Add const throughout signature verification methods.
git-svn-id: https://svn.apache.org/repos/asf/santuario/xml-security-cpp/trunk@1817138 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/xsec/dsig/DSIGReference.cpp b/xsec/dsig/DSIGReference.cpp
index 4d3fe79..2066853 100644
--- a/xsec/dsig/DSIGReference.cpp
+++ b/xsec/dsig/DSIGReference.cpp
@@ -935,7 +935,7 @@
// Verify reference list
// --------------------------------------------------------------------------------
-bool DSIGReference::verifyReferenceList(DSIGReferenceList * lst, safeBuffer &errStr) {
+bool DSIGReference::verifyReferenceList(const DSIGReferenceList * lst, safeBuffer &errStr) {
// Run through a list of hashes and checkHash for each one
diff --git a/xsec/dsig/DSIGReference.hpp b/xsec/dsig/DSIGReference.hpp
index b3a27e5..3d228cf 100644
--- a/xsec/dsig/DSIGReference.hpp
+++ b/xsec/dsig/DSIGReference.hpp
@@ -520,7 +520,7 @@
* @returns true iff all the references validate successfully.
*/
- static bool verifyReferenceList(DSIGReferenceList * lst, safeBuffer &errorStr);
+ static bool verifyReferenceList(const DSIGReferenceList * lst, safeBuffer &errorStr);
/**
* \brief Hash a reference list
diff --git a/xsec/dsig/DSIGReferenceList.cpp b/xsec/dsig/DSIGReferenceList.cpp
index 22cb5a4..1963d19 100644
--- a/xsec/dsig/DSIGReferenceList.cpp
+++ b/xsec/dsig/DSIGReferenceList.cpp
@@ -56,7 +56,7 @@
}
-DSIGReferenceList::size_type DSIGReferenceList::getSize() {
+DSIGReferenceList::size_type DSIGReferenceList::getSize() const {
return m_referenceList.size();
@@ -76,7 +76,7 @@
}
-DSIGReference * DSIGReferenceList::item(ReferenceListVectorType::size_type index) {
+DSIGReference * DSIGReferenceList::item(ReferenceListVectorType::size_type index) const {
if (index < m_referenceList.size())
return m_referenceList[index];
diff --git a/xsec/dsig/DSIGReferenceList.hpp b/xsec/dsig/DSIGReferenceList.hpp
index 1309a86..51a9028 100644
--- a/xsec/dsig/DSIGReferenceList.hpp
+++ b/xsec/dsig/DSIGReferenceList.hpp
@@ -130,7 +130,7 @@
* @param index The pointer into the list
*/
- DSIGReference * item(size_type index);
+ DSIGReference * item(size_type index) const;
/**
* \brief Find the number of elements in the list
@@ -138,7 +138,7 @@
* @returns The number of elements in the list
*/
- size_type getSize();
+ size_type getSize() const;
/**
* \brief Clear out the list
diff --git a/xsec/dsig/DSIGSignature.cpp b/xsec/dsig/DSIGSignature.cpp
index 07bab2f..01a11a0 100644
--- a/xsec/dsig/DSIGSignature.cpp
+++ b/xsec/dsig/DSIGSignature.cpp
@@ -779,7 +779,7 @@
*/
}
-TXFMChain * DSIGSignature::getSignedInfoInput(void) {
+TXFMChain * DSIGSignature::getSignedInfoInput(void) const {
TXFMBase * txfm;
TXFMChain * chain;
@@ -842,7 +842,7 @@
}
unsigned int DSIGSignature::calculateSignedInfoHash(unsigned char * hashBuf,
- unsigned int hashBufLen) {
+ unsigned int hashBufLen) const {
// Get the SignedInfo input bytes
TXFMChain * chain = getSignedInfoInput();
@@ -881,7 +881,7 @@
}
unsigned int DSIGSignature::calculateSignedInfoAndReferenceHash(unsigned char * hashBuf,
- unsigned int hashBufLen) {
+ unsigned int hashBufLen) const {
// Set up the reference list hashes - including any manifests
mp_signedInfo->hash(m_interlockingReferences);
@@ -893,7 +893,7 @@
// Verify a signature
// --------------------------------------------------------------------------------
-bool DSIGSignature::verifySignatureOnlyInternal(void) {
+bool DSIGSignature::verifySignatureOnlyInternal(void) const {
unsigned char hash[4096];
@@ -969,14 +969,14 @@
}
-bool DSIGSignature::verifySignatureOnly(void) {
+bool DSIGSignature::verifySignatureOnly(void) const {
m_errStr.sbTranscodeIn("");
return verifySignatureOnlyInternal();
}
-bool DSIGSignature::verify(void) {
+bool DSIGSignature::verify(void) const {
// We have a (hopefully) fully loaded signature. Need to
// verify
diff --git a/xsec/dsig/DSIGSignature.hpp b/xsec/dsig/DSIGSignature.hpp
index e1f8fd9..fda01ec 100644
--- a/xsec/dsig/DSIGSignature.hpp
+++ b/xsec/dsig/DSIGSignature.hpp
@@ -157,7 +157,7 @@
* @see #getErrMsgs
*/
- bool verify(void);
+ bool verify(void) const;
/**
* \brief Verify a signature is valid (skip references).
