| /** |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| |
| /* |
| * XSEC |
| * |
| * DSIGKeyInfoX509 := A "Super" key that defines a certificate with a sub-key that defines |
| * the signing key |
| * |
| * $Id$ |
| * |
| */ |
| |
| #ifndef DSIGKEYINFOX509_INCLUDE |
| #define DSIGKEYINFOX509_INCLUDE |
| |
| #include <xsec/utils/XSECSafeBuffer.hpp> |
| #include <xsec/dsig/DSIGKeyInfo.hpp> |
| #include <xsec/enc/XSECCryptoX509.hpp> |
| |
| #include <vector> |
| |
| XSEC_USING_XERCES(DOMElement); |
| |
| /** |
| * @ingroup pubsig |
| */ |
| |
| /** |
| * @brief The class for \<X509Data\> nodes in a KeyInfo list. |
| * |
| * Class for holding information on a X509Data node as well as setting |
| * such a node in a signature. |
| * |
| */ |
| |
| |
| class XSEC_EXPORT DSIGKeyInfoX509 : public DSIGKeyInfo { |
| |
| public: |
| |
| |
| struct X509Holder { |
| |
| const XMLCh * mp_encodedX509; // Base64 encoding |
| XSECCryptoX509 * mp_cryptoX509; // The certificate |
| |
| }; |
| |
| #if defined(XSEC_NO_NAMESPACES) |
| typedef vector<X509Holder *> X509ListType; |
| typedef vector<const XMLCh *> X509CRLListType; |
| #else |
| typedef std::vector<X509Holder *> X509ListType; |
| typedef std::vector<const XMLCh *> X509CRLListType; |
| #endif |
| |
| #if defined(XSEC_SIZE_T_IN_NAMESPACE_STD) |
| typedef std::size_t size_type; |
| #else |
| typedef size_t size_type; |
| #endif |
| |
| /** @name Constructors and Destructors */ |
| //@{ |
| |
| /** |
| * \brief Constructor used when XML structures exist. |
| * |
| * Constructor called by interface class when loading an |
| * X509Data element from DOM nodes. |
| * |
| * @param env Operating environment |
| * @param X509Data DOMNode at start of data |
| */ |
| |
| DSIGKeyInfoX509(const XSECEnv * env, XERCES_CPP_NAMESPACE_QUALIFIER DOMNode *X509Data); |
| |
| /** |
| * \brief Constructor called when building XML structures |
| * |
| * Constructor called by interface class when an XML |
| * structure is being built by a user calling the API |
| * |
| * @param env Operating environment |
| */ |
| |
| DSIGKeyInfoX509(const XSECEnv * env); |
| |
| /** |
| * \brief Destructor |
| */ |
| |
| virtual ~DSIGKeyInfoX509(); |
| |
| //@} |
| |
| /** @name Load function and get methods */ |
| //@{ |
| |
| /** |
| * \brief Function called to load an XML structure |
| * |
| * Function called by intercace class to load an X509Data structure |
| * from DOMNodes. |
| */ |
| |
| virtual void load(); |
| |
| /** |
| * \brief Get the name of the certificate |
| * |
| * Get the name stored in the X509SubjectName element (if it |
| * exists). |
| * |
| * @returns A pointer to a buffer containing the name |
| * (NULL if not set.) |
| */ |
| |
| const XMLCh * getX509SubjectName(void) const; |
| |
| /** |
| * \brief Get the name of the certificate (interface function) |
| * |
| * Get the name stored in the X509SubjectName element (if it |
| * exists). |
| * |
| * @returns A pointer to the buffer containing the name (or NULL if not set). |
| * The decoded string is returned. |
| * @see setX509SubjectName(void) |
| */ |
| |
| const XMLCh * getKeyName(void) const; |
| |
| /** |
| * \brief Get the X509Digest Algorithm |
| * |
| * Get the Algorithm for the X509Digest. |
| * |
| * @returns A pointer to the buffer containing the algorithm |
| * (0 if not set.) |
| */ |
| |
| const XMLCh* getX509DigestAlgorithm(void) const; |
| |
| /** |
| * \brief Get the X509Digest value |
| * |
| * Get the value for the X509Digest. |
| * |
| * @returns A pointer to the buffer containing the digest |
| * (0 if not set.) |
| */ |
| |
| const XMLCh* getX509DigestValue(void) const; |
| |
| /** |
| * \brief Get the IssuerSerialName |
| * |
| * Get the name of the Issuer (stored in the X509IssuerSerial element). |
| * |
| * @returns A pointer to the buffer containing the issuer name. |
| * (0 if not set.) |
| */ |
| |
| const XMLCh * getX509IssuerName(void) const; |
| |
| /** |
| * \brief Get the IsserSerialNumber |
