X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=xmltooling%2Fsignature%2Fimpl%2FKeyInfoSchemaValidators.cpp;h=334173adc03f5b920e4909f55dc57fdc68c46ed1;hb=81b488b2790e7bdeb2f43560b1d4a7d22c3dfdf5;hp=44acffd6323612a2843ba36eabc8a66bfc737132;hpb=77769b2e300d1295b8a5d717d9ede50e27d70cea;p=shibboleth%2Fcpp-xmltooling.git diff --git a/xmltooling/signature/impl/KeyInfoSchemaValidators.cpp b/xmltooling/signature/impl/KeyInfoSchemaValidators.cpp index 44acffd..334173a 100644 --- a/xmltooling/signature/impl/KeyInfoSchemaValidators.cpp +++ b/xmltooling/signature/impl/KeyInfoSchemaValidators.cpp @@ -1,33 +1,53 @@ -/* -* Copyright 2001-2006 Internet2 - * -* Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at +/** + * Licensed to the University Corporation for Advanced Internet + * Development, Inc. (UCAID) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for + * additional information regarding copyright ownership. + * + * UCAID licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the + * License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. */ /** * KeyInfoSchemaValidators.cpp * - * Schema validators for KeyInfo schema + * Schema validators for KeyInfo schema. */ #include "internal.h" #include "exceptions.h" #include "signature/KeyInfo.h" +#include "validation/Validator.h" #include "validation/ValidatorSuite.h" using namespace xmlsignature; using namespace xmltooling; using namespace std; +using xmlconstants::XMLSIG_NS; +using xmlconstants::XMLSIG11_NS; + +#define XMLOBJECTVALIDATOR_ONLYONEOF4(cname,proper1,proper2,proper3,proper4) \ + int c##proper1##proper2##proper3##proper4=0; \ + if (ptr->get##proper1()!=nullptr) \ + c##proper1##proper2##proper3##proper4++; \ + if (ptr->get##proper2()!=nullptr) \ + c##proper1##proper2##proper3##proper4++; \ + if (ptr->get##proper3()!=nullptr) \ + c##proper1##proper2##proper3##proper4++; \ + if (ptr->get##proper4()!=nullptr) \ + c##proper1##proper2##proper3##proper4++; \ + if (c##proper1##proper2##proper3##proper4 != 1) \ + throw xmltooling::ValidationException(#cname" must have only one of "#proper1", "#proper2", "#proper3", or "#proper4".") namespace xmlsignature { @@ -52,6 +72,10 @@ namespace xmlsignature { XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,SPKISexp); XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,PGPKeyID); XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,PGPKeyPacket); + + XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,DEREncodedKeyValue); + XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,OCSPResponse); + XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,PublicKey); BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,RSAKeyValue); XMLOBJECTVALIDATOR_REQUIRE(RSAKeyValue,Modulus); @@ -65,7 +89,7 @@ namespace xmlsignature { END_XMLOBJECTVALIDATOR; BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,KeyValue); - XMLOBJECTVALIDATOR_ONLYONEOF3(KeyValue,DSAKeyValue,RSAKeyValue,OtherKeyValue); + XMLOBJECTVALIDATOR_ONLYONEOF4(KeyValue,DSAKeyValue,RSAKeyValue,ECKeyValue,UnknownXMLObject); END_XMLOBJECTVALIDATOR; BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,Transform); @@ -89,7 +113,7 @@ namespace xmlsignature { public: void operator()(const XMLObject* xmlObject) const { const XMLCh* ns=xmlObject->getElementQName().getNamespaceURI(); - if (XMLString::equals(ns,XMLConstants::XMLSIG_NS) || !ns || !*ns) { + if (XMLString::equals(ns,XMLSIG_NS) || !ns || !*ns) { throw ValidationException( "Object contains an illegal extension child element ($1).", params(1,xmlObject->getElementQName().toString().c_str()) @@ -101,7 +125,7 @@ namespace xmlsignature { BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,X509Data); if (!ptr->hasChildren()) throw ValidationException("X509Data must have at least one child element."); - const vector& anys=ptr->getOtherX509Datas(); + const vector& anys=ptr->getUnknownXMLObjects(); for_each(anys.begin(),anys.end(),checkWildcardNS()); END_XMLOBJECTVALIDATOR; @@ -116,10 +140,26 @@ namespace xmlsignature { BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,KeyInfo); if (!ptr->hasChildren()) throw ValidationException("KeyInfo must have at least one child element."); - const vector& anys=ptr->getOthers(); + const vector& anys=ptr->getUnknownXMLObjects(); for_each(anys.begin(),anys.end(),checkWildcardNS()); END_XMLOBJECTVALIDATOR; + BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,KeyInfoReference); + XMLOBJECTVALIDATOR_REQUIRE(KeyInfoReference,URI); + END_XMLOBJECTVALIDATOR; + + BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,NamedCurve); + XMLOBJECTVALIDATOR_REQUIRE(NamedCurve,URI); + END_XMLOBJECTVALIDATOR; + + BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,ECKeyValue); + XMLOBJECTVALIDATOR_ONEOF(ECKeyValue,ECParameters,NamedCurve); + XMLOBJECTVALIDATOR_REQUIRE(ECKeyValue,PublicKey); + END_XMLOBJECTVALIDATOR; + + BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,X509Digest); + XMLOBJECTVALIDATOR_REQUIRE(X509Digest,Algorithm); + END_XMLOBJECTVALIDATOR; }; #define