2 * Copyright 2001-2010 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * KeyInfoSchemaValidators.cpp
20 * Schema validators for KeyInfo schema.
24 #include "exceptions.h"
25 #include "signature/KeyInfo.h"
26 #include "validation/Validator.h"
27 #include "validation/ValidatorSuite.h"
29 using namespace xmlsignature;
30 using namespace xmltooling;
32 using xmlconstants::XMLSIG_NS;
33 using xmlconstants::XMLSIG11_NS;
35 namespace xmlsignature {
37 XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,KeyName);
38 XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,MgmtData);
39 XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,Modulus);
40 XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,Exponent);
41 XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,Seed);
42 XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,PgenCounter);
43 XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,P);
44 XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,Q);
45 XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,G);
46 XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,Y);
47 XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,J);
48 XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,XPath);
49 XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,X509IssuerName);
50 XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,X509SerialNumber);
51 XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,X509SKI);
52 XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,X509SubjectName);
53 XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,X509Certificate);
54 XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,X509CRL);
55 XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,SPKISexp);
56 XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,PGPKeyID);
57 XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,PGPKeyPacket);
59 XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,DEREncodedKeyValue);
60 XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,OCSPResponse);
61 XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,PublicKey);
63 BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,RSAKeyValue);
64 XMLOBJECTVALIDATOR_REQUIRE(RSAKeyValue,Modulus);
65 XMLOBJECTVALIDATOR_REQUIRE(RSAKeyValue,Exponent);
66 END_XMLOBJECTVALIDATOR;
68 BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,DSAKeyValue);
69 XMLOBJECTVALIDATOR_REQUIRE(DSAKeyValue,Y);
70 XMLOBJECTVALIDATOR_NONEORBOTH(DSKeyValue,P,Q);
71 XMLOBJECTVALIDATOR_NONEORBOTH(DSKeyValue,Seed,PgenCounter);
72 END_XMLOBJECTVALIDATOR;
74 BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,KeyValue);
75 XMLOBJECTVALIDATOR_ONLYONEOF3(KeyValue,DSAKeyValue,RSAKeyValue,UnknownXMLObject);
76 END_XMLOBJECTVALIDATOR;
78 BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,Transform);
79 XMLOBJECTVALIDATOR_REQUIRE(Transform,Algorithm);
80 END_XMLOBJECTVALIDATOR;
82 BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,Transforms);
83 XMLOBJECTVALIDATOR_NONEMPTY(Transforms,Transform);
84 END_XMLOBJECTVALIDATOR;
86 BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,RetrievalMethod);
87 XMLOBJECTVALIDATOR_REQUIRE(RetrievalMethod,URI);
88 END_XMLOBJECTVALIDATOR;
90 BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,X509IssuerSerial);
91 XMLOBJECTVALIDATOR_REQUIRE(X509IssuerSerial,X509IssuerName);
92 XMLOBJECTVALIDATOR_REQUIRE(X509IssuerSerial,X509SerialNumber);
93 END_XMLOBJECTVALIDATOR;
95 class XMLTOOL_DLLLOCAL checkWildcardNS {
97 void operator()(const XMLObject* xmlObject) const {
98 const XMLCh* ns=xmlObject->getElementQName().getNamespaceURI();
99 if (XMLString::equals(ns,XMLSIG_NS) || !ns || !*ns) {
100 throw ValidationException(
101 "Object contains an illegal extension child element ($1).",
102 params(1,xmlObject->getElementQName().toString().c_str())
108 BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,X509Data);
109 if (!ptr->hasChildren())
110 throw ValidationException("X509Data must have at least one child element.");
111 const vector<XMLObject*>& anys=ptr->getUnknownXMLObjects();
