You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by bl...@apache.org on 2003/05/18 13:00:03 UTC
cvs commit: xml-security/c/src/dsig DSIGConstants.cpp DSIGConstants.hpp DSIGKeyInfoX509.cpp DSIGKeyInfoX509.hpp DSIGSignature.cpp
blautenb 2003/05/18 04:00:03
Modified: c/src/dsig DSIGConstants.cpp DSIGConstants.hpp
DSIGKeyInfoX509.cpp DSIGKeyInfoX509.hpp
DSIGSignature.cpp
Log:
Extensions to support a number of X509Data elements
Revision Changes Path
1.7 +5 -1 xml-security/c/src/dsig/DSIGConstants.cpp
Index: DSIGConstants.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/dsig/DSIGConstants.cpp,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- DSIGConstants.cpp 8 May 2003 12:10:58 -0000 1.6
+++ DSIGConstants.cpp 18 May 2003 11:00:01 -0000 1.7
@@ -99,6 +99,7 @@
static XMLCh * s_unicodeStrURIMANIFEST;
static XMLCh * s_unicodeStrPROVOpenSSL;
static XMLCh * s_unicodeStrPROVWinCAPI;
+static XMLCh * s_unicodeStrURIRawX509;
// --------------------------------------------------------------------------------
@@ -111,6 +112,7 @@
const XMLCh * const & DSIGConstants::s_unicodeStrAlgorithm = ::s_unicodeStrAlgorithm;
+const XMLCh * const & DSIGConstants::s_unicodeStrURIRawX509 = ::s_unicodeStrURIRawX509;
const XMLCh * const & DSIGConstants::s_unicodeStrURIDSIG = ::s_unicodeStrURIDSIG;
const XMLCh * const & DSIGConstants::s_unicodeStrURIEC = ::s_unicodeStrURIEC;
const XMLCh * const & DSIGConstants::s_unicodeStrURIXPF = ::s_unicodeStrURIXPF;
@@ -148,6 +150,7 @@
::s_unicodeStrAlgorithm = XMLString::transcode("Algorithm");
+ ::s_unicodeStrURIRawX509 = XMLString::transcode(URI_ID_RAWX509);
::s_unicodeStrURIDSIG = XMLString::transcode(URI_ID_DSIG);
::s_unicodeStrURIEC = XMLString::transcode(URI_ID_EC);
::s_unicodeStrURIXPF = XMLString::transcode(URI_ID_XPF);
@@ -181,6 +184,7 @@
delete[] ::s_unicodeStrAlgorithm;
+ delete[] ::s_unicodeStrURIRawX509;
delete[] ::s_unicodeStrURIDSIG;
delete[] ::s_unicodeStrURIEC;
delete[] ::s_unicodeStrURIXPF;
1.10 +3 -1 xml-security/c/src/dsig/DSIGConstants.hpp
Index: DSIGConstants.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/dsig/DSIGConstants.hpp,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- DSIGConstants.hpp 8 May 2003 12:10:58 -0000 1.9
+++ DSIGConstants.hpp 18 May 2003 11:00:02 -0000 1.10
@@ -120,6 +120,7 @@
#define URI_ID_XMLNS "http://www.w3.org/2000/xmlns/"
#define URI_ID_MANIFEST "http://www.w3.org/2000/09/xmldsig#Manifest"
+#define URI_ID_RAWX509 "http://www.w3.org/2000/09/xmldsig#rawX509Certificate"
// Internal Crypto Providers
@@ -306,6 +307,7 @@
static const XMLCh * const & s_unicodeStrURIEC;
static const XMLCh * const & s_unicodeStrURIXPF;
+ static const XMLCh * const & s_unicodeStrURIRawX509;
static const XMLCh * const & s_unicodeStrURISHA1;
static const XMLCh * const & s_unicodeStrURIMD5; // Not recommended
static const XMLCh * const & s_unicodeStrURIBASE64;
1.5 +136 -5 xml-security/c/src/dsig/DSIGKeyInfoX509.cpp
Index: DSIGKeyInfoX509.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/dsig/DSIGKeyInfoX509.cpp,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- DSIGKeyInfoX509.cpp 1 Mar 2003 06:27:28 -0000 1.4