@@ -169,7 +169,7 @@
* @see #verify
*/
- bool verifySignatureOnly(void);
+ bool verifySignatureOnly(void) const;
/**
* \brief Sign a DSIGSignature DOM structure.
@@ -428,7 +428,7 @@
*/
unsigned int calculateSignedInfoAndReferenceHash(unsigned char * hashBuf,
- unsigned int hashBufLen);
+ unsigned int hashBufLen) const;
/**
* \brief Get the hash of the Signed Value
@@ -444,7 +444,7 @@
*/
unsigned int calculateSignedInfoHash(unsigned char * hashBuf,
- unsigned int hashBufLen);
+ unsigned int hashBufLen) const;
/**
* \brief Return the reference list for outside use.
@@ -606,7 +606,7 @@
*
*/
- XSECSafeBufferFormatter * getSBFormatter(void) {return mp_formatter;}
+ XSECSafeBufferFormatter * getSBFormatter(void) const {return mp_formatter;}
/**
* \brief Set the interlocking references flag
@@ -988,8 +988,8 @@
// Internal functions
void createKeyInfoElement(void);
- bool verifySignatureOnlyInternal(void);
- TXFMChain * getSignedInfoInput(void);
+ bool verifySignatureOnlyInternal(void) const;
+ TXFMChain * getSignedInfoInput(void) const;
// Initialisation
static void Initialise(void);
@@ -1007,7 +1007,7 @@
DSIGKeyInfoList m_keyInfoList;
XERCES_CPP_NAMESPACE_QUALIFIER DOMNode
* mp_KeyInfoNode;
- safeBuffer m_errStr;
+ mutable safeBuffer m_errStr;
// Environment
XSECEnv * mp_env;
diff --git a/xsec/dsig/DSIGSignedInfo.cpp b/xsec/dsig/DSIGSignedInfo.cpp
index 7514b85..574635c 100644
--- a/xsec/dsig/DSIGSignedInfo.cpp
+++ b/xsec/dsig/DSIGSignedInfo.cpp
@@ -48,7 +48,10 @@
m_HMACOutputLength = 0;
mp_formatter = pFormatter;
mp_signedInfoNode = signedInfoNode;
+ m_hashMethod = HASH_NONE;
m_signatureMethod = SIGNATURE_NONE;
+ m_canonicalizationMethod = CANON_NONE;
+ mp_algorithmURI = NULL;
mp_env = env;
mp_referenceList = NULL;
m_loaded = false;
@@ -63,7 +66,10 @@
m_HMACOutputLength = 0;
mp_formatter = pFormatter;
mp_signedInfoNode = NULL;
+ m_hashMethod = HASH_NONE;
m_signatureMethod = SIGNATURE_NONE;
+ m_canonicalizationMethod = CANON_NONE;
+ mp_algorithmURI = NULL;
mp_env = env;
mp_referenceList = NULL;
m_loaded = false;
@@ -83,31 +89,31 @@
}
-signatureMethod DSIGSignedInfo::getSignatureMethod(void) {
+signatureMethod DSIGSignedInfo::getSignatureMethod(void) const {
return m_signatureMethod;
}
-DOMNode * DSIGSignedInfo::getDOMNode() {
+DOMNode * DSIGSignedInfo::getDOMNode() const {
return mp_signedInfoNode;
}
-canonicalizationMethod DSIGSignedInfo::getCanonicalizationMethod(void) {
+canonicalizationMethod DSIGSignedInfo::getCanonicalizationMethod(void) const {
return m_canonicalizationMethod;
}
-hashMethod DSIGSignedInfo::getHashMethod() {
+hashMethod DSIGSignedInfo::getHashMethod() const {
return m_hashMethod;
}
-int DSIGSignedInfo::getHMACOutputLength() {
