X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=xmltooling%2Fsecurity%2FBasicX509Credential.h;h=7dd21089f5c78ce30aa841e1780bf4aafe505679;hb=81b488b2790e7bdeb2f43560b1d4a7d22c3dfdf5;hp=6435655253626f8262910075444fdc5fbe311c23;hpb=d96a01ce4d9648bb3186f74d43610b6f12d49758;p=shibboleth%2Fcpp-xmltooling.git diff --git a/xmltooling/security/BasicX509Credential.h b/xmltooling/security/BasicX509Credential.h index 6435655..7dd2108 100644 --- a/xmltooling/security/BasicX509Credential.h +++ b/xmltooling/security/BasicX509Credential.h @@ -1,17 +1,21 @@ -/* - * Copyright 2001-2007 Internet2 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at +/** + * Licensed to the University Corporation for Advanced Internet + * Development, Inc. (UCAID) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for + * additional information regarding copyright ownership. + * + * UCAID licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the + * License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. */ /** @@ -25,7 +29,9 @@ #include -#include +#include +#include +#include namespace xmlsignature { class XMLTOOL_API KeyInfo; @@ -39,8 +45,12 @@ namespace xmltooling { class XMLTOOL_API BasicX509Credential : public virtual X509Credential { protected: - BasicX509Credential(bool ownCerts) : m_key(NULL), m_ownCerts(ownCerts), m_crl(NULL), m_keyInfo(NULL), m_compactKeyInfo(NULL) { - } + /** + * Constructor. + * + * @param ownCerts true iff any certificates subsequently stored should be freed by destructor + */ + BasicX509Credential(bool ownCerts); /** * Constructor. @@ -49,9 +59,16 @@ namespace xmltooling { * @param certs array of X.509 certificates, the first entry being the entity certificate * @param crl optional CRL */ - BasicX509Credential(XSECCryptoKey* key, const std::vector& certs, XSECCryptoX509CRL* crl=NULL) - : m_key(key), m_xseccerts(certs), m_ownCerts(true), m_crl(crl), m_keyInfo(NULL), m_compactKeyInfo(NULL) { - } + BasicX509Credential(XSECCryptoKey* key, const std::vector& certs, XSECCryptoX509CRL* crl=nullptr); + + /** + * Constructor. + * + * @param key key pair or secret key + * @param certs array of X.509 certificates, the first entry being the entity certificate + * @param crls array of X.509 CRLs + */ + BasicX509Credential(XSECCryptoKey* key, const std::vector& certs, const std::vector& crls); /** The private/secret key/keypair. */ XSECCryptoKey* m_key; @@ -59,14 +76,23 @@ namespace xmltooling { /** Key names (derived from credential, KeyInfo, or both). */ std::set m_keyNames; + /** Subject DN. */ + std::string m_subjectName; + + /** Issuer DN. */ + std::string m_issuerName; + + /** Serial number. */ + std::string m_serial; + /** The X.509 certificate chain. */ std::vector m_xseccerts; /** Indicates whether to destroy certificates. */ bool m_ownCerts; - /** The X.509 CRL. */ - XSECCryptoX509CRL* m_crl; + /** The X.509 CRLs. */ + std::vector m_crls; /** The KeyInfo object representing the information. */ xmlsignature::KeyInfo* m_keyInfo; @@ -76,107 +102,29 @@ namespace xmltooling { /** * Initializes (or reinitializes) a ds:KeyInfo to represent the Credential. + * + * @param types the kinds of KeyInfo content to include */ - void initKeyInfo(); - + void initKeyInfo(unsigned int types=0); + public: virtual ~BasicX509Credential(); - const char* getAlgorithm() const { - if (m_key) { - switch (m_key->getKeyType()) { - case XSECCryptoKey::KEY_RSA_PRIVATE: - case XSECCryptoKey::KEY_RSA_PUBLIC: - case XSECCryptoKey::KEY_RSA_PAIR: - return "RSA"; - - case XSECCryptoKey::KEY_DSA_PRIVATE: - case XSECCryptoKey::KEY_DSA_PUBLIC: - case XSECCryptoKey::KEY_DSA_PAIR: - return "DSA"; - - case XSECCryptoKey::KEY_HMAC: - return "HMAC"; - - case XSECCryptoKey::KEY_SYMMETRIC: { - XSECCryptoSymmetricKey* skey = static_cast(m_key); - switch (skey->getSymmetricKeyType()) { - case XSECCryptoSymmetricKey::KEY_3DES_192: - return "DESede"; - case XSECCryptoSymmetricKey::KEY_AES_128: - return "AES"; - case XSECCryptoSymmetricKey::KEY_AES_192: - return "AES"; - case XSECCryptoSymmetricKey::KEY_AES_256: - return "AES"; - } - } - } - } - return NULL; - } - - unsigned int getKeySize() const { - if (m_key) { - switch (m_key->getKeyType()) { - case XSECCryptoKey::KEY_RSA_PRIVATE: - case XSECCryptoKey::KEY_RSA_PUBLIC: - case XSECCryptoKey::KEY_RSA_PAIR: { - XSECCryptoKeyRSA* rkey = static_cast(m_key); - return rkey->getLength(); - } - - case XSECCryptoKey::KEY_SYMMETRIC: { - XSECCryptoSymmetricKey* skey = static_cast(m_key); - switch (skey->getSymmetricKeyType()) { - case XSECCryptoSymmetricKey::KEY_3DES_192: - return 192; - case XSECCryptoSymmetricKey::KEY_AES_128: - return 128; - case XSECCryptoSymmetricKey::KEY_AES_192: - return 192; - case XSECCryptoSymmetricKey::KEY_AES_256: - return 256; - } - } - } - } - return 0; - } - - XSECCryptoKey* getPrivateKey() const { - if (m_key) { - XSECCryptoKey::KeyType type = m_key->getKeyType(); - if (type!=XSECCryptoKey::KEY_RSA_PUBLIC && type!=XSECCryptoKey::KEY_DSA_PUBLIC) - return m_key; - } - return NULL; - } - - XSECCryptoKey* getPublicKey() const { - if (m_key) { - XSECCryptoKey::KeyType type = m_key->getKeyType(); - if (type!=XSECCryptoKey::KEY_RSA_PRIVATE && type!=XSECCryptoKey::KEY_DSA_PRIVATE) - return m_key; - } - return NULL; - } - - const std::set& getKeyNames() const { - return m_keyNames; - } - - const xmlsignature::KeyInfo* getKeyInfo(bool compact=false) const { - return compact ? m_compactKeyInfo : (m_keyInfo ? m_keyInfo : m_compactKeyInfo); - } - - const std::vector& getEntityCertificateChain() const { - return m_xseccerts; - } - - XSECCryptoX509CRL* getCRL() const { - return m_crl; - } + // Virtual function overrides. + unsigned int getUsage() const; + const char* getAlgorithm() const; + unsigned int getKeySize() const; + XSECCryptoKey* getPrivateKey() const; + XSECCryptoKey* getPublicKey() const; + const std::set& getKeyNames() const; + xmlsignature::KeyInfo* getKeyInfo(bool compact=false) const; + const std::vector& getEntityCertificateChain() const; + XSECCryptoX509CRL* getCRL() const; + const std::vector& getCRLs() const; + const char* getSubjectName() const; + const char* getIssuerName() const; + const char* getSerialNumber() const; + void extract(); }; };