| /** |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| |
| /* |
| * XSEC |
| * |
| * NSSCryptoProvider := Base class to handle NSS |
| * |
| * Author(s): Milan Tomic |
| * |
| */ |
| |
| #ifndef NSSCRYPTOPROVIDER_INCLUDE |
| #define NSSCRYPTOPROVIDER_INCLUDE |
| |
| #include <xsec/framework/XSECDefs.hpp> |
| #include <xsec/enc/XSECCryptoProvider.hpp> |
| |
| #if defined (XSEC_HAVE_NSS) |
| |
| #include <pk11func.h> |
| #include <nss.h> |
| |
| /** |
| * @defgroup nsscrypto NSS Interface |
| * @ingroup nsscrypto |
| * The NSS crypto provides an experimental inerface to the NSS API. |
| */ |
| |
| /*\@{*/ |
| |
| class XSEC_EXPORT NSSCryptoProvider : public XSECCryptoProvider { |
| |
| |
| public : |
| |
| /** @name Constructors and Destructors */ |
| //@{ |
| /** |
| * \brief Create a NSS interface layer |
| * |
| * @param dbDir Directory where NSS key database is stored. |
| * Will initialise NSS without DB support if nothing passed in. |
| * If you are writing Mozilla/Firefox plugin, you shouldn't |
| * use this ctor, because Mozilla/Firefox init NSS. Use empty |
| * ctor instead. |
| */ |
| |
| NSSCryptoProvider(const char * dbDir); |
| |
| /** |
| * \brief Create a NSS interface layer |
| * |
| * Will not initialise NSS library, user should do that |
| */ |
| |
| NSSCryptoProvider(); |
| |
| virtual ~NSSCryptoProvider(); |
| |
| //@} |
| |
| /** @name Hashing (Digest) Functions */ |
| //@{ |
| |
| /** |
| * \brief Get the provider's maximum digest length. |
| * |
| * Call used by the library to max out the buffer sizes it uses. |
| * |
| * @returns maximum size to allow for |
| */ |
| virtual unsigned int getMaxHashSize() const; |
| |
| /** |
| * \brief Return a hashing implementation. |
| * |
| * Call used by the library to obtain a hashing implementation from the |
| * provider. |
| * |
| * @returns a pointer to a hashing object. |
| */ |
| virtual XSECCryptoHash* hash(XSECCryptoHash::HashType type) const; |
| |
| /** |
| * \brief Return an HMAC implementation. |
| * |
| * Call used by the library to obtain an HMAC implementation from the |
| * provider. The caller will need to set the key in the hash |
| * object with an XSECCryptoKeyHMAC using XSECCryptoHash::setKey(). |
| * |
| * @returns a pointer to the hashing object. |
| */ |
| virtual XSECCryptoHash* HMAC(XSECCryptoHash::HashType type) const; |
| |
| /** |
| * \brief Return a HMAC key |
| * |
| * Sometimes the library needs to create an HMAC key (notably within |
| * the XKMS utilities). |
| * |
| * This function allows the library to obtain a key that can then have |
| * a value set within it. |
| */ |
| |
| virtual XSECCryptoKeyHMAC* keyHMAC(void) const; |
| |
| /** |
| * \brief Determine whether a given algorithm is supported |
| * |
| * A call that can be used to determine whether a given |
| * digest algorithm is supported |
| */ |
| |
| virtual bool algorithmSupported(XSECCryptoHash::HashType alg) const; |
| |
| //@} |
| |
| /** @name Encoding functions */ |
| //@{ |
| |
| /** |
| * \brief Return a Base64 encoder/decoder implementation. |
| * |
| * Call used by the library to obtain a Base64 |
| * encoder/decoder. |
| * |
| * @note NSS do implement Base64, but internal |
| * implementation (XSCrypt) is used instead. |
| * |
| * @returns Pointer to the new Base64 encoder. |
| * @see XSCryptCryptoBase64 |
| */ |
| |
| virtual XSECCryptoBase64* base64() const; |
| |
| //@} |
| |
| /** @name Keys and Certificates */ |
| //@{ |
| |
| /** |
| * \brief Return a DSA key implementation object. |
| * |
| * Call used by the library to obtain a DSA key object. |
| * |
| * @returns Pointer to the new DSA key |
| * @see NSSCryptoKeyDSA |
