*/
#include "internal.h"
+#include "logging.h"
#include "security/BasicX509Credential.h"
#include "security/CredentialCriteria.h"
#include "security/CredentialResolver.h"
#include <sys/types.h>
#include <sys/stat.h>
#include <openssl/pkcs12.h>
-#include <log4cpp/Category.hh>
#include <xercesc/util/XMLUniDefs.hpp>
#include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>
#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.hpp>
#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.hpp>
using namespace xmlsignature;
+using namespace xmltooling::logging;
using namespace xmltooling;
-using namespace log4cpp;
using namespace std;
// OpenSSL password callback...
{
public:
FilesystemCredential(FilesystemCredentialResolver* resolver, XSECCryptoKey* key, const std::vector<XSECCryptoX509*>& xseccerts)
- : BasicX509Credential(key, xseccerts), m_resolver(resolver) {
+ : BasicX509Credential(key, xseccerts), m_resolver(resolver), m_usage(UNSPECIFIED_CREDENTIAL) {
if (!m_xseccerts.empty())
extractNames(m_xseccerts.front(), m_keyNames);
initKeyInfo();
virtual ~FilesystemCredential() {
}
+ unsigned int getUsage() const {
+ return m_usage;
+ }
+
+ void setUsage(const XMLCh* usage) {
+ if (usage && *usage) {
+ auto_ptr_char u(usage);
+ if (!strcmp(u.get(), "signing"))
+ m_usage = SIGNING_CREDENTIAL | TLS_CREDENTIAL;
+ else if (!strcmp(u.get(), "TLS"))
+ m_usage = TLS_CREDENTIAL;
+ else if (!strcmp(u.get(), "encryption"))
+ m_usage = ENCRYPTION_CREDENTIAL;
+ }
+ }
+
void addKeyNames(const DOMElement* e);
void attach(SSL_CTX* ctx) const;
private:
FilesystemCredentialResolver* m_resolver;
+ unsigned int m_usage;
};
#if defined (_MSC_VER)
return new FilesystemCredentialResolver(e);
}
+ static const XMLCh _CredentialResolver[] = UNICODE_LITERAL_18(C,r,e,d,e,n,t,i,a,l,R,e,s,o,l,v,e,r);
static const XMLCh CAPath[] = UNICODE_LITERAL_6(C,A,P,a,t,h);
static const XMLCh Certificate[] = UNICODE_LITERAL_11(C,e,r,t,i,f,i,c,a,t,e);
+ static const XMLCh _certificate[] = UNICODE_LITERAL_11(c,e,r,t,i,f,i,c,a,t,e);
static const XMLCh format[] = UNICODE_LITERAL_6(f,o,r,m,a,t);
static const XMLCh Key[] = UNICODE_LITERAL_3(K,e,y);
+ static const XMLCh _key[] = UNICODE_LITERAL_3(k,e,y);
static const XMLCh Name[] = UNICODE_LITERAL_4(N,a,m,e);
static const XMLCh password[] = UNICODE_LITERAL_8(p,a,s,s,w,o,r,d);
static const XMLCh Path[] = UNICODE_LITERAL_4(P,a,t,h);
+ static const XMLCh _use[] = UNICODE_LITERAL_3(u,s,e);
};
FilesystemCredentialResolver::FilesystemCredentialResolver(const DOMElement* e) : m_credential(NULL)
#ifdef _DEBUG
NDC ndc("FilesystemCredentialResolver");
#endif
- Category& log=Category::getInstance(XMLTOOLING_LOGCAT".CredentialResolver");
-
+ Category& log=Category::getInstance(XMLTOOLING_LOGCAT".CredentialResolver."FILESYSTEM_CREDENTIAL_RESOLVER);
+
+ if (e && (e->hasAttributeNS(NULL,_certificate) || e->hasAttributeNS(NULL,_key))) {
+ // Dummy up a simple file resolver config using these attributes.
+ DOMElement* dummy = e->getOwnerDocument()->createElementNS(NULL,_CredentialResolver);
+ DOMElement* child;
+ DOMElement* path;
+ if (e->hasAttributeNS(NULL,_key)) {
+ child = e->getOwnerDocument()->createElementNS(NULL,Key);
+ dummy->appendChild(child);
+ path = e->getOwnerDocument()->createElementNS(NULL,Path);
+ child->appendChild(path);
+ path->appendChild(e->getOwnerDocument()->createTextNode(e->getAttributeNS(NULL,_key)));
+ if (e->hasAttributeNS(NULL,password))
+ child->setAttributeNS(NULL,password,e->getAttributeNS(NULL,password));
+ }
+ if (e->hasAttributeNS(NULL,_certificate)) {
+ child = e->getOwnerDocument()->createElementNS(NULL,Certificate);
+ dummy->appendChild(child);
+ path = e->getOwnerDocument()->createElementNS(NULL,Path);
+ child->appendChild(path);
+ path->appendChild(e->getOwnerDocument()->createTextNode(e->getAttributeNS(NULL,_certificate)));
+ }
+ e = dummy; // reset "root" to the dummy config element
+ }
+
const DOMElement* root=e;
+ const XMLCh* usage = root->getAttributeNS(NULL,_use);
XSECCryptoKey* key=NULL;
vector<XSECCryptoX509*> xseccerts;
if (!e) {
m_credential = new FilesystemCredential(this,key,xseccerts);
m_credential->addKeyNames(keynode);
+ m_credential->setUsage(usage);
return;
}
auto_ptr_char certpass(e->getAttributeNS(NULL,password));
key = xseccerts.front()->clonePublicKey();
m_credential = new FilesystemCredential(this, key, xseccerts);
m_credential->addKeyNames(keynode);
+ m_credential->setUsage(usage);
}
XSECCryptoKey* FilesystemCredentialResolver::loadKey()
break;
default:
- Category::getInstance(XMLTOOLING_LOGCAT".CredentialResolver").error("unsupported private key type");
+ Category::getInstance(XMLTOOLING_LOGCAT".CredentialResolver."FILESYSTEM_CREDENTIAL_RESOLVER).error("unsupported private key type");
}
EVP_PKEY_free(pkey);
if (ret)
#ifdef _DEBUG
NDC ndc("attach");
#endif
-
+
+ if (m_keypath.empty())
+ throw XMLSecurityException("No key available, unable to attach private key to SSL context.");
+
// Attach key.
SSL_CTX_set_default_passwd_cb(ctx, passwd_callback);
SSL_CTX_set_default_passwd_cb_userdata(ctx, const_cast<char*>(m_keypass.c_str()));