From: Scott Cantor Date: Mon, 2 Nov 2009 16:03:24 +0000 (+0000) Subject: Support alternate hash algorithms. X-Git-Tag: 2.3~9 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-sp.git;a=commitdiff_plain;h=0f4a38d463e095b55217aec164e04a7a3346e56b Support alternate hash algorithms. --- diff --git a/shibsp/attribute/KeyInfoAttributeDecoder.cpp b/shibsp/attribute/KeyInfoAttributeDecoder.cpp index 17a4683..182e082 100644 --- a/shibsp/attribute/KeyInfoAttributeDecoder.cpp +++ b/shibsp/attribute/KeyInfoAttributeDecoder.cpp @@ -55,8 +55,11 @@ namespace shibsp { void extract(const KeyInfo* k, vector& dest) const { auto_ptr cred (getKeyInfoResolver()->resolve(k, Credential::RESOLVE_KEYS)); if (cred.get()) { + const char* alg = m_hashAlg.get(); + if (!alg || !*alg) + alg = "SHA1"; dest.push_back(string()); - dest.back() = SecurityHelper::getDEREncoding(*cred.get(), m_hash); + dest.back() = SecurityHelper::getDEREncoding(*cred.get(), m_hash, true, alg); if (dest.back().empty()) dest.pop_back(); } @@ -67,6 +70,7 @@ namespace shibsp { } bool m_hash; + auto_ptr_char m_hashAlg; KeyInfoResolver* m_keyInfoResolver; }; @@ -77,10 +81,12 @@ namespace shibsp { static const XMLCh _KeyInfoResolver[] = UNICODE_LITERAL_15(K,e,y,I,n,f,o,R,e,s,o,l,v,e,r); static const XMLCh _hash[] = UNICODE_LITERAL_4(h,a,s,h); + static const XMLCh _hashAlg[] = UNICODE_LITERAL_7(h,a,s,h,A,l,g); static const XMLCh _type[] = UNICODE_LITERAL_4(t,y,p,e); }; -KeyInfoAttributeDecoder::KeyInfoAttributeDecoder(const DOMElement* e) : AttributeDecoder(e), m_hash(false), m_keyInfoResolver(NULL) { +KeyInfoAttributeDecoder::KeyInfoAttributeDecoder(const DOMElement* e) + : AttributeDecoder(e), m_hash(false), m_hashAlg(e ? e->getAttributeNS(NULL, _hashAlg) : NULL), m_keyInfoResolver(NULL) { const XMLCh* flag = e ? e->getAttributeNS(NULL, _hash) : NULL; m_hash = (flag && (*flag == chLatin_t || *flag == chDigit_1)); e = e ? XMLHelper::getFirstChildElement(e,_KeyInfoResolver) : NULL; diff --git a/shibsp/attribute/resolver/impl/KeyDescriptorAttributeExtractor.cpp b/shibsp/attribute/resolver/impl/KeyDescriptorAttributeExtractor.cpp index 415ccac..9729e82 100644 --- a/shibsp/attribute/resolver/impl/KeyDescriptorAttributeExtractor.cpp +++ b/shibsp/attribute/resolver/impl/KeyDescriptorAttributeExtractor.cpp @@ -75,6 +75,7 @@ namespace shibsp { } private: + auto_ptr_char m_hashAlg; vector m_hashId; vector m_signingId; vector m_encryptionId; @@ -91,10 +92,11 @@ namespace shibsp { static const XMLCh encryptionId[] = UNICODE_LITERAL_12(e,n,c,r,y,p,t,i,o,n,I,d); static const XMLCh hashId[] = UNICODE_LITERAL_6(h,a,s,h,I,d); + static const XMLCh hashAlg[] = UNICODE_LITERAL_7(h,a,s,h,A,l,g); static const XMLCh signingId[] = UNICODE_LITERAL_9(s,i,g,n,i,n,g,I,d); }; -KeyDescriptorExtractor::KeyDescriptorExtractor(const DOMElement* e) +KeyDescriptorExtractor::KeyDescriptorExtractor(const DOMElement* e) : m_hashAlg(e ? e->getAttributeNS(NULL, hashAlg) : NULL) { if (e) { const XMLCh* a = e->getAttributeNS(NULL, hashId); @@ -132,12 +134,15 @@ void KeyDescriptorExtractor::extractAttributes( mcc.setUsage(Credential::SIGNING_CREDENTIAL); if (application.getMetadataProvider()->resolve(creds, &mcc)) { if (!m_hashId.empty()) { + const char* alg = m_hashAlg.get(); + if (!alg || !*alg) + alg = "SHA1"; auto_ptr attr(new SimpleAttribute(m_hashId)); vector& vals = attr->getValues(); for (vector::const_iterator c = creds.begin(); c != creds.end(); ++c) { if (vals.empty() || !vals.back().empty()) vals.push_back(string()); - vals.back() = SecurityHelper::getDEREncoding(*(*c), true); + vals.back() = SecurityHelper::getDEREncoding(*(*c), true, true, alg); } if (vals.back().empty()) vals.pop_back();