112 for_each(anys.begin(),anys.end(),checkWildcardNS());
113 END_XMLOBJECTVALIDATOR;
115 BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,SPKIData);
116 XMLOBJECTVALIDATOR_NONEMPTY(SPKIData,SPKISexp);
117 END_XMLOBJECTVALIDATOR;
119 BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,PGPData);
120 XMLOBJECTVALIDATOR_ONEOF(PGPData,PGPKeyID,PGPKeyPacket);
121 END_XMLOBJECTVALIDATOR;
123 BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,KeyInfo);
124 if (!ptr->hasChildren())
125 throw ValidationException("KeyInfo must have at least one child element.");
126 const vector<XMLObject*>& anys=ptr->getUnknownXMLObjects();
127 for_each(anys.begin(),anys.end(),checkWildcardNS());
128 END_XMLOBJECTVALIDATOR;
130 BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,KeyInfoReference);
131 XMLOBJECTVALIDATOR_REQUIRE(KeyInfoReference,URI);
132 END_XMLOBJECTVALIDATOR;
134 BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,NamedCurve);
135 XMLOBJECTVALIDATOR_REQUIRE(NamedCurve,URI);
136 END_XMLOBJECTVALIDATOR;
138 BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,ECKeyValue);
139 XMLOBJECTVALIDATOR_ONEOF(ECKeyValue,ECParameters,NamedCurve);
140 XMLOBJECTVALIDATOR_REQUIRE(ECKeyValue,PublicKey);
141 END_XMLOBJECTVALIDATOR;
144 #define REGISTER_ELEMENT(namespaceURI,cname) \
145 q=QName(namespaceURI,cname::LOCAL_NAME); \
146 XMLObjectBuilder::registerBuilder(q,new cname##Builder()); \
147 SchemaValidators.registerValidator(q,new cname##SchemaValidator())
149 #define REGISTER_TYPE(namespaceURI,cname) \
150 q=QName(namespaceURI,cname::TYPE_NAME); \
151 XMLObjectBuilder::registerBuilder(q,new cname##Builder()); \
152 SchemaValidators.registerValidator(q,new cname##SchemaValidator())
154 void xmlsignature::registerKeyInfoClasses()
157 REGISTER_ELEMENT(XMLSIG_NS,KeyInfo);
158 REGISTER_ELEMENT(XMLSIG_NS,KeyName);
159 REGISTER_ELEMENT(XMLSIG_NS,KeyValue);
160 REGISTER_ELEMENT(XMLSIG_NS,MgmtData);
161 REGISTER_ELEMENT(XMLSIG_NS,DSAKeyValue);
162 REGISTER_ELEMENT(XMLSIG_NS,RSAKeyValue);
163 REGISTER_ELEMENT(XMLSIG_NS,Exponent);
164 REGISTER_ELEMENT(XMLSIG_NS,Modulus);
165 REGISTER_ELEMENT(XMLSIG_NS,P);
166 REGISTER_ELEMENT(XMLSIG_NS,Q);
167 REGISTER_ELEMENT(XMLSIG_NS,G);
168 REGISTER_ELEMENT(XMLSIG_NS,Y);
169 REGISTER_ELEMENT(XMLSIG_NS,J);
170 REGISTER_ELEMENT(XMLSIG_NS,Seed);
171 REGISTER_ELEMENT(XMLSIG_NS,PgenCounter);
172 REGISTER_ELEMENT(XMLSIG_NS,XPath);
173 REGISTER_ELEMENT(XMLSIG_NS,Transform);
174 REGISTER_ELEMENT(XMLSIG_NS,Transforms);
175 REGISTER_ELEMENT(XMLSIG_NS,RetrievalMethod);
176 REGISTER_ELEMENT(XMLSIG_NS,X509IssuerSerial);
177 REGISTER_ELEMENT(XMLSIG_NS,X509IssuerName);
178 REGISTER_ELEMENT(XMLSIG_NS,X509SerialNumber);
179 REGISTER_ELEMENT(XMLSIG_NS,X509SKI);
180 REGISTER_ELEMENT(XMLSIG_NS,X509SubjectName);
181 REGISTER_ELEMENT(XMLSIG_NS,X509Certificate);
182 REGISTER_ELEMENT(XMLSIG_NS,X509CRL);
183 REGISTER_ELEMENT(XMLSIG_NS,X509Data);
184 REGISTER_ELEMENT(XMLSIG_NS,SPKISexp);
185 REGISTER_ELEMENT(XMLSIG_NS,SPKIData);
186 REGISTER_ELEMENT(XMLSIG_NS,PGPKeyID);
187 REGISTER_ELEMENT(XMLSIG_NS,PGPKeyPacket);
188 REGISTER_ELEMENT(XMLSIG_NS,PGPData);
189 REGISTER_TYPE(XMLSIG_NS,KeyInfo);
190 REGISTER_TYPE(XMLSIG_NS,KeyValue);
191 REGISTER_TYPE(XMLSIG_NS,DSAKeyValue);
192 REGISTER_TYPE(XMLSIG_NS,RSAKeyValue);
193 REGISTER_TYPE(XMLSIG_NS,Transform);
194 REGISTER_TYPE(XMLSIG_NS,Transforms);
195 REGISTER_TYPE(XMLSIG_NS,RetrievalMethod);
196 REGISTER_TYPE(XMLSIG_NS,X509IssuerSerial);
197 REGISTER_TYPE(XMLSIG_NS,X509Data);
198 REGISTER_TYPE(XMLSIG_NS,SPKIData);
199 REGISTER_TYPE(XMLSIG_NS,PGPData);
201 REGISTER_ELEMENT(XMLSIG11_NS,DEREncodedKeyValue);
202 REGISTER_ELEMENT(XMLSIG11_NS,ECKeyValue);
203 REGISTER_ELEMENT(XMLSIG11_NS,KeyInfoReference);
204 REGISTER_ELEMENT(XMLSIG11_NS,NamedCurve);
205 REGISTER_ELEMENT(XMLSIG11_NS,OCSPResponse);
206 REGISTER_ELEMENT(XMLSIG11_NS,PublicKey);
207 REGISTER_TYPE(XMLSIG11_NS,DEREncodedKeyValue);
208 REGISTER_TYPE(XMLSIG11_NS,ECKeyValue);
209 REGISTER_TYPE(XMLSIG11_NS,KeyInfoReference);
210 REGISTER_TYPE(XMLSIG11_NS,NamedCurve);