-/*\r
- * Copyright 2001-2006 Internet2\r
- * \r
- * Licensed under the Apache License, Version 2.0 (the "License");\r
- * you may not use this file except in compliance with the License.\r
- * You may obtain a copy of the License at\r
- *\r
- * http://www.apache.org/licenses/LICENSE-2.0\r
- *\r
- * Unless required by applicable law or agreed to in writing, software\r
- * distributed under the License is distributed on an "AS IS" BASIS,\r
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * See the License for the specific language governing permissions and\r
- * limitations under the License.\r
- */\r
-\r
-/**\r
- * @file Signature.h\r
- * \r
- * XMLObject representing XML Digital Signature, version 20020212, Signature element. \r
- */\r
-\r
-#if !defined(__xmltooling_sig_h__) && !defined(XMLTOOLING_NO_XMLSEC)\r
-#define __xmltooling_sig_h__\r
-\r
-#include <xmltooling/exceptions.h>\r
-#include <xmltooling/XMLObjectBuilder.h>\r
-#include <xmltooling/signature/SigningContext.h>\r
-#include <xmltooling/signature/VerifyingContext.h>\r
-\r
-/**\r
- * @namespace xmlsignature\r
- * Public namespace of XML Signature classes\r
- */\r
-namespace xmlsignature {\r
-\r
- /**\r
- * XMLObject representing XML Digital Signature, version 20020212, Signature element.\r
- * The default signature settings include Exclusive c14n w/o comments, SHA-1 digests,\r
- * and RSA-SHA1 signing. \r
- */\r
- class XMLTOOL_API Signature : public virtual xmltooling::XMLObject\r
- {\r
- public:\r
- virtual ~Signature() {}\r
-\r
- /** Element local name */\r
- static const XMLCh LOCAL_NAME[];\r
-\r
- /**\r
- * Sets the canonicalization method for the ds:SignedInfo element\r
- * \r
- * @param c14n the canonicalization method\r
- */\r
- virtual void setCanonicalizationMethod(const XMLCh* c14n)=0;\r
- \r
- /**\r
- * Sets the signing algorithm for the signature.\r
- * \r
- * @param sm the signature algorithm\r
- */\r
- virtual void setSignatureAlgorithm(const XMLCh* sm)=0;\r
- \r
- /**\r
- * Applies an XML signature based on the supplied context.\r
- * \r
- * @param ctx the signing context that determines the signature's content\r
- * @throws SignatureException thrown if the signing operation fails\r
- */\r
- virtual void sign(const SigningContext& ctx)=0;\r
- \r
- /**\r
- * Verifies an XML signature based on the supplied context.\r
- * \r
- * @param ctx the verifying context that validates the signature's content\r
- * @throws SignatureException thrown if the verifying operation fails\r
- */\r
- virtual void verify(const VerifyingContext& ctx) const=0;\r
-\r
- protected:\r
- Signature() {}\r
- };\r
-\r
- /**\r
- * Builder for Signature objects.\r
- */\r
- class XMLTOOL_API SignatureBuilder : public xmltooling::XMLObjectBuilder\r
- {\r
- public:\r
- virtual Signature* buildObject(\r
- const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL, const xmltooling::QName* schemaType=NULL\r
- ) const;\r
- \r
- /**\r
- * Default builder\r
- * \r
- * @return empty Signature object\r
- */\r
- virtual Signature* buildObject() const;\r
- };\r
-\r
- DECL_XMLTOOLING_EXCEPTION(SignatureException,xmlsignature,xmltooling::XMLToolingException,Exceptions in signature processing);\r
-\r
-};\r
-\r
-#endif /* __xmltooling_sig_h__ */\r
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
+ */
+
+/**
+ * @file xmltooling/signature/Signature.h
+ *
+ * XMLObject representing XML Digital Signature, version 20020212, Signature element.
+ */
+
+#if !defined(__xmltooling_sig_h__) && !defined(XMLTOOLING_NO_XMLSEC)
+#define __xmltooling_sig_h__
+
+#include <xmltooling/exceptions.h>
+#include <xmltooling/ConcreteXMLObjectBuilder.h>
+
+class DSIGSignature;
+class XSECCryptoKey;
+
+/**
+ * @namespace xmlsignature
+ * Public namespace of XML Signature classes
+ */
+namespace xmlsignature {
+
+ class XMLTOOL_API ContentReference;
+ class XMLTOOL_API KeyInfo;
+
+ /**
+ * XMLObject representing XML Digital Signature, version 20020212, Signature element.
+ * The default signature settings include Exclusive c14n w/o comments, SHA-1 digests,
+ * and RSA-SHA1 signing.
+ */
+ class XMLTOOL_API Signature : public virtual xmltooling::XMLObject
+ {
+ public:
+ virtual ~Signature();
+
+ /** Element local name */
+ static const XMLCh LOCAL_NAME[];
+
+ /**
+ * Gets the canonicalization method for the ds:SignedInfo element.
+ *
+ * @return the canonicalization method
+ */
+ virtual const XMLCh* getCanonicalizationMethod() const=0;
+
+ /**
+ * Gets the signing algorithm for the signature.
+ *
+ * @return the signature algorithm, or nullptr if indeterminate
+ */
+ virtual const XMLCh* getSignatureAlgorithm() const=0;
+
+ /**
+ * Sets the canonicalization method for the ds:SignedInfo element.
