2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
22 * OpenSSLCryptoX509CRL.cpp
24 * OpenSSL-based class for handling X.509 CRLs.
28 #include "security/OpenSSLCryptoX509CRL.h"
30 #include <xsec/framework/XSECError.hpp>
31 #include <xsec/enc/XSECCryptoException.hpp>
32 #include <xsec/enc/XSCrypt/XSCryptCryptoBase64.hpp>
34 #include <xercesc/util/Janitor.hpp>
36 XSEC_USING_XERCES(ArrayJanitor);
37 XSEC_USING_XERCES(Janitor);
39 using namespace xmltooling;
41 OpenSSLCryptoX509CRL::OpenSSLCryptoX509CRL() : mp_X509CRL(nullptr), m_DERX509CRL("")
45 OpenSSLCryptoX509CRL::~OpenSSLCryptoX509CRL()
48 X509_CRL_free(mp_X509CRL);
51 OpenSSLCryptoX509CRL::OpenSSLCryptoX509CRL(X509_CRL* x) {
53 // Build this from an existing X509_CRL structure
55 mp_X509CRL = X509_CRL_dup(x);
57 // Now need to create the DER encoding
59 BIO* b64 = BIO_new(BIO_f_base64());
60 BIO* bmem = BIO_new(BIO_s_mem());
62 BIO_set_mem_eof_return(bmem, 0);
63 b64 = BIO_push(b64, bmem);
65 // Translate X509 to Base64
67 i2d_X509_CRL_bio(b64, x);
74 m_DERX509CRL.sbStrcpyIn("");
76 while ((l = BIO_read(bmem, buf, 1023)) > 0) {
78 m_DERX509CRL.sbStrcatIn(buf);
84 const XMLCh* OpenSSLCryptoX509CRL::getProviderName() const
86 return DSIGConstants::s_unicodeStrPROVOpenSSL;
89 void OpenSSLCryptoX509CRL::loadX509CRLBase64Bin(const char* buf, unsigned int len)
92 // Free anything currently held.
95 X509_CRL_free(mp_X509CRL);
98 unsigned char* outBuf;
99 XSECnew(outBuf, unsigned char[len + 1]);
100 ArrayJanitor<unsigned char> j_outBuf(outBuf);
102 XSCryptCryptoBase64 *b64;
103 XSECnew(b64, XSCryptCryptoBase64);
104 Janitor<XSCryptCryptoBase64> j_b64(b64);
107 bufLen = b64->decode((unsigned char *) buf, len, outBuf, len);
108 bufLen += b64->decodeFinish(&outBuf[bufLen], len-bufLen);
111 #if defined(XSEC_OPENSSL_D2IX509_CONST_BUFFER)
112 mp_X509CRL= d2i_X509_CRL(nullptr, (const unsigned char **) (&outBuf), bufLen);
114 mp_X509CRL= d2i_X509_CRL(nullptr, &outBuf, bufLen);
118 // Check to see if we have a CRL....
119 if (mp_X509CRL == nullptr) {
120 throw XSECCryptoException(XSECCryptoException::X509Error,
121 "OpenSSL:X509CRL - Error translating Base64 DER encoding into OpenSSL X509 CRL structure");
124 m_DERX509CRL.sbStrcpyIn(buf);
128 safeBuffer& OpenSSLCryptoX509CRL::getDEREncodingSB()
133 X509_CRL* OpenSSLCryptoX509CRL::getOpenSSLX509CRL()
138 XSECCryptoX509CRL* OpenSSLCryptoX509CRL::clone() const
140 OpenSSLCryptoX509CRL* copy = new OpenSSLCryptoX509CRL();
141 copy->mp_X509CRL = X509_CRL_dup(mp_X509CRL);
142 copy->m_DERX509CRL = m_DERX509CRL;