X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=xmltooling%2Fsecurity%2FSecurityHelper.h;h=b1e7c581931b253a1da29c59afb56e191e58bf01;hb=81b488b2790e7bdeb2f43560b1d4a7d22c3dfdf5;hp=babf720454349dc4be1123498b4d5f61b001d0c2;hpb=46e0a97aedad5881ee134cc8f6ff397072027af7;p=shibboleth%2Fcpp-xmltooling.git diff --git a/xmltooling/security/SecurityHelper.h b/xmltooling/security/SecurityHelper.h index babf720..b1e7c58 100644 --- a/xmltooling/security/SecurityHelper.h +++ b/xmltooling/security/SecurityHelper.h @@ -1,17 +1,21 @@ -/* - * Copyright 2001-2009 Internet2 +/** + * Licensed to the University Corporation for Advanced Internet + * Development, Inc. (UCAID) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for + * additional information regarding copyright ownership. * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at + * UCAID licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the + * License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. */ /** @@ -58,7 +62,7 @@ namespace xmltooling { * @param password optional password to decrypt key * @return a populated key object */ - static XSECCryptoKey* loadKeyFromFile(const char* pathname, const char* format=NULL, const char* password=NULL); + static XSECCryptoKey* loadKeyFromFile(const char* pathname, const char* format=nullptr, const char* password=nullptr); /** * Loads certificate(s) from a local file. @@ -70,7 +74,7 @@ namespace xmltooling { * @return size of the resulting array */ static std::vector::size_type loadCertificatesFromFile( - std::vector& certs, const char* pathname, const char* format=NULL, const char* password=NULL + std::vector& certs, const char* pathname, const char* format=nullptr, const char* password=nullptr ); /** @@ -82,7 +86,7 @@ namespace xmltooling { * @return size of the resulting array */ static std::vector::size_type loadCRLsFromFile( - std::vector& crls, const char* pathname, const char* format=NULL + std::vector& crls, const char* pathname, const char* format=nullptr ); /** @@ -94,7 +98,7 @@ namespace xmltooling { * @param password optional password to decrypt key * @return a populated key object */ - static XSECCryptoKey* loadKeyFromURL(SOAPTransport& transport, const char* backing, const char* format=NULL, const char* password=NULL); + static XSECCryptoKey* loadKeyFromURL(SOAPTransport& transport, const char* backing, const char* format=nullptr, const char* password=nullptr); /** * Loads certificate(s) from a URL. @@ -107,7 +111,7 @@ namespace xmltooling { * @return size of the resulting array */ static std::vector::size_type loadCertificatesFromURL( - std::vector& certs, SOAPTransport& transport, const char* backing, const char* format=NULL, const char* password=NULL + std::vector& certs, SOAPTransport& transport, const char* backing, const char* format=nullptr, const char* password=nullptr ); /** @@ -120,7 +124,7 @@ namespace xmltooling { * @return size of the resulting array */ static std::vector::size_type loadCRLsFromURL( - std::vector& crls, SOAPTransport& transport, const char* backing, const char* format=NULL + std::vector& crls, SOAPTransport& transport, const char* backing, const char* format=nullptr ); /** @@ -133,6 +137,17 @@ namespace xmltooling { static bool matches(const XSECCryptoKey& key1, const XSECCryptoKey& key2); /** + * Performs a hash operation over the supplied data. + * + * @param hashAlg name of hash algorithm, syntax specific to crypto provider + * @param buf input data to hash + * @param buflen length of input data + * @param toHex if true, hex-encodes the resulting raw bytes + * @return result of hash operation, or an empty string + */ + static std::string doHash(const char* hashAlg, const char* buf, unsigned long buflen, bool toHex=true); + + /** * Returns the base64-encoded DER encoding of a public key in SubjectPublicKeyInfo format. *

If a hash algorithm is provided, the data is digested before being base64-encoded. * @@ -150,7 +165,6 @@ namespace xmltooling { * @param key the key to encode * @param hash optional name of hash algorithm, syntax specific to crypto provider * @param nowrap if true, any linefeeds will be stripped from the result - * @param hashAlg name of hash algorithm, syntax specific to crypto provider * @return the base64 encoded key value */ static std::string getDEREncoding(const XSECCryptoKey& key, const char* hash, bool nowrap=true); @@ -162,7 +176,6 @@ namespace xmltooling { * @param cert the certificate's key to encode * @param hash optional name of hash algorithm, syntax specific to crypto provider * @param nowrap if true, any linefeeds will be stripped from the result - * @param hashAlg name of hash algorithm, syntax specific to crypto provider * @return the base64 encoded key value */ static std::string getDEREncoding(const XSECCryptoX509& cert, const char* hash, bool nowrap=true); @@ -191,7 +204,7 @@ namespace xmltooling { /** * @deprecated - * Returns the base64-encoded DER encoding of a certifiate's public key in SubjectPublicKeyInfo format. + * Returns the base64-encoded DER encoding of a certificate's public key in SubjectPublicKeyInfo format. * * @param cert the certificate's key to encode * @param hash if true, the DER encoded data is hashed with SHA-1 before base64 encoding @@ -199,6 +212,24 @@ namespace xmltooling { * @return the base64 encoded key value */ static std::string getDEREncoding(const XSECCryptoX509& cert, bool hash=false, bool nowrap=true); + + /** + * Decodes a DER-encoded public key. + * + * @param buf DER encoded data + * @param buflen length of data in bytes + * @param base64 true iff DER is base64-encoded + * @return the decoded public key, or nullptr + */ + static XSECCryptoKey* fromDEREncoding(const char* buf, unsigned long buflen, bool base64=true); + + /** + * Decodes a base64-encoded and DER-encoded public key. + * + * @param buf base64 and DER encoded data + * @return the decoded public key, or nullptr + */ + static XSECCryptoKey* fromDEREncoding(const XMLCh* buf); }; };