2 * Copyright 2001-2006 Internet2
\r
4 * Licensed under the Apache License, Version 2.0 (the "License");
\r
5 * you may not use this file except in compliance with the License.
\r
6 * You may obtain a copy of the License at
\r
8 * http://www.apache.org/licenses/LICENSE-2.0
\r
10 * Unless required by applicable law or agreed to in writing, software
\r
11 * distributed under the License is distributed on an "AS IS" BASIS,
\r
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
13 * See the License for the specific language governing permissions and
\r
14 * limitations under the License.
\r
18 * XMLSecSignature.cpp
\r
20 * Signature classes for XMLSec-based signature-handling
\r
23 #include "internal.h"
\r
24 #include "exceptions.h"
\r
25 #include "signature/impl/XMLSecSignature.h"
\r
26 #include "util/NDC.h"
\r
27 #include "util/XMLHelper.h"
\r
29 #include <log4cpp/Category.hh>
\r
30 #include <xercesc/framework/MemBufInputSource.hpp>
\r
31 #include <xercesc/framework/Wrapper4InputSource.hpp>
\r
32 #include <xercesc/util/XMLUniDefs.hpp>
\r
33 #include <xsec/dsig/DSIGKeyInfoX509.hpp>
\r
34 #include <xsec/enc/XSECCryptoException.hpp>
\r
35 #include <xsec/framework/XSECException.hpp>
\r
37 using namespace xmltooling;
\r
38 using namespace log4cpp;
\r
39 using namespace std;
\r
41 const XMLCh xmltooling::Signature::LOCAL_NAME[] = {
\r
42 chLatin_S, chLatin_i, chLatin_g, chLatin_n, chLatin_a, chLatin_t, chLatin_u, chLatin_r, chLatin_e, chNull
\r
45 const XMLCh xmltooling::Signature::PREFIX[] = {
\r
46 chLatin_d, chLatin_s, chNull
\r
49 XMLSecSignatureImpl::~XMLSecSignatureImpl()
\r
51 // Release the associated signature.
\r
53 XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->releaseSignature(m_signature);
\r
55 XMLString::release(&m_c14n);
\r
56 XMLString::release(&m_sm);
\r
59 void XMLSecSignatureImpl::releaseDOM()
\r
61 // This should save off the DOM
\r
62 UnknownElementImpl::releaseDOM();
\r
64 // Release the associated signature.
\r
66 XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->releaseSignature(m_signature);
\r
71 XMLObject* XMLSecSignatureImpl::clone() const
\r
73 XMLSecSignatureImpl* ret=new XMLSecSignatureImpl();
\r
75 ret->m_c14n=XMLString::replicate(m_c14n);
\r
76 ret->m_sm=XMLString::replicate(m_sm);
\r
78 // If there's no XML locally, serialize this object into the new one, otherwise just copy it over.
\r
80 serialize(ret->m_xml);
\r
87 const DSIGKeyInfoList* XMLSecSignatureImpl::getKeyInfo() const
\r
89 return m_signature ? m_signature->getKeyInfoList() : NULL;
\r
92 class _addcert : public std::binary_function<DSIGKeyInfoX509*,XSECCryptoX509*,void> {
\r
94 void operator()(DSIGKeyInfoX509* bag, XSECCryptoX509* cert) const {
\r
95 safeBuffer& buf=cert->getDEREncodingSB();
\r
96 bag->appendX509Certificate(buf.sbStrToXMLCh());
\r
100 void XMLSecSignatureImpl::sign(const SigningContext* ctx)
\r
102 Category& log=Category::getInstance(XMLTOOLING_LOGCAT".Signature");
\r
103 log.debug("applying signature");
\r
106 throw SignatureException("Only a marshalled Signature object can be signed.");
\r
109 log.debug("creating signature content");
\r
110 ctx->createSignature(m_signature);
\r
111 const std::vector<XSECCryptoX509*>& certs=ctx->getX509Certificates();
\r
112 if (!certs.empty()) {
\r
113 DSIGKeyInfoX509* x509Data=m_signature->appendX509Data();
\r
114 for_each(certs.begin(),certs.end(),bind1st(_addcert(),x509Data));
\r
117 log.debug("computing signature");
\r
118 m_signature->setSigningKey(ctx->getSigningKey());
\r
119 m_signature->sign();
\r
121 catch(XSECException& e) {
\r
122 auto_ptr_char temp(e.getMsg());
\r
123 throw SignatureException(string("Caught an XMLSecurity exception while signing: ") + temp.get());
\r
125 catch(XSECCryptoException& e) {
\r
126 throw SignatureException(string("Caught an XMLSecurity exception while signing: ") + e.getMsg());
\r
130 DOMElement* XMLSecSignatureMarshaller::marshall(XMLObject* xmlObject, DOMDocument* document, MarshallingContext* ctx) const
\r
133 xmltooling::NDC ndc("marshall");
\r
136 Category& log=Category::getInstance(XMLTOOLING_LOGCAT".Marshaller");
\r
137 log.debug("marshalling ds:Signature");
\r
139 XMLSecSignatureImpl* sig=dynamic_cast<XMLSecSignatureImpl*>(xmlObject);
\r
141 throw MarshallingException("Only objects of class XMLSecSignatureImpl can be marshalled.");
\r
143 DOMElement* cachedDOM=sig->getDOM();
\r
145 if (!document || document==cachedDOM->getOwnerDocument()) {
\r
146 log.debug("Signature has a usable cached DOM, reusing it");
\r
148 setDocumentElement(cachedDOM->getOwnerDocument(),cachedDOM);
\r
149 sig->releaseParentDOM(true);
\r
153 // We have a DOM but it doesn't match the document we were given, so we import
\r
154 // it into the new document.