| * |
| * Get the serial number of the certificate of the issuer of the |
| * signing certificate. |
| * |
| * @returns A pointer to the string containing the IssuerSerialNumber. |
| * (0 if not set.) This is the decoded string. |
| * @see setX509IssuerSerial |
| */ |
| |
| const XMLCh * getX509IssuerSerialNumber(void) const; |
| |
| /** |
| * \brief Get the first associated CRL |
| * |
| * Return the string containing the base64 encoded CRL that was held in |
| * the first X509CRL node |
| * |
| * @returns A pointer to the string containing the CRL |
| * (0 if not set) |
| */ |
| |
| const XMLCh * getX509CRL(void) const; |
| |
| /** |
| * \brief Find the number of CRLs held |
| * |
| * Find the number of CRLs held in the X509Data structures. |
| * |
| * @returns The number of CRLs |
| */ |
| |
| int getX509CRLListSize(void) const; |
| |
| /** |
| * \brief Get the DER encoded CRL pointed to in the list. |
| * |
| * Use the index to find the required CRL and return a pointer |
| * to the buffer containing the encoded CRL. |
| * |
| * @returns A pointer to the buffer containing the CRL or 0 if |
| * no CRL exists at that point in the list. |
| */ |
| |
| const XMLCh * getX509CRLItem(int item) const; |
| |
| /** |
| * \brief Get the SKI value (if set) |
| * |
| * The SKI (Subject Key Identifier) can be used to reference a |
| * required certificate. If this was set in the KeyInfo element, |
| * this function will return the value |
| * |
| * @returns the base64 encoded (plan - not DER) encoded SKI value |
| */ |
| |
| const XMLCh * getX509SKI(void) const; |
| |
| /** |
| * \brief Return the raw Retrieval method to find this certificate |
| * |
| * In some cases, the KeyInfo RetrievalMethod references a raw certificate |
| * In such cases, the library simply creates a KeyInfoX509 object and sets |
| * this string to allow others to find the certificate |
| */ |
| |
| const XMLCh * getRawRetrievalURI(void) const; |
| |
| /** |
| * \brief Find the number of certificates held |
| * |
| * Find the number of certificates held in the X509Data structures. |
| * |
| * @returns The number of certificates |
| */ |
| |
| int getCertificateListSize(void) const; |
| |
| /** |
| * \brief Get the DER encoded certificate pointed to in the list. |
| * |
| * Use the index to find the required certificate and return a pointer |
| * to the buffer containing the encoded certificate. |
| * |
| * @returns A pointer to the buffer containing the certificate or 0 if |
| * no certificate exists at that point in the list. |
| */ |
| |
| const XMLCh * getCertificateItem(int item) const; |
| |
| /** |
| * \brief Get the Crypto Interface X509 structure version of the certificate |
| * |
| * Use the index to find the required certificate and return a pointer |
| * to the XSECCryptoX509 cert |
| * |
| * @returns A pointer to the XSECCryptoX509 cert structure |
| */ |
| |
| XSECCryptoX509 * getCertificateCryptoItem(int item); |
| |
| /** |
| * \brief Get the Crypto Interface X509 structure version of the certificate |
| * |
| * Use the index to find the required certificate and return a pointer |
| * to the XSECCryptoX509 cert |
| * |
| * @returns A pointer to the XSECCryptoX509 cert structure |
| */ |
| |
| const XSECCryptoX509 * getCertificateCryptoItem(int item) const; |
| |
| /** |
| * \brief Interface function to find the type of this KeyInfo |
| */ |
| |
| virtual keyInfoType getKeyInfoType(void) const {return DSIGKeyInfo::KEYINFO_X509;} |
| |
| //@} |
| |
| /** @name Create and Set functions */ |
| //@{ |
| |
| /** |
| * \brief Create a new X509 data element. |
| * |
| * Create a blank (empty) X509Data element that can then be used |
| * by the application to add X509Data elements. |
| * |
| * @returns A pointer to the new X509Data element. |
| */ |
| |
| XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * |
| createBlankX509Data(void); |
| |
| /** |
| * \brief Set the X509SubjectName element in the KeyInfo element. |
