
- chLatin_s,
- chLatin_a,
- chNull
-};
-
-static XMLCh s_hmac[] = {
-
- chLatin_h,
- chLatin_m,
- chLatin_a,
- chLatin_c,
- chNull
-};
-
-static XMLCh s_sha1[] = {
-
- chLatin_s,
- chLatin_h,
- chLatin_a,
- chDigit_1,
- chNull
-};
-
-static XMLCh s_sha224[] = {
-
- chLatin_s,
- chLatin_h,
- chLatin_a,
- chDigit_2,
- chDigit_2,
- chDigit_4,
- chNull
-};
-
-static XMLCh s_sha256[] = {
-
- chLatin_s,
- chLatin_h,
- chLatin_a,
- chDigit_2,
- chDigit_5,
- chDigit_6,
- chNull
-};
-
-static XMLCh s_sha384[] = {
-
- chLatin_s,
- chLatin_h,
- chLatin_a,
- chDigit_3,
- chDigit_8,
- chDigit_4,
- chNull
-};
-
-static XMLCh s_sha512[] = {
-
- chLatin_s,
- chLatin_h,
- chLatin_a,
- chDigit_5,
- chDigit_1,
- chDigit_2,
- chNull
-};
-
-static XMLCh s_md5[] = {
-
- chLatin_m,
- chLatin_d,
- chDigit_5,
- chNull
-};
-
-// --------------------------------------------------------------------------------
// Constant Strings Storage
// --------------------------------------------------------------------------------
@@ -433,138 +333,3 @@ void DSIGConstants::destroy() {
XSEC_RELEASE_XMLCH(s_unicodeStrPROVNSS);
}
-
-// --------------------------------------------------------------------------------
-// URI Mappings
-// --------------------------------------------------------------------------------
-
-bool getHashMethod(const XMLCh * URI, XSECCryptoHash::HashType& type) {
-
- if (strEquals(URI, s_md5)) {
-
- type = XSECCryptoHash::HASH_MD5;
- return true;
-
- }
-
- if (strEquals(URI, s_sha1)) {
-
- type = XSECCryptoHash::HASH_SHA1;
- return true;
- }
-
- if (strEquals(URI, s_sha224)) {
-
- type = XSECCryptoHash::HASH_SHA224;
- return true;
- }
-
- if (strEquals(URI, s_sha256)) {
-
- type = XSECCryptoHash::HASH_SHA256;
- return true;
- }
-
- if (strEquals(URI, s_sha384)) {
-
- type = XSECCryptoHash::HASH_SHA384;
- return true;
- }
-
- if (strEquals(URI, s_sha512)) {
-
- type = XSECCryptoHash::HASH_SHA512;
- return true;
- }
-
- type = XSECCryptoHash::HASH_NONE;
- return false;
-}
-
-bool XSECmapURIToSignatureMethods(const XMLCh * URI,
- signatureMethod & sm,
- XSECCryptoHash::HashType& type) {
-
-
- // The easy ones!
-
- if (strEquals(URI, DSIGConstants::s_unicodeStrURIDSA_SHA1)) {
-
- sm = SIGNATURE_DSA;
- type = XSECCryptoHash::HASH_SHA1;
-
- return true;
-
- }
-
- if (strEquals(URI, DSIGConstants::s_unicodeStrURIRSA_SHA1)) {
-
- sm = SIGNATURE_RSA;
- type = XSECCryptoHash::HASH_SHA1;
-
- return true;
-
- }
-
- if (strEquals(URI, DSIGConstants::s_unicodeStrURIHMAC_SHA1)) {
-
- sm = SIGNATURE_HMAC;
- type = XSECCryptoHash::HASH_SHA1;
-
- return true;
-
- }
-
- /* Check to see if we are one of the more exotic RSA signatures */
- XMLSize_t cnt = XMLString::stringLen(DSIGConstants::s_unicodeStrURISIGBASEMORE);
-
- if (XMLString::compareNString(URI, DSIGConstants::s_unicodeStrURISIGBASEMORE, cnt) == 0) {
-
- // Have a "new" algorithm
- if (XMLString::compareNString(&URI[cnt], s_hmac, 4) == 0) {
-
- // Some kind of HMAC
- sm = SIGNATURE_HMAC;
-
- // Determine a trailing hash method
- if (URI[cnt+4] != chDash)
- return false;
- return getHashMethod(&(URI[cnt+5]), type);
-
- }
- else if (XMLString::compareNString(&URI[cnt], s_rsa, 3) == 0) {
-
- sm = SIGNATURE_RSA;
- if (URI[cnt+3] != chDash)
- return false;
- return getHashMethod(&(URI[cnt+4]), type);
- }
- else if (XMLString::compareNString(&URI[cnt], s_ecdsa, 5) == 0) {
-
- sm = SIGNATURE_ECDSA;
- if (URI[cnt+5] != chDash)
- return false;
- return getHashMethod(&(URI[cnt+6]), type);
- }
-
- }
-
- cnt = XMLString::stringLen(DSIGConstants::s_unicodeStrURISIGBASE11);
-
- if (XMLString::compareNString(URI, DSIGConstants::s_unicodeStrURISIGBASE11, cnt) == 0) {
