-/*
- * Copyright 2001-2010 Internet2
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
*
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
*/
/**
#include "security/BasicX509Credential.h"
#include "security/KeyInfoCredentialContext.h"
#include "security/OpenSSLCredential.h"
+#include "security/SecurityHelper.h"
#include "security/XSECCryptoX509CRL.h"
#include "signature/KeyInfo.h"
#include <algorithm>
#include <openssl/x509v3.h>
#include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>
+#include <xercesc/util/Base64.hpp>
using namespace xmlsignature;
using namespace xmltooling;
+using namespace xercesc;
using namespace std;
Credential::Credential()
delete m_compactKeyInfo;
m_compactKeyInfo = nullptr;
+ // Default will disable X509IssuerSerial due to schema validation issues.
if (types == 0)
- types = KEYINFO_KEY_VALUE | KEYINFO_KEY_NAME | KEYINFO_X509_CERTIFICATE | KEYINFO_X509_SUBJECTNAME | KEYINFO_X509_ISSUERSERIAL;
+ types = KEYINFO_KEY_VALUE | KEYINFO_KEY_NAME | KEYINFO_X509_CERTIFICATE | KEYINFO_X509_SUBJECTNAME | KEYINFO_X509_DIGEST;
if (types & KEYINFO_KEY_NAME) {
const set<string>& names = getKeyNames();
m_keyInfo->getX509Datas().front()->getX509Certificates().push_back(x509);
}
}
+
+ if (types & KEYINFO_X509_DIGEST && !m_xseccerts.empty()) {
+ if (!m_compactKeyInfo)
+ m_compactKeyInfo = KeyInfoBuilder::buildKeyInfo();
+ if (m_compactKeyInfo->getX509Datas().empty())
+ m_compactKeyInfo->getX509Datas().push_back(X509DataBuilder::buildX509Data());
+ safeBuffer& buf=m_xseccerts.front()->getDEREncodingSB();
+ xsecsize_t x;
+ XMLByte* decoded = Base64::decode(reinterpret_cast<const XMLByte*>(buf.rawCharBuffer()), &x);
+ if (decoded) {
+ string xdig = SecurityHelper::doHash("SHA1", reinterpret_cast<char*>(decoded), x);
+#ifdef XMLTOOLING_XERCESC_HAS_XMLBYTE_RELEASE
+ XMLString::release(&decoded);
+#else
+ XMLString::release((char**)&decoded);
+#endif
+ XMLByte* encoded = Base64::encode(reinterpret_cast<const XMLByte*>(xdig.c_str()), xdig.length(), &x);
+ if (encoded) {
+ auto_ptr_XMLCh widenit(reinterpret_cast<char*>(encoded));
+#ifdef XMLTOOLING_XERCESC_HAS_XMLBYTE_RELEASE
+ XMLString::release(&encoded);
+#else
+ XMLString::release((char**)&encoded);
+#endif
+ X509Digest* x509dig = X509DigestBuilder::buildX509Digest();
+ x509dig->setValue(widenit.get());
+ m_compactKeyInfo->getX509Datas().front()->getX509Digests().push_back(x509dig);
+ }
+ }
+ }
}
unsigned int BasicX509Credential::getUsage() const
case XSECCryptoKey::KEY_DSA_PAIR:
return "DSA";
+#ifdef XMLTOOLING_XMLSEC_ECC
case XSECCryptoKey::KEY_EC_PRIVATE:
case XSECCryptoKey::KEY_EC_PUBLIC:
case XSECCryptoKey::KEY_EC_PAIR:
return "EC";
+#endif
case XSECCryptoKey::KEY_HMAC:
return "HMAC";
case XSECCryptoKey::KEY_RSA_PUBLIC:
case XSECCryptoKey::KEY_RSA_PAIR: {
XSECCryptoKeyRSA* rkey = static_cast<XSECCryptoKeyRSA*>(m_key);
- return rkey->getLength();
+ return 8 * rkey->getLength();
}
case XSECCryptoKey::KEY_SYMMETRIC: {
{
if (m_key) {
XSECCryptoKey::KeyType type = m_key->getKeyType();
- if (type!=XSECCryptoKey::KEY_RSA_PUBLIC && type!=XSECCryptoKey::KEY_DSA_PUBLIC && type!=XSECCryptoKey::KEY_EC_PUBLIC)
+ if (type != XSECCryptoKey::KEY_RSA_PUBLIC && type != XSECCryptoKey::KEY_DSA_PUBLIC
+#ifdef XMLTOOLING_XMLSEC_ECC
+ && type != XSECCryptoKey::KEY_EC_PUBLIC
+#endif
+ )
return m_key;
}
return nullptr;
{
if (m_key) {
XSECCryptoKey::KeyType type = m_key->getKeyType();
- if (type!=XSECCryptoKey::KEY_RSA_PRIVATE && type!=XSECCryptoKey::KEY_DSA_PRIVATE && type!=XSECCryptoKey::KEY_EC_PRIVATE)
+ if (type != XSECCryptoKey::KEY_RSA_PRIVATE && type != XSECCryptoKey::KEY_DSA_PRIVATE
+#ifdef XMLTOOLING_XMLSEC_ECC
+ && type != XSECCryptoKey::KEY_EC_PRIVATE
+#endif
+ )
return m_key;
}
return nullptr;