+++ DSIGKeyInfoX509.cpp 18 May 2003 11:00:02 -0000 1.5
@@ -85,9 +85,14 @@
mp_X509IssuerName(NULL),
mp_X509SerialNumber(NULL),
mp_X509SubjectName(NULL),
+mp_X509CRL(NULL),
+mp_X509SKI(NULL),
+mp_rawRetrievalURI(NULL),
mp_X509SubjectNameTextNode(0),
mp_X509IssuerNameTextNode(0),
-mp_X509SerialNumberTextNode(0) {
+mp_X509SerialNumberTextNode(0),
+mp_X509CRLTextNode(0),
+mp_X509SKITextNode(0) {
mp_keyInfoDOMNode = X509Data;
m_X509List.clear();
@@ -99,9 +104,14 @@
mp_X509IssuerName(NULL),
mp_X509SerialNumber(NULL),
mp_X509SubjectName(NULL),
+mp_X509CRL(NULL),
+mp_X509SKI(NULL),
+mp_rawRetrievalURI(NULL),
mp_X509SubjectNameTextNode(0),
mp_X509IssuerNameTextNode(0),
-mp_X509SerialNumberTextNode(0) {
+mp_X509SerialNumberTextNode(0),
+mp_X509CRLTextNode(0),
+mp_X509SKITextNode(0) {
mp_keyInfoDOMNode = 0;
m_X509List.clear();
@@ -120,6 +130,10 @@
}
m_X509List.clear();
+
+ if (mp_rawRetrievalURI != NULL)
+ delete[] mp_rawRetrievalURI;
+
};
@@ -221,8 +235,8 @@
// Now find the serial number
child = tmpElt->getFirstChild();
- while (child != 0 && child->getNodeType() != DOMNode::ELEMENT_NODE &&
- !strEquals(getDSIGLocalName(child), "X509SerialNumber"))
+ while (child != 0 && (child->getNodeType() != DOMNode::ELEMENT_NODE ||
+ !strEquals(getDSIGLocalName(child), "X509SerialNumber")))
child = child->getNextSibling();
if (child == NULL) {
@@ -246,6 +260,37 @@
mp_X509SerialNumber = child->getNodeValue();
}
+
+ else if (strEquals(getDSIGLocalName(tmpElt), "X509CRL")) {
+
+ child = findFirstChildOfType(tmpElt, DOMNode::TEXT_NODE);
+
+ if (child == NULL) {
+
+ throw XSECException(XSECException::ExpectedDSIGChildNotFound,
+ "Expected TEXT_NODE child of <X509CRL>");
+
+ }
+
+ mp_X509CRLTextNode = child;
+ mp_X509CRL = child->getNodeValue();
+
+ }
+ else if (strEquals(getDSIGLocalName(tmpElt), "X509SKI")) {
+
+ child = findFirstChildOfType(tmpElt, DOMNode::TEXT_NODE);
+
+ if (child == NULL) {
+
+ throw XSECException(XSECException::ExpectedDSIGChildNotFound,
+ "Expected TEXT_NODE child of <X509SKI>");
+
+ }
+
+ mp_X509SKITextNode = child;
+ mp_X509SKI = child->getNodeValue();
+
+ }
}
// Go to next data element to load if we understand
@@ -277,6 +322,18 @@
}
+const XMLCh * DSIGKeyInfoX509::getX509CRL(void) {
+
+ return mp_X509CRL;
+
+}
+
+const XMLCh * DSIGKeyInfoX509::getX509SKI(void) {
+
+ return mp_X509SKI;
+
+}
+
const XMLCh * DSIGKeyInfoX509::getX509IssuerSerialNumber(void) {
return mp_X509SerialNumber;
@@ -300,6 +357,12 @@
}
+const XMLCh * DSIGKeyInfoX509::getRawRetrievalURI(void) {
+
+ return mp_rawRetrievalURI;
+
+}
+
// --------------------------------------------------------------------------------
// Create and Set
// --------------------------------------------------------------------------------
@@ -322,6 +385,66 @@
}
+void DSIGKeyInfoX509::setX509CRL(const XMLCh * crl) {
+
+ if (mp_X509CRLTextNode == 0) {
+
+ safeBuffer str;
+ DOMDocument *doc = mp_parentSignature->getParentDocument();
+ const XMLCh * prefix = mp_parentSignature->getDSIGNSPrefix();
+
