2 * Copyright 2001-2007 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * BasicX509Credential.cpp
20 * Wraps an X.509-based Credential by storing key/cert objects inside.
24 #include "security/BasicX509Credential.h"
25 #include "signature/KeyInfo.h"
28 #include <openssl/x509v3.h>
29 #include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>
31 using namespace xmlsignature;
32 using namespace xmltooling;
35 BasicX509Credential::~BasicX509Credential()
39 for_each(m_xseccerts.begin(), m_xseccerts.end(), xmltooling::cleanup<XSECCryptoX509>());
42 delete m_compactKeyInfo;
45 void BasicX509Credential::initKeyInfo()
49 delete m_compactKeyInfo;
50 m_compactKeyInfo = NULL;
53 if (getKeyNames(names)>0) {
54 m_compactKeyInfo = KeyInfoBuilder::buildKeyInfo();
55 VectorOf(KeyName) knames = m_compactKeyInfo->getKeyNames();
56 for (vector<string>::const_iterator n = names.begin(); n!=names.end(); ++n) {
57 xmltooling::auto_ptr_XMLCh wide(n->c_str());
58 KeyName* kname = KeyNameBuilder::buildKeyName();
59 kname->setName(wide.get());
60 knames.push_back(kname);
64 if (!m_xseccerts.empty()) {
65 m_keyInfo = m_compactKeyInfo ? m_compactKeyInfo->cloneKeyInfo() : KeyInfoBuilder::buildKeyInfo();
66 X509Data* x509Data=X509DataBuilder::buildX509Data();
67 m_keyInfo->getX509Datas().push_back(x509Data);
68 for (vector<XSECCryptoX509*>::const_iterator x = m_xseccerts.begin(); x!=m_xseccerts.end(); ++x) {
69 safeBuffer& buf=(*x)->getDEREncodingSB();
70 X509Certificate* x509=X509CertificateBuilder::buildX509Certificate();
71 x509->setValue(buf.sbStrToXMLCh());
72 x509Data->getX509Certificates().push_back(x509);
77 vector<string>::size_type BasicX509Credential::getKeyNames(vector<string>& results) const
79 if (m_xseccerts.empty() || m_xseccerts.front()->getProviderName()!=DSIGConstants::s_unicodeStrPROVOpenSSL)
82 X509* cert = static_cast<OpenSSLCryptoX509*>(m_xseccerts.front())->getOpenSSLX509();
86 X509_NAME* subject=X509_get_subject_name(cert);
89 memset(buf,0,sizeof(buf));
90 if (X509_NAME_get_text_by_NID(subject,NID_commonName,buf,255)>0)
91 results.push_back(buf);
93 STACK_OF(GENERAL_NAME)* altnames=(STACK_OF(GENERAL_NAME)*)X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
96 int numalts = sk_GENERAL_NAME_num(altnames);
97 for (int an=0; an<numalts; an++) {
98 const GENERAL_NAME* check = sk_GENERAL_NAME_value(altnames, an);
99 if (check->type==GEN_DNS || check->type==GEN_URI) {
100 const char* altptr = (char*)ASN1_STRING_data(check->d.ia5);
101 const int altlen = ASN1_STRING_length(check->d.ia5);
104 alt.append(altptr,altlen);
105 results.push_back(alt);
110 GENERAL_NAMES_free(altnames);
113 return results.size();