-
- if (XMLString::compareNString(&URI[cnt], s_dsa, 3) == 0) {
-
- sm = SIGNATURE_DSA;
- if (URI[cnt+3] != chDash)
- return false;
- return getHashMethod(&(URI[cnt+4]), type);
- }
-
- }
-
- sm = SIGNATURE_NONE;
- type = XSECCryptoHash::HASH_NONE;
- return false;
-
-}
Modified: santuario/xml-security-cpp/trunk/xsec/dsig/DSIGConstants.hpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/dsig/DSIGConstants.hpp?rev=1818088&r1=1818087&r2=1818088&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/dsig/DSIGConstants.hpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/dsig/DSIGConstants.hpp Thu Dec 14 02:07:00 2017
@@ -157,17 +157,6 @@ XSEC_USING_XERCES(XMLString);
#define PROV_WINCAPI "WinCAPI Provider"
#define PROV_NSS "NSS Provider"
-// Enumerated Types
-
-enum signatureMethod {
-
- SIGNATURE_NONE = 0, // No method defined
- SIGNATURE_DSA = 1, // DSA
- SIGNATURE_HMAC = 2, // Hash MAC
- SIGNATURE_RSA = 3, // RSA
- SIGNATURE_ECDSA = 4 // ECDSA
-};
-
// --------------------------------------------------------------------------------
// Constant Strings Class
@@ -281,23 +270,6 @@ public:
static void create();
static void destroy();
-
};
-
-// --------------------------------------------------------------------------------
-// URI Inverse Mappings
-// --------------------------------------------------------------------------------
-
-/* Map URIs to internal enums, if the URIs are known to the library.
- If they aren't, all these calls will set the Method variables to
- *_NONE, signifying we don't know them. Note this is not necessarily
- an error - the calling application may have installed handlers to handle
- these URIs, it's just we don't have an internal enum mapping
-*/
-
-bool XSEC_EXPORT XSECmapURIToSignatureMethods(const XMLCh* URI,
- signatureMethod& sm,
- XSECCryptoHash::HashType& type);
-
#endif /* DSIGCONSTANTS_HEADER */
Modified: santuario/xml-security-cpp/trunk/xsec/utils/XSECAlgorithmSupport.cpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/utils/XSECAlgorithmSupport.cpp?rev=1818088&r1=1818087&r2=1818088&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/utils/XSECAlgorithmSupport.cpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/utils/XSECAlgorithmSupport.cpp Thu Dec 14 02:07:00 2017
@@ -26,6 +26,10 @@
// XSEC
#include <xsec/dsig/DSIGConstants.hpp>
+#include <xsec/enc/XSECCryptoKeyDSA.hpp>
+#include <xsec/enc/XSECCryptoKeyRSA.hpp>
+#include <xsec/enc/XSECCryptoKeyEC.hpp>
+#include <xsec/enc/XSECCryptoKeyHMAC.hpp>
#include "../utils/XSECAlgorithmSupport.hpp"
@@ -38,6 +42,41 @@ XERCES_CPP_NAMESPACE_USE
// Some useful defines
// --------------------------------------------------------------------------------
+static XMLCh s_dsa[] = {
+
+ chLatin_d,
+ chLatin_s,
+ chLatin_a,
+ chNull
+};
+
+static XMLCh s_rsa[] = {
+
+ chLatin_r,
+ chLatin_s,
+ chLatin_a,
+ chNull
+};
+
+static XMLCh s_ecdsa[] = {
+
+ chLatin_e,
+ chLatin_c,
+ chLatin_d,
+ chLatin_s,
+ chLatin_a,
+ chNull
+};
+
+static XMLCh s_hmac[] = {
+
+ chLatin_h,
+ chLatin_m,
+ chLatin_a,
+ chLatin_c,
+ chNull
+};
+
static XMLCh s_sha1[] = {
chLatin_s,
@@ -105,7 +144,6 @@ static XMLCh s_md5[] = {
static bool getHashType(const XMLCh* URI, XSECCryptoHash::HashType& type)
{
-
if (XMLString::equals(URI, s_md5)) {
type = XSECCryptoHash::HASH_MD5;
return true;
@@ -166,6 +204,87 @@ XSECCryptoHash::HashType XSECAlgorithmSu
return type;
}
+bool XSECAlgorithmSupport::evalSignatureMethod(
+ const XMLCh* uri, const XSECCryptoKey* key, XSECCryptoHash::HashType& hashType
+ )
+{
+ if (!key) {
+ return false;
+ }
+
+ // The easy ones!
