/*
- * Copyright 2001-2006 Internet2
+ * Copyright 2001-2010 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
*/
/**
- * @file Signature.h
+ * @file xmltooling/signature/Signature.h
*
* XMLObject representing XML Digital Signature, version 20020212, Signature element.
*/
#define __xmltooling_sig_h__
#include <xmltooling/exceptions.h>
-#include <xmltooling/XMLObjectBuilder.h>
-#include <xmltooling/signature/ContentReference.h>
-#include <xmltooling/util/XMLConstants.h>
+#include <xmltooling/ConcreteXMLObjectBuilder.h>
-#include <xsec/dsig/DSIGSignature.hpp>
+class DSIGSignature;
+class XSECCryptoKey;
/**
* @namespace xmlsignature
*/
namespace xmlsignature {
+ class XMLTOOL_API ContentReference;
class XMLTOOL_API KeyInfo;
/**
class XMLTOOL_API Signature : public virtual xmltooling::XMLObject
{
public:
- virtual ~Signature() {}
+ virtual ~Signature();
/** Element local name */
static const XMLCh LOCAL_NAME[];
/**
- * Sets the canonicalization method for the ds:SignedInfo element
+ * Gets the canonicalization method for the ds:SignedInfo element.
+ *
+ * @return the canonicalization method
+ */
+ virtual const XMLCh* getCanonicalizationMethod() const=0;
+
+ /**
+ * Gets the signing algorithm for the signature.
+ *
+ * @return the signature algorithm, or NULL if indeterminate
+ */
+ virtual const XMLCh* getSignatureAlgorithm() const=0;
+
+ /**
+ * Sets the canonicalization method for the ds:SignedInfo element.
*
* @param c14n the canonicalization method
*/
/**
* Compute and append the signature based on the assigned
* ContentReference, KeyInfo, and signing key.
+ *
+ * @param credential optional source of signing key and KeyInfo
*/
- virtual void sign()=0;
+ virtual void sign(const xmltooling::Credential* credential=NULL)=0;
/**
* Type-safe clone operation.
*/
virtual Signature* cloneSignature() const=0;
+ /**
+ * Sign the input data and return a base64-encoded signature. The signature value
+ * <strong>MUST NOT</strong> contain any embedded linefeeds.
+ *
+ * <p>Allows specialized applications to create raw signatures over any input using
+ * the same cryptography layer as XML Signatures use.
+ *
+ * @param key key to sign with, will <strong>NOT</strong> be freed
+ * @param sigAlgorithm XML signature algorithm identifier
+ * @param in input data
+ * @param in_len size of input data in bytes
+ * @param out output buffer
+ * @param out_len size of output buffer in bytes
+ * @return size in bytes of base64-encoded signature
+ */
+ static unsigned int createRawSignature(
+ XSECCryptoKey* key,
+ const XMLCh* sigAlgorithm,
+ const char* in,
+ unsigned int in_len,
+ char* out,
+ unsigned int out_len
+ );
+
+ /**
+ * Verifies a base-64 encoded signature over the input data.
+ *
+ * <p>Allows specialized applications to verify raw signatures over any input using
+ * the same cryptography layer as XML Signatures use.
+ *
+ * @param key key to verify with, will <strong>NOT</strong> be freed
+ * @param sigAlgorithm XML signature algorithm identifier
+ * @param signature base64-encoded signature value
+ * @param in input data
+ * @param in_len size of input data in bytes
+ * @return true iff signature verifies
+ */
+ static bool verifyRawSignature(
+ XSECCryptoKey* key,
+ const XMLCh* sigAlgorithm,
+ const char* signature,
+ const char* in,
+ unsigned int in_len
+ );
+
protected:
- Signature() {}
+ /** Default constructor. */
+ Signature();
};
/**
* Builder for Signature objects.
*/
- class XMLTOOL_API SignatureBuilder : public xmltooling::XMLObjectBuilder
+ class XMLTOOL_API SignatureBuilder : public xmltooling::ConcreteXMLObjectBuilder
{
public:
+#ifdef HAVE_COVARIANT_RETURNS
virtual Signature* buildObject(
+#else
+ virtual xmltooling::XMLObject* buildObject(
+#endif
const XMLCh* nsURI, const XMLCh* localName, const XMLCh* prefix=NULL, const xmltooling::QName* schemaType=NULL
) const;
*
* @return empty Signature object
*/
+#ifdef HAVE_COVARIANT_RETURNS
virtual Signature* buildObject() const;
-
- static Signature* buildSignature() {
- const SignatureBuilder* b = dynamic_cast<const SignatureBuilder*>(
- xmltooling::XMLObjectBuilder::getBuilder(
- xmltooling::QName(xmltooling::XMLConstants::XMLSIG_NS,Signature::LOCAL_NAME)
- )
- );
- if (b)
- return b->buildObject();
- throw xmltooling::XMLObjectException("Unable to obtain typed builder for Signature.");
- }
+#else
+ virtual xmltooling::XMLObject* buildObject() const;
+#endif
+ /** Singleton builder. */
+ static Signature* buildSignature();
};
DECL_XMLTOOLING_EXCEPTION(SignatureException,XMLTOOL_EXCEPTIONAPI(XMLTOOL_API),xmlsignature,xmltooling::XMLSecurityException,Exceptions in signature processing);