2 * Copyright 2001-2007 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file xmltooling/signature/Signature.h
20 * XMLObject representing XML Digital Signature, version 20020212, Signature element.
23 #if !defined(__xmltooling_sig_h__) && !defined(XMLTOOLING_NO_XMLSEC)
24 #define __xmltooling_sig_h__
26 #include <xmltooling/exceptions.h>
27 #include <xmltooling/XMLObjectBuilder.h>
28 #include <xmltooling/signature/ContentReference.h>
29 #include <xmltooling/util/XMLConstants.h>
31 #include <xsec/dsig/DSIGSignature.hpp>
34 * @namespace xmlsignature
35 * Public namespace of XML Signature classes
37 namespace xmlsignature {
39 class XMLTOOL_API KeyInfo;
42 * XMLObject representing XML Digital Signature, version 20020212, Signature element.
43 * The default signature settings include Exclusive c14n w/o comments, SHA-1 digests,
44 * and RSA-SHA1 signing.
46 class XMLTOOL_API Signature : public virtual xmltooling::XMLObject
49 virtual ~Signature() {}
51 /** Element local name */
52 static const XMLCh LOCAL_NAME[];
55 * Gets the canonicalization method for the ds:SignedInfo element.
57 * @return the canonicalization method
59 virtual const XMLCh* getCanonicalizationMethod() const=0;
62 * Gets the signing algorithm for the signature.
64 * @return the signature algorithm
66 virtual const XMLCh* getSignatureAlgorithm() const=0;
69 * Sets the canonicalization method for the ds:SignedInfo element.
71 * @param c14n the canonicalization method
73 virtual void setCanonicalizationMethod(const XMLCh* c14n)=0;
76 * Sets the signing algorithm for the signature.
78 * @param sm the signature algorithm
80 virtual void setSignatureAlgorithm(const XMLCh* sm)=0;
83 * Sets the signing key used to create the signature.
85 * @param signingKey the secret/private key used to create the signature
87 virtual void setSigningKey(XSECCryptoKey* signingKey)=0;
90 * Sets a KeyInfo object to embed in the Signature.
92 * @param keyInfo pointer to a KeyInfo object, or NULL
94 virtual void setKeyInfo(KeyInfo* keyInfo)=0;
97 * Gets the KeyInfo object associated with the Signature.
98 * This is <strong>NOT</strong> provided for access to the
99 * data associated with an unmarshalled signature. It is
100 * used only in the creation of signatures. Access to data
101 * for validation purposes is provided through the native
102 * DSIGSignature object.
104 * @return pointer to a KeyInfo object, or NULL
106 virtual KeyInfo* getKeyInfo() const=0;
109 * Sets the ContentReference object to the Signature to be applied
110 * when the signature is created.
112 * @param reference the reference to attach, or NULL
114 virtual void setContentReference(ContentReference* reference)=0;
117 * Gets the ContentReference object associated with the Signature.
118 * This is <strong>NOT</strong> provided for access to the
119 * data associated with an unmarshalled signature. It is
120 * used only in the creation of signatures. Access to data
121 * for validation purposes is provided through the native
122 * DSIGSignature object.
124 * @return pointer to a ContentReference object, or NULL
126 virtual ContentReference* getContentReference() const=0;
130 * Gets the native Apache signature object, if present.
132 * @return the native Apache signature interface
134 virtual DSIGSignature* getXMLSignature() const=0;
137 * Compute and append the signature based on the assigned
138 * ContentReference, KeyInfo, and signing key.
140 * @param credential optional source of signing key and KeyInfo
142 virtual void sign(const xmltooling::Credential* credential=NULL)=0;
145 * Type-safe clone operation.
147 * @return copy of object
149 virtual Signature* cloneSignature() const=0;
152 * Sign the input data and return a base64-encoded signature. The signature value
153 * <strong>MUST NOT</strong> contain any embedded linefeeds.
155 * <p>Allows specialized applications to create raw signatures over any input using
156 * the same cryptography layer as XML Signatures use.
158 * @param key key to sign with, will <strong>NOT</strong> be freed
159 * @param sigAlgorithm XML signature algorithm identifier
160 * @param in input data
161 * @param in_len size of input data in bytes
162 * @param out output buffer
163 * @param out_len size of output buffer in bytes
164 * @return size in bytes of base64-encoded signature
166 static unsigned int createRawSignature(
168 const XMLCh* sigAlgorithm,
176 * Verifies a base-64 encoded signature over the input data.
178 * <p>Allows specialized applications to verify raw signatures over any input using
179 * the same cryptography layer as XML Signatures use.
181 * @param key key to verify with, will <strong>NOT</strong> be freed
182 * @param sigAlgorithm XML signature algorithm identifier
183 * @param signature base64-encoded signature value
184 * @param in input data
185 * @param in_len size of input data in bytes
186 * @return true iff signature verifies
188 static bool verifyRawSignature(
190 const XMLCh* sigAlgorithm,
191 const char* signature,
197 * Populates a set of key names using the information found in a native KeyInfo object.
199 * @param keyInfo a native KeyInfo object
200 * @param names a set of names to populate
202 static void extractNames(DSIGKeyInfoList* keyInfo, std::set<std::string>& names);
209 * Builder for Signature objects.
211 class XMLTOOL_API SignatureBuilder : public xmltooling::XMLObjectBuilder
214 #ifdef HAVE_COVARIANT_RETURNS
215 virtual Signature* buildObject(
217 virtual xmltooling::XMLObject* buildObject(
219 const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL, const xmltooling::QName* schemaType=NULL
225 * @return empty Signature object
227 #ifdef HAVE_COVARIANT_RETURNS
228 virtual Signature* buildObject() const;
230 virtual xmltooling::XMLObject* buildObject() const;
232 /** Singleton builder. */
233 static Signature* buildSignature() {
234 const SignatureBuilder* b = dynamic_cast<const SignatureBuilder*>(
235 xmltooling::XMLObjectBuilder::getBuilder(
236 xmltooling::QName(xmlconstants::XMLSIG_NS,Signature::LOCAL_NAME)
240 #ifdef HAVE_COVARIANT_RETURNS
241 return b->buildObject();
243 return dynamic_cast<Signature*>(b->buildObject());
246 throw xmltooling::XMLObjectException("Unable to obtain typed builder for Signature.");
250 DECL_XMLTOOLING_EXCEPTION(SignatureException,XMLTOOL_EXCEPTIONAPI(XMLTOOL_API),xmlsignature,xmltooling::XMLSecurityException,Exceptions in signature processing);
254 #endif /* __xmltooling_sig_h__ */