+
+ if (XMLString::equals(uri, DSIGConstants::s_unicodeStrURIDSA_SHA1)) {
+ hashType = XSECCryptoHash::HASH_SHA1;
+ return dynamic_cast<const XSECCryptoKeyDSA*>(key) != NULL;
+ }
+
+ if (XMLString::equals(uri, DSIGConstants::s_unicodeStrURIRSA_SHA1)) {
+ hashType = XSECCryptoHash::HASH_SHA1;
+ return dynamic_cast<const XSECCryptoKeyRSA*>(key) != NULL;
+ }
+
+ if (XMLString::equals(uri, DSIGConstants::s_unicodeStrURIHMAC_SHA1)) {
+ hashType = XSECCryptoHash::HASH_SHA1;
+ return dynamic_cast<const XSECCryptoKeyHMAC*>(key) != NULL;
+ }
+
+ /* Check to see if we are one of the more exotic RSA signatures */
+ XMLSize_t cnt = XMLString::stringLen(DSIGConstants::s_unicodeStrURISIGBASEMORE);
+
+ if (XMLString::compareNString(uri, DSIGConstants::s_unicodeStrURISIGBASEMORE, cnt) == 0) {
+
+ // Have a "new" algorithm
+ if (XMLString::compareNString(&uri[cnt], s_hmac, 4) == 0) {
+
+ // HMAC
+
+ // Determine a trailing hash method
+ if (uri[cnt+4] != chDash)
+ return false;
+
+ return dynamic_cast<const XSECCryptoKeyHMAC*>(key) != NULL &&
+ ::getHashType(&(uri[cnt+5]), hashType);
+ }
+ else if (XMLString::compareNString(&uri[cnt], s_rsa, 3) == 0) {
+
+ // RSA
+
+ if (uri[cnt+3] != chDash)
+ return false;
+ return dynamic_cast<const XSECCryptoKeyRSA*>(key) != NULL &&
+ ::getHashType(&(uri[cnt+4]), hashType);
+ }
+ else if (XMLString::compareNString(&uri[cnt], s_ecdsa, 5) == 0) {
+
+ // ECDSA;
+ if (uri[cnt+5] != chDash)
+ return false;
+
+ return dynamic_cast<const XSECCryptoKeyEC*>(key) != NULL &&
+ ::getHashType(&(uri[cnt+6]), hashType);
+ }
+ }
+
+ cnt = XMLString::stringLen(DSIGConstants::s_unicodeStrURISIGBASE11);
+
+ if (XMLString::compareNString(uri, DSIGConstants::s_unicodeStrURISIGBASE11, cnt) == 0) {
+
+ if (XMLString::compareNString(&uri[cnt], s_dsa, 3) == 0) {
+
+ // DSA
+
+ if (uri[cnt+3] != chDash)
+ return false;
+
+ return dynamic_cast<const XSECCryptoKeyDSA*>(key) != NULL &&
+ ::getHashType(&(uri[cnt+4]), hashType);
+ }
+ }
+
+ return false;
+}
+
XSECCryptoHash::HashType XSECAlgorithmSupport::getMGF1HashType(const XMLCh* uri)
{
// Check this is a known prefix on the URI.
Modified: santuario/xml-security-cpp/trunk/xsec/utils/XSECAlgorithmSupport.hpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/utils/XSECAlgorithmSupport.hpp?rev=1818088&r1=1818087&r2=1818088&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/utils/XSECAlgorithmSupport.hpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/utils/XSECAlgorithmSupport.hpp Thu Dec 14 02:07:00 2017
@@ -69,6 +69,18 @@ public:
static XSECCryptoHash::HashType getMGF1HashType(const XMLCh* uri);
/**
+ * \brief Map signature algorithm URI to the corresponding hash type while
+ * verifying the compatibility of an associated key.
+ *
+ * @param uri algorithm identifier
+ * @param key signing key
+ * @param hashType hash type to use
+ */
+ static bool evalSignatureMethod(
+ const XMLCh* uri, const XSECCryptoKey* key, XSECCryptoHash::HashType& hashType
+ );
+
+ /**
* \brief Process a c14n method URI to determine the relevant properties to use.
*
* Currently the only supported methods are the original 1.0 and 1.1 inclusive and 1.0
@@ -80,7 +92,9 @@ public:
* @param onedotone true on output iff the algorithm was 1.1 Inclusive
* @returns true iff the algorithm was known
*/
- static bool evalCanonicalizationMethod(const XMLCh* uri, bool& exclusive, bool& comments, bool& onedotone);
+ static bool evalCanonicalizationMethod(
+ const XMLCh* uri, bool& exclusive, bool& comments, bool& onedotone
+ );
};