+int DSIGSignedInfo::getHMACOutputLength() const {
return m_HMACOutputLength;
@@ -121,7 +127,7 @@
// --------------------------------------------------------------------------------
-bool DSIGSignedInfo::verify(safeBuffer &errStr) {
+bool DSIGSignedInfo::verify(safeBuffer &errStr) const {
return DSIGReference::verifyReferenceList(mp_referenceList, errStr);
diff --git a/xsec/dsig/DSIGSignedInfo.hpp b/xsec/dsig/DSIGSignedInfo.hpp
index f1ed476..ca831e3 100644
--- a/xsec/dsig/DSIGSignedInfo.hpp
+++ b/xsec/dsig/DSIGSignedInfo.hpp
@@ -138,7 +138,7 @@
* @param errStr The safeBuffer that error messages should be written to.
*/
- bool verify(safeBuffer &errStr);
+ bool verify(safeBuffer &errStr) const;
/**
* \brief Hash the reference list
@@ -250,7 +250,7 @@
* @returns the SignedInfo node
*/
- XERCES_CPP_NAMESPACE_QUALIFIER DOMNode *getDOMNode(void);
+ XERCES_CPP_NAMESPACE_QUALIFIER DOMNode *getDOMNode(void) const;
/**
* \brief Get the Algorithm URI
@@ -259,7 +259,7 @@
* the signature
*/
- const XMLCh * getAlgorithmURI() {return mp_algorithmURI;}
+ const XMLCh * getAlgorithmURI() const {return mp_algorithmURI;}
/**
* \brief Get the canonicalisation method
@@ -267,7 +267,7 @@
* @returns Canonicalisation method
*/
- canonicalizationMethod getCanonicalizationMethod(void);
+ canonicalizationMethod getCanonicalizationMethod(void) const;
/**
* \brief Get the hash method
@@ -275,7 +275,7 @@
* @returns the Hash (digest) Method
*/
- hashMethod getHashMethod(void);
+ hashMethod getHashMethod(void) const;
/**
* \brief Get the signature method
@@ -283,7 +283,7 @@
* @returns the Signature method
*/
- signatureMethod getSignatureMethod(void);
+ signatureMethod getSignatureMethod(void) const;
/**
* \brief Get HMAC length
@@ -292,7 +292,7 @@
* This returns the length used.
*/
- int getHMACOutputLength(void);
+ int getHMACOutputLength(void) const;
/**
* \brief Return the list of references
@@ -303,6 +303,15 @@
DSIGReferenceList *getReferenceList (void) {return mp_referenceList;}
+ /**
+ * \brief Return the list of references
+ *
+ * Returns a pointer to the object holding the references
+ * contained in the SignedInfo
+ */
+
+ const DSIGReferenceList *getReferenceList (void) const {return mp_referenceList;}
+
//@}
diff --git a/xsec/enc/XSECKeyInfoResolver.hpp b/xsec/enc/XSECKeyInfoResolver.hpp
index ca7c151..961f5df 100644
--- a/xsec/enc/XSECKeyInfoResolver.hpp
+++ b/xsec/enc/XSECKeyInfoResolver.hpp
@@ -85,7 +85,7 @@
* @returns Either the appropriate key or NULL if none can be found
*/
- virtual XSECCryptoKey * resolveKey(DSIGKeyInfoList * lst) = 0;
+ virtual XSECCryptoKey * resolveKey(const DSIGKeyInfoList * lst) const = 0;
/**
* \brief Clone the resolver to be installed in a new object.
