2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
22 * @file xmltooling/signature/Signature.h
24 * XMLObject representing XML Digital Signature, version 20020212, Signature element.
27 #if !defined(__xmltooling_sig_h__) && !defined(XMLTOOLING_NO_XMLSEC)
28 #define __xmltooling_sig_h__
30 #include <xmltooling/exceptions.h>
31 #include <xmltooling/ConcreteXMLObjectBuilder.h>
37 * @namespace xmlsignature
38 * Public namespace of XML Signature classes
40 namespace xmlsignature {
42 class XMLTOOL_API ContentReference;
43 class XMLTOOL_API KeyInfo;
46 * XMLObject representing XML Digital Signature, version 20020212, Signature element.
47 * The default signature settings include Exclusive c14n w/o comments, SHA-1 digests,
48 * and RSA-SHA1 signing.
50 class XMLTOOL_API Signature : public virtual xmltooling::XMLObject
55 /** Element local name */
56 static const XMLCh LOCAL_NAME[];
59 * Gets the canonicalization method for the ds:SignedInfo element.
61 * @return the canonicalization method
63 virtual const XMLCh* getCanonicalizationMethod() const=0;
66 * Gets the signing algorithm for the signature.
68 * @return the signature algorithm, or nullptr if indeterminate
70 virtual const XMLCh* getSignatureAlgorithm() const=0;
73 * Sets the canonicalization method for the ds:SignedInfo element.
75 * @param c14n the canonicalization method
77 virtual void setCanonicalizationMethod(const XMLCh* c14n)=0;
80 * Sets the signing algorithm for the signature.
82 * @param sm the signature algorithm
84 virtual void setSignatureAlgorithm(const XMLCh* sm)=0;
87 * Sets the signing key used to create the signature.
89 * @param signingKey the secret/private key used to create the signature
91 virtual void setSigningKey(XSECCryptoKey* signingKey)=0;
94 * Sets a KeyInfo object to embed in the Signature.
96 * @param keyInfo pointer to a KeyInfo object, or nullptr
98 virtual void setKeyInfo(KeyInfo* keyInfo)=0;
101 * Gets the KeyInfo object associated with the Signature.
102 * This is <strong>NOT</strong> provided for access to the
103 * data associated with an unmarshalled signature. It is
104 * used only in the creation of signatures. Access to data
105 * for validation purposes is provided through the native
106 * DSIGSignature object.
108 * @return pointer to a KeyInfo object, or nullptr
110 virtual KeyInfo* getKeyInfo() const=0;
113 * Sets the ContentReference object to the Signature to be applied
114 * when the signature is created.
116 * @param reference the reference to attach, or nullptr
118 virtual void setContentReference(ContentReference* reference)=0;
121 * Gets the ContentReference object associated with the Signature.
122 * This is <strong>NOT</strong> provided for access to the
123 * data associated with an unmarshalled signature. It is
124 * used only in the creation of signatures. Access to data
125 * for validation purposes is provided through the native
126 * DSIGSignature object.
128 * @return pointer to a ContentReference object, or nullptr
130 virtual ContentReference* getContentReference() const=0;
134 * Gets the native Apache signature object, if present.
136 * @return the native Apache signature interface
138 virtual DSIGSignature* getXMLSignature() const=0;
141 * Compute and append the signature based on the assigned
142 * ContentReference, KeyInfo, and signing key.
144 * @param credential optional source of signing key and KeyInfo
146 virtual void sign(const xmltooling::Credential* credential=nullptr)=0;
149 * Type-safe clone operation.
151 * @return copy of object
153 virtual Signature* cloneSignature() const=0;
156 * Sign the input data and return a base64-encoded signature. The signature value
157 * <strong>MUST NOT</strong> contain any embedded linefeeds.
159 * <p>Allows specialized applications to create raw signatures over any input using
160 * the same cryptography layer as XML Signatures use.
162 * @param key key to sign with, will <strong>NOT</strong> be freed
163 * @param sigAlgorithm XML signature algorithm identifier
164 * @param in input data
165 * @param in_len size of input data in bytes
166 * @param out output buffer
167 * @param out_len size of output buffer in bytes
168 * @return size in bytes of base64-encoded signature
170 static unsigned int createRawSignature(
172 const XMLCh* sigAlgorithm,
180 * Verifies a base-64 encoded signature over the input data.
182 * <p>Allows specialized applications to verify raw signatures over any input using
183 * the same cryptography layer as XML Signatures use.
185 * @param key key to verify with, will <strong>NOT</strong> be freed
186 * @param sigAlgorithm XML signature algorithm identifier
187 * @param signature base64-encoded signature value
188 * @param in input data
189 * @param in_len size of input data in bytes
190 * @return true iff signature verifies
192 static bool verifyRawSignature(
194 const XMLCh* sigAlgorithm,
195 const char* signature,
201 /** Default constructor. */
206 * Builder for Signature objects.
208 class XMLTOOL_API SignatureBuilder : public xmltooling::ConcreteXMLObjectBuilder
211 #ifdef HAVE_COVARIANT_RETURNS
212 virtual Signature* buildObject(
214 virtual xmltooling::XMLObject* buildObject(
216 const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=nullptr, const xmltooling::QName* schemaType=nullptr
222 * @return empty Signature object
224 #ifdef HAVE_COVARIANT_RETURNS
225 virtual Signature* buildObject() const;
227 virtual xmltooling::XMLObject* buildObject() const;
229 /** Singleton builder. */
230 static Signature* buildSignature();
233 DECL_XMLTOOLING_EXCEPTION(SignatureException,XMLTOOL_EXCEPTIONAPI(XMLTOOL_API),xmlsignature,xmltooling::XMLSecurityException,Exceptions in signature processing);
237 #endif /* __xmltooling_sig_h__ */