You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by sc...@apache.org on 2017/12/13 20:55:20 UTC
svn commit: r1818065 [2/3] - in /santuario/xml-security-cpp/trunk/xsec:
dsig/ tools/siginf/ tools/xtest/ transformers/ utils/ xenc/ xenc/impl/
xkms/impl/
Modified: santuario/xml-security-cpp/trunk/xsec/dsig/DSIGSignature.hpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/dsig/DSIGSignature.hpp?rev=1818065&r1=1818064&r2=1818065&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/dsig/DSIGSignature.hpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/dsig/DSIGSignature.hpp Wed Dec 13 20:55:19 2017
@@ -74,266 +74,266 @@ protected:
/** @name Constructors and Destructors */
//@{
-
+
/**
- * \brief Contructor for use with existing XML signatures or templates.
- *
- * <p>Create a DSIGSignature object based on an already existing
- * DSIG Signature XML node. It is assumed that the underlying
- * DOM structure is in place and works correctly.</p>
- *
- * <p>It is required that the caller pass in the signature DOM Node
- * as there may be more than one signature in a document. The caller
- * needs to specify which signature tree is to be used.</p>
- *
- * @param doc The DOM document node in which the signature is embedded.
- * @param sigNode The DOM node (within doc) that is to be used as the base of the signature.
- * @see #load
- */
+ * \brief Contructor for use with existing XML signatures or templates.
+ *
+ * <p>Create a DSIGSignature object based on an already existing
+ * DSIG Signature XML node. It is assumed that the underlying
+ * DOM structure is in place and works correctly.</p>
+ *
+ * <p>It is required that the caller pass in the signature DOM Node
+ * as there may be more than one signature in a document. The caller
+ * needs to specify which signature tree is to be used.</p>
+ *
+ * @param doc The DOM document node in which the signature is embedded.
+ * @param sigNode The DOM node (within doc) that is to be used as the base of the signature.
+ * @see #load
+ */
- DSIGSignature(XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument *doc,
- XERCES_CPP_NAMESPACE_QUALIFIER DOMNode *sigNode);
+ DSIGSignature(XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument* doc,
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMNode* sigNode);
- ~DSIGSignature();
+ virtual ~DSIGSignature();
//@}
-
+
public:
- /** @name Load and Setup Functions */
- //@{
+ /** @name Load and Setup Functions */
+ //@{
+
+ /**
+ * \brief Load the signature information from the DOM source.
+ *
+ * Used to tell the DSIGSignature object to read from the DOM tree
+ * into local structures. Will throw various exceptions if it finds that
+ * the DOM structure is not in line with the XML Signature standard.
+ *
+ */
+
+ void load();
+
+ /**
+ * \brief Externally set the signing/verification key
+ *
+ * Used prior to a verify or sign operation to set the signature key (public or
+ * private respectively) to be used for the operation.
+ *
+ * @note Once passed in via this call, the key is owned by the Signature. It will
+ * deleted when a new key is loaded or the signature is released.
+ *
+ * @see #verify
+ * @see #sign
+ */
+
+ void setSigningKey(XSECCryptoKey* k);
+
+ //@}
+
+ /** @name Signature Operations */
+ //@{
+
+ /**
+ * \brief Verify that a signature is valid.
+ *
+ * <p>The <I>verify</I> function will validate the signature of an XML document
+ * previously loaded into the DSIGSignature structure via a <I>load</I>.</p>
+ *
+ * <p>It performs the following operations : </p>
+ * <ul>
+ * <li>Iterate through each reference and validate the hash;
+ * <li>Iterate through references contained in \<manifest\> elements;
+ * <li>Calculate the hash of the \<SignedInfo\> element; and
+ * <li>Validate the signature of the hash previously calculated.
+ * </ul>
+ *
+ * @returns true/false
+ * <ul>
+ * <li><b>true</b> = Signature (and all references) validated correctly.
+ * <li><b>false</b> = Signature validation failed. An error list can be found via a
+ * call to #getErrMsgs.
+ * </ul>
+ * @see #load
+ * @see #getErrMsgs
+ */
+
+ bool verify() const;
+
+ /**
+ * \brief Verify a signature is valid (skip references).
+ *
+ * <p>This function is almost the same as #verify except it will skip the
+ * reference checks.
+ *
+ * @see #load
+ * @see #verify
+ */
- /**
- * \brief Load the signature information from the DOM source.
- *
- * Used to tell the DSIGSignature object to read from the DOM tree
- * into local structures. Will throw various exceptions if it finds that
- * the DOM structure is not in line with the XML Signature standard.
- *
- */
-
- void load(void);
-
- /**
- * \brief Externally set the signing/verification key
- *
- * Used prior to a verify or sign operation to set the signature key (public or
- * private respectively) to be used for the operation.
- *
- * @note Once passed in via this call, the key is owned by the Signature. It will
- * deleted when a new key is loaded or the signature is released.
- *
- * @see #verify
- * @see #sign
- */
-
- void setSigningKey(XSECCryptoKey *k);
-
- //@}
-
- /** @name Signature Operations */
- //@{
-
- /**
- * \brief Verify that a signature is valid.
- *
- * <p>The <I>verify</I> function will validate the signature of an XML document
- * previously loaded into the DSIGSignature structure via a <I>load</I>.</p>
- *
- * <p>It performs the following operations : </p>
- * <ul>
- * <li>Iterate through each reference and validate the hash;
- * <li>Iterate through references contained in \<manifest\> elements;
- * <li>Calculate the hash of the \<SignedInfo\> element; and
- * <li>Validate the signature of the hash previously calculated.
- * </ul>
- *
- * @returns true/false
- * <ul>
- * <li><b>true</b> = Signature (and all references) validated correctly.
- * <li><b>false</b> = Signature validation failed. An error list can be found via a
- * call to #getErrMsgs.
- * </ul>
- * @see #load
- * @see #getErrMsgs
- */
-
- bool verify(void) const;
-
- /**
- * \brief Verify a signature is valid (skip references).
- *
- * <p>This function is almost the same as #verify except it will skip the
- * reference checks.
- *
- * @see #load
- * @see #verify
- */
-
- bool verifySignatureOnly(void) const;
-
- /**
- * \brief Sign a DSIGSignature DOM structure.
- *
- * <p>The #sign function will create the reference hash values and signature
- * value in a DOM structure previously created via a #load or #createBlankSignature
- * call </p>
- *
- * <p>It performs the following operations : </p>
- * <ul>
- * <li>Iterate through each reference, calculate and set the hash value;
- * <li>Iterate through references contained in \<manifest\> elements and set their values;
- * <li>Calculate the hash of the \<SignedInfo\> element; and
- * <li>Calculate (and set) the signature value given the hash previously calculated.
- * </ul>
- *
- * @note The key to use for signing must have been set prior to call to sign using #setSigningKey
- *
- * @throws XSECException (for errors during the XML formatting and loading)
- * @throws XSECCryptoException (for errors during the cryptographic operations)
- *
- * @see #setSigningKey
- * @see #load
- * @see #getErrMsgs
- */
-
- void sign(void);
- //@}
-
- /** @name Functions to create and manipulate signature elements. */
- //@{
-
- /**
- * \brief Set the prefix be used for the DSIG namespace.
- *
- * <p>When the XSEC library creates XML Element nodes, it uses the prefix here
- * for all nodes created. By default, the library assumes that the default
- * namespace is used.</p>
- *
- * <p>The #createBlankSignature function will use this prefix to setup the
- * dsig namespace. E.g. (assuming a call has been made to set the prefix to "ds")
- * the \<Signature\> element will have a namespace attribute added of</p>
- *
- * <p>xmlns:ds="http://www.w3.org/2000/09/xmldsig#"</p>
- *
- * <p>If no prefix has been set, this attribute will be set as the default namespace</p>
- *
- * @see #createBlankSignature
- * @param prefix The UTF-16 encoided NS prefix to use for the XML
- * Digital Signature nodes
- */
-
- void setDSIGNSPrefix(const XMLCh * prefix);
-
- /**
- * \brief Set the prefix be used for the Exclusive Canonicalisation namespace.
- *
- * The Exclusive Canonicalisation specification defines a new namespace for the
- * InclusiveNamespaces node. This function can be used to set the prefix
- * that the library will use when creating nodes within this namespace.
- *
- * <p>xmlns:ds="http://www.w3.org/2001/10/xml-exc-c14n#"</p>
- *
- * If no prefix is set, the default namespace will be used
- *
- * @see #createBlankSignature
- * @param prefix The UTF-16 encoided NS prefix to use for the XML
- * Exclusive Canonicalisation nodes
- */
-
- void setECNSPrefix(const XMLCh * prefix);
-
- /**
- * \brief Set the prefix be used for the XPath-Filter2 namespace.
- *
- * The XPathFilter definition uses its own namespace. This
- * method can be used to set the prefix that the library will use
- * when creating elements in this namespace
- *
- * <p>xmlns:ds="http://www.w3.org/2002/06/xmldsig-filter2"</p>
- *
- * If no prefix is set, the default namespace will be used
- *
- * @see #createBlankSignature
- * @param prefix The UTF-16 encoided NS prefix to use for the XPath
- * filter nodes
- */
-
- void setXPFNSPrefix(const XMLCh * prefix);
-
- /**
- * \brief Set Pretty Print
- *
- * The pretty print functions controls whether the library will output
- * CR/LF after the elements it adds to a document
- *
- * By default the library will do pretty printing (flag is true)
- *
- * @param flag Value to set for Pretty Printing (true = do pretty printing)
- */
-
- void setPrettyPrint(bool flag);
-
- /**
- * \brief Tell caller whether PrettyPrinting is active
- *
- * @returns True if Pretty Printing is active, false if not
- */
-
- bool getPrettyPrint(void) const;
-
- /**
- * \brief Create a \<Signature\> DOM structure.
