valincludedir = $(includedir)/xmltooling/validation
libxmltoolinginclude_HEADERS = \
- AbstractAttributeExtensibleXMLObject.h \
- AbstractChildlessElement.h \
- AbstractComplexElement.h \
- AbstractDOMCachingXMLObject.h \
- AbstractElementProxy.h \
- AbstractSimpleElement.h \
- AbstractXMLObject.h \
- AttributeExtensibleXMLObject.h \
- base.h \
- config_pub.h \
- ElementProxy.h \
- exceptions.h \
- Lockable.h \
- Namespace.h \
- PluginManager.h \
- QName.h \
- SimpleElement.h \
- unicode.h \
- version.h \
- XMLObject.h \
- XMLObjectBuilder.h \
- XMLToolingConfig.h
+ AbstractAttributeExtensibleXMLObject.h \
+ AbstractChildlessElement.h \
+ AbstractComplexElement.h \
+ AbstractDOMCachingXMLObject.h \
+ AbstractElementProxy.h \
+ AbstractSimpleElement.h \
+ AbstractXMLObject.h \
+ AttributeExtensibleXMLObject.h \
+ base.h \
+ config_pub.h \
+ ElementProxy.h \
+ exceptions.h \
+ Lockable.h \
+ Namespace.h \
+ PluginManager.h \
+ QName.h \
+ SimpleElement.h \
+ unicode.h \
+ version.h \
+ XMLObject.h \
+ XMLObjectBuilder.h \
+ XMLToolingConfig.h
encinclude_HEADERS = \
encryption/Decrypter.h \
+ encryption/EncryptedKeyResolver.h \
encryption/Encrypter.h \
- encryption/Encryption.h
+ encryption/Encryption.h
implinclude_HEADERS = \
- impl/AnyElement.h \
- impl/UnknownElement.h
+ impl/AnyElement.h \
+ impl/UnknownElement.h
ioinclude_HEADERS = \
- io/AbstractXMLObjectMarshaller.h \
- io/AbstractXMLObjectUnmarshaller.h
+ io/AbstractXMLObjectMarshaller.h \
+ io/AbstractXMLObjectUnmarshaller.h
siginclude_HEADERS = \
- signature/ContentReference.h \
- signature/KeyInfo.h \
- signature/KeyResolver.h \
- signature/Signature.h \
- signature/SignatureValidator.h
+ signature/ContentReference.h \
+ signature/KeyInfo.h \
+ signature/KeyResolver.h \
+ signature/Signature.h \
+ signature/SignatureValidator.h
utilinclude_HEADERS = \
- util/DateTime.h \
- util/NDC.h \
- util/ParserPool.h \
- util/XMLConstants.h \
- util/XMLHelper.h \
- util/XMLObjectChildrenList.h
+ util/DateTime.h \
+ util/NDC.h \
+ util/ParserPool.h \
+ util/XMLConstants.h \
+ util/XMLHelper.h \
+ util/XMLObjectChildrenList.h
valinclude_HEADERS = \
- validation/AbstractValidatingXMLObject.h \
- validation/ValidatingXMLObject.h \
- validation/Validator.h
+ validation/AbstractValidatingXMLObject.h \
+ validation/ValidatingXMLObject.h \
+ validation/Validator.h
noinst_HEADERS = \
- internal.h
+ internal.h
if BUILD_XMLSEC
xmlsec_sources = \
- encryption/impl/Decrypter.cpp \
- encryption/impl/Encrypter.cpp \
+ encryption/impl/Decrypter.cpp \
+ encryption/impl/Encrypter.cpp \
signature/impl/SignatureValidator.cpp \
- signature/impl/XMLSecSignatureImpl.cpp
+ signature/impl/XMLSecSignatureImpl.cpp
else
xmlsec_sources =
endif
libxmltooling_la_SOURCES = \
- AbstractAttributeExtensibleXMLObject.cpp \
- AbstractChildlessElement.cpp \
- AbstractComplexElement.cpp \
- AbstractDOMCachingXMLObject.cpp \
- AbstractXMLObject.cpp \
- exceptions.cpp \
- Namespace.cpp \
- QName.cpp \
- unicode.cpp \
- XMLObjectBuilder.cpp \
- XMLToolingConfig.cpp \
- encryption/impl/EncryptionImpl.cpp \
- encryption/impl/EncryptionSchemaValidators.cpp \
- impl/AnyElement.cpp \
- impl/UnknownElement.cpp \
- io/AbstractXMLObjectMarshaller.cpp \
- io/AbstractXMLObjectUnmarshaller.cpp \
- signature/impl/KeyInfoImpl.cpp \
- signature/impl/KeyInfoSchemaValidators.cpp \
- util/DateTime.cpp \
- util/NDC.cpp \
- util/ParserPool.cpp \
- util/XMLConstants.cpp \
- util/XMLHelper.cpp \
- validation/AbstractValidatingXMLObject.cpp \
