X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=xmltooling%2Fsecurity%2Fimpl%2FBasicX509Credential.cpp;h=9fda0b06cda247dddea7706c46cc187db0e0afa9;hb=17f83f869f57cdc0bae557c583b5264a5cb3aabe;hp=1a2bbabe2a0b308d8a7554dc3fa88d6700a9c8e6;hpb=ab9eac7a116951cc02224cab3fd205c71ecff5f7;p=shibboleth%2Fcpp-xmltooling.git

diff --git a/xmltooling/security/impl/BasicX509Credential.cpp b/xmltooling/security/impl/BasicX509Credential.cpp
index 1a2bbab..9fda0b0 100644
--- a/xmltooling/security/impl/BasicX509Credential.cpp
+++ b/xmltooling/security/impl/BasicX509Credential.cpp
@@ -24,15 +24,18 @@
 #include "security/BasicX509Credential.h"
 #include "security/KeyInfoCredentialContext.h"
 #include "security/OpenSSLCredential.h"
+#include "security/SecurityHelper.h"
 #include "security/XSECCryptoX509CRL.h"
 #include "signature/KeyInfo.h"
 
 #include <algorithm>
 #include <openssl/x509v3.h>
 #include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>
+#include <xercesc/util/Base64.hpp>
 
 using namespace xmlsignature;
 using namespace xmltooling;
+using namespace xercesc;
 using namespace std;
 
 Credential::Credential()
@@ -127,8 +130,9 @@ void BasicX509Credential::initKeyInfo(unsigned int types)
     delete m_compactKeyInfo;
     m_compactKeyInfo = nullptr;
 
+    // Default will disable X509IssuerSerial due to schema validation issues.
     if (types == 0)
-        types = KEYINFO_KEY_VALUE | KEYINFO_KEY_NAME | KEYINFO_X509_CERTIFICATE | KEYINFO_X509_SUBJECTNAME | KEYINFO_X509_ISSUERSERIAL;
+        types = KEYINFO_KEY_VALUE | KEYINFO_KEY_NAME | KEYINFO_X509_CERTIFICATE | KEYINFO_X509_SUBJECTNAME | KEYINFO_X509_DIGEST;
 
     if (types & KEYINFO_KEY_NAME) {
         const set<string>& names = getKeyNames();
@@ -185,6 +189,36 @@ void BasicX509Credential::initKeyInfo(unsigned int types)
             m_keyInfo->getX509Datas().front()->getX509Certificates().push_back(x509);
         }
     }
+
+    if (types & KEYINFO_X509_DIGEST && !m_xseccerts.empty()) {
+        if (!m_compactKeyInfo)
+            m_compactKeyInfo = KeyInfoBuilder::buildKeyInfo();
+        if (m_compactKeyInfo->getX509Datas().empty())
+            m_compactKeyInfo->getX509Datas().push_back(X509DataBuilder::buildX509Data());
+        safeBuffer& buf=m_xseccerts.front()->getDEREncodingSB();
+        xsecsize_t x;
+        XMLByte* decoded = Base64::decode(reinterpret_cast<const XMLByte*>(buf.rawCharBuffer()), &x);
+        if (decoded) {
+            string xdig = SecurityHelper::doHash("SHA1", reinterpret_cast<char*>(decoded), x);
+#ifdef XMLTOOLING_XERCESC_HAS_XMLBYTE_RELEASE
+            XMLString::release(&decoded);
+#else
+            XMLString::release((char**)&decoded);
+#endif
+            XMLByte* encoded = Base64::encode(reinterpret_cast<const XMLByte*>(xdig.c_str()), xdig.length(), &x);
+            if (encoded) {
+                auto_ptr_XMLCh widenit(reinterpret_cast<char*>(encoded));
+#ifdef XMLTOOLING_XERCESC_HAS_XMLBYTE_RELEASE
+                XMLString::release(&encoded);
+#else
+                XMLString::release((char**)&encoded);
+#endif
+                X509Digest* x509dig = X509DigestBuilder::buildX509Digest();
+                x509dig->setValue(widenit.get());
+                m_compactKeyInfo->getX509Datas().front()->getX509Digests().push_back(x509dig);
+            }
+        }
+    }
 }
 
 unsigned int BasicX509Credential::getUsage() const
@@ -206,10 +240,12 @@ const char* BasicX509Credential::getAlgorithm() const
             case XSECCryptoKey::KEY_DSA_PAIR:
                 return "DSA";
 
+#ifdef XMLTOOLING_XMLSEC_ECC
             case XSECCryptoKey::KEY_EC_PRIVATE:
             case XSECCryptoKey::KEY_EC_PUBLIC:
             case XSECCryptoKey::KEY_EC_PAIR:
                 return "EC";
+#endif
 
             case XSECCryptoKey::KEY_HMAC:
                 return "HMAC";
@@ -239,7 +275,7 @@ unsigned int BasicX509Credential::getKeySize() const
             case XSECCryptoKey::KEY_RSA_PUBLIC:
             case XSECCryptoKey::KEY_RSA_PAIR: {
                 XSECCryptoKeyRSA* rkey = static_cast<XSECCryptoKeyRSA*>(m_key);
-                return rkey->getLength();
+                return 8 * rkey->getLength();
             }
 
             case XSECCryptoKey::KEY_SYMMETRIC: {
@@ -263,7 +299,11 @@ XSECCryptoKey* BasicX509Credential::getPrivateKey() const
 {
     if (m_key) {
         XSECCryptoKey::KeyType type = m_key->getKeyType();
-        if (type!=XSECCryptoKey::KEY_RSA_PUBLIC && type!=XSECCryptoKey::KEY_DSA_PUBLIC && type!=XSECCryptoKey::KEY_EC_PUBLIC)
+        if (type != XSECCryptoKey::KEY_RSA_PUBLIC && type != XSECCryptoKey::KEY_DSA_PUBLIC
+#ifdef XMLTOOLING_XMLSEC_ECC
+            && type != XSECCryptoKey::KEY_EC_PUBLIC
+#endif
+            )
             return m_key;
     }
     return nullptr;
@@ -273,7 +313,11 @@ XSECCryptoKey* BasicX509Credential::getPublicKey() const
 {
     if (m_key) {
         XSECCryptoKey::KeyType type = m_key->getKeyType();
-        if (type!=XSECCryptoKey::KEY_RSA_PRIVATE && type!=XSECCryptoKey::KEY_DSA_PRIVATE && type!=XSECCryptoKey::KEY_EC_PRIVATE)
+        if (type != XSECCryptoKey::KEY_RSA_PRIVATE && type != XSECCryptoKey::KEY_DSA_PRIVATE
+#ifdef XMLTOOLING_XMLSEC_ECC
+            && type != XSECCryptoKey::KEY_EC_PRIVATE
+#endif
+            )
             return m_key;
     }
     return nullptr;