- *
- * <p>The DOM structure created is still divorced from the document. The callee
- * needs to take the returned \<Signature\> Element node and insert it at the
- * appropriate place in their document.</p>
- *
- * <p>The signature is a skeleton only. There are no references or KeyInfo
- * elements inserted. However the DSIGSignature structures are set up with the
- * new information, so once an element has been created and a signing key has been
- * set, a call to #sign will sign appropriately.
- *
- * @note The digest method (hash method) set here is for the signing function only.
- * Different hash methods can be used for reference elements.
- *
- * @param doc The document the Signature DOM structure will be inserted into.
- * @param canonicalizationAlgorithmURI The canonicalisation method to use.
- * @param signatureAlgorithmURI The Signature algorithm (defined by URI) to use
- * @returns The newly created \<Signature\> element that the caller should insert in
- * the document.
- */
-
- XERCES_CPP_NAMESPACE_QUALIFIER DOMElement *createBlankSignature(
- XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument *doc,
- const XMLCh * canonicalizationAlgorithmURI,
- const XMLCh * signatureAlgorithmURI
- );
-
- /**
- * \brief Add a new reference to the end of the list of \<Reference\> nodes.
- *
- * <p>Creates a new DSIGReference, adds it to the list of references handled
- * by the owning DSIGSignature and also creates the skeleton DOM structure into
- * the document.</p>
- *
- * @note The XSEC Library currently makes very little use of <em>type</em>
- * attributes in \<Reference\> Elements. However this may of use to calling
- * applications.
- *
- * @see DSIGReference
- * @param URI The Data that this Reference node refers to.
- * @param hm The hashing (digest) method to be used for this reference
- * @param type A "type" string (as defined in XML Signature).
- * @returns The newly created DSIGReference element.
- * @deprecated Use the URI based creation method instead
- *
- */
-
- DSIGReference * createReference(
- const XMLCh * URI,
- const XMLCh * hashAlgorithmURI,
- const XMLCh * type = NULL
- );
+ bool verifySignatureOnly() const;
+
+ /**
+ * \brief Sign a DSIGSignature DOM structure.
+ *
+ * <p>The #sign function will create the reference hash values and signature
+ * value in a DOM structure previously created via a #load or #createBlankSignature
+ * call </p>
+ *
+ * <p>It performs the following operations : </p>
+ * <ul>
+ * <li>Iterate through each reference, calculate and set the hash value;
+ * <li>Iterate through references contained in \<manifest\> elements and set their values;
+ * <li>Calculate the hash of the \<SignedInfo\> element; and
+ * <li>Calculate (and set) the signature value given the hash previously calculated.
+ * </ul>
+ *
+ * @note The key to use for signing must have been set prior to call to sign using #setSigningKey
+ *
+ * @throws XSECException (for errors during the XML formatting and loading)
+ * @throws XSECCryptoException (for errors during the cryptographic operations)
+ *
+ * @see #setSigningKey
+ * @see #load
+ * @see #getErrMsgs
+ */
+
+ void sign();
+ //@}
+
+ /** @name Functions to create and manipulate signature elements. */
+ //@{
+
+ /**
+ * \brief Set the prefix be used for the DSIG namespace.
+ *
+ * <p>When the XSEC library creates XML Element nodes, it uses the prefix here
+ * for all nodes created. By default, the library assumes that the default
+ * namespace is used.</p>
+ *
+ * <p>The #createBlankSignature function will use this prefix to setup the
+ * dsig namespace. E.g. (assuming a call has been made to set the prefix to "ds")
+ * the \<Signature\> element will have a namespace attribute added of</p>
+ *
+ * <p>xmlns:ds="http://www.w3.org/2000/09/xmldsig#"</p>
+ *
+ * <p>If no prefix has been set, this attribute will be set as the default namespace</p>
+ *
+ * @see #createBlankSignature
+ * @param prefix The UTF-16 encoided NS prefix to use for the XML
+ * Digital Signature nodes
+ */
+
+ void setDSIGNSPrefix(const XMLCh* prefix);
+
+ /**
+ * \brief Set the prefix be used for the Exclusive Canonicalisation namespace.
+ *
+ * The Exclusive Canonicalisation specification defines a new namespace for the
+ * InclusiveNamespaces node. This function can be used to set the prefix
+ * that the library will use when creating nodes within this namespace.
+ *
+ * <p>xmlns:ds="http://www.w3.org/2001/10/xml-exc-c14n#"</p>
+ *
+ * If no prefix is set, the default namespace will be used
+ *
+ * @see #createBlankSignature
+ * @param prefix The UTF-16 encoided NS prefix to use for the XML
+ * Exclusive Canonicalisation nodes
+ */
+
+ void setECNSPrefix(const XMLCh* prefix);
+
+ /**
+ * \brief Set the prefix be used for the XPath-Filter2 namespace.
+ *
+ * The XPathFilter definition uses its own namespace. This
+ * method can be used to set the prefix that the library will use
+ * when creating elements in this namespace
+ *
+ * <p>xmlns:ds="http://www.w3.org/2002/06/xmldsig-filter2"</p>
+ *
+ * If no prefix is set, the default namespace will be used
+ *
+ * @see #createBlankSignature
+ * @param prefix The UTF-16 encoided NS prefix to use for the XPath
+ * filter nodes
+ */
+
+ void setXPFNSPrefix(const XMLCh* prefix);
+
+ /**
+ * \brief Set Pretty Print
+ *
+ * The pretty print functions controls whether the library will output
+ * CR/LF after the elements it adds to a document
+ *
+ * By default the library will do pretty printing (flag is true)
+ *
+ * @param flag Value to set for Pretty Printing (true = do pretty printing)
+ */
+
+ void setPrettyPrint(bool flag);
+
+ /**
+ * \brief Tell caller whether PrettyPrinting is active
+ *
+ * @returns True if Pretty Printing is active, false if not
+ */
+
+ bool getPrettyPrint() const;
+
+ /**
+ * \brief Create a \<Signature\> DOM structure.
+ *
+ * <p>The DOM structure created is still divorced from the document. The callee
+ * needs to take the returned \<Signature\> Element node and insert it at the
+ * appropriate place in their document.</p>
+ *
+ * <p>The signature is a skeleton only. There are no references or KeyInfo
+ * elements inserted. However the DSIGSignature structures are set up with the
+ * new information, so once an element has been created and a signing key has been
+ * set, a call to #sign will sign appropriately.
+ *
+ * @note The digest method (hash method) set here is for the signing function only.
+ * Different hash methods can be used for reference elements.
+ *
+ * @param doc The document the Signature DOM structure will be inserted into.
+ * @param canonicalizationAlgorithmURI The canonicalisation method to use.
+ * @param signatureAlgorithmURI The Signature algorithm (defined by URI) to use
+ * @returns The newly created \<Signature\> element that the caller should insert in
+ * the document.
+ */
+
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMElement* createBlankSignature(
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument* doc,
+ const XMLCh* canonicalizationAlgorithmURI,
+ const XMLCh* signatureAlgorithmURI
+ );
+
+ /**
+ * \brief Add a new reference to the end of the list of \<Reference\> nodes.
+ *
+ * <p>Creates a new DSIGReference, adds it to the list of references handled
+ * by the owning DSIGSignature and also creates the skeleton DOM structure into
+ * the document.</p>
+ *
+ * @note The XSEC Library currently makes very little use of <em>type</em>
+ * attributes in \<Reference\> Elements. However this may of use to calling
+ * applications.
+ *
+ * @see DSIGReference
+ * @param URI The Data that this Reference node refers to.
+ * @param hm The hashing (digest) method to be used for this reference
+ * @param type A "type" string (as defined in XML Signature).
+ * @returns The newly created DSIGReference element.
+ * @deprecated Use the URI based creation method instead
+ *
+ */
+
+ DSIGReference* createReference(
+ const XMLCh* URI,
+ const XMLCh* hashAlgorithmURI,
+ const XMLCh* type = NULL
+ );
/**
* \brief Remove a reference from the signature
@@ -349,150 +349,149 @@ public:
* @param index Point in the list to remove
*/
- DSIGReference * removeReference(DSIGReferenceList::size_type index);
- //@}
+ DSIGReference* removeReference(DSIGReferenceList::size_type index);
+ //@}
+
+ /** @name General and Information functions. */
+ //@{
+
+ /**
+ * \brief Get the hash of the Signed Value
+ *
+ * Function to calculate and return the hash of the \<SignedInfo\>
+ * structures (after the canonicalization defined by
+ * \<CanonicalizationMethod\> and the reference hashes have been performed).
+ *
+ * @param hashBuf Buffer to place the raw hash in.
+ * @param hashBufLen The length of the buffer
+ * @returns The length of the hash that was placed in hashBuf
+ *
+ */
+
+ unsigned int calculateSignedInfoAndReferenceHash(unsigned char* hashBuf,
+ unsigned int hashBufLen) const;
+
+ /**
+ * \brief Get the hash of the Signed Value
+ *
+ * Function to calculate and return the hash of the \<SignedInfo\>
+ * structures (after the canonicalization defined by
+ * \<CanonicalizationMethod\> has been performed).