diff --git a/xsec/enc/XSECKeyInfoResolverDefault.cpp b/xsec/enc/XSECKeyInfoResolverDefault.cpp
index de602e3..e7ca027 100644
--- a/xsec/enc/XSECKeyInfoResolverDefault.cpp
+++ b/xsec/enc/XSECKeyInfoResolverDefault.cpp
@@ -63,7 +63,7 @@
// --------------------------------------------------------------------------------
-XSECCryptoKey * XSECKeyInfoResolverDefault::resolveKey(DSIGKeyInfoList * lst) {
+XSECCryptoKey * XSECKeyInfoResolverDefault::resolveKey(const DSIGKeyInfoList * lst) const {
// Try to find a key from the KeyInfo list as best we can
// NOTE: No validation is performed (i.e. no cert/CRL checks etc.)
diff --git a/xsec/enc/XSECKeyInfoResolverDefault.hpp b/xsec/enc/XSECKeyInfoResolverDefault.hpp
index 9b06c2d..ff041eb 100644
--- a/xsec/enc/XSECKeyInfoResolverDefault.hpp
+++ b/xsec/enc/XSECKeyInfoResolverDefault.hpp
@@ -87,7 +87,7 @@
* @see XSECKeyInfoResolver::resolveKey()
*/
- virtual XSECCryptoKey * resolveKey(DSIGKeyInfoList * lst);
+ virtual XSECCryptoKey * resolveKey(const DSIGKeyInfoList * lst) const;
/**
* \brief Clone the resolver to be installed in a new object.
diff --git a/xsec/tools/checksig/InteropResolver.cpp b/xsec/tools/checksig/InteropResolver.cpp
index 746b482..2f30928 100644
--- a/xsec/tools/checksig/InteropResolver.cpp
+++ b/xsec/tools/checksig/InteropResolver.cpp
@@ -90,7 +90,7 @@
#endif
-X509 * InteropResolver::nextFile2Cert(void) {
+X509 * InteropResolver::nextFile2Cert(void) const {
if (m_searchFinished)
@@ -296,13 +296,13 @@
return ret;
}
-bool InteropResolver::checkMatch(DSIGKeyInfoList * lst, X509 * x) {
+bool InteropResolver::checkMatch(const DSIGKeyInfoList * lst, X509 * x) const {
// Check if the parameters in x match the required certificate
int sz = (int) lst->getSize();
- DSIGKeyInfo* k;
+ const DSIGKeyInfo* k;
for (int i = 0; i < sz; ++i) {
@@ -310,7 +310,7 @@
if (k->getKeyInfoType() == DSIGKeyInfo::KEYINFO_X509) {
- DSIGKeyInfoX509 * kx = static_cast<DSIGKeyInfoX509 *>(k);
+ const DSIGKeyInfoX509 * kx = static_cast<const DSIGKeyInfoX509 *>(k);
const XMLCh * serial = kx->getX509IssuerSerialNumber();
@@ -426,7 +426,7 @@
}
-XSECCryptoKey * InteropResolver::openCertURI(const XMLCh * uri) {
+XSECCryptoKey * InteropResolver::openCertURI(const XMLCh * uri) const {
// Open a certificate from a file URI relative to the signature file
BIO * bioCert;
@@ -463,7 +463,7 @@
}
-XSECCryptoKey * InteropResolver::resolveKey(DSIGKeyInfoList * lst) {
+XSECCryptoKey * InteropResolver::resolveKey(const DSIGKeyInfoList * lst) const {
// First check if this has an X509 cert + an X509 CRL
@@ -474,13 +474,13 @@
for (int i = 0; i < lstSize; ++i) {
- DSIGKeyInfo * ki;
+ const DSIGKeyInfo * ki;
ki = lst->item(i);
const XMLCh * rawuri;
if (ki->getKeyInfoType() == DSIGKeyInfo::KEYINFO_X509) {
- DSIGKeyInfoX509 * kix509 = static_cast<DSIGKeyInfoX509 *>(ki);