\r
155 cachedDOM=static_cast<DOMElement*>(document->importNode(cachedDOM, true));
\r
158 XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->releaseSignature(sig->m_signature);
\r
159 sig->m_signature=NULL;
\r
160 sig->m_signature=XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->newSignatureFromDOM(
\r
161 document, cachedDOM
\r
164 catch(XSECException& e) {
\r
165 auto_ptr_char temp(e.getMsg());
\r
166 throw MarshallingException(string("Caught an XMLSecurity exception while loading signature: ") + temp.get());
\r
168 catch(XSECCryptoException& e) {
\r
169 throw MarshallingException(string("Caught an XMLSecurity exception while loading signature: ") + e.getMsg());
\r
172 // Recache the DOM.
\r
173 setDocumentElement(document, cachedDOM);
\r
174 log.debug("caching imported DOM for Signature");
\r
175 sig->setDOM(cachedDOM, false);
\r
176 sig->releaseParentDOM(true);
\r
180 // If we get here, we didn't have a usable DOM.
\r
181 bool bindDocument=false;
\r
182 if (sig->m_xml.empty()) {
\r
183 // Fresh signature, so we just create an empty one.
\r
184 log.debug("creating empty Signature element");
\r
186 document=DOMImplementationRegistry::getDOMImplementation(NULL)->createDocument();
\r
189 sig->m_signature=XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->newSignature();
\r
190 sig->m_signature->setDSIGNSPrefix(Signature::PREFIX);
\r
191 cachedDOM=sig->m_signature->createBlankSignature(
\r
192 document, sig->getCanonicalizationMethod(), sig->getSignatureAlgorithm()
\r
196 // We need to reparse the XML we saved off into a new DOM.
\r
197 MemBufInputSource src(reinterpret_cast<const XMLByte*>(sig->m_xml.c_str()),sig->m_xml.length(),"XMLSecSignatureImpl");
\r
198 Wrapper4InputSource dsrc(&src,false);
\r
199 log.debug("parsing Signature XML back into DOM tree");
\r
200 DOMDocument* internalDoc=XMLToolingInternalConfig::getInternalConfig().m_parserPool->parse(dsrc);
\r
202 // The caller insists on using his own document, so we now have to import the thing
\r
203 // into it. Then we're just dumping the one we built.
\r
204 log.debug("reimporting new DOM into caller-supplied document");
\r
205 cachedDOM=static_cast<DOMElement*>(document->importNode(internalDoc->getDocumentElement(), true));
\r
206 internalDoc->release();
\r
209 // We just bind the document we built to the object as the result.
\r
210 cachedDOM=static_cast<DOMElement*>(internalDoc->getDocumentElement());
\r
211 document=internalDoc;
\r
215 // Now reload the signature from the DOM.
\r
217 sig->m_signature=XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->newSignatureFromDOM(
\r
218 document, cachedDOM
\r
221 catch(XSECException& e) {
\r
223 document->release();
\r
224 auto_ptr_char temp(e.getMsg());
\r
225 throw MarshallingException(string("Caught an XMLSecurity exception while loading signature: ") + temp.get());
\r
227 catch(XSECCryptoException& e) {
\r
229 document->release();
\r
230 throw MarshallingException(string("Caught an XMLSecurity exception while loading signature: ") + e.getMsg());
\r
234 // Recache the DOM and clear the serialized copy.
\r
235 setDocumentElement(document, cachedDOM);
\r
236 log.debug("caching DOM for Signature (document is %sbound)", bindDocument ? "" : "not ");
\r
237 sig->setDOM(cachedDOM, bindDocument);
\r
238 sig->releaseParentDOM(true);
\r
239 sig->m_xml.erase();
\r
243 DOMElement* XMLSecSignatureMarshaller::marshall(XMLObject* xmlObject, DOMElement* parentElement, MarshallingContext* ctx) const
\r
246 xmltooling::NDC ndc("marshall");
\r
249 Category& log=Category::getInstance(XMLTOOLING_LOGCAT".Marshaller");
\r
250 log.debug("marshalling ds:Signature");
\r
252 XMLSecSignatureImpl* sig=dynamic_cast<XMLSecSignatureImpl*>(xmlObject);
\r
254 throw MarshallingException("Only objects of class XMLSecSignatureImpl can be marshalled.");
\r
256 DOMElement* cachedDOM=sig->getDOM();
\r
258 if (parentElement->getOwnerDocument()==cachedDOM->getOwnerDocument()) {
\r
259 log.debug("Signature has a usable cached DOM, reusing it");
\r
260 parentElement->appendChild(cachedDOM);
\r
261 sig->releaseParentDOM(true);
\r
265 // We have a DOM but it doesn't match the document we were given, so we import
\r
266 // it into the new document.