+ *
+ * @param hashBuf Buffer to place the raw hash in.
+ * @param hashBufLen The length of the buffer
+ * @returns The length of the hash that was placed in hashBuf
+ *
+ */
+
+ unsigned int calculateSignedInfoHash(unsigned char* hashBuf,
+ unsigned int hashBufLen) const;
+
+ /**
+ * \brief Return the reference list for outside use.
+ *
+ * Returns a pointer to the list of references which can
+ * then be read by the caller.
+ *
+ * @returns The referenceList
+ */
+
+ DSIGReferenceList* getReferenceList();
+
+ /**
+ * \brief Return the reference list for outside use.
+ *
+ * Returns a pointer to the list of references which can
+ * then be read by the caller.
+ *
+ * @returns The referenceList
+ */
+
+ const DSIGReferenceList* getReferenceList() const;
+
+ /**
+ * \brief Create an input stream from SignedInfo.
+ *
+ * This method allows applications to read the fully canonicalised
+ * byte stream that is hashed and signed.
+ *
+ * All transforms are performed up to the point where they would
+ * normally be fed into the Digest function.
+ *
+ * @returns A BinInputSource of the canonicalised SignedInfo
+ */
- /** @name General and Information functions. */
- //@{
- /**
- * \brief Get the hash of the Signed Value
- *
- * Function to calculate and return the hash of the \<SignedInfo\>
- * structures (after the canonicalization defined by
- * \<CanonicalizationMethod\> and the reference hashes have been performed).
- *
- * @param hashBuf Buffer to place the raw hash in.
- * @param hashBufLen The length of the buffer
- * @returns The length of the hash that was placed in hashBuf
- *
- */
-
- unsigned int calculateSignedInfoAndReferenceHash(unsigned char * hashBuf,
- unsigned int hashBufLen) const;
-
- /**
- * \brief Get the hash of the Signed Value
- *
- * Function to calculate and return the hash of the \<SignedInfo\>
- * structures (after the canonicalization defined by
- * \<CanonicalizationMethod\> has been performed).
- *
- * @param hashBuf Buffer to place the raw hash in.
- * @param hashBufLen The length of the buffer
- * @returns The length of the hash that was placed in hashBuf
- *
- */
-
- unsigned int calculateSignedInfoHash(unsigned char * hashBuf,
- unsigned int hashBufLen) const;
-
- /**
- * \brief Return the reference list for outside use.
- *
- * Returns a pointer to the list of references which can
- * then be read by the caller.
- *
- * @returns The referenceList
- */
-
- DSIGReferenceList * getReferenceList(void);
-
- /**
- * \brief Return the reference list for outside use.
- *
- * Returns a pointer to the list of references which can
- * then be read by the caller.
- *
- * @returns The referenceList
- */
-
- const DSIGReferenceList * getReferenceList(void) const;
-
- /**
- * \brief Create an input stream from SignedInfo.
- *
- * This method allows applications to read the fully canonicalised
- * byte stream that is hashed and signed.
- *
- * All transforms are performed up to the point where they would
- * normally be fed into the Digest function.
- *
- * @returns A BinInputSource of the canonicalised SignedInfo
- */
-
-
- XSECBinTXFMInputStream * makeBinInputStream(void) const;
-
-
- /**
- * \brief Get the Error messages from the last #verify.
- *
- * Returns a list of text error messages from the last Signature
- * operation. Each error that occurred is in the buffer, separated
- * by new-lines.
- *
- * @note The buffer is owned by the DSIGSignature object - do not delete it
- *
- * @returns A pointer to the buffer containing the error strings.
- *
- */
-
- const XMLCh * getErrMsgs(void) const;
-
- /**
- * \brief Get the NS Prefix being used for DSIG elements.
- *
- * @returns A pointer to the buffer holding the prefix
- * @see #setDSIGNSPrefix
- *
- */
-
- const XMLCh * getDSIGNSPrefix() const;
-
- /**
- * \brief Get the NS being used for EC nodes
- *
- * @returns A pointer to the buffer holding the prefix
- * @see #setECNSPrefix
- */
-
- const XMLCh * getECNSPrefix() const;
-
- /**
- * \brief Get the NS being used for XPath Filter2 nodes
- *
- * @returns A pointer to the buffer holding the prefix
- * @see #setXPFNSPrefix
- */
-
- const XMLCh * getXPFNSPrefix() const;
-
- /**
- * \brief
- *
- * Get the DOM_Document that this Signature is operating within.
- *
- * Mainly used by the library itself.
- *
- * @returns The DOM_Document node.
- */
-
- XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument * getParentDocument() const
- {return mp_doc;}
-
- /**
- * \brief Get canonicalisation algorithm
- *
- * Returns the canonicalisation algorithm that will be/is used
- * to canonicalise the \<SignedInfo\> element prior to hash/sign
- *
- * @returns The canonicalisation method
- */
-
- canonicalizationMethod getCanonicalizationMethod(void) const
- {return (mp_signedInfo != NULL ?
- mp_signedInfo->getCanonicalizationMethod() : CANON_NONE);}
+ XSECBinTXFMInputStream* makeBinInputStream() const;
+
+
+ /**
+ * \brief Get the Error messages from the last #verify.
+ *
+ * Returns a list of text error messages from the last Signature
+ * operation. Each error that occurred is in the buffer, separated
+ * by new-lines.
+ *
+ * @note The buffer is owned by the DSIGSignature object - do not delete it
+ *
+ * @returns A pointer to the buffer containing the error strings.
+ *
+ */
+
+ const XMLCh* getErrMsgs() const;
+
+ /**
+ * \brief Get the NS Prefix being used for DSIG elements.
+ *
+ * @returns A pointer to the buffer holding the prefix
+ * @see #setDSIGNSPrefix
+ *
+ */
+
+ const XMLCh* getDSIGNSPrefix() const;
+
+ /**
+ * \brief Get the NS being used for EC nodes
+ *
+ * @returns A pointer to the buffer holding the prefix
+ * @see #setECNSPrefix
+ */
+
+ const XMLCh* getECNSPrefix() const;
+
+ /**
+ * \brief Get the NS being used for XPath Filter2 nodes
+ *
+ * @returns A pointer to the buffer holding the prefix
+ * @see #setXPFNSPrefix
+ */
+
+ const XMLCh* getXPFNSPrefix() const;
+
+ /**
+ * \brief
+ *
+ * Get the DOM_Document that this Signature is operating within.
+ *
+ * Mainly used by the library itself.
+ *
+ * @returns The DOM_Document node.
+ */
+
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument* getParentDocument() const
+ {return mp_doc;}
+
+ /**
+ * \brief Get canonicalisation algorithm
+ *
+ * Returns the canonicalisation algorithm that will be/is used
+ * to canonicalise the \<SignedInfo\> element prior to hash/sign
+ *
+ * @returns The canonicalisation method
+ */
+
+ const XMLCh* getCanonicalizationMethod() const
+ {return mp_signedInfo != NULL ? mp_signedInfo->getCanonicalizationMethod() : NULL;}
/**
@@ -502,451 +501,446 @@ public:
* the signature
*/
- const XMLCh * getAlgorithmURI() const;
+ const XMLCh* getAlgorithmURI() const;
+
+ /**
+ * \brief Get the Signature Value
+ *
+ * Returns the base64 string holding the signature value for this signature
+ *
+ * @returns the signature value string
+ */
+
+ const XMLCh* getSignatureValue(void) const;
+
+ /**
+ * \brief Helper function for sub Classes.
+ *
+ * Returns the pointer to the formatter being used within the Signature
+ *
+ */
+
+ XSECSafeBufferFormatter* getSBFormatter(void) const {return mp_formatter;}
- /**
- * \brief Get the Signature Value
- *
- * Returns the base64 string holding the signature value for this signature
- *
- * @returns the signature value string
- */
-
- const XMLCh * getSignatureValue(void) const;
-
- /**
- * \brief Helper function for sub Classes.
- *
- * Returns the pointer to the formatter being used within the Signature
- *
- */
-
- XSECSafeBufferFormatter * getSBFormatter(void) const {return mp_formatter;}
-
- /**
- * \brief Set the interlocking references flag
- *
- * This flag controls whether the library will cater for "interlocking"
- * Reference nodes - where the hash of one reference depends on the
- * hash of another.
- *
- * As of Version 1.3, this is, by default, set to false, as it is
- * fairly unusual to find a Reference node that has as an input the
- * digest value of another reference node. By setting this value to
- * true, the library will first calculate all hash values, and then
- * verify the hash values. If any are incorrect (caused by one
- * the value of one reference being changed *after* it was used as
- * the input to another), then the hash values are recalculated. This
- * is repeated until the reference list "settles".
- *
- * @param flag true for interlocking references, false for standalone
- */
-
- void setInterlockingReferences(bool flag) {m_interlockingReferences = flag;}
-
-
- /**
- * \brief Get the interlocking references flag
- *
- * This flag controls whether the library will cater for "interlocking"
- * Reference nodes - where the hash of one reference depends on the
- * hash of another.
- *
- * As of Version 1.3, this is, by default, set to false, as it is
- * fairly unusual to find a Reference node that has as an input the
- * digest value of another reference node. By setting this value to
- * true, the library will first calculate all hash values, and then
- * verify the hash values. If any are incorrect (caused by one
- * the value of one reference being changed *after* it was used as
- * the input to another), then the hash values are recalculated. This
- * is repeated until the reference list "settles".