- validation/Validator.cpp \
- ${xmlsec_sources}
+ AbstractAttributeExtensibleXMLObject.cpp \
+ AbstractChildlessElement.cpp \
+ AbstractComplexElement.cpp \
+ AbstractDOMCachingXMLObject.cpp \
+ AbstractXMLObject.cpp \
+ exceptions.cpp \
+ Namespace.cpp \
+ QName.cpp \
+ unicode.cpp \
+ XMLObjectBuilder.cpp \
+ XMLToolingConfig.cpp \
+ encryption/impl/EncryptionImpl.cpp \
+ encryption/impl/EncryptionSchemaValidators.cpp \
+ impl/AnyElement.cpp \
+ impl/UnknownElement.cpp \
+ io/AbstractXMLObjectMarshaller.cpp \
+ io/AbstractXMLObjectUnmarshaller.cpp \
+ signature/impl/KeyInfoImpl.cpp \
+ signature/impl/KeyInfoSchemaValidators.cpp \
+ util/DateTime.cpp \
+ util/NDC.cpp \
+ util/ParserPool.cpp \
+ util/XMLConstants.cpp \
+ util/XMLHelper.cpp \
+ validation/AbstractValidatingXMLObject.cpp \
+ validation/Validator.cpp \
+ ${xmlsec_sources}
# this is different from the project version
# http://sources.redhat.com/autobook/autobook/autobook_91.html
* Constructor.
* Resolvers will be deleted when Decrypter is.
*
- * @param KEKresolver resolves key decryption key based on KeyInfo information
- * @param resolver resolves data decryption key based on KeyInfo information
+ * @param KEKresolver resolves key decryption key
+ * @param resolver resolves data decryption key
*/
Decrypter(xmlsignature::KeyResolver* KEKresolver=NULL, xmlsignature::KeyResolver* resolver=NULL)
: m_cipher(NULL), m_resolver(resolver), m_KEKresolver(KEKresolver) {
~Decrypter();
/**
- * Replace the current KeyResolver interface, if any, with a new one.
+ * Replace the current data encryption KeyResolver interface, if any, with a new one.
*
* @param resolver the KeyResolver to attach
*/
--- /dev/null
+/*\r
+ * Copyright 2001-2006 Internet2\r
+ * \r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ */\r
+\r
+/**\r
+ * @file EncryptedKeyResolver.h\r
+ * \r
+ * Resolves encrypted keys based on EncryptedData information or other external factors.\r
+ */\r
+\r
+#if !defined(__xmltooling_enckeyres_h__) && !defined(XMLTOOLING_NO_XMLSEC)\r
+#define __xmltooling_enckeyres_h__\r
+\r
+#include <xmltooling/encryption/Encryption.h>\r
+#include <xmltooling/signature/KeyResolver.h>\r
+\r
+namespace xmlencryption {\r
+\r
+ /**\r
+ * An API for resolving encrypted decryption keys.\r
+ */\r
+ class XMLTOOL_API EncryptedKeyResolver : public xmlsignature::KeyResolver {\r
+ public:\r
+ virtual ~EncryptedKeyResolver() {}\r
+ \r
+ /**\r
+ * Returns an encrypted key based on the supplied KeyInfo information.\r
+ * \r
+ * @param encryptedData an encrypted object\r
+ * @return the resolved EncryptedKey object\r
+ */\r
+ virtual EncryptedKey* resolveKey(EncryptedData* encryptedData)=0;\r
+ };\r
+\r
+};\r
+\r
+#endif /* __xmltooling_enckeyres_h__ */\r
unsigned char m_keyBuffer[32];
};
- DECL_XMLTOOLING_EXCEPTION(EncryptionException,XMLTOOL_EXCEPTIONAPI(XMLTOOL_API),xmlencryption,xmltooling::XMLToolingException,Exceptions in encryption processing);
+ DECL_XMLTOOLING_EXCEPTION(EncryptionException,XMLTOOL_EXCEPTIONAPI(XMLTOOL_API),xmlencryption,xmltooling::XMLSecurityException,Exceptions in encryption processing);
};
#include "internal.h"
#include "encryption/Decrypter.h"
+#include "encryption/EncryptedKeyResolver.h"
#include <log4cpp/Category.hh>
#include <xsec/enc/XSECCryptoException.hpp>
XSECCryptoKey* key=NULL;
if (m_resolver)
key=m_resolver->resolveKey(encryptedData->getKeyInfo());
- if (!key) {
- // See if there's an encrypted key present. We'll need the algorithm...