| */ |
| |
| virtual XSECCryptoKeyDSA* keyDSA() const; |
| |
| /** |
| * \brief Return an RSA key implementation object. |
| * |
| * Call used by the library to obtain an NSS RSA key object. |
| * |
| * @returns Pointer to the new RSA key |
| * @see NSSCryptoKeyRSA |
| */ |
| |
| virtual XSECCryptoKeyRSA* keyRSA() const; |
| |
| /** |
| * \brief Return an EC key implementation object. |
| * |
| * Call used by the library to obtain an NSS EC key object. |
| * |
| * @returns Pointer to the new EC key |
| */ |
| |
| virtual XSECCryptoKeyEC* keyEC() const; |
| |
| /** |
| * \brief Return a key implementation object based on DER-encoded input. |
| * |
| * Call used by the library to obtain a key object from a DER-encoded key. |
| * |
| * @param buf DER-encoded data |
| * @param buflen length of data |
| * @param base64 true iff data is base64-encoded |
| * @returns Pointer to the new key |
| */ |
| |
| virtual XSECCryptoKey* keyDER(const char* buf, unsigned long buflen, bool base64) const; |
| |
| /** |
| * \brief Return an X509 implementation object. |
| * |
| * Call used by the library to obtain an object that can work |
| * with X509 certificates. |
| * |
| * @returns Pointer to the new X509 object |
| * @see NSSCryptoX509 |
| */ |
| |
| virtual XSECCryptoX509* X509() const; |
| |
| /** |
| * \brief Determine whether a given algorithm is supported |
| * |
| * A call that can be used to determine whether a given |
| * symmetric algorithm is supported |
| */ |
| |
| virtual bool algorithmSupported(XSECCryptoSymmetricKey::SymmetricKeyType alg) const; |
| |
| /** |
| * \brief Return a Symmetric Key implementation object. |
| * |
| * Call used by the library to obtain a bulk encryption |
| * object. |
| * |
| * @returns Pointer to the new SymmetricKey object |
| * @see XSECCryptoSymmetricKey |
| */ |
| |
| virtual XSECCryptoSymmetricKey* keySymmetric(XSECCryptoSymmetricKey::SymmetricKeyType alg) const; |
| |
| /** |
| * \brief Obtain some random octets |
| * |
| * For generation of IVs and the like, the library needs to be able |
| * to obtain "random" octets. The library uses this call to the |
| * crypto provider to obtain what it needs. |
| * |
| * @param buffer The buffer to place the random data in |
| * @param numOctets Number of bytes required |
| * @returns Number of bytes obtained. |
| */ |
| |
| virtual unsigned int getRandom(unsigned char* buffer, unsigned int numOctets) const; |
| |
| /** |
| * \brief Translate B64 I2OS integer to a NSS SECItem. |
| * |
| * Decodes a Base64 (ds:CryptoBinary) integer into SECItem. |
| * |
| * @param b64 Base 64 string |
| * @param b64Len Length of base64 string |
| * @param retLen Parameter to hold length of return integer |
| */ |
| |
| static SECItem* b642SI(const char* b64, unsigned int b64Len); |
| |
| /** |
| * \brief Translate a SECItem to a B64 I2OS integer . |
| * |
| * Encodes a SECItem in I2OSP base64 encoded format. |
| * |
| * @param n Buffer holding the SECItem |
| * @param nLen Length of data in buffer |
| * @param retLen Parameter to hold length of return integer |
| * @returns A pointer to a buffer holding the encoded data |
| * (transfers ownership) |
| */ |
| |
| static unsigned char* SI2b64(SECItem* n, unsigned int &retLen); |
| |
| //@} |
| |
| /** @name Information Functions */ |
| //@{ |
| |
| /** |
| * \brief Returns a string that identifies the Crypto Provider |
| */ |
| |
| virtual const XMLCh* getProviderName() const; |
| |
| //@} |
| |
| |
| private: |
| |
| void Init(const char * dbDir); |
| static int m_initialised; |
| |
| }; |
| |
| /*\@}*/ |
| |
| #endif /* XSEC_HAVE_NSS */ |
| #endif /* NSSCRYPTOPROVIDER_INCLUDE */ |
| |
