-/*
-* Copyright 2001-2006 Internet2
- *
-* Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
*/
/**
* KeyInfoSchemaValidators.cpp
*
- * Schema validators for KeyInfo schema
+ * Schema validators for KeyInfo schema.
*/
#include "internal.h"
#include "exceptions.h"
#include "signature/KeyInfo.h"
+#include "validation/Validator.h"
#include "validation/ValidatorSuite.h"
using namespace xmlsignature;
using namespace xmltooling;
using namespace std;
+using xmlconstants::XMLSIG_NS;
+using xmlconstants::XMLSIG11_NS;
+
+#define XMLOBJECTVALIDATOR_ONLYONEOF4(cname,proper1,proper2,proper3,proper4) \
+ int c##proper1##proper2##proper3##proper4=0; \
+ if (ptr->get##proper1()!=nullptr) \
+ c##proper1##proper2##proper3##proper4++; \
+ if (ptr->get##proper2()!=nullptr) \
+ c##proper1##proper2##proper3##proper4++; \
+ if (ptr->get##proper3()!=nullptr) \
+ c##proper1##proper2##proper3##proper4++; \
+ if (ptr->get##proper4()!=nullptr) \
+ c##proper1##proper2##proper3##proper4++; \
+ if (c##proper1##proper2##proper3##proper4 != 1) \
+ throw xmltooling::ValidationException(#cname" must have only one of "#proper1", "#proper2", "#proper3", or "#proper4".")
namespace xmlsignature {
XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,SPKISexp);
XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,PGPKeyID);
XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,PGPKeyPacket);
+
+ XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,DEREncodedKeyValue);
+ XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,OCSPResponse);
+ XMLOBJECTVALIDATOR_SIMPLE(XMLTOOL_DLLLOCAL,PublicKey);
BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,RSAKeyValue);
XMLOBJECTVALIDATOR_REQUIRE(RSAKeyValue,Modulus);
END_XMLOBJECTVALIDATOR;
BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,KeyValue);
- XMLOBJECTVALIDATOR_ONLYONEOF3(KeyValue,DSAKeyValue,RSAKeyValue,OtherKeyValue);
+ XMLOBJECTVALIDATOR_ONLYONEOF4(KeyValue,DSAKeyValue,RSAKeyValue,ECKeyValue,UnknownXMLObject);
END_XMLOBJECTVALIDATOR;
BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,Transform);
public:
void operator()(const XMLObject* xmlObject) const {
const XMLCh* ns=xmlObject->getElementQName().getNamespaceURI();
- if (XMLString::equals(ns,XMLConstants::XMLSIG_NS) || !ns || !*ns) {
+ if (XMLString::equals(ns,XMLSIG_NS) || !ns || !*ns) {
throw ValidationException(
"Object contains an illegal extension child element ($1).",
params(1,xmlObject->getElementQName().toString().c_str())
BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,X509Data);
if (!ptr->hasChildren())
throw ValidationException("X509Data must have at least one child element.");
- const vector<XMLObject*>& anys=ptr->getOtherX509Datas();
+ const vector<XMLObject*>& anys=ptr->getUnknownXMLObjects();
for_each(anys.begin(),anys.end(),checkWildcardNS());
END_XMLOBJECTVALIDATOR;
BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,KeyInfo);
if (!ptr->hasChildren())
throw ValidationException("KeyInfo must have at least one child element.");
- const vector<XMLObject*>& anys=ptr->getOthers();
+ const vector<XMLObject*>& anys=ptr->getUnknownXMLObjects();
for_each(anys.begin(),anys.end(),checkWildcardNS());
END_XMLOBJECTVALIDATOR;
+ BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,KeyInfoReference);
+ XMLOBJECTVALIDATOR_REQUIRE(KeyInfoReference,URI);
+ END_XMLOBJECTVALIDATOR;
+
+ BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,NamedCurve);
+ XMLOBJECTVALIDATOR_REQUIRE(NamedCurve,URI);
+ END_XMLOBJECTVALIDATOR;
+
+ BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,ECKeyValue);
+ XMLOBJECTVALIDATOR_ONEOF(ECKeyValue,ECParameters,NamedCurve);
+ XMLOBJECTVALIDATOR_REQUIRE(ECKeyValue,PublicKey);
+ END_XMLOBJECTVALIDATOR;
+
+ BEGIN_XMLOBJECTVALIDATOR(XMLTOOL_DLLLOCAL,X509Digest);
+ XMLOBJECTVALIDATOR_REQUIRE(X509Digest,Algorithm);
+ END_XMLOBJECTVALIDATOR;
};
#define REGISTER_ELEMENT(namespaceURI,cname) \
void xmlsignature::registerKeyInfoClasses()
{
QName q;
