secinclude_HEADERS = \
security/TrustEngine.h \
- security/X509TrustEngine.h
+ security/X509TrustEngine.h \
+ security/XSECCryptoX509CRL.h
siginclude_HEADERS = \
signature/CachingKeyResolver.h \
validation/ValidatorSuite.h
noinst_HEADERS = \
- internal.h
+ internal.h \
+ security/impl/OpenSSLCryptoX509CRL.h
if BUILD_XMLSEC
xmlsec_sources = \
encryption/impl/Encrypter.cpp \
security/impl/TrustEngine.cpp \
security/impl/ExplicitKeyTrustEngine.cpp \
+ security/impl/XSECCryptoX509CRL.cpp \
+ security/impl/OpenSSLCryptoX509CRL.cpp \
signature/impl/CredentialResolver.cpp \
signature/impl/FilesystemCredentialResolver.cpp \
signature/impl/InlineKeyResolver.cpp \
#include "encryption/Encryption.h"
#include "impl/UnknownElement.h"
#include "security/TrustEngine.h"
+#include "security/impl/OpenSSLCryptoX509CRL.h"
#include "signature/CredentialResolver.h"
#include "util/NDC.h"
#include "util/XMLConstants.h"
code=ERR_get_error_line_data(&file,&line,&data,&flags);
}
}
+
+XSECCryptoX509CRL* XMLToolingInternalConfig::X509CRL() const
+{
+ return new OpenSSLCryptoX509CRL();
+}
#endif
namespace xmltooling {\r
\r
class XMLTOOL_API TrustEngine;\r
+ class XMLTOOL_API XSECCryptoX509CRL;\r
\r
/**\r
* Singleton object that manages library startup/shutdown.configuration.\r
\r
#ifndef XMLTOOLING_NO_XMLSEC\r
/**\r
+ * Returns an X.509 CRL implementation object.\r
+ */\r
+ virtual XSECCryptoX509CRL* X509CRL() const=0;\r
+\r
+ /**\r
* Manages factories for KeyResolver plugins.\r
*/\r
- xmltooling::PluginManager<xmlsignature::KeyResolver,const DOMElement*> KeyResolverManager;\r
+ PluginManager<xmlsignature::KeyResolver,const DOMElement*> KeyResolverManager;\r
\r
/**\r
* Manages factories for CredentialResolver plugins.\r
*/\r
- xmltooling::PluginManager<xmlsignature::CredentialResolver,const DOMElement*> CredentialResolverManager;\r
+ PluginManager<xmlsignature::CredentialResolver,const DOMElement*> CredentialResolverManager;\r
\r
/**\r
* Manages factories for TrustEngine plugins.\r
*/\r
- xmltooling::PluginManager<TrustEngine,const DOMElement*> TrustEngineManager;\r
+ PluginManager<TrustEngine,const DOMElement*> TrustEngineManager;\r
#endif\r
\r
protected:\r
}
#ifndef XMLTOOLING_NO_XMLSEC
+ XSECCryptoX509CRL* X509CRL() const;
+
XSECProvider* m_xsecProvider;
#endif
--- /dev/null
+/*\r
+ * Copyright 2006 The Apache Software Foundation.\r
+ *\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ */\r
+\r
+/**\r
+ * @file xmltooling/security/XSECCryptoX509CRL.h\r
+ * \r
+ * Wrapper for X.509 CRL objects, similar to existing XSEC wrappers.\r
+ */\r
+\r
+#if !defined(__xmltooling_x509crl_h__) && !defined(XMLTOOLING_NO_XMLSEC)\r
+#define __xmltooling_x509crl_h__\r
+\r
+#include <xsec/framework/XSECDefs.hpp>\r
+#include <xsec/utils/XSECSafeBuffer.hpp>\r
+\r
+namespace xmltooling {\r
+ /**\r
+ * Interface class for X.509 CRLs\r
+ * The library uses classes derived from this to process X.509 CRLs.\r
+ */\r
+ class XMLTOOL_API XSECCryptoX509CRL {\r
+ MAKE_NONCOPYABLE(XSECCryptoX509CRL);\r
+ protected:\r
+ XSECCryptoX509CRL() {}\r
+ public:\r
+ virtual ~XSECCryptoX509CRL() {}\r
+ \r
+ /**\r
+ * Returns a string that identifies the crypto owner of this library.\r
+ * \r
+ * @return the crypto provider name\r
+ */\r
+ virtual const XMLCh* getProviderName() const=0;\r
+ \r
+ /**\r
+ * Load a CRL into the object.\r
+ * Takes a base64 DER-encoded CRL and loads it.\r
+ *\r