+ makeQName(str, prefix, "X509CRL");
+
+ DOMElement * s = doc->createElementNS(DSIGConstants::s_unicodeStrURIDSIG, str.rawXMLChBuffer());
+ mp_X509CRLTextNode = doc->createTextNode(crl);
+ s->appendChild(mp_X509CRLTextNode);
+
+ // Add to the over-arching node
+ mp_keyInfoDOMNode->appendChild(s);
+ mp_keyInfoDOMNode->appendChild(doc->createTextNode(DSIGConstants::s_unicodeStrNL));
+
+ }
+
+ else {
+
+ mp_X509CRLTextNode->setNodeValue(crl);
+
+ }
+
+ mp_X509CRL = mp_X509CRLTextNode->getNodeValue();
+
+}
+
+void DSIGKeyInfoX509::setX509SKI(const XMLCh * ski) {
+
+ if (mp_X509SKITextNode == 0) {
+
+ safeBuffer str;
+ DOMDocument *doc = mp_parentSignature->getParentDocument();
+ const XMLCh * prefix = mp_parentSignature->getDSIGNSPrefix();
+
+ makeQName(str, prefix, "X509SKI");
+
+ DOMElement * s = doc->createElementNS(DSIGConstants::s_unicodeStrURIDSIG, str.rawXMLChBuffer());
+ mp_X509SKITextNode = doc->createTextNode(ski);
+ s->appendChild(mp_X509SKITextNode);
+
+ // Add to the over-arching node
+ mp_keyInfoDOMNode->appendChild(s);
+ mp_keyInfoDOMNode->appendChild(doc->createTextNode(DSIGConstants::s_unicodeStrNL));
+
+ }
+
+ else {
+
+ mp_X509SKITextNode->setNodeValue(ski);
+
+ }
+
+ mp_X509SKI = mp_X509SKITextNode->getNodeValue();
+
+}
+
void DSIGKeyInfoX509::setX509SubjectName(const XMLCh * name) {
if (mp_X509SubjectNameTextNode == 0) {
@@ -409,6 +532,14 @@
}
+void DSIGKeyInfoX509::setRawRetrievalURI(const XMLCh * uri) {
+
+ if (mp_rawRetrievalURI != NULL)
+ delete[] mp_rawRetrievalURI;
+
+ mp_rawRetrievalURI = XMLString::replicate(uri);
+
+}
void DSIGKeyInfoX509::appendX509Certificate(const XMLCh * base64Certificate) {
1.3 +76 -0 xml-security/c/src/dsig/DSIGKeyInfoX509.hpp
Index: DSIGKeyInfoX509.hpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/dsig/DSIGKeyInfoX509.hpp,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- DSIGKeyInfoX509.hpp 9 Feb 2003 11:13:47 -0000 1.2
+++ DSIGKeyInfoX509.hpp 18 May 2003 11:00:02 -0000 1.3
@@ -212,6 +212,40 @@
const XMLCh * getX509IssuerSerialNumber(void);
/**
+ * \brief Get any associated CRL
+ *
+ * Return the string containing the base64 encoded CRL that was held in
+ * the X509CRL node
+ *
+ * @returns A pointer to the string containing the CRL
+ * (0 if not set)
+ */
+
+ const XMLCh * getX509CRL(void);
+
+ /**
+ * \brief Get the SKI value (if set)
+ *
+ * The SKI (Subject Key Identifier) can be used to reference a
+ * required certificate. If this was set in the KeyInfo element,
+ * this function will return the value
+ *
+ * @returns the base64 encoded (plan - not DER) encoded SKI value
+ */
+
+ const XMLCh * getX509SKI(void);
+
+ /**
+ * \brief Return the raw Retrieval method to find this certificate
+ *
+ * In some cases, the KeyInfo RetrievalMethod references a raw certificate
+ * In such cases, the library simply creates a KeyInfoX509 object and sets
+ * this string to allow others to find the certificate
+ */
+
+ const XMLCh * getRawRetrievalURI(void);
+
+ /**
* \brief Find the number of certificates held
*
* Find the number of certificates held in the X509Data structures.