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,KeyInfo);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,KeyName);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,KeyValue);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,MgmtData);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,DSAKeyValue);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,RSAKeyValue);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,Exponent);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,Modulus);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,P);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,Q);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,G);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,Y);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,J);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,Seed);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,PgenCounter);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,XPath);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,Transform);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,Transforms);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,RetrievalMethod);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,X509IssuerSerial);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,X509IssuerName);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,X509SerialNumber);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,X509SKI);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,X509SubjectName);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,X509Certificate);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,X509CRL);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,X509Data);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,SPKISexp);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,SPKIData);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,PGPKeyID);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,PGPKeyPacket);
- REGISTER_ELEMENT(XMLConstants::XMLSIG_NS,PGPData);
- REGISTER_TYPE(XMLConstants::XMLSIG_NS,KeyInfo);
- REGISTER_TYPE(XMLConstants::XMLSIG_NS,KeyValue);
- REGISTER_TYPE(XMLConstants::XMLSIG_NS,DSAKeyValue);
- REGISTER_TYPE(XMLConstants::XMLSIG_NS,RSAKeyValue);
- REGISTER_TYPE(XMLConstants::XMLSIG_NS,Transform);
- REGISTER_TYPE(XMLConstants::XMLSIG_NS,Transforms);
- REGISTER_TYPE(XMLConstants::XMLSIG_NS,RetrievalMethod);
- REGISTER_TYPE(XMLConstants::XMLSIG_NS,X509IssuerSerial);
- REGISTER_TYPE(XMLConstants::XMLSIG_NS,X509Data);
- REGISTER_TYPE(XMLConstants::XMLSIG_NS,SPKIData);
- REGISTER_TYPE(XMLConstants::XMLSIG_NS,PGPData);
+ REGISTER_ELEMENT(XMLSIG_NS,KeyInfo);
+ REGISTER_ELEMENT(XMLSIG_NS,KeyName);
+ REGISTER_ELEMENT(XMLSIG_NS,KeyValue);
+ REGISTER_ELEMENT(XMLSIG_NS,MgmtData);
+ REGISTER_ELEMENT(XMLSIG_NS,DSAKeyValue);
+ REGISTER_ELEMENT(XMLSIG_NS,RSAKeyValue);
+ REGISTER_ELEMENT(XMLSIG_NS,Exponent);
+ REGISTER_ELEMENT(XMLSIG_NS,Modulus);
+ REGISTER_ELEMENT(XMLSIG_NS,P);
+ REGISTER_ELEMENT(XMLSIG_NS,Q);
+ REGISTER_ELEMENT(XMLSIG_NS,G);
+ REGISTER_ELEMENT(XMLSIG_NS,Y);
+ REGISTER_ELEMENT(XMLSIG_NS,J);
+ REGISTER_ELEMENT(XMLSIG_NS,Seed);
+ REGISTER_ELEMENT(XMLSIG_NS,PgenCounter);
+ REGISTER_ELEMENT(XMLSIG_NS,XPath);
+ REGISTER_ELEMENT(XMLSIG_NS,Transform);
+ REGISTER_ELEMENT(XMLSIG_NS,Transforms);
+ REGISTER_ELEMENT(XMLSIG_NS,RetrievalMethod);
+ REGISTER_ELEMENT(XMLSIG_NS,X509IssuerSerial);
+ REGISTER_ELEMENT(XMLSIG_NS,X509IssuerName);
+ REGISTER_ELEMENT(XMLSIG_NS,X509SerialNumber);
+ REGISTER_ELEMENT(XMLSIG_NS,X509SKI);
+ REGISTER_ELEMENT(XMLSIG_NS,X509SubjectName);
+ REGISTER_ELEMENT(XMLSIG_NS,X509Certificate);
+ REGISTER_ELEMENT(XMLSIG_NS,X509CRL);
+ REGISTER_ELEMENT(XMLSIG_NS,X509Data);
+ REGISTER_ELEMENT(XMLSIG_NS,SPKISexp);
+ REGISTER_ELEMENT(XMLSIG_NS,SPKIData);
+ REGISTER_ELEMENT(XMLSIG_NS,PGPKeyID);
+ REGISTER_ELEMENT(XMLSIG_NS,PGPKeyPacket);
+ REGISTER_ELEMENT(XMLSIG_NS,PGPData);
+ REGISTER_TYPE(XMLSIG_NS,KeyInfo);
+ REGISTER_TYPE(XMLSIG_NS,KeyValue);
+ REGISTER_TYPE(XMLSIG_NS,DSAKeyValue);
+ REGISTER_TYPE(XMLSIG_NS,RSAKeyValue);
+ REGISTER_TYPE(XMLSIG_NS,Transform);
+ REGISTER_TYPE(XMLSIG_NS,Transforms);
+ REGISTER_TYPE(XMLSIG_NS,RetrievalMethod);
+ REGISTER_TYPE(XMLSIG_NS,X509IssuerSerial);
+ REGISTER_TYPE(XMLSIG_NS,X509Data);
+ REGISTER_TYPE(XMLSIG_NS,SPKIData);
+ REGISTER_TYPE(XMLSIG_NS,PGPData);
+
+ REGISTER_ELEMENT(XMLSIG11_NS,DEREncodedKeyValue);
+ REGISTER_ELEMENT(XMLSIG11_NS,ECKeyValue);
+ REGISTER_ELEMENT(XMLSIG11_NS,KeyInfoReference);
+ REGISTER_ELEMENT(XMLSIG11_NS,NamedCurve);
+ REGISTER_ELEMENT(XMLSIG11_NS,OCSPResponse);
+ REGISTER_ELEMENT(XMLSIG11_NS,PublicKey);
+ REGISTER_ELEMENT(XMLSIG11_NS,X509Digest);
+ REGISTER_TYPE(XMLSIG11_NS,DEREncodedKeyValue);
+ REGISTER_TYPE(XMLSIG11_NS,ECKeyValue);
+ REGISTER_TYPE(XMLSIG11_NS,KeyInfoReference);
+ REGISTER_TYPE(XMLSIG11_NS,NamedCurve);
+ REGISTER_TYPE(XMLSIG11_NS,X509Digest);
}