REGISTER_ELEMENT(namespaceURI,cname) \ @@ -135,47 +175,60 @@ namespace xmlsignature { void xmlsignature::registerKeyInfoClasses() { QName q; - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,KeyInfo); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,KeyName); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,KeyValue); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,MgmtData); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,DSAKeyValue); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,RSAKeyValue); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,Exponent); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,Modulus); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,P); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,Q); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,G); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,Y); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,J); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,Seed); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,PgenCounter); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,XPath); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,Transform); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,Transforms); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,RetrievalMethod); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,X509IssuerSerial); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,X509IssuerName); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,X509SerialNumber); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,X509SKI); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,X509SubjectName); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,X509Certificate); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,X509CRL); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,X509Data); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,SPKISexp); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,SPKIData); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,PGPKeyID); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,PGPKeyPacket); - REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,PGPData); - REGISTER_TYPE(XMLConstants::XMLSIG_NS,KeyInfo); - REGISTER_TYPE(XMLConstants::XMLSIG_NS,KeyValue); - REGISTER_TYPE(XMLConstants::XMLSIG_NS,DSAKeyValue); - REGISTER_TYPE(XMLConstants::XMLSIG_NS,RSAKeyValue); - REGISTER_TYPE(XMLConstants::XMLSIG_NS,Transform); - REGISTER_TYPE(XMLConstants::XMLSIG_NS,Transforms); - REGISTER_TYPE(XMLConstants::XMLSIG_NS,RetrievalMethod); - REGISTER_TYPE(XMLConstants::XMLSIG_NS,X509IssuerSerial); - REGISTER_TYPE(XMLConstants::XMLSIG_NS,X509Data); - REGISTER_TYPE(XMLConstants::XMLSIG_NS,SPKIData); - REGISTER_TYPE(XMLConstants::XMLSIG_NS,PGPData); + REGISTER_ELEMENT(XMLSIG_NS,KeyInfo); + REGISTER_ELEMENT(XMLSIG_NS,KeyName); + REGISTER_ELEMENT(XMLSIG_NS,KeyValue); + REGISTER_ELEMENT(XMLSIG_NS,MgmtData); + REGISTER_ELEMENT(XMLSIG_NS,DSAKeyValue); + REGISTER_ELEMENT(XMLSIG_NS,RSAKeyValue); + REGISTER_ELEMENT(XMLSIG_NS,Exponent); + REGISTER_ELEMENT(XMLSIG_NS,Modulus); + REGISTER_ELEMENT(XMLSIG_NS,P); + REGISTER_ELEMENT(XMLSIG_NS,Q); + REGISTER_ELEMENT(XMLSIG_NS,G); + REGISTER_ELEMENT(XMLSIG_NS,Y); + REGISTER_ELEMENT(XMLSIG_NS,J); + REGISTER_ELEMENT(XMLSIG_NS,Seed); + REGISTER_ELEMENT(XMLSIG_NS,PgenCounter); + REGISTER_ELEMENT(XMLSIG_NS,XPath); + REGISTER_ELEMENT(XMLSIG_NS,Transform); + REGISTER_ELEMENT(XMLSIG_NS,Transforms); + REGISTER_ELEMENT(XMLSIG_NS,RetrievalMethod); + REGISTER_ELEMENT(XMLSIG_NS,X509IssuerSerial); + REGISTER_ELEMENT(XMLSIG_NS,X509IssuerName); + REGISTER_ELEMENT(XMLSIG_NS,X509SerialNumber); + REGISTER_ELEMENT(XMLSIG_NS,X509SKI); + REGISTER_ELEMENT(XMLSIG_NS,X509SubjectName); + REGISTER_ELEMENT(XMLSIG_NS,X509Certificate); + REGISTER_ELEMENT(XMLSIG_NS,X509CRL); + REGISTER_ELEMENT(XMLSIG_NS,X509Data); + REGISTER_ELEMENT(XMLSIG_NS,SPKISexp); + REGISTER_ELEMENT(XMLSIG_NS,SPKIData); + REGISTER_ELEMENT(XMLSIG_NS,PGPKeyID); + REGISTER_ELEMENT(XMLSIG_NS,PGPKeyPacket); + REGISTER_ELEMENT(XMLSIG_NS,PGPData); + REGISTER_TYPE(XMLSIG_NS,KeyInfo); + REGISTER_TYPE(XMLSIG_NS,KeyValue); + REGISTER_TYPE(XMLSIG_NS,DSAKeyValue); + REGISTER_TYPE(XMLSIG_NS,RSAKeyValue); + REGISTER_TYPE(XMLSIG_NS,Transform); + REGISTER_TYPE(XMLSIG_NS,Transforms); + REGISTER_TYPE(XMLSIG_NS,RetrievalMethod); + REGISTER_TYPE(XMLSIG_NS,X509IssuerSerial); + REGISTER_TYPE(XMLSIG_NS,X509Data); + REGISTER_TYPE(XMLSIG_NS,SPKIData); + REGISTER_TYPE(XMLSIG_NS,PGPData); + + REGISTER_ELEMENT(XMLSIG11_NS,DEREncodedKeyValue); + REGISTER_ELEMENT(XMLSIG11_NS,ECKeyValue); + REGISTER_ELEMENT(XMLSIG11_NS,KeyInfoReference); + REGISTER_ELEMENT(XMLSIG11_NS,NamedCurve); + REGISTER_ELEMENT(XMLSIG11_NS,OCSPResponse); + REGISTER_ELEMENT(XMLSIG11_NS,PublicKey); + REGISTER_ELEMENT(XMLSIG11_NS,X509Digest); + REGISTER_TYPE(XMLSIG11_NS,DEREncodedKeyValue); + REGISTER_TYPE(XMLSIG11_NS,ECKeyValue); + REGISTER_TYPE(XMLSIG11_NS,KeyInfoReference); + REGISTER_TYPE(XMLSIG11_NS,NamedCurve); + REGISTER_TYPE(XMLSIG11_NS,X509Digest); }