-/*\r
- * Copyright 2001-2006 Internet2\r
- * \r
- * Licensed under the Apache License, Version 2.0 (the "License");\r
- * you may not use this file except in compliance with the License.\r
- * You may obtain a copy of the License at\r
- *\r
- * http://www.apache.org/licenses/LICENSE-2.0\r
- *\r
- * Unless required by applicable law or agreed to in writing, software\r
- * distributed under the License is distributed on an "AS IS" BASIS,\r
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * See the License for the specific language governing permissions and\r
- * limitations under the License.\r
- */\r
-\r
-/**\r
- * @file Signature.h\r
- * \r
- * XMLObject representing XML Digital Signature, version 20020212, Signature element. \r
- */\r
-\r
-#if !defined(__xmltooling_sig_h__) && !defined(XMLTOOLING_NO_XMLSEC)\r
-#define __xmltooling_sig_h__\r
-\r
-#include <xmltooling/XMLObjectBuilder.h>\r
-#include <xmltooling/signature/SigningContext.h>\r
-#include <xmltooling/signature/VerifyingContext.h>\r
-\r
-namespace xmltooling {\r
-\r
- /**\r
- * XMLObject representing XML Digital Signature, version 20020212, Signature element.\r
- * The default signature settings include Exclusive c14n w/o comments, SHA-1 digests,\r
- * and RSA-SHA1 signing. \r
- */\r
- class XMLTOOL_API Signature : public virtual XMLObject\r
- {\r
- public:\r
- virtual ~Signature() {}\r
-\r
- /** Element local name */\r
- static const XMLCh LOCAL_NAME[];\r
-\r
- /**\r
- * Sets the canonicalization method for the ds:SignedInfo element\r
- * \r
- * @param c14n the canonicalization method\r
- */\r
- virtual void setCanonicalizationMethod(const XMLCh* c14n)=0;\r
- \r
- /**\r
- * Sets the signing algorithm for the signature.\r
- * \r
- * @param sm the signature algorithm\r
- */\r
- virtual void setSignatureAlgorithm(const XMLCh* sm)=0;\r
- \r
- /**\r
- * Applies an XML signature based on the supplied context.\r
- * \r
- * @param ctx the signing context that determines the signature's content\r
- * @throws SignatureException thrown if the signing operation fails\r
- */\r
- virtual void sign(const SigningContext& ctx)=0;\r
- \r
- /**\r
- * Verifies an XML signature based on the supplied context.\r
- * \r
- * @param ctx the verifying context that validates the signature's content\r
- * @throws SignatureException thrown if the verifying operation fails\r
- */\r
- virtual void verify(const VerifyingContext& ctx) const=0;\r
-\r
- protected:\r
- Signature() {}\r
- };\r
-\r
- /**\r
- * Builder for Signature objects.\r
- */\r
- class XMLTOOL_API SignatureBuilder : public XMLObjectBuilder\r
- {\r
- public:\r
- virtual Signature* buildObject(\r
- const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL, const QName* schemaType=NULL\r
- ) const;\r
- \r
- /**\r
- * Default builder\r
- * \r
- * @return empty Signature object\r
- */\r
- virtual Signature* buildObject() const;\r
- };\r
-\r
-};\r
-\r
-#endif /* __xmltooling_sig_h__ */\r
+/*
+ * Copyright 2001-2006 Internet2
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @file Signature.h
+ *
+ * XMLObject representing XML Digital Signature, version 20020212, Signature element.
+ */
+
+#if !defined(__xmltooling_sig_h__) && !defined(XMLTOOLING_NO_XMLSEC)
+#define __xmltooling_sig_h__
+
+#include <xmltooling/exceptions.h>
+#include <xmltooling/XMLObjectBuilder.h>
+#include <xmltooling/signature/ContentReference.h>
+#include <xmltooling/util/XMLConstants.h>
+
+#include <xsec/dsig/DSIGSignature.hpp>
+
+/**
+ * @namespace xmlsignature
+ * Public namespace of XML Signature classes
+ */
+namespace xmlsignature {
+
+ class XMLTOOL_API KeyInfo;
+
+ /**
+ * XMLObject representing XML Digital Signature, version 20020212, Signature element.
+ * The default signature settings include Exclusive c14n w/o comments, SHA-1 digests,
+ * and RSA-SHA1 signing.
+ */
+ class XMLTOOL_API Signature : public virtual xmltooling::XMLObject
+ {
+ public:
+ virtual ~Signature() {}
+
+ /** Element local name */
+ static const XMLCh LOCAL_NAME[];
+
+ /**
+ * Sets the canonicalization method for the ds:SignedInfo element
+ *
+ * @param c14n the canonicalization method
+ */
+ virtual void setCanonicalizationMethod(const XMLCh* c14n)=0;
+
+ /**
+ * Sets the signing algorithm for the signature.
+ *
+ * @param sm the signature algorithm
+ */
+ virtual void setSignatureAlgorithm(const XMLCh* sm)=0;
+
+ /**
+ * Sets the signing key used to create the signature.