- *
- * @return Value of flag - true for interlocking references, false for standalone
- */
-
- bool getInterlockingReferences(void) const {return m_interlockingReferences;}
-
- //@}
-
- /** @name Resolver manipulation */
- //@{
-
- /**
- * \brief Register a URIResolver
- *
- * Registers a URIResolver to be used by the Signature when dereferencing
- * a URI in a Reference element
- *
- */
-
- void setURIResolver(XSECURIResolver * resolver);
-
- /**
- * \brief Return a pointer to the resolver being used
- *
- * @returns A pointer to the URIResolver registered in this signature
- */
-
- XSECURIResolver * getURIResolver(void) const;
-
- /**
- * \brief Register a KeyInfoResolver
- *
- * Registers a KeyInfoResolver to be used by the Signature when
- * it needs to find a key to be used to validate a signature
- *
- */
-
- void setKeyInfoResolver(XSECKeyInfoResolver * resolver);
-
- /**
- * \brief Return a pointer to the resolver being used
- *
- * @returns A pointer to the KeyInfoResolver registered in this signature
- */
-
- XSECKeyInfoResolver * getKeyInfoResolver(void) const;
-
- //@}
-
- /** @name KeyInfo Element Manipulation */
-
- //@{
-
- /**
- * \brief Get the list of \<KeyInfo\> elements.
- *
- * <p>This function recovers list that contains the KeyInfo elements
- * read in from the DOM document.</p>
- *
- * <p>This list should be used by calling applications to determine what key
- * is appropriate for validating (or even signing) the Signature.</p>
- *
- * @todo The KeyInfo process is very primitive. An interface needs to be
- * created to allow application developers to install an object into the Signature
- * that the Signature can call on to translate KeyInfo lists into a Key.
- * @returns A pointer to the DSIGKeyInfoList object held by the DSIGSignature
- */
-
- DSIGKeyInfoList * getKeyInfoList() {return &m_keyInfoList;}
-
- /**
- * \brief Get the list of \<KeyInfo\> elements.
- *
- * <p>This function recovers list that contains the KeyInfo elements
- * read in from the DOM document.</p>
- *
- * <p>This list should be used by calling applications to determine what key
- * is appropriate for validating (or even signing) the Signature.</p>
- *
- * @todo The KeyInfo process is very primitive. An interface needs to be
- * created to allow application developers to install an object into the Signature
- * that the Signature can call on to translate KeyInfo lists into a Key.
- * @returns A pointer to the DSIGKeyInfoList object held by the DSIGSignature
- */
-
- const DSIGKeyInfoList * getKeyInfoList() const {return &m_keyInfoList;}
-
- /**
- * \brief Clear out all KeyInfo elements in the signature.
- *
- * This function will delete all KeyInfo elements from both the DSIGSignature
- * object <em>and the associated DOM</em>.
- *
- */
-
- void clearKeyInfo(void);
-
- /**
- * \brief Append a DSA KeyValue element
- *
- * Add a new KeyInfo element for a DSA Value
- *
- * @param P Base64 encoded value of P
- * @param Q Base64 encoded value of Q
- * @param G Base64 encoded value of G
- * @param Y Base64 encoded value of Y
- * @returns A pointer to the created object.
- */
-
- DSIGKeyInfoValue * appendDSAKeyValue(const XMLCh * P,
- const XMLCh * Q,
- const XMLCh * G,
- const XMLCh * Y);
-
- /**
- * \brief Append a RSA KeyValue element
- *
- * Add a new KeyInfo element for a RSA Value
- *
- * @param modulus Base64 encoded value of the modulus
- * @param exponent Base64 encoded value of exponent
- * @returns A pointer to the created object.
- */
-
- DSIGKeyInfoValue * appendRSAKeyValue(const XMLCh * modulus,
- const XMLCh * exponent);
-
- /**
- * \brief Append a X509Data element.
- *
- * Add a new KeyInfo element for X509 data.
- *
- * @note The added element is empty. The caller must make use of the
- * returned object to set the required values.
- *
- * @returns A pointer to the created object.
- */
-
- DSIGKeyInfoX509 * appendX509Data(void);
-
- /**
- * \brief Append a KeyName element.
- *
- * Add a new KeyInfo element for a key name.
- *
- * @param name The name of the key to set in the XML
- * @param isDName Treat the name as a Distinguished name and encode accordingly
- * @returns A pointer to the created object
- */
-
- DSIGKeyInfoName * appendKeyName(const XMLCh * name, bool isDName = false);
-
- /**
- * \brief Append a PGPData element.
- *
- * Add a new KeyInfo element for a PGP key.
- *
- * @param id The ID of the key to set in the XML (base64 encoded - NULL if none)
- * @param packet The Packet information to set in the XML (base64 encoded -
- * NULL if none)
- * @returns A pointer to the created object
- */
-
- DSIGKeyInfoPGPData * appendPGPData(const XMLCh * id, const XMLCh * packet);
-
- /**
- * \brief Append a SPKIData element
- *
- * Add a new KeyInfo element for a set of SPKI S-expressions
- *
- * @param sexp The initial S-expression to set in the SPKIData element
- * @returns A pointer to the created object
- */
-
- DSIGKeyInfoSPKIData * appendSPKIData(const XMLCh * sexp);
-
- /**
- * \brief Append a MgmtData element
- *
- * Add a new KeyInfo element for Management Data
- *
- * @param data The string to set in the MgmtData element
- * @returns A pointer to the created object
- */
-
- DSIGKeyInfoMgmtData * appendMgmtData(const XMLCh * data);
-
- //@}
-
- /** @name Object handling */
- //@{
-
- /**
- * \brief Append an object container
- *
- * Create a new Object (i.e. a Signature \<Object\> which is a container
- * element used to hold information that needs to be signed within the
- * signature - i.e. in enveloping mode
- *
- * @returns the newly created DSIGObject
- */
-
- DSIGObject * appendObject(void);
-
- /**
- * \brief Find the number of ds:Object nodes within the Signature
- *
- * @returns the number of ds:Object nodes held in the Signature, 0 if none
- */
-
- int getObjectLength(void) const;
-
- /**
- * \brief Get a particular ds:Object from within the Signature
- *
- * @returns the ith Object from the list of ds:Object nodes in the signature.
- * Items are ordered in tree order.
- */
-
- DSIGObject * getObjectItem(int i);
-
- /**
- * \brief Get a particular ds:Object from within the Signature
- *
- * @returns the ith Object from the list of ds:Object nodes in the signature.
- * Items are ordered in tree order.
- */
-
- const DSIGObject * getObjectItem(int i) const;
-
- //@}
-
- /** @name ID handling */
-
- //@{
-
- /**
- * \brief Set Id finding behaviour
- *
- * The library de-references "#obj" URI references to ID attributes within
- * a DOM document. Currently, the library first uses DOM calls to find if
- * the Id has been properly set within the document via the parser or one
- * of the DOM Level 3 calls to set an Id.
- *
- * If no Id is found of the correct name, the library then starts searching
- * for attributes of a given name with the required value. This list defaults
- * to "id" and "Id", but can be modified via a call to addIdAttributeName()
- *
- * The setIdByAttributeName call enables or disables the second part of the Id
- * search. I.e. when the Id doesn't exist as an attribute of Type=ID, whether or
- * not to search for an attribute of a name in the list of names. By default
- * this behaviour is disabled.
- *
- * @warning The default has been changed from earlier versions of the library
- * to address the security risk of assuming IDness based on name.
- *
- * @param flag Enable (true) or Disable (false) searching for Id attributes by name
- */
-
- void setIdByAttributeName(bool flag);
-
- /**
- * \brief Determine Id finding behaviour
- *
- * Allows a caller to determine whether the library is currently searching for
- * Id attributes by name
- *
- * @returns The value of the IdByAttributeName flag
- */
-
- bool getIdByAttributeName(void) const;
-
- /**
- * \brief Add an attribute name to be searched for when looking for Id attributes
- *
- * This allows a user to add an attribute name to be used to identify Id attributes
- * when they are not set to be of Type=ID in the DOM
- *
- * @note Two names are registered by default - "Id" and "id". These can be
- * removed by calling deregisterIdAttributeName
- *
- * @param name Name to append to the list of those used to find Id attributes
- */
-
- void registerIdAttributeName(const XMLCh * name);
-
- /**
- * \brief Remove an attribute name to be searched for when looking for Id attributes
- *
- * This allows a user to de-register a particular name to be used to identify Id
- * attributes.
- *
- * @param name Name to remove from the list of those used to find Id attributes
- * @returns true if found and removed, false if was not in the list
- */
-
- bool deregisterIdAttributeName(const XMLCh * name);
-
- /**
- * \brief Add an attribute name within a particular Namespace
- * to be searched for when looking for Id attributes
- *
- * This allows a user to add an attribute name to be used to identify Id attributes
- * when they are not set to be of Type=ID in the DOM
- *
- * @note Two names are registered by default - "Id" and "id". These can be
- * removed by calling deregisterIdAttributeName
- *
- * @param ns Namespace in which attribute will reside
- * @param name Name to append to the list of those used to find Id attributes
- */
-
- void registerIdAttributeNameNS(const XMLCh * ns, const XMLCh * name);
-
- /**
- * \brief Remove an attribute name and ns to be searched for when looking for Id attributes
- *
- * This allows a user to de-register a particular name to be used to identify Id
- * attributes.
- *
- * @param ns Namespace in which attribute will reside
- * @param name Name to remove from the list of those used to find Id attributes
- * @returns true if found and removed, false if was not in the list
- */
+ /**
+ * \brief Set the interlocking references flag
+ *
+ * This flag controls whether the library will cater for "interlocking"
+ * Reference nodes - where the hash of one reference depends on the
+ * hash of another.