@@ -279,6 +313,43 @@
void setX509IssuerSerial(const XMLCh * name, const XMLCh * serial);
/**
+ * \brief Set the CRL element
+ *
+ * If an X509CRL exists, replace the value with that provided,
+ * otherwise create a new element and set the value appropriately.
+ *
+ * @param crl The base64 encoded string containing the CRL
+ */
+
+ void setX509CRL(const XMLCh * crl);
+
+ /**
+ * \brief Set the SKI element
+ *
+ * The SKI node provides a reference to the Subject Key Identifier of
+ * a certificate.
+ *
+ * This function takes a base64 encoded ski and sets it into the
+ * appropriate node
+ *
+ * @param ski The base64 plain (non-DER) encoded SKI value
+ */
+
+ void setX509SKI(const XMLCh * ski);
+
+ /**
+ * \brief set the retrieval URI
+ *
+ * Generally to be used by internal library processes only.
+ * This sets the retrieval URI - but does _not_ manipulate the DOM
+ * in any way.
+ *
+ * @param uri The URI string to use
+ */
+
+ void setRawRetrievalURI(const XMLCh * uri);
+
+ /**
* \brief Add a certificate.
*
* Append an X509Certificate element to the list of certificates
@@ -301,12 +372,17 @@
const XMLCh * mp_X509IssuerName; // Parameters from KeyInfo (not cert)
const XMLCh * mp_X509SerialNumber;
const XMLCh * mp_X509SubjectName;
+ const XMLCh * mp_X509CRL;
+ const XMLCh * mp_X509SKI;
+ XMLCh * mp_rawRetrievalURI;
// Text nodes holding information
DOMNode * mp_X509SubjectNameTextNode;
DOMNode * mp_X509IssuerNameTextNode;
DOMNode * mp_X509SerialNumberTextNode;
+ DOMNode * mp_X509CRLTextNode;
+ DOMNode * mp_X509SKITextNode;
};
1.13 +89 -65 xml-security/c/src/dsig/DSIGSignature.cpp
Index: DSIGSignature.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/dsig/DSIGSignature.cpp,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- DSIGSignature.cpp 8 May 2003 12:10:58 -0000 1.12
+++ DSIGSignature.cpp 18 May 2003 11:00:02 -0000 1.13
@@ -805,6 +805,7 @@
const XMLCh * URI = NULL;
TXFMBase * currentTxfm;
+ bool isRawX509 = false;
DOMNamedNodeMap *atts = tmpKI->getAttributes();
const XMLCh * name;
@@ -823,7 +824,10 @@
else if (strEquals(name, "Type")) {
- // For now ignore
+ // Check if this is a raw X509 cert
+ if (strEquals(atts->item(i)->getNodeValue(), DSIGConstants::s_unicodeStrURIRawX509)) {
+ isRawX509 = true;
+ }
}
@@ -846,98 +850,118 @@
}
- // Find base transform using the base URI
- currentTxfm = DSIGReference::getURIBaseTXFM(mp_doc, URI, mp_URIResolver);
- TXFMChain * chain;
- XSECnew(chain, TXFMChain(currentTxfm));
- Janitor<TXFMChain> j_chain(chain);
-
- // Now check for transforms
- tmpKI = tmpKI->getFirstChild();
-
- while (tmpKI != 0 && (tmpKI->getNodeType() != DOMNode::ELEMENT_NODE))
- // Skip text and comments
- tmpKI = tmpKI->getNextSibling();
+ if (isRawX509 == true) {
- if (tmpKI == 0) {
+ if (URI == NULL) {
- throw XSECException(XSECException::ExpectedDSIGChildNotFound,
- "Expected <Transforms> within <KeyInfo>");
+ throw XSECException(XSECException::ExpectedDSIGChildNotFound,
+ "Expected to find a URI attribute in a rawX509RetrievalMethod KeyInfo");
+
+ }
+
+ DSIGKeyInfoX509 * x509;
+ XSECnew(x509, DSIGKeyInfoX509(this));
+ x509->setRawRetrievalURI(URI);
+
+ this->m_keyInfoList.addKeyInfo(x509);
}
- if (strEquals(getDSIGLocalName(tmpKI), "Transforms")) {
+ else {
+ // Find base transform using the base URI
+ currentTxfm = DSIGReference::getURIBaseTXFM(mp_doc, URI, mp_URIResolver);
+ TXFMChain * chain;
+ XSECnew(chain, TXFMChain(currentTxfm));
+ Janitor<TXFMChain> j_chain(chain);
+
+ // Now check for transforms
+ tmpKI = tmpKI->getFirstChild();
+
+ while (tmpKI != 0 && (tmpKI->getNodeType() != DOMNode::ELEMENT_NODE))
+ // Skip text and comments
+ tmpKI = tmpKI->getNextSibling();
+
+ if (tmpKI == 0) {
+
+ throw XSECException(XSECException::ExpectedDSIGChildNotFound,
+ "Expected <Transforms> within <KeyInfo>");
- // Process the transforms using the static function.
