io/AbstractXMLObjectUnmarshaller.h
siginclude_HEADERS = \
+ signature/ContentReference.h \
signature/KeyInfo.h \
signature/Signature.h \
- signature/ContentReference.h
+ signature/SignatureValidator.h
utilinclude_HEADERS = \
util/CredentialResolver.h \
if BUILD_XMLSEC
xmlsec_sources = \
+ signature/impl/SignatureValidator.cpp \
signature/impl/XMLSecSignatureImpl.cpp
else
xmlsec_sources =
--- /dev/null
+/*\r
+ * Copyright 2001-2006 Internet2\r
+ * \r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ */\r
+\r
+/**\r
+ * @file SignatureValidator.h\r
+ * \r
+ * Validator for signatures based on an externally-supplied key \r
+ */\r
+\r
+#if !defined(__xmltooling_sigval_h__) && !defined(XMLTOOLING_NO_XMLSEC)\r
+#define __xmltooling_sigval_h__\r
+\r
+#include <xmltooling/signature/Signature.h>\r
+#include <xmltooling/validation/Validator.h>\r
+\r
+namespace xmlsignature {\r
+\r
+ /**\r
+ * Validator for signatures based on an externally-supplied key.\r
+ */\r
+ class XMLTOOL_API SignatureValidator : public virtual xmltooling::Validator\r
+ {\r
+ public:\r
+ /**\r
+ * Constructor\r
+ * \r
+ * @param key the verification key to use, will be freed by Validator\r
+ */\r
+ SignatureValidator(XSECCryptoKey* key) : m_key(key) {\r
+ if (!key)\r
+ throw xmltooling::ValidationException("Verification key cannot be NULL.");\r
+ }\r
+ \r
+ virtual ~SignatureValidator() {\r
+ delete m_key;\r
+ }\r
+\r
+ void validate(const xmltooling::XMLObject* xmlObject) const;\r
+\r
+ virtual void validate(const Signature* signature) const;\r
+ \r
+ SignatureValidator* clone() const {\r
+ return new SignatureValidator(*this);\r
+ }\r
+ \r
+ protected:\r
+ SignatureValidator(const SignatureValidator& src) {\r
+ m_key=src.m_key->clone();\r
+ }\r
+\r
+ private:\r
+ XSECCryptoKey* m_key;\r
+ };\r
+\r
+};\r
+\r
+#endif /* __xmltooling_sigval_h__ */\r
--- /dev/null
+/*\r
+ * Copyright 2001-2006 Internet2\r
+ * \r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ */\r
+\r
+/**\r
+ * SignatureValidator.cpp\r
+ * \r
+ * Validator for signatures based on an externally-supplied key \r
+ */\r
+ \r
+#include "internal.h"\r
+#include "signature/SignatureValidator.h"\r
+\r
+#include <xsec/enc/XSECCryptoException.hpp>\r
+#include <xsec/framework/XSECException.hpp>\r
+\r
+using namespace xmlsignature;\r
+using namespace xmltooling;\r
+using namespace std;\r
+\r
+void SignatureValidator::validate(const XMLObject* xmlObject) const\r
+{\r
+ const Signature* sigObj=dynamic_cast<const Signature*>(xmlObject);\r
+ if (!sigObj)\r
+ throw ValidationException("Validator only applies to Signature objects.");\r
+ validate(sigObj);\r
+}\r
+\r
+void SignatureValidator::validate(const Signature* sigObj) const\r
+{\r
+ DSIGSignature* sig=sigObj->getXMLSignature();\r
+ if (!sig)\r
+ throw ValidationException("Signature does not exist yet.");\r
+\r
+ try {\r
+ sig->setSigningKey(m_key->clone());\r
+ if (!sig->verify())\r
+ throw ValidationException("Digital signature does not validate with the given key.");\r
+ }\r
+ catch(XSECException& e) {\r
+ auto_ptr_char temp(e.getMsg());\r
+ throw ValidationException(string("Caught an XMLSecurity exception verifying signature: ") + temp.get());\r
+ }\r
+ catch(XSECCryptoException& e) {\r
+ throw ValidationException(string("Caught an XMLSecurity exception verifying signature: ") + e.getMsg());\r
+ }\r
+}\r
>\r
</File>\r
<File\r
+ RelativePath=".\signature\impl\SignatureValidator.cpp"\r
+ >\r
+ </File>\r
+ <File\r
RelativePath=".\signature\impl\XMLSecSignatureImpl.cpp"\r
>\r
</File>\r
RelativePath=".\signature\Signature.h"\r
>\r
</File>\r
+ <File\r
+ RelativePath=".\signature\SignatureValidator.h"\r
+ >\r
+ </File>\r
</Filter>\r
</Filter>\r
<Filter\r
\r
#include "XMLObjectBaseTestCase.h"\r
\r
+#include <xmltooling/signature/SignatureValidator.h>\r
+\r
#include <fstream>\r
#include <openssl/pem.h>\r
#include <xercesc/util/XMLUniDefs.hpp>\r
}\r
};\r
\r
-class TestValidator : public Validator\r
+class TestValidator : public SignatureValidator\r
{\r
XMLCh* m_uri;\r
\r
+ TestValidator(const TestValidator& src) : SignatureValidator(src) {\r
+ m_uri=XMLString::replicate(src.m_uri);\r
+ }\r
+\r
public:\r
- TestValidator(const XMLCh* uri) {\r
+ TestValidator(const XMLCh* uri, XSECCryptoKey* key) : SignatureValidator(key) {\r
m_uri=XMLString::replicate(uri);\r
}\r
\r
XMLString::release(&m_uri);\r
}\r
\r
- Validator* clone() const {\r
- return new TestValidator(m_uri);\r
+ TestValidator* clone() const {\r
+ return new TestValidator(*this);\r
}\r
\r
- void validate(const XMLObject* xmlObject) const {\r
- DSIGSignature* sig=dynamic_cast<const Signature*>(xmlObject)->getXMLSignature();\r
+ void validate(const Signature* sigObj) const {\r
+ DSIGSignature* sig=sigObj->getXMLSignature();\r
if (!sig)\r
throw SignatureException("Only a marshalled Signature object can be verified.");\r
const XMLCh* uri=sig->getReferenceList()->item(0)->getURI();\r
TSM_ASSERT_SAME_DATA("Reference URI does not match.",uri,m_uri,XMLString::stringLen(uri));\r
- XSECKeyInfoResolverDefault resolver;\r
- sig->setKeyInfoResolver(&resolver); // It will clone the resolver for us.\r
- try {\r
- if (!sig->verify())\r
- throw SignatureException("Signature did not verify.");\r
- }\r
- catch(XSECException& e) {\r
- auto_ptr_char temp(e.getMsg());\r
- throw SignatureException(string("Caught an XMLSecurity exception verifying signature: ") + temp.get());\r
- }\r
- catch(XSECCryptoException& e) {\r
- throw SignatureException(string("Caught an XMLSecurity exception verifying signature: ") + e.getMsg());\r
- }\r
+ SignatureValidator::validate(sigObj);\r
}\r
};\r
\r
auto_ptr<SimpleXMLObject> sxObject2(dynamic_cast<SimpleXMLObject*>(b->buildFromDocument(doc)));\r
TS_ASSERT(sxObject2.get()!=NULL);\r
TS_ASSERT(sxObject2->getSignature()!=NULL);\r
- sxObject2->getSignature()->registerValidator(new TestValidator(&chNull));\r
+ sxObject2->getSignature()->registerValidator(new TestValidator(&chNull,m_key->clone()));\r
\r
try {\r
sxObject2->getSignature()->validate(false);\r