+
+ if (!key && m_KEKresolver) {
+ // See if there's an encrypted key available. We'll need the algorithm...
const XMLCh* algorithm=
encryptedData->getEncryptionMethod() ? encryptedData->getEncryptionMethod()->getAlgorithm() : NULL;
if (!algorithm)
}
}
- if (!key)
- throw DecryptionException("Unable to resolve a decryption key.");
+ if (!key) {
+ // Check for a non-trivial resolver.
+ EncryptedKeyResolver* ekr=dynamic_cast<EncryptedKeyResolver*>(m_resolver);
+ if (ekr) {
+ EncryptedKey* encKey=ekr->resolveKey(encryptedData);
+ if (encKey) {
+ try {
+ key=decryptKey(encKey, algorithm);
+ }
+ catch (DecryptionException& e) {
+ log4cpp::Category::getInstance(XMLTOOLING_LOGCAT".Decrypter").warn(e.what());
+ }
+ }
+ }
+ }
}
+
+ if (!key)
+ throw DecryptionException("Unable to resolve a decryption key.");
m_cipher->setKey(key);
DOMNode* ret=m_cipher->decryptElementDetached(encryptedData->getDOM());
DECL_XMLTOOLING_EXCEPTION(UnknownAttributeException,XMLTOOL_EXCEPTIONAPI(XMLTOOL_API),xmltooling,XMLToolingException,Exceptions due to processing of unknown attributes);
DECL_XMLTOOLING_EXCEPTION(UnknownExtensionException,XMLTOOL_EXCEPTIONAPI(XMLTOOL_API),xmltooling,XMLToolingException,Exceptions from use of an unrecognized extension/plugin);
DECL_XMLTOOLING_EXCEPTION(ValidationException,XMLTOOL_EXCEPTIONAPI(XMLTOOL_API),xmltooling,XMLToolingException,Exceptions during object validation);
+ DECL_XMLTOOLING_EXCEPTION(XMLSecurityException,XMLTOOL_EXCEPTIONAPI(XMLTOOL_API),xmltooling,XMLToolingException,Exceptions related to the XML security layer);
};
namespace xmlsignature {\r
\r
/**\r
- * An API for resolving decryption keys.\r
- * Can be used during both data and key decryption.\r
+ * An API for resolving keys.\r
*/\r
class XMLTOOL_API KeyResolver {\r
public:\r
/**\r
- * Constructor based on a single externally supplied decryption key.\r
+ * Constructor based on a single externally supplied key.\r
* The key will be destroyed when the resolver is. \r
* \r
- * @param key external decryption key\r
+ * @param key external key\r
*/\r
KeyResolver(XSECCryptoKey* key=NULL) : m_key(key) {}\r
\r
}\r
};\r
\r
- DECL_XMLTOOLING_EXCEPTION(SignatureException,XMLTOOL_EXCEPTIONAPI(XMLTOOL_API),xmlsignature,xmltooling::XMLToolingException,Exceptions in signature processing);\r
+ DECL_XMLTOOLING_EXCEPTION(SignatureException,XMLTOOL_EXCEPTIONAPI(XMLTOOL_API),xmlsignature,xmltooling::XMLSecurityException,Exceptions in signature processing);\r
\r
};\r
\r
>\r
</File>\r
<File\r
+ RelativePath=".\encryption\EncryptedKeyResolver.h"\r
+ >\r
+ </File>\r
+ <File\r
RelativePath=".\encryption\Encrypter.h"\r
>\r
</File>\r