+ *
+ * @param signingKey the secret/private key used to create the signature
+ */
+ virtual void setSigningKey(XSECCryptoKey* signingKey)=0;
+
+ /**
+ * Sets a KeyInfo object to embed in the Signature.
+ *
+ * @param keyInfo pointer to a KeyInfo object, or NULL
+ */
+ virtual void setKeyInfo(KeyInfo* keyInfo)=0;
+
+ /**
+ * Gets the KeyInfo object associated with the Signature.
+ * This is <strong>NOT</strong> provided for access to the
+ * data associated with an unmarshalled signature. It is
+ * used only in the creation of signatures. Access to data
+ * for validation purposes is provided through the native
+ * DSIGSignature object.
+ *
+ * @return pointer to a KeyInfo object, or NULL
+ */
+ virtual KeyInfo* getKeyInfo() const=0;
+
+ /**
+ * Sets the ContentReference object to the Signature to be applied
+ * when the signature is created.
+ *
+ * @param reference the reference to attach, or NULL
+ */
+ virtual void setContentReference(ContentReference* reference)=0;
+
+ /**
+ * Gets the ContentReference object associated with the Signature.
+ * This is <strong>NOT</strong> provided for access to the
+ * data associated with an unmarshalled signature. It is
+ * used only in the creation of signatures. Access to data
+ * for validation purposes is provided through the native
+ * DSIGSignature object.
+ *
+ * @return pointer to a ContentReference object, or NULL
+ */
+ virtual ContentReference* getContentReference() const=0;
+
+
+ /**
+ * Gets the native Apache signature object, if present.
+ *
+ * @return the native Apache signature interface
+ */
+ virtual DSIGSignature* getXMLSignature() const=0;
+
+ /**
+ * Compute and append the signature based on the assigned
+ * ContentReference, KeyInfo, and signing key.
+ */
+ virtual void sign()=0;
+
+ /**
+ * Type-safe clone operation.
+ *
+ * @return copy of object
+ */
+ virtual Signature* cloneSignature() const=0;
+
+ /**
+ * Sign the input data and return a base64-encoded signature. The signature value
+ * <strong>MUST NOT</strong> contain any embedded linefeeds.
+ *
+ * <p>Allows specialized applications to create raw signatures over any input using
+ * the same cryptography layer as XML Signatures use.
+ *
+ * @param key key to sign with, will <strong>NOT</strong> be freed
+ * @param sigAlgorithm XML signature algorithm identifier
+ * @param in input data
+ * @param in_len size of input data in bytes
+ * @param out output buffer
+ * @param out_len size of output buffer in bytes
+ * @return size in bytes of base64-encoded signature
+ */
+ static unsigned int createRawSignature(
+ XSECCryptoKey* key,
+ const XMLCh* sigAlgorithm,
+ const char* in,
+ unsigned int in_len,
+ char* out,
+ unsigned int out_len
+ );
+
+ /**
+ * Verifies a base-64 encoded signature over the input data.
+ *
+ * <p>Allows specialized applications to verify raw signatures over any input using
+ * the same cryptography layer as XML Signatures use.
+ *
+ * @param key key to verify with, will <strong>NOT</strong> be freed
+ * @param sigAlgorithm XML signature algorithm identifier
+ * @param signature base64-encoded signature value
+ * @param in input data
+ * @param in_len size of input data in bytes
+ * @return true iff signature verifies
+ */
+ static bool verifyRawSignature(
+ XSECCryptoKey* key,
+ const XMLCh* sigAlgorithm,
+ const char* signature,
+ const char* in,
+ unsigned int in_len
+ );
+
+ protected:
+ Signature() {}
+ };
+
+ /**
+ * Builder for Signature objects.
+ */
+ class XMLTOOL_API SignatureBuilder : public xmltooling::XMLObjectBuilder
+ {
+ public:
+ virtual Signature* buildObject(
+ const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL, const xmltooling::QName* schemaType=NULL
+ ) const;
+
+ /**
+ * Default builder
+ *
+ * @return empty Signature object
+ */
+#ifdef HAVE_COVARIANT_RETURNS
+ virtual Signature* buildObject() const;
+#else
+ virtual xmltooling::XMLObject* buildObject() const;
+#endif
+ /** Singleton builder. */
+ static Signature* buildSignature() {
+ const SignatureBuilder* b = dynamic_cast<const SignatureBuilder*>(
+ xmltooling::XMLObjectBuilder::getBuilder(
+ xmltooling::QName(xmlconstants::XMLSIG_NS,Signature::LOCAL_NAME)
+ )
+ );
+ if (b) {
+#ifdef HAVE_COVARIANT_RETURNS
+ return b->buildObject();
+#else
+ return dynamic_cast<Signature*>(b->buildObject());
+#endif
+ }
+ throw xmltooling::XMLObjectException("Unable to obtain typed builder for Signature.");
+ }
+ };
+
+ DECL_XMLTOOLING_EXCEPTION(SignatureException,XMLTOOL_EXCEPTIONAPI(XMLTOOL_API),xmlsignature,xmltooling::XMLSecurityException,Exceptions in signature processing);
+
+};
+
+#endif /* __xmltooling_sig_h__ */