+ *
+ * As of Version 1.3, this is, by default, set to false, as it is
+ * fairly unusual to find a Reference node that has as an input the
+ * digest value of another reference node. By setting this value to
+ * true, the library will first calculate all hash values, and then
+ * verify the hash values. If any are incorrect (caused by one
+ * the value of one reference being changed *after* it was used as
+ * the input to another), then the hash values are recalculated. This
+ * is repeated until the reference list "settles".
+ *
+ * @param flag true for interlocking references, false for standalone
+ */
- bool deregisterIdAttributeNameNS(const XMLCh * ns, const XMLCh * name);
+ void setInterlockingReferences(bool flag) {m_interlockingReferences = flag;}
- //@}
- friend class XSECProvider;
+ /**
+ * \brief Get the interlocking references flag
+ *
+ * This flag controls whether the library will cater for "interlocking"
+ * Reference nodes - where the hash of one reference depends on the
+ * hash of another.
+ *
+ * As of Version 1.3, this is, by default, set to false, as it is
+ * fairly unusual to find a Reference node that has as an input the
+ * digest value of another reference node. By setting this value to
+ * true, the library will first calculate all hash values, and then
+ * verify the hash values. If any are incorrect (caused by one
+ * the value of one reference being changed *after* it was used as
+ * the input to another), then the hash values are recalculated. This
+ * is repeated until the reference list "settles".
+ *
+ * @return Value of flag - true for interlocking references, false for standalone
+ */
+
+ bool getInterlockingReferences() const {return m_interlockingReferences;}
+
+ //@}
+
+ /** @name Resolver manipulation */
+ //@{
+
+ /**
+ * \brief Register a URIResolver
+ *
+ * Registers a URIResolver to be used by the Signature when dereferencing
+ * a URI in a Reference element
+ *
+ */
+
+ void setURIResolver(XSECURIResolver* resolver);
+
+ /**
+ * \brief Return a pointer to the resolver being used
+ *
+ * @returns A pointer to the URIResolver registered in this signature
+ */
+
+ XSECURIResolver* getURIResolver() const;
+
+ /**
+ * \brief Register a KeyInfoResolver
+ *
+ * Registers a KeyInfoResolver to be used by the Signature when
+ * it needs to find a key to be used to validate a signature
+ *
+ */
+
+ void setKeyInfoResolver(XSECKeyInfoResolver* resolver);
+
+ /**
+ * \brief Return a pointer to the resolver being used
+ *
+ * @returns A pointer to the KeyInfoResolver registered in this signature
+ */
+
+ XSECKeyInfoResolver* getKeyInfoResolver() const;
+
+ //@}
+
+ /** @name KeyInfo Element Manipulation */
+
+ //@{
+
+ /**
+ * \brief Get the list of \<KeyInfo\> elements.
+ *
+ * <p>This function recovers list that contains the KeyInfo elements
+ * read in from the DOM document.</p>
+ *
+ * <p>This list should be used by calling applications to determine what key
+ * is appropriate for validating (or even signing) the Signature.</p>
+ *
+ * @todo The KeyInfo process is very primitive. An interface needs to be
+ * created to allow application developers to install an object into the Signature
+ * that the Signature can call on to translate KeyInfo lists into a Key.
+ * @returns A pointer to the DSIGKeyInfoList object held by the DSIGSignature
+ */
+
+ DSIGKeyInfoList* getKeyInfoList() {return &m_keyInfoList;}
+
+ /**
+ * \brief Get the list of \<KeyInfo\> elements.
+ *
+ * <p>This function recovers list that contains the KeyInfo elements
+ * read in from the DOM document.</p>
+ *
+ * <p>This list should be used by calling applications to determine what key
+ * is appropriate for validating (or even signing) the Signature.</p>
+ *
+ * @todo The KeyInfo process is very primitive. An interface needs to be
+ * created to allow application developers to install an object into the Signature
+ * that the Signature can call on to translate KeyInfo lists into a Key.
+ * @returns A pointer to the DSIGKeyInfoList object held by the DSIGSignature
+ */
+
+ const DSIGKeyInfoList* getKeyInfoList() const {return &m_keyInfoList;}
+
+ /**
+ * \brief Clear out all KeyInfo elements in the signature.
+ *
+ * This function will delete all KeyInfo elements from both the DSIGSignature
+ * object <em>and the associated DOM</em>.
+ *
+ */
+
+ void clearKeyInfo();
+
+ /**
+ * \brief Append a DSA KeyValue element
+ *
+ * Add a new KeyInfo element for a DSA Value
+ *
+ * @param P Base64 encoded value of P
+ * @param Q Base64 encoded value of Q
+ * @param G Base64 encoded value of G
+ * @param Y Base64 encoded value of Y
+ * @returns A pointer to the created object.
+ */
+
+ DSIGKeyInfoValue* appendDSAKeyValue(const XMLCh* P,
+ const XMLCh* Q,
+ const XMLCh* G,
+ const XMLCh* Y);
+
+ /**
+ * \brief Append a RSA KeyValue element
+ *
+ * Add a new KeyInfo element for a RSA Value
+ *
+ * @param modulus Base64 encoded value of the modulus
+ * @param exponent Base64 encoded value of exponent
+ * @returns A pointer to the created object.
+ */
+
+ DSIGKeyInfoValue* appendRSAKeyValue(const XMLCh* modulus,
+ const XMLCh* exponent);
+
+ /**
+ * \brief Append a X509Data element.
+ *
+ * Add a new KeyInfo element for X509 data.
+ *
+ * @note The added element is empty. The caller must make use of the
+ * returned object to set the required values.
+ *
+ * @returns A pointer to the created object.
+ */
+
+ DSIGKeyInfoX509* appendX509Data();
+
+ /**
+ * \brief Append a KeyName element.
+ *
+ * Add a new KeyInfo element for a key name.
+ *
+ * @param name The name of the key to set in the XML
+ * @param isDName Treat the name as a Distinguished name and encode accordingly
+ * @returns A pointer to the created object
+ */
+
+ DSIGKeyInfoName* appendKeyName(const XMLCh* name, bool isDName = false);
+
+ /**
+ * \brief Append a PGPData element.
+ *
+ * Add a new KeyInfo element for a PGP key.
+ *
+ * @param id The ID of the key to set in the XML (base64 encoded - NULL if none)
+ * @param packet The Packet information to set in the XML (base64 encoded -
+ * NULL if none)
+ * @returns A pointer to the created object
+ */
+
+ DSIGKeyInfoPGPData* appendPGPData(const XMLCh* id, const XMLCh* packet);
+
+ /**
+ * \brief Append a SPKIData element
+ *
+ * Add a new KeyInfo element for a set of SPKI S-expressions
+ *
+ * @param sexp The initial S-expression to set in the SPKIData element
+ * @returns A pointer to the created object
+ */
+
+ DSIGKeyInfoSPKIData* appendSPKIData(const XMLCh* sexp);
+
+ /**
+ * \brief Append a MgmtData element
+ *
+ * Add a new KeyInfo element for Management Data
+ *
+ * @param data The string to set in the MgmtData element
+ * @returns A pointer to the created object
+ */
+
+ DSIGKeyInfoMgmtData* appendMgmtData(const XMLCh* data);
+
+ //@}
+
+ /** @name Object handling */
+ //@{
+
+ /**
+ * \brief Append an object container
+ *
+ * Create a new Object (i.e. a Signature \<Object\> which is a container
+ * element used to hold information that needs to be signed within the
+ * signature - i.e. in enveloping mode
+ *
+ * @returns the newly created DSIGObject
+ */
+
+ DSIGObject* appendObject();
+
+ /**
+ * \brief Find the number of ds:Object nodes within the Signature
+ *
+ * @returns the number of ds:Object nodes held in the Signature, 0 if none
+ */
+
+ int getObjectLength() const;
+
+ /**
+ * \brief Get a particular ds:Object from within the Signature
+ *
+ * @returns the ith Object from the list of ds:Object nodes in the signature.
+ * Items are ordered in tree order.
+ */
+
+ DSIGObject* getObjectItem(int i);
+
+ /**
+ * \brief Get a particular ds:Object from within the Signature
+ *
+ * @returns the ith Object from the list of ds:Object nodes in the signature.
+ * Items are ordered in tree order.
+ */
+
+ const DSIGObject* getObjectItem(int i) const;
+
+ //@}
+
+ /** @name ID handling */
+
+ //@{
+
+ /**
+ * \brief Set Id finding behaviour
+ *
+ * The library de-references "#obj" URI references to ID attributes within
+ * a DOM document. Currently, the library first uses DOM calls to find if
+ * the Id has been properly set within the document via the parser or one
+ * of the DOM Level 3 calls to set an Id.
+ *
+ * If no Id is found of the correct name, the library then starts searching
+ * for attributes of a given name with the required value. This list defaults
+ * to "id" and "Id", but can be modified via a call to addIdAttributeName()
+ *
+ * The setIdByAttributeName call enables or disables the second part of the Id
+ * search. I.e. when the Id doesn't exist as an attribute of Type=ID, whether or
+ * not to search for an attribute of a name in the list of names. By default
+ * this behaviour is disabled.
+ *
+ * @warning The default has been changed from earlier versions of the library
+ * to address the security risk of assuming IDness based on name.