- // For the moment we don't really support remote KeyInfos, so
- // Just built the transform list, process it and then destroy it.
-
- DSIGTransformList * l = DSIGReference::loadTransforms(
- tmpKI,
- mp_formatter,
- this);
-
- DSIGTransformList::TransformListVectorType::size_type size, i;
- size = l->getSize();
- for (i = 0; i < size; ++ i) {
- try {
- l->item(i)->appendTransformer(chain);
- }
- catch (...) {
- delete l;
- throw;
- }
}
- delete l;
+ if (strEquals(getDSIGLocalName(tmpKI), "Transforms")) {
- }
- // Find out the type of the final transform and process accordingly
-
- TXFMBase::nodeType type = chain->getLastTxfm()->getNodeType();
+ // Process the transforms using the static function.
+ // For the moment we don't really support remote KeyInfos, so
+ // Just built the transform list, process it and then destroy it.
- XSECXPathNodeList lst;
- const DOMNode * element;
+ DSIGTransformList * l = DSIGReference::loadTransforms(
+ tmpKI,
+ mp_formatter,
+ this);
- switch (type) {
+ DSIGTransformList::TransformListVectorType::size_type size, i;
+ size = l->getSize();
+ for (i = 0; i < size; ++ i) {
+ try {
+ l->item(i)->appendTransformer(chain);
+ }
+ catch (...) {
+ delete l;
+ throw;
+ }
+ }
- case TXFMBase::DOM_NODE_DOCUMENT :
+ delete l;
- break;
+ }
- case TXFMBase::DOM_NODE_DOCUMENT_FRAGMENT :
+ // Find out the type of the final transform and process accordingly
+
+ TXFMBase::nodeType type = chain->getLastTxfm()->getNodeType();
- break;
+ XSECXPathNodeList lst;
+ const DOMNode * element;
- case TXFMBase::DOM_NODE_XPATH_NODESET :
+ switch (type) {
- lst = chain->getLastTxfm()->getXPathNodeList();
- element = lst.getFirstNode();
+ case TXFMBase::DOM_NODE_DOCUMENT :
- while (element != NULL) {
+ break;
- // Try to add each element - just call KeyInfoList add as it will
- // do the check to see if it is a valud KeyInfo
+ case TXFMBase::DOM_NODE_DOCUMENT_FRAGMENT :
- m_keyInfoList.addXMLKeyInfo((DOMNode *) element);
- element = lst.getNextNode();
+ break;
- }
+ case TXFMBase::DOM_NODE_XPATH_NODESET :
- break;
+ lst = chain->getLastTxfm()->getXPathNodeList();
+ element = lst.getFirstNode();
- default :
+ while (element != NULL) {
- throw XSECException(XSECException::XPathError);
+ // Try to add each element - just call KeyInfoList add as it will
+ // do the check to see if it is a valud KeyInfo
- }
+ m_keyInfoList.addXMLKeyInfo((DOMNode *) element);
+ element = lst.getNextNode();
+
+ }
- // Delete the transform chain
- chain->getLastTxfm()->deleteExpandedNameSpaces();
+ break;
- // Janitor will clean up chain
+ default :
+
+ throw XSECException(XSECException::XPathError);
+
+ }
+
+ // Delete the transform chain
+ chain->getLastTxfm()->deleteExpandedNameSpaces();
+
+ // Janitor will clean up chain
+ }
} /* if getNodeName == Retrieval Method */