+ * @param buf buffer containing the Base64 encoded CRL\r
+ * @param len number of bytes of data in the CRL buffer\r
+ */\r
+ \r
+ virtual void loadX509CRLBase64Bin(const char* buf, unsigned int len)=0;\r
+ \r
+ /**\r
+ * Load a PEM encoded CRL into the object.\r
+ *\r
+ * Takes a PEM encoded CRL and loads it.\r
+ *\r
+ * @param buf buffer containing the PEM encoded CRL\r
+ * @param len number of bytes of data in the CRL buffer (0 if the string is null terminated)\r
+ */\r
+ void loadX509CRLPEM(const char* buf, unsigned int len=0);\r
+ \r
+ /**\r
+ * Get a Base64 DER encoded copy of the CRL\r
+ *\r
+ * @return A safeBuffer containing the DER encoded certificate\r
+ */\r
+ virtual safeBuffer& getDEREncodingSB(void)=0;\r
+ };\r
+};\r
+\r
+#endif /* __xmltooling_x509crl_h__ */\r
+\r
+\r
--- /dev/null
+/*\r
+ * Copyright 2006 The Apache Software Foundation.\r
+ *\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ */\r
+\r
+/**\r
+ * OpenSSLCryptoX509CRL.cpp\r
+ * \r
+ * OpenSSL-based class for handling X.509 CRLs\r
+ */\r
+\r
+#include "internal.h"\r
+#include "security/impl/OpenSSLCryptoX509CRL.h"\r
+\r
+#include <xsec/framework/XSECError.hpp>\r
+#include <xsec/enc/XSECCryptoException.hpp>\r
+#include <xsec/enc/XSCrypt/XSCryptCryptoBase64.hpp>\r
+\r
+#include <xercesc/util/Janitor.hpp>\r
+\r
+XSEC_USING_XERCES(ArrayJanitor);\r
+XSEC_USING_XERCES(Janitor);\r
+\r
+using namespace xmltooling;\r
+\r
+OpenSSLCryptoX509CRL::~OpenSSLCryptoX509CRL()\r
+{\r
+ if (mp_X509CRL)\r
+ X509_CRL_free(mp_X509CRL);\r
+}\r
+\r
+OpenSSLCryptoX509CRL::OpenSSLCryptoX509CRL(X509_CRL* x) {\r
+\r
+ // Build this from an existing X509_CRL structure\r
+\r
+ mp_X509CRL = X509_CRL_dup(x);\r
+ \r
+ // Now need to create the DER encoding\r
+\r
+ BIO* b64 = BIO_new(BIO_f_base64());\r
+ BIO* bmem = BIO_new(BIO_s_mem());\r
+\r
+ BIO_set_mem_eof_return(bmem, 0);\r
+ b64 = BIO_push(b64, bmem);\r
+\r
+ // Translate X509 to Base64\r
+\r
+ i2d_X509_CRL_bio(b64, x);\r
+\r
+ BIO_flush(b64);\r
+\r
+ char buf[1024];\r
+ unsigned int l;\r
+ \r
+ m_DERX509CRL.sbStrcpyIn("");\r
+\r
+ while ((l = BIO_read(bmem, buf, 1023)) > 0) {\r
+ buf[l] = '\0';\r
+ m_DERX509CRL.sbStrcatIn(buf);\r
+ }\r
+\r
+ BIO_free_all(b64);\r
+}\r
+\r
+void OpenSSLCryptoX509CRL::loadX509CRLBase64Bin(const char* buf, unsigned int len) {\r
+\r
+ // Free anything currently held.\r
+ \r
+ if (mp_X509CRL)\r
+ X509_CRL_free(mp_X509CRL);\r
+ \r
+ int bufLen = len;\r
+ unsigned char* outBuf;\r
+ XSECnew(outBuf, unsigned char[len + 1]);\r
+ ArrayJanitor<unsigned char> j_outBuf(outBuf);\r
+\r
+ XSCryptCryptoBase64 *b64;\r
+ XSECnew(b64, XSCryptCryptoBase64);\r
+ Janitor<XSCryptCryptoBase64> j_b64(b64);\r
+\r
+ b64->decodeInit();\r
+ bufLen = b64->decode((unsigned char *) buf, len, outBuf, len);\r
+ bufLen += b64->decodeFinish(&outBuf[bufLen], len-bufLen);\r
+\r
+ if (bufLen > 0) {\r
+#if defined(XSEC_OPENSSL_D2IX509_CONST_BUFFER)\r
+ mp_X509CRL= d2i_X509_CRL(NULL, (const unsigned char **) (&outBuf), bufLen);\r
+#else\r
+ mp_X509CRL= d2i_X509_CRL(NULL, &outBuf, bufLen);\r
+#endif\r
+ }\r
+\r
+ // Check to see if we have a CRL....\r
+ if (mp_X509CRL == NULL) {\r
+ throw XSECCryptoException(XSECCryptoException::X509Error,\r
+ "OpenSSL:X509CRL - Error translating Base64 DER encoding into OpenSSL X509 CRL structure");\r
+ }\r
+\r
+ m_DERX509CRL.sbStrcpyIn(buf);\r
+\r
+}\r
--- /dev/null
+/*\r
+ * Copyright 2006 The Apache Software Foundation.\r
