#include <xsec/enc/XSECCryptoX509.hpp>
namespace xmltooling {
+ class XMLTOOL_API Credential;
+
/**
* A helper class for working with keys, certificates, etc.
*/
/**
* Returns the base64-encoded DER encoding of a public key in SubjectPublicKeyInfo format.
*
+ * @param key the credential containing the key to encode
+ * @return the base64 encoded key value in a malloc'd string
+ */
+ static char* getDEREncoding(const Credential& cred);
+
+ /**
+ * Returns the base64-encoded DER encoding of a public key in SubjectPublicKeyInfo format.
+ *
* @param key the key to encode
- * @return the base64 encoded key value
+ * @return the base64 encoded key value in a malloc'd string
*/
- static std::string getDEREncoding(const XSECCryptoKey* key);
+ static char* getDEREncoding(const XSECCryptoKey& key);
/**
* Returns the base64-encoded DER encoding of a certifiate's public key in SubjectPublicKeyInfo format.
*
* @param cert the certificate's key to encode
- * @return the base64 encoded key value
+ * @return the base64 encoded key value in a malloc'd string
*/
- static std::string getDEREncoding(const XSECCryptoX509* cert);
+ static char* getDEREncoding(const XSECCryptoX509& cert);
};
};
#include "logging.h"
#include "security/OpenSSLCryptoX509CRL.h"
#include "security/SecurityHelper.h"
+#include "security/X509Credential.h"
#include "util/NDC.h"
#include <fstream>
return false;
}
-string SecurityHelper::getDEREncoding(const XSECCryptoKey* key)
+char* SecurityHelper::getDEREncoding(const XSECCryptoKey& key)
{
- string ret;
+ char* ret=NULL;
- if (key->getProviderName()!=DSIGConstants::s_unicodeStrPROVOpenSSL) {
+ if (key.getProviderName()!=DSIGConstants::s_unicodeStrPROVOpenSSL) {
Category::getInstance(XMLTOOLING_LOGCAT".SecurityHelper").warn("encoding of non-OpenSSL keys not supported");
return ret;
}
- if (key->getKeyType() == XSECCryptoKey::KEY_RSA_PUBLIC || key->getKeyType() == XSECCryptoKey::KEY_RSA_PAIR) {
- const RSA* rsa = static_cast<const OpenSSLCryptoKeyRSA*>(key)->getOpenSSLRSA();
+ if (key.getKeyType() == XSECCryptoKey::KEY_RSA_PUBLIC || key.getKeyType() == XSECCryptoKey::KEY_RSA_PAIR) {
+ const RSA* rsa = static_cast<const OpenSSLCryptoKeyRSA&>(key).getOpenSSLRSA();
+ if (!rsa) {
+ Category::getInstance(XMLTOOLING_LOGCAT".SecurityHelper").warn("key was not populated");
+ return ret;
+ }
BIO* base64 = BIO_new(BIO_f_base64());
BIO_set_flags(base64, BIO_FLAGS_BASE64_NO_NL);
BIO* mem = BIO_new(BIO_s_mem());
BIO_flush(base64);
BUF_MEM* bptr=NULL;
BIO_get_mem_ptr(base64, &bptr);
- if (bptr && bptr->length > 0)
- ret.append(bptr->data, bptr->length);
+ if (bptr && bptr->length > 0) {
+ ret = (char*)malloc(sizeof(char)*(bptr->length+1));
+ if (ret) {
+ strncpy(ret, bptr->data, bptr->length);
+ ret[bptr->length]=0;
+ }
+ }
BIO_free_all(base64);
}
- else if (key->getKeyType() == XSECCryptoKey::KEY_DSA_PUBLIC || key->getKeyType() == XSECCryptoKey::KEY_DSA_PAIR) {
- const DSA* dsa = static_cast<const OpenSSLCryptoKeyDSA*>(key)->getOpenSSLDSA();
+ else if (key.getKeyType() == XSECCryptoKey::KEY_DSA_PUBLIC || key.getKeyType() == XSECCryptoKey::KEY_DSA_PAIR) {
+ const DSA* dsa = static_cast<const OpenSSLCryptoKeyDSA&>(key).getOpenSSLDSA();
+ if (!dsa) {
+ Category::getInstance(XMLTOOLING_LOGCAT".SecurityHelper").warn("key was not populated");
+ return ret;
+ }
BIO* base64 = BIO_new(BIO_f_base64());
BIO_set_flags(base64, BIO_FLAGS_BASE64_NO_NL);
BIO* mem = BIO_new(BIO_s_mem());
BIO_flush(base64);
BUF_MEM* bptr=NULL;
BIO_get_mem_ptr(base64, &bptr);
- if (bptr && bptr->length > 0)
- ret.append(bptr->data, bptr->length);
+ if (bptr && bptr->length > 0) {
+ ret = (char*)malloc(sizeof(char)*(bptr->length+1));
+ if (ret) {
+ strncpy(ret, bptr->data, bptr->length);
+ ret[bptr->length]=0;
+ }
+ }
BIO_free_all(base64);
}
else {
return ret;
}
-string SecurityHelper::getDEREncoding(const XSECCryptoX509* cert)
+char* SecurityHelper::getDEREncoding(const XSECCryptoX509& cert)
{
- string ret;
+ char* ret=NULL;
- if (cert->getProviderName()!=DSIGConstants::s_unicodeStrPROVOpenSSL) {
+ if (cert.getProviderName()!=DSIGConstants::s_unicodeStrPROVOpenSSL) {
Category::getInstance(XMLTOOLING_LOGCAT".SecurityHelper").warn("encoding of non-OpenSSL keys not supported");
return ret;
}
- const X509* x = static_cast<const OpenSSLCryptoX509*>(cert)->getOpenSSLX509();
+ const X509* x = static_cast<const OpenSSLCryptoX509&>(cert).getOpenSSLX509();
EVP_PKEY* key = X509_get_pubkey(const_cast<X509*>(x));
BIO* base64 = BIO_new(BIO_f_base64());
BIO_flush(base64);
BUF_MEM* bptr=NULL;
BIO_get_mem_ptr(base64, &bptr);
- if (bptr && bptr->length > 0)
- ret.append(bptr->data, bptr->length);
+ if (bptr && bptr->length > 0) {
+ ret = (char*)malloc(sizeof(char)*(bptr->length+1));
+ if (ret) {
+ strncpy(ret, bptr->data, bptr->length);
+ ret[bptr->length]=0;
+ }
+ }
BIO_free_all(base64);
return ret;
}
+
+char* SecurityHelper::getDEREncoding(const Credential& cred)
+{
+ const X509Credential* x509 = dynamic_cast<const X509Credential*>(&cred);
+ if (x509 && !x509->getEntityCertificateChain().empty())
+ return getDEREncoding(*(x509->getEntityCertificateChain().front()));
+ else if (cred.getPublicKey())
+ return getDEREncoding(*(cred.getPublicKey()));
+ return NULL;
+}