+ *
+ * @param c14n the canonicalization method
+ */
+ virtual void setCanonicalizationMethod(const XMLCh* c14n)=0;
+
+ /**
+ * Sets the signing algorithm for the signature.
+ *
+ * @param sm the signature algorithm
+ */
+ virtual void setSignatureAlgorithm(const XMLCh* sm)=0;
+
+ /**
+ * Sets the signing key used to create the signature.
+ *
+ * @param signingKey the secret/private key used to create the signature
+ */
+ virtual void setSigningKey(XSECCryptoKey* signingKey)=0;
+
+ /**
+ * Sets a KeyInfo object to embed in the Signature.
+ *
+ * @param keyInfo pointer to a KeyInfo object, or nullptr
+ */
+ virtual void setKeyInfo(KeyInfo* keyInfo)=0;
+
+ /**
+ * Gets the KeyInfo object associated with the Signature.
+ * This is <strong>NOT</strong> provided for access to the
+ * data associated with an unmarshalled signature. It is
+ * used only in the creation of signatures. Access to data
+ * for validation purposes is provided through the native
+ * DSIGSignature object.
+ *
+ * @return pointer to a KeyInfo object, or nullptr
+ */
+ virtual KeyInfo* getKeyInfo() const=0;
+
+ /**
+ * Sets the ContentReference object to the Signature to be applied
+ * when the signature is created.
+ *
+ * @param reference the reference to attach, or nullptr
+ */
+ virtual void setContentReference(ContentReference* reference)=0;
+
+ /**
+ * Gets the ContentReference object associated with the Signature.
+ * This is <strong>NOT</strong> provided for access to the
+ * data associated with an unmarshalled signature. It is
+ * used only in the creation of signatures. Access to data
+ * for validation purposes is provided through the native
+ * DSIGSignature object.
+ *
+ * @return pointer to a ContentReference object, or nullptr
+ */
+ virtual ContentReference* getContentReference() const=0;
+
+
+ /**
+ * Gets the native Apache signature object, if present.
+ *
+ * @return the native Apache signature interface
+ */
+ virtual DSIGSignature* getXMLSignature() const=0;
+
+ /**
+ * Compute and append the signature based on the assigned
+ * ContentReference, KeyInfo, and signing key.
+ *
+ * @param credential optional source of signing key and KeyInfo
+ */
+ virtual void sign(const xmltooling::Credential* credential=nullptr)=0;
+
+ /**
+ * Type-safe clone operation.
+ *
+ * @return copy of object
+ */
+ virtual Signature* cloneSignature() const=0;
+
+ /**
+ * Sign the input data and return a base64-encoded signature. The signature value
+ * <strong>MUST NOT</strong> contain any embedded linefeeds.
+ *
+ * <p>Allows specialized applications to create raw signatures over any input using
+ * the same cryptography layer as XML Signatures use.
+ *
+ * @param key key to sign with, will <strong>NOT</strong> be freed
+ * @param sigAlgorithm XML signature algorithm identifier
+ * @param in input data
+ * @param in_len size of input data in bytes
+ * @param out output buffer
+ * @param out_len size of output buffer in bytes
+ * @return size in bytes of base64-encoded signature
+ */
+ static unsigned int createRawSignature(
+ XSECCryptoKey* key,
+ const XMLCh* sigAlgorithm,
+ const char* in,
+ unsigned int in_len,
+ char* out,
+ unsigned int out_len
+ );
+
+ /**
+ * Verifies a base-64 encoded signature over the input data.
+ *
+ * <p>Allows specialized applications to verify raw signatures over any input using
+ * the same cryptography layer as XML Signatures use.
+ *
+ * @param key key to verify with, will <strong>NOT</strong> be freed
+ * @param sigAlgorithm XML signature algorithm identifier
+ * @param signature base64-encoded signature value
+ * @param in input data
+ * @param in_len size of input data in bytes
+ * @return true iff signature verifies
+ */
+ static bool verifyRawSignature(
+ XSECCryptoKey* key,
+ const XMLCh* sigAlgorithm,
+ const char* signature,
+ const char* in,
+ unsigned int in_len
+ );
+
+ protected:
+ /** Default constructor. */
+ Signature();
+ };
+
+ /**
+ * Builder for Signature objects.
+ */
+ class XMLTOOL_API SignatureBuilder : public xmltooling::ConcreteXMLObjectBuilder
+ {
+ public:
+#ifdef HAVE_COVARIANT_RETURNS
+ virtual Signature* buildObject(
+#else
+ virtual xmltooling::XMLObject* buildObject(
+#endif
+ const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=nullptr, const xmltooling::QName* schemaType=nullptr
+ ) const;
+
+ /**
+ * Default builder
+ *
+ * @return empty Signature object
+ */
+#ifdef HAVE_COVARIANT_RETURNS
+ virtual Signature* buildObject() const;
+#else
+ virtual xmltooling::XMLObject* buildObject() const;
+#endif
+ /** Singleton builder. */
+ static Signature* buildSignature();
+ };
+
+ DECL_XMLTOOLING_EXCEPTION(SignatureException,XMLTOOL_EXCEPTIONAPI(XMLTOOL_API),xmlsignature,xmltooling::XMLSecurityException,Exceptions in signature processing);
+
+};
+
+#endif /* __xmltooling_sig_h__ */