+ *\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ */\r
+\r
+/**\r
+ * OpenSSLCryptoX509CRL.h\r
+ * \r
+ * OpenSSL-based class for handling X.509 CRLs\r
+ */\r
+\r
+#if !defined(__xmltooling_opensslx509crl_h__) && !defined(XMLTOOLING_NO_XMLSEC)\r
+#define __xmltooling_opensslx509crl_h__\r
+\r
+#include "security/XSECCryptoX509CRL.h"\r
+\r
+#include <openssl/bio.h>\r
+#include <openssl/x509v3.h>\r
+#include <xsec/utils/XSECSafeBuffer.hpp>\r
+\r
+namespace xmltooling {\r
+ class XMLTOOL_DLLLOCAL OpenSSLCryptoX509CRL : public XSECCryptoX509CRL {\r
+ public:\r
+ OpenSSLCryptoX509CRL() : m_DERX509CRL(""), mp_X509CRL(NULL) {}\r
+ virtual ~OpenSSLCryptoX509CRL();\r
+\r
+ virtual const XMLCh* getProviderName() const {\r
+ return DSIGConstants::s_unicodeStrPROVOpenSSL;\r
+ }\r
+ virtual void loadX509CRLBase64Bin(const char* buf, unsigned int len);\r
+ \r
+ virtual safeBuffer& getDEREncodingSB(void) {\r
+ return m_DERX509CRL;\r
+ }\r
+ \r
+ OpenSSLCryptoX509CRL(X509_CRL* x);\r
+ X509_CRL* getOpenSSLX509CRL(void) {\r
+ return mp_X509CRL;\r
+ }\r
+ \r
+ private:\r
+ X509_CRL* mp_X509CRL;\r
+ safeBuffer m_DERX509CRL;\r
+ };\r
+};\r
+\r
+#endif /* __xmltooling_opensslx509crl_h__ */\r
+\r
--- /dev/null
+/*\r
+ * Copyright 2006 The Apache Software Foundation.\r
+ *\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ */\r
+\r
+/**\r
+ * XSECCryptoX509CRL.cpp\r
+ * \r
+ * Wrapper for X.509 CRL objects, similar to existing XSEC wrappers.\r
+ */\r
+\r
+#include "internal.h"\r
+#include "security/XSECCryptoX509CRL.h"\r
+\r
+#include <xsec/framework/XSECError.hpp>\r
+#include <xsec/enc/XSECCryptoException.hpp>\r
+\r
+using namespace xmltooling;\r
+\r
+void XSECCryptoX509CRL::loadX509CRLPEM(const char* buf, unsigned int len)\r
+{\r
+ const char * b;\r
+ char * b1 = NULL;\r
+ if (len == 0)\r
+ b = buf;\r
+ else {\r
+ XSECnew(b1, char[len+1]);\r
+ memcpy(b1, buf, len);\r
+ b1[len] = '\0';\r
+ b = b1;\r
+ }\r
+\r
+ const char *p = strstr(buf, "-----BEGIN X509 CRL-----");\r
+\r
+ if (p == NULL) {\r
+\r
+ if (b1 != NULL)\r
+ delete[] b1;\r
+\r
+ throw XSECCryptoException(XSECCryptoException::X509Error,\r
+ "X509CRL::loadX509CRLPEM - Cannot find start of PEM CRL");\r
+\r
+ }\r
+\r
+ p += strlen("-----BEGIN X509 CRL-----");\r
+\r
+ while (*p == '\n' || *p == '\r' || *p == '-')\r
+ p++;\r
+\r
+ safeBuffer output;\r
+ int i = 0;\r
+ while (*p != '\0' && *p != '-') {\r
+ output[i++] = *p;\r
+ ++p;\r
+ }\r
+\r
+ if (strstr(p, "-----END X509 CRL-----") != p) {\r
+\r
+ if (b1 != NULL)\r
+ delete[] b1;\r
+\r
+ throw XSECCryptoException(XSECCryptoException::X509Error,\r
+ "X509CRL::loadX509PEMCRL - Cannot find end of PEM certificate");\r
+\r
+ }\r
+ \r
+ if (b1 != NULL)\r
+ delete[] b1;\r
+\r
+ output[i] = '\0';\r
+\r
+ this->loadX509CRLBase64Bin(output.rawCharBuffer(), i);\r
+\r
+}\r
+\r
>\r
</File>\r
<File\r
+ RelativePath=".\security\impl\OpenSSLCryptoX509CRL.cpp"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath=".\security\impl\OpenSSLCryptoX509CRL.h"\r
+ >\r
+ </File>\r
+ <File\r
RelativePath=".\security\impl\TrustEngine.cpp"\r
>\r
</File>\r
+ <File\r
+ RelativePath=".\security\impl\XSECCryptoX509CRL.cpp"\r
+ >\r
+ </File>\r
</Filter>\r
</Filter>\r
</Filter>\r
RelativePath=".\security\X509TrustEngine.h"\r
>\r
</File>\r
+ <File\r
+ RelativePath=".\security\XSECCryptoX509CRL.h"\r
+ >\r
+ </File>\r
</Filter>\r
</Filter>\r
<Filter\r