+ *
+ * @param flag Enable (true) or Disable (false) searching for Id attributes by name
+ */
+
+ void setIdByAttributeName(bool flag);
+
+ /**
+ * \brief Determine Id finding behaviour
+ *
+ * Allows a caller to determine whether the library is currently searching for
+ * Id attributes by name
+ *
+ * @returns The value of the IdByAttributeName flag
+ */
+
+ bool getIdByAttributeName() const;
+
+ /**
+ * \brief Add an attribute name to be searched for when looking for Id attributes
+ *
+ * This allows a user to add an attribute name to be used to identify Id attributes
+ * when they are not set to be of Type=ID in the DOM
+ *
+ * @note Two names are registered by default - "Id" and "id". These can be
+ * removed by calling deregisterIdAttributeName
+ *
+ * @param name Name to append to the list of those used to find Id attributes
+ */
+
+ void registerIdAttributeName(const XMLCh* name);
+
+ /**
+ * \brief Remove an attribute name to be searched for when looking for Id attributes
+ *
+ * This allows a user to de-register a particular name to be used to identify Id
+ * attributes.
+ *
+ * @param name Name to remove from the list of those used to find Id attributes
+ * @returns true if found and removed, false if was not in the list
+ */
+
+ bool deregisterIdAttributeName(const XMLCh* name);
+
+ /**
+ * \brief Add an attribute name within a particular Namespace
+ * to be searched for when looking for Id attributes
+ *
+ * This allows a user to add an attribute name to be used to identify Id attributes
+ * when they are not set to be of Type=ID in the DOM
+ *
+ * @note Two names are registered by default - "Id" and "id". These can be
+ * removed by calling deregisterIdAttributeName
+ *
+ * @param ns Namespace in which attribute will reside
+ * @param name Name to append to the list of those used to find Id attributes
+ */
+
+ void registerIdAttributeNameNS(const XMLCh* ns, const XMLCh* name);
+
+ /**
+ * \brief Remove an attribute name and ns to be searched for when looking for Id attributes
+ *
+ * This allows a user to de-register a particular name to be used to identify Id
+ * attributes.
+ *
+ * @param ns Namespace in which attribute will reside
+ * @param name Name to remove from the list of those used to find Id attributes
+ * @returns true if found and removed, false if was not in the list
+ */
+
+ bool deregisterIdAttributeNameNS(const XMLCh* ns, const XMLCh* name);
+
+ //@}
+
+ friend class XSECProvider;
private:
- // For holding DSIGObject nodes
+ // For holding DSIGObject nodes
#if defined(XSEC_NO_NAMESPACES)
- typedef vector<DSIGObject *> ObjectVectorType;
+ typedef vector<DSIGObject*> ObjectVectorType;
#else
- typedef std::vector<DSIGObject *> ObjectVectorType;
+ typedef std::vector<DSIGObject*> ObjectVectorType;
#endif
- // Internal functions
- void createKeyInfoElement(void);
- bool verifySignatureOnlyInternal(void) const;
- TXFMChain * getSignedInfoInput(void) const;
-
- // Initialisation
- static void Initialise(void);
-
- XSECSafeBufferFormatter * mp_formatter;
- bool m_loaded; // Have we already loaded?
- XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument
- * mp_doc;
- XERCES_CPP_NAMESPACE_QUALIFIER DOMNode
- * mp_sigNode;
- DSIGSignedInfo * mp_signedInfo;
- XERCES_CPP_NAMESPACE_QUALIFIER DOMNode
- * mp_signatureValueNode;
- safeBuffer m_signatureValueSB;
- DSIGKeyInfoList m_keyInfoList;
- XERCES_CPP_NAMESPACE_QUALIFIER DOMNode
- * mp_KeyInfoNode;
- mutable safeBuffer m_errStr;
-
- // Environment
- XSECEnv * mp_env;
-
- // The signing/verifying key
- mutable XSECCryptoKey * mp_signingKey;
-
- // Resolvers
- XSECKeyInfoResolver * mp_KeyInfoResolver;
-
- // Objects
-
- ObjectVectorType m_objects;
-
- // Interlocking references
- bool m_interlockingReferences;
-
- // Not implemented constructors
-
- DSIGSignature();
-
- friend class XSECPlatformUtils;
+ // Internal functions
+ void createKeyInfoElement();
+ bool verifySignatureOnlyInternal() const;
+ TXFMChain* getSignedInfoInput() const;
+
+ // Initialisation
+ static void Initialise();
+
+ XSECSafeBufferFormatter* mp_formatter;
+ bool m_loaded; // Have we already loaded?
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument* mp_doc;
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMNode* mp_sigNode;
+ DSIGSignedInfo* mp_signedInfo;
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMNode* mp_signatureValueNode;
+ safeBuffer m_signatureValueSB;
+ DSIGKeyInfoList m_keyInfoList;
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMNode* mp_KeyInfoNode;
+ mutable safeBuffer m_errStr;
+
+ // Environment
+ XSECEnv* mp_env;
+
+ // The signing/verifying key
+ mutable XSECCryptoKey* mp_signingKey;
+
+ // Resolvers
+ XSECKeyInfoResolver* mp_KeyInfoResolver;
+
+ // Objects
+ ObjectVectorType m_objects;
+
+ // Interlocking references
+ bool m_interlockingReferences;
+
+ // Not implemented constructors
+
+ DSIGSignature();
+
+ friend class XSECPlatformUtils;
- /*\@}*/
+ /*\@}*/
};
#endif /* DSIGSIGNATURE_INCLUDE */
Modified: santuario/xml-security-cpp/trunk/xsec/dsig/DSIGSignedInfo.cpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/dsig/DSIGSignedInfo.cpp?rev=1818065&r1=1818064&r2=1818065&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/dsig/DSIGSignedInfo.cpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/dsig/DSIGSignedInfo.cpp Wed Dec 13 20:55:19 2017
@@ -40,36 +40,34 @@ XERCES_CPP_NAMESPACE_USE
// Constructors and Destructors
-DSIGSignedInfo::DSIGSignedInfo(DOMDocument *doc,
- XSECSafeBufferFormatter * pFormatter,
- DOMNode *signedInfoNode, const XSECEnv * env) {
+DSIGSignedInfo::DSIGSignedInfo(DOMDocument* doc,
+ XSECSafeBufferFormatter* pFormatter,
+ DOMNode* signedInfoNode, const XSECEnv* env) {
mp_doc = doc;
m_HMACOutputLength = 0;
mp_formatter = pFormatter;
mp_signedInfoNode = signedInfoNode;
- m_canonicalizationMethod = CANON_NONE;
+ mp_canonicalizationMethod = NULL;
mp_algorithmURI = NULL;
mp_env = env;
mp_referenceList = NULL;
m_loaded = false;
-
}
-DSIGSignedInfo::DSIGSignedInfo(DOMDocument *doc,
- XSECSafeBufferFormatter * pFormatter,
- const XSECEnv * env) {
+DSIGSignedInfo::DSIGSignedInfo(DOMDocument* doc,
+ XSECSafeBufferFormatter* pFormatter,
+ const XSECEnv* env) {
mp_doc = doc;
m_HMACOutputLength = 0;
mp_formatter = pFormatter;
mp_signedInfoNode = NULL;
- m_canonicalizationMethod = CANON_NONE;
+ mp_canonicalizationMethod = NULL;
mp_algorithmURI = NULL;
mp_env = env;
mp_referenceList = NULL;
m_loaded = false;
-
}
DSIGSignedInfo::~DSIGSignedInfo() {
@@ -77,44 +75,18 @@ DSIGSignedInfo::~DSIGSignedInfo() {
mp_formatter = NULL;
mp_env = NULL;
if (mp_referenceList != NULL) {
-
delete mp_referenceList;
mp_referenceList = NULL;
-
}
-
-}
-
-DOMNode * DSIGSignedInfo::getDOMNode() const {
-
- return mp_signedInfoNode;
-
}
-canonicalizationMethod DSIGSignedInfo::getCanonicalizationMethod(void) const {
-
- return m_canonicalizationMethod;
-
-}
-
-int DSIGSignedInfo::getHMACOutputLength() const {
-
- return m_HMACOutputLength;
-
-}
-
-
-
// --------------------------------------------------------------------------------
// Verify each reference element
// --------------------------------------------------------------------------------
-
-bool DSIGSignedInfo::verify(safeBuffer &errStr) const {
-
+bool DSIGSignedInfo::verify(safeBuffer& errStr) const {
return DSIGReference::verifyReferenceList(mp_referenceList, errStr);
-
}
// --------------------------------------------------------------------------------
@@ -122,9 +94,7 @@ bool DSIGSignedInfo::verify(safeBuffer &
// --------------------------------------------------------------------------------
void DSIGSignedInfo::hash(bool interlockingReferences) const {
-
DSIGReference::hashReferenceList(mp_referenceList, interlockingReferences);
-
}
// --------------------------------------------------------------------------------
@@ -132,16 +102,16 @@ void DSIGSignedInfo::hash(bool interlock
// --------------------------------------------------------------------------------
-DSIGReference * DSIGSignedInfo::createReference(
- const XMLCh * URI,
- const XMLCh * hashAlgorithmURI,
- const XMLCh * type) {
+DSIGReference* DSIGSignedInfo::createReference(
+ const XMLCh* URI,
+ const XMLCh* hashAlgorithmURI,
+ const XMLCh* type) {
- DSIGReference * ref;
+ DSIGReference* ref;
XSECnew(ref, DSIGReference(mp_env));
Janitor<DSIGReference> j_ref(ref);
- DOMNode *refNode = ref->createBlankReference(URI, hashAlgorithmURI, type);
+ DOMNode* refNode = ref->createBlankReference(URI, hashAlgorithmURI, type);
// Add the node to the end of the childeren
mp_signedInfoNode->appendChild(refNode);
@@ -154,7 +124,7 @@ DSIGReference * DSIGSignedInfo::createRe
return ref;
}
-DSIGReference * DSIGSignedInfo::removeReference(DSIGReferenceList::size_type index) {
+DSIGReference* DSIGSignedInfo::removeReference(DSIGReferenceList::size_type index) {
DSIGReference* ret = mp_referenceList ? mp_referenceList->removeReference(index): NULL;
if (ret && mp_signedInfoNode) {
@@ -163,7 +133,6 @@ DSIGReference * DSIGSignedInfo::removeRe
}
return ret;
-
}
@@ -171,24 +140,21 @@ DSIGReference * DSIGSignedInfo::removeRe
// Create an empty SignedInfo
// --------------------------------------------------------------------------------
-DOMElement * DSIGSignedInfo::createBlankSignedInfo(
- const XMLCh * canonicalizationAlgorithmURI,
- const XMLCh * signatureAlgorithmURI) {
+DOMElement* DSIGSignedInfo::createBlankSignedInfo(
+ const XMLCh* canonicalizationAlgorithmURI,
+ const XMLCh* signatureAlgorithmURI) {
safeBuffer str;
- const XMLCh * prefixNS = mp_env->getDSIGNSPrefix();
+ const XMLCh* prefixNS = mp_env->getDSIGNSPrefix();
makeQName(str, prefixNS, "SignedInfo");
- DOMElement *ret = mp_doc->createElementNS(DSIGConstants::s_unicodeStrURIDSIG,
+ DOMElement* ret = mp_doc->createElementNS(DSIGConstants::s_unicodeStrURIDSIG,
str.rawXMLChBuffer());
mp_signedInfoNode = ret;
- // Now create the algorithm parts
- XSECmapURIToCanonicalizationMethod(canonicalizationAlgorithmURI, m_canonicalizationMethod);
-
- // Canonicalisation
+ // Canonicalization
DOMElement *canMeth = mp_doc->createElementNS(DSIGConstants::s_unicodeStrURIDSIG,
makeQName(str, prefixNS, "CanonicalizationMethod").rawXMLChBuffer());
@@ -200,6 +166,9 @@ DOMElement * DSIGSignedInfo::createBlank
canMeth->setAttributeNS(NULL,DSIGConstants::s_unicodeStrAlgorithm,
canonicalizationAlgorithmURI);
+ // Store the method URI internally.