\r
267 cachedDOM=static_cast<DOMElement*>(parentElement->getOwnerDocument()->importNode(cachedDOM, true));
\r
270 XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->releaseSignature(sig->m_signature);
\r
271 sig->m_signature=NULL;
\r
272 sig->m_signature=XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->newSignatureFromDOM(
\r
273 parentElement->getOwnerDocument(), cachedDOM
\r
276 catch(XSECException& e) {
\r
277 auto_ptr_char temp(e.getMsg());
\r
278 throw MarshallingException(string("Caught an XMLSecurity exception while loading signature: ") + temp.get());
\r
280 catch(XSECCryptoException& e) {
\r
281 throw MarshallingException(string("Caught an XMLSecurity exception while loading signature: ") + e.getMsg());
\r
284 // Recache the DOM.
\r
285 parentElement->appendChild(cachedDOM);
\r
286 log.debug("caching imported DOM for Signature");
\r
287 sig->setDOM(cachedDOM, false);
\r
288 sig->releaseParentDOM(true);
\r
292 // If we get here, we didn't have a usable DOM.
\r
293 if (sig->m_xml.empty()) {
\r
294 // Fresh signature, so we just create an empty one.
\r
295 log.debug("creating empty Signature element");
\r
296 sig->m_signature=XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->newSignature();
\r
297 sig->m_signature->setDSIGNSPrefix(Signature::PREFIX);
\r
298 cachedDOM=sig->m_signature->createBlankSignature(
\r
299 parentElement->getOwnerDocument(), sig->getCanonicalizationMethod(), sig->getSignatureAlgorithm()
\r
303 MemBufInputSource src(reinterpret_cast<const XMLByte*>(sig->m_xml.c_str()),sig->m_xml.length(),"XMLSecSignatureImpl");
\r
304 Wrapper4InputSource dsrc(&src,false);
\r
305 log.debug("parsing XML back into DOM tree");
\r
306 DOMDocument* internalDoc=XMLToolingInternalConfig::getInternalConfig().m_parserPool->parse(dsrc);
\r
308 log.debug("reimporting new DOM into caller-supplied document");
\r
309 cachedDOM=static_cast<DOMElement*>(parentElement->getOwnerDocument()->importNode(internalDoc->getDocumentElement(), true));
\r
310 internalDoc->release();
\r
312 // Now reload the signature from the DOM.
\r
314 sig->m_signature=XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->newSignatureFromDOM(
\r
315 parentElement->getOwnerDocument(), cachedDOM
\r
318 catch(XSECException& e) {
\r
319 auto_ptr_char temp(e.getMsg());
\r
320 throw MarshallingException(string("Caught an XMLSecurity exception while loading signature: ") + temp.get());
\r
322 catch(XSECCryptoException& e) {
\r
323 throw MarshallingException(string("Caught an XMLSecurity exception while loading signature: ") + e.getMsg());
\r
327 // Recache the DOM and clear the serialized copy.
\r
328 parentElement->appendChild(cachedDOM);
\r
329 log.debug("caching DOM for Signature");
\r
330 sig->setDOM(cachedDOM, false);
\r
331 sig->releaseParentDOM(true);
\r
332 sig->m_xml.erase();
\r
336 XMLObject* XMLSecSignatureUnmarshaller::unmarshall(DOMElement* element, bool bindDocument) const
\r
338 Category::getInstance(XMLTOOLING_LOGCAT".Unmarshaller").debug("unmarshalling ds:Signature");
\r
340 auto_ptr<XMLSecSignatureImpl> ret(new XMLSecSignatureImpl());
\r
342 ret->m_signature=XMLToolingInternalConfig::getInternalConfig().m_xsecProvider->newSignatureFromDOM(
\r
343 element->getOwnerDocument(), element
\r
346 catch(XSECException& e) {
\r
347 auto_ptr_char temp(e.getMsg());
\r
348 throw UnmarshallingException(string("Caught an XMLSecurity exception while loading signature: ") + temp.get());
\r
350 catch(XSECCryptoException& e) {
\r
351 throw UnmarshallingException(string("Caught an XMLSecurity exception while loading signature: ") + e.getMsg());
\r
354 ret->setDOM(element, bindDocument);
\r
355 return ret.release();
\r