+ const DSIGKeyInfoX509 * kix509 = static_cast<const DSIGKeyInfoX509 *>(ki);
if ((rawuri = kix509->getRawRetrievalURI()) != NULL) {
@@ -506,7 +506,7 @@
else if (ki->getKeyInfoType() == DSIGKeyInfo::KEYINFO_NAME) {
- DSIGKeyInfoName * kn = static_cast<DSIGKeyInfoName *>(ki);
+ const DSIGKeyInfoName * kn = static_cast<const DSIGKeyInfoName *>(ki);
if (kn->getKeyName() != NULL) {
diff --git a/xsec/tools/checksig/InteropResolver.hpp b/xsec/tools/checksig/InteropResolver.hpp
index 9103286..5b2edea 100644
--- a/xsec/tools/checksig/InteropResolver.hpp
+++ b/xsec/tools/checksig/InteropResolver.hpp
@@ -52,26 +52,26 @@
// Interface functions
- virtual XSECCryptoKey * resolveKey(DSIGKeyInfoList * lst);
+ virtual XSECCryptoKey * resolveKey(const DSIGKeyInfoList * lst) const;
virtual XSECKeyInfoResolver * clone(void) const;
// Internal functions
- X509 * nextFile2Cert(void);
- bool checkMatch(DSIGKeyInfoList * lst, X509 * x);
- XSECCryptoKey * openCertURI(const XMLCh * uri);
+ X509 * nextFile2Cert(void) const;
+ bool checkMatch(const DSIGKeyInfoList * lst, X509 * x) const;
+ XSECCryptoKey * openCertURI(const XMLCh * uri) const;
private:
XMLCh * mp_baseURI;
- bool m_searchStarted;
- bool m_searchFinished;
+ mutable bool m_searchStarted;
+ mutable bool m_searchFinished;
#if defined (_WIN32)
_finddata_t m_finder;
long m_handle;
#else
- glob_t m_globbuf;
- int m_fcount;
+ mutable glob_t m_globbuf;
+ mutable int m_fcount;
#endif
};
diff --git a/xsec/tools/cipher/XencInteropResolver.cpp b/xsec/tools/cipher/XencInteropResolver.cpp
index 35d1d09..b2fc671 100644
--- a/xsec/tools/cipher/XencInteropResolver.cpp
+++ b/xsec/tools/cipher/XencInteropResolver.cpp
@@ -327,17 +327,17 @@
// Resolver
// --------------------------------------------------------------------------------
-XSECCryptoKey * XencInteropResolver::resolveKey(DSIGKeyInfoList * lst) {
+XSECCryptoKey * XencInteropResolver::resolveKey(const DSIGKeyInfoList * lst) const {
int lstSize = (int) lst->getSize();
for (int i = 0; i < lstSize; ++i) {
- DSIGKeyInfo * ki = lst->item(i);
+ const DSIGKeyInfo * ki = lst->item(i);
if (ki->getKeyInfoType() == DSIGKeyInfo::KEYINFO_NAME) {
- DSIGKeyInfoName * kn = (DSIGKeyInfoName *) ki;
+ const DSIGKeyInfoName * kn = static_cast<const DSIGKeyInfoName*>(ki);
const XMLCh * name = kn->getKeyName();
diff --git a/xsec/tools/cipher/XencInteropResolver.hpp b/xsec/tools/cipher/XencInteropResolver.hpp
index 6fe362c..9c2144d 100644
--- a/xsec/tools/cipher/XencInteropResolver.hpp
+++ b/xsec/tools/cipher/XencInteropResolver.hpp
@@ -50,7 +50,7 @@
// Interface functions
- virtual XSECCryptoKey * resolveKey(DSIGKeyInfoList * lst);
+ virtual XSECCryptoKey * resolveKey(const DSIGKeyInfoList * lst) const;
virtual XSECKeyInfoResolver * clone(void) const;
// Internal functions