+ mp_canonicalizationMethod = canMeth->getAttributeNS(NULL, DSIGConstants::s_unicodeStrAlgorithm);
+
// Now the SignatureMethod
DOMElement *sigMeth = mp_doc->createElementNS(DSIGConstants::s_unicodeStrURIDSIG,
@@ -227,23 +196,18 @@ DOMElement * DSIGSignedInfo::createBlank
// Load the SignedInfo
// --------------------------------------------------------------------------------
-void DSIGSignedInfo::load(void) {
-
+void DSIGSignedInfo::load() {
if (mp_signedInfoNode == 0) {
-
// Attempt to load an empty signature element
throw XSECException(XSECException::LoadEmptySignedInfo);
-
}
if (!strEquals(getDSIGLocalName(mp_signedInfoNode), "SignedInfo")) {
-
throw XSECException(XSECException::LoadNonSignedInfo);
-
}
- DOMNode * tmpSI = mp_signedInfoNode->getFirstChild();
+ DOMNode* tmpSI = mp_signedInfoNode->getFirstChild();
// Check for CanonicalizationMethod
@@ -257,68 +221,22 @@ void DSIGSignedInfo::load(void) {
}
if (tmpSI == 0 || !strEquals(getDSIGLocalName(tmpSI), "CanonicalizationMethod")) {
-
throw XSECException(XSECException::ExpectedDSIGChildNotFound,
"Expected <CanonicalizationMethod> as first child of <SignedInfo>");
-
}
// Determine what the canonicalization method is
- DOMNamedNodeMap *tmpAtts = tmpSI->getAttributes();
+ DOMNamedNodeMap* tmpAtts = tmpSI->getAttributes();
- DOMNode *algorithm = tmpAtts->getNamedItem(DSIGConstants::s_unicodeStrAlgorithm);
+ DOMNode* algorithm = tmpAtts->getNamedItem(DSIGConstants::s_unicodeStrAlgorithm);
if (algorithm == 0) {
-
throw XSECException(XSECException::ExpectedDSIGChildNotFound,
"Expected Algorithm attribute in <CanonicalizationMethod>");
-
- }
-
- safeBuffer tmpSB;
-
- tmpSB << (*mp_formatter << algorithm->getNodeValue());
-
- if (tmpSB.sbStrcmp(URI_ID_C14N_NOC) == 0) {
-
- m_canonicalizationMethod = CANON_C14N_NOC;
-
- }
-
- else if (tmpSB.sbStrcmp(URI_ID_C14N_COM) == 0) {
-
- m_canonicalizationMethod = CANON_C14N_COM;
-
}
- else if (tmpSB.sbStrcmp(URI_ID_C14N11_NOC) == 0) {
-
- m_canonicalizationMethod = CANON_C14N11_NOC;
-
- }
-
- else if (tmpSB.sbStrcmp(URI_ID_C14N11_COM) == 0) {
-
- m_canonicalizationMethod = CANON_C14N11_COM;
-
- }
+ mp_canonicalizationMethod = algorithm->getNodeValue();
- else if (tmpSB.sbStrcmp(URI_ID_EXC_C14N_COM) == 0) {
-
- m_canonicalizationMethod = CANON_C14NE_COM;
-
- }
-
- else if (tmpSB.sbStrcmp(URI_ID_EXC_C14N_NOC) == 0) {
-
- m_canonicalizationMethod = CANON_C14NE_NOC;
-
- }
-
- else {
-
- throw XSECException(XSECException::UnknownCanonicalization);
- }
// Now load the SignatureMethod
@@ -334,7 +252,6 @@ void DSIGSignedInfo::load(void) {
}
if (tmpSI == 0 || !strEquals(getDSIGLocalName(tmpSI), "SignatureMethod")) {
-
throw XSECException(XSECException::ExpectedDSIGChildNotFound,
"Expected <SignatureMethod> as child of <SignedInfo>");
}
@@ -347,10 +264,8 @@ void DSIGSignedInfo::load(void) {
algorithm = tmpAtts->getNamedItem(DSIGConstants::s_unicodeStrAlgorithm);
if (algorithm == 0) {
-
throw XSECException(XSECException::ExpectedDSIGChildNotFound,
"Expected Algorithm attribute in <SignatureMethod>");
-
}
mp_algorithmURI = algorithm->getNodeValue();
@@ -358,7 +273,7 @@ void DSIGSignedInfo::load(void) {
/* NOTE - as of version 1.3.1 all code relating to parsing the algorithm
* has been removed. This should all be handled inside the algorithm mappers.
* Having code here restricts available algorithms, as this code is not extended for
- * new algorthms.
+ * new algorithms.
*/
/* Look for maximum output value. Really only applies to HMACs, but as we no
@@ -406,12 +321,8 @@ void DSIGSignedInfo::load(void) {
}
if (tmpSI != NULL) {
-
// Have an element node - should be a reference, so let's load the list
-
mp_referenceList = DSIGReference::loadReferenceListFromXML(mp_env, tmpSI);
-
}
}
-
Modified: santuario/xml-security-cpp/trunk/xsec/dsig/DSIGSignedInfo.hpp
URL: http://svn.apache.org/viewvc/santuario/xml-security-cpp/trunk/xsec/dsig/DSIGSignedInfo.hpp?rev=1818065&r1=1818064&r2=1818065&view=diff
==============================================================================
--- santuario/xml-security-cpp/trunk/xsec/dsig/DSIGSignedInfo.hpp (original)
+++ santuario/xml-security-cpp/trunk/xsec/dsig/DSIGSignedInfo.hpp Wed Dec 13 20:55:19 2017
@@ -68,125 +68,125 @@ class XSEC_EXPORT DSIGSignedInfo {
public:
- /** @name Constructors and Destructors */
- //@{
+ /** @name Constructors and Destructors */
+ //@{
- /**
- * \brief Constructor for existing nodes
- *
- * Called by the library to construct a SignedInfo in cases
- * where the DOM Nodes exist and need to be loaded
- *
- * @param doc The document containing the structure to be loaded
- * @param pFormatter A safeBuffer formatter that will translate to UTF-8
- * @param signedInfoNode The node at the top of the SignedInfo tree fragment
- * @param env Operating environment
- */
-
- DSIGSignedInfo(XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument *doc,
- XSECSafeBufferFormatter * pFormatter,
- XERCES_CPP_NAMESPACE_QUALIFIER DOMNode *signedInfoNode,
- const XSECEnv * env);
-
-
- /**
- * \brief Constructor for building from scratch
- *
- * Will set up the class in preparation for building the
- * DOM structure
- *
- * @param doc The document to use to construct
- * @param pFormatter Formatter to use to translate to UTF-8
- * @param env Operating environment
- */
-
- DSIGSignedInfo(XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument *doc,
- XSECSafeBufferFormatter * pFormatter,
- const XSECEnv * env);
-
- /**
- * \brief Destructor
- *
- * Delete - but does not destroy the DOM Nodes
- *
- */
-
- ~DSIGSignedInfo();
-
- //@}
-
- /** @name Create and Set */
- //@{
-
- /**
- * \brief Load from DOM
- *
- * Load the SignedInfo from the DOM Document
- *
- * Does not do any verification of signatures or references -
- * simply loads the values
- */
-
- void load(void);
-
- /**
- * \brief Verify the SignedInfo
- *
- * Validates each reference contained in the SignedInfo. Does not
- * validate the signature itself - this is done by DSIGSignature
- *
- * @param errStr The safeBuffer that error messages should be written to.