| * |
| * If a X509SubjectName element exists, replace the text with the |
| * provided text. Otherwise create the element and set the text. |
| * |
| * @note XMLDSIG requires Distinguished Names be encoded in a defined |
| * manner (escaping '<' characters etc.). This method will perform |
| * this encoding prior to creating the DOM nodes. |
| * |
| * @param name The name to set. |
| */ |
| |
| void setX509SubjectName(const XMLCh * name); |
| |
| /** |
| * \brief Set the IssuerSerial element |
| * |
| * If an X509IssuerSerial exists, replace the values with those provided, |
| * otherwise create a new element and set the values appropriately. |
| * |
| * @note XMLDSIG requires Distinguished Names be encoded in a defined |
| * manner (escaping '<' characters etc.). This method will perform |
| * this encoding prior to creating the DOM nodes. |
| * |
| * @param name The name of the issuer. |
| * @param serial The serial number of the issuer's certificate |
| */ |
| |
| void setX509IssuerSerial(const XMLCh * name, const XMLCh * serial); |
| |
| /** |
| * \brief Set the dsig11:X509Digest element |
| * |
| * If a dsig11:X509Digest exists, replace the values with those provided, |
| * otherwise create a new element and set the values appropriately. |
| * |
| * @param algorithm The algorithm type |
| * @param value The digest value |
| */ |
| |
| void setX509Digest(const XMLCh * algorithm, const XMLCh * value); |
| |
| /** |
| * \brief Add a CRL. |
| * |
| * Append an X509CRL element to the list of CRLs |
| * stored at the end of this KeyInfo element. |
| * |
| * @param crl A pointer to the base64 encoded CRL, |
| * exactly as it will appear in the XML structure. |
| */ |
| |
| void setX509CRL(const XMLCh * crl); |
| |
| /** |
| * \brief Add a CRL. |
| * |
| * Append an X509CRL element to the list of CRLs |
| * stored at the end of this KeyInfo element. |
| * |
| * @param crl A pointer to the base64 encoded CRL, |
| * exactly as it will appear in the XML structure. |
| */ |
| |
| void appendX509CRL(const XMLCh * crl); |
| |
| /** |
| * \brief Set the SKI element |
| * |
| * The SKI node provides a reference to the Subject Key Identifier of |
| * a certificate. |
| * |
| * This function takes a base64 encoded ski and sets it into the |
| * appropriate node |
| * |
| * @param ski The base64 plain (non-DER) encoded SKI value |
| */ |
| |
| void setX509SKI(const XMLCh * ski); |
| |
| /** |
| * \brief set the retrieval URI |
| * |
| * Generally to be used by internal library processes only. |
| * This sets the retrieval URI - but does _not_ manipulate the DOM |
| * in any way. |
| * |
| * @param uri The URI string to use |
| */ |
| |
| void setRawRetrievalURI(const XMLCh * uri); |
| |
| /** |
| * \brief Add a certificate. |
| * |
| * Append an X509Certificate element to the list of certificates |
| * stored at the end of this KeyInfo element. |
| * |
| * @param base64Certificate A pointer to the base64 encoded certificate, |
| * exactly as it will appear in the XML structure. |
| */ |
| |
| void appendX509Certificate(const XMLCh * base64Certificate); |
| |
| //@} |
| |
| |
| private: |
| |
| DSIGKeyInfoX509(); |
| |
| X509ListType m_X509List; // The X509 structures |
| X509CRLListType m_X509CRLList; // The X509CRL list |
| XMLCh * mp_X509IssuerName; // Parameters from KeyInfo (not cert) |
| const XMLCh * mp_X509SerialNumber; |
| XMLCh * mp_X509SubjectName; |
| const XMLCh * mp_X509SKI; |
| XMLCh * mp_rawRetrievalURI; |
| |
| // Text nodes holding information |
| |
| XERCES_CPP_NAMESPACE_QUALIFIER DOMNode * mp_X509SubjectNameTextNode; |
| XERCES_CPP_NAMESPACE_QUALIFIER DOMNode * mp_X509IssuerNameTextNode; |
| XERCES_CPP_NAMESPACE_QUALIFIER DOMNode * mp_X509SerialNumberTextNode; |
| XERCES_CPP_NAMESPACE_QUALIFIER DOMNode * mp_X509SKITextNode; |
| XERCES_CPP_NAMESPACE_QUALIFIER DOMNode * mp_X509DigestTextNode; |
| |
| }; |
| |
| |
| |
| #endif /* #define DSIGKEYX509_INCLUDE */ |