- */
-
- bool verify(safeBuffer &errStr) const;
-
- /**
- * \brief Hash the reference list
- *
- * Goes through each reference in the SignedInfo (including referenced
- * manifests), performs the digest operation and adds the digest
- * to the reference element
- *
- * @param interlockingReferences Set to true if any references depend on other
- * references
- */
-
- void hash(bool interlockingReferences) const;
-
- /**
- * \brief Create an empty SignedInfo
- *
- * Creates the DOM structure for a SignedInfo
- *
- * Builds the DOM structures and sets the control
- * structures of the SignedInfo
- *
- * @param canonicalizationAlgorithmURI The canonicalisation method to set the SignedInfo as
- * @param signatureAlgorithmURI Signature Method to use
- * @param hm Hash method to use (for the SignedInfo, not the references)
- */
-
- XERCES_CPP_NAMESPACE_QUALIFIER DOMElement *
- createBlankSignedInfo(
- const XMLCh * canonicalizationAlgorithmURI,
- const XMLCh * signatureAlgorithmURI
- );
-
- /**
- * \brief Create a reference to add to the SignedInfo
- *
- * Called by DSIGSignature to create and enter a new reference element
- *
- * @param URI What the reference references
- * @param hashAlgorithmURI Digest method to use for the reference
- * @param type Reference type
- */
-
- DSIGReference * createReference(
- const XMLCh * URI,
- const XMLCh * hashAlgorithmURI,
- const XMLCh * type
- );
+ /**
+ * \brief Constructor for existing nodes
+ *
+ * Called by the library to construct a SignedInfo in cases
+ * where the DOM Nodes exist and need to be loaded
+ *
+ * @param doc The document containing the structure to be loaded
+ * @param pFormatter A safeBuffer formatter that will translate to UTF-8
+ * @param signedInfoNode The node at the top of the SignedInfo tree fragment
+ * @param env Operating environment
+ */
+
+ DSIGSignedInfo(XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument* doc,
+ XSECSafeBufferFormatter* pFormatter,
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMNode* signedInfoNode,
+ const XSECEnv* env);
+
+
+ /**
+ * \brief Constructor for building from scratch
+ *
+ * Will set up the class in preparation for building the
+ * DOM structure
+ *
+ * @param doc The document to use to construct
+ * @param pFormatter Formatter to use to translate to UTF-8
+ * @param env Operating environment
+ */
+
+ DSIGSignedInfo(XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument* doc,
+ XSECSafeBufferFormatter* pFormatter,
+ const XSECEnv* env);
+
+ /**
+ * \brief Destructor
+ *
+ * Delete - but does not destroy the DOM Nodes
+ *
+ */
+
+ ~DSIGSignedInfo();
+
+ //@}
+
+ /** @name Create and Set */
+ //@{
+
+ /**
+ * \brief Load from DOM
+ *
+ * Load the SignedInfo from the DOM Document
+ *
+ * Does not do any verification of signatures or references -
+ * simply loads the values
+ */
+
+ void load();
+
+ /**
+ * \brief Verify the SignedInfo
+ *
+ * Validates each reference contained in the SignedInfo. Does not
+ * validate the signature itself - this is done by DSIGSignature
+ *
+ * @param errStr The safeBuffer that error messages should be written to.
+ */
+
+ bool verify(safeBuffer& errStr) const;
+
+ /**
+ * \brief Hash the reference list
+ *
+ * Goes through each reference in the SignedInfo (including referenced
+ * manifests), performs the digest operation and adds the digest
+ * to the reference element
+ *
+ * @param interlockingReferences Set to true if any references depend on other
+ * references
+ */
+
+ void hash(bool interlockingReferences) const;
+
+ /**
+ * \brief Create an empty SignedInfo
+ *
+ * Creates the DOM structure for a SignedInfo
+ *
+ * Builds the DOM structures and sets the control
+ * structures of the SignedInfo
+ *
+ * @param canonicalizationAlgorithmURI The canonicalisation method to set the SignedInfo as
+ * @param signatureAlgorithmURI Signature Method to use
+ * @param hm Hash method to use (for the SignedInfo, not the references)
+ */
+
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMElement*
+ createBlankSignedInfo(
+ const XMLCh* canonicalizationAlgorithmURI,
+ const XMLCh* signatureAlgorithmURI
+ );
+
+ /**
+ * \brief Create a reference to add to the SignedInfo
+ *
+ * Called by DSIGSignature to create and enter a new reference element
+ *
+ * @param URI What the reference references
+ * @param hashAlgorithmURI Digest method to use for the reference
+ * @param type Reference type
+ */
+
+ DSIGReference* createReference(
+ const XMLCh* URI,
+ const XMLCh* hashAlgorithmURI,
+ const XMLCh* type
+ );
/**
* \brief Remove a reference from the list
@@ -202,86 +202,83 @@ public:
* @param index Point in the list to remove
*/
- DSIGReference * removeReference(DSIGReferenceList::size_type index);
+ DSIGReference* removeReference(DSIGReferenceList::size_type index);
- //@}
+ //@}
- /** @name Getter functions */
- //@{
+ /** @name Getter functions */
+ //@{
- /**
- * \brief Get the node pointing to the top of the DOM fragment
- *
- * @returns the SignedInfo node
- */
-
- XERCES_CPP_NAMESPACE_QUALIFIER DOMNode *getDOMNode(void) const;
-
- /**
- * \brief Get the Algorithm URI
- *
- * @returns the URI associated with the Algorithm used to generate
- * the signature
- */
-
- const XMLCh * getAlgorithmURI() const {return mp_algorithmURI;}
-
- /**
- * \brief Get the canonicalisation method
- *
- * @returns Canonicalisation method
- */
-
- canonicalizationMethod getCanonicalizationMethod(void) const;
-
- /**
- * \brief Get HMAC length
- *
- * HMAC signatures can be truncated to a nominated length.
- * This returns the length used.
- */
-
- int getHMACOutputLength(void) const;
-
- /**
- * \brief Return the list of references
- *
- * Returns a pointer to the object holding the references
- * contained in the SignedInfo
- */
-
- DSIGReferenceList *getReferenceList (void) {return mp_referenceList;}
-
- /**
- * \brief Return the list of references
- *
- * Returns a pointer to the object holding the references
- * contained in the SignedInfo
- */
+ /**
+ * \brief Get the node pointing to the top of the DOM fragment
+ *
+ * @returns the SignedInfo node
+ */
- const DSIGReferenceList *getReferenceList (void) const {return mp_referenceList;}
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMNode* getDOMNode(void) const {return mp_signedInfoNode;}
- //@}
+ /**
+ * \brief Get the Algorithm URI
+ *
+ * @returns the URI associated with the Algorithm used to generate
+ * the signature
+ */
+ const XMLCh* getAlgorithmURI() const {return mp_algorithmURI;}
-private:
+ /**
+ * \brief Get the canonicalization method
+ *
+ * @returns Canonicalization method
+ */
+
+ const XMLCh* getCanonicalizationMethod() const {return mp_canonicalizationMethod;}
+
+ /**
+ * \brief Get HMAC length
+ *
+ * HMAC signatures can be truncated to a nominated length.
+ * This returns the length used.
+ */
+
+ int getHMACOutputLength() const {return m_HMACOutputLength;}
+
+ /**
+ * \brief Return the list of references
+ *
+ * Returns a pointer to the object holding the references
+ * contained in the SignedInfo
+ */
+
+ DSIGReferenceList* getReferenceList () {return mp_referenceList;}
+
+ /**
+ * \brief Return the list of references
+ *
+ * Returns a pointer to the object holding the references
+ * contained in the SignedInfo
+ */
+
+ const DSIGReferenceList* getReferenceList () const {return mp_referenceList;}
+
+ //@}
- XSECSafeBufferFormatter * mp_formatter;
- bool m_loaded; // Have we already loaded?
- XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument
- * mp_doc;
- XERCES_CPP_NAMESPACE_QUALIFIER DOMNode
- * mp_signedInfoNode;
- canonicalizationMethod m_canonicalizationMethod;
- DSIGReferenceList * mp_referenceList;
- int m_HMACOutputLength;
- const XMLCh * mp_algorithmURI;
- const XSECEnv * mp_env;
- // Not implemented constructors
+private:
+ XSECSafeBufferFormatter* mp_formatter;
+ bool m_loaded; // Have we already loaded?
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument* mp_doc;
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMNode* mp_signedInfoNode;
+ const XMLCh* mp_canonicalizationMethod;
+ DSIGReferenceList* mp_referenceList;
+ int m_HMACOutputLength;
+ const XMLCh* mp_algorithmURI;
+ const XSECEnv* mp_env;
+
+ // Not implemented constructors
- DSIGSignedInfo();
- // DSIGSignedInfo & operator= (const DSIGSignedInfo &);
+ DSIGSignedInfo();
+ // DSIGSignedInfo & operator= (const DSIGSignedInfo &);
};