santuario-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From blaut...@apache.org
Subject cvs commit: xml-security/c/src/dsig DSIGReference.cpp DSIGReference.hpp DSIGSignature.cpp DSIGSignature.hpp DSIGSignedInfo.cpp DSIGSignedInfo.hpp
Date Tue, 05 Jul 2005 11:52:43 GMT
blautenb    2005/07/05 04:52:43

  Modified:    c/src/dsig DSIGReference.cpp DSIGReference.hpp
                        DSIGSignature.cpp DSIGSignature.hpp
                        DSIGSignedInfo.cpp DSIGSignedInfo.hpp
  Log:
  Add methods to create signatures using URIs rather than enums + deprecate enum based methods
  
  Revision  Changes    Path
  1.28      +52 -78    xml-security/c/src/dsig/DSIGReference.cpp
  
  Index: DSIGReference.cpp
  ===================================================================
  RCS file: /home/cvs/xml-security/c/src/dsig/DSIGReference.cpp,v
  retrieving revision 1.27
  retrieving revision 1.28
  diff -u -r1.27 -r1.28
  --- DSIGReference.cpp	14 May 2005 04:33:46 -0000	1.27
  +++ DSIGReference.cpp	5 Jul 2005 11:52:43 -0000	1.28
  @@ -50,6 +50,8 @@
   
   #include <xsec/framework/XSECError.hpp>
   #include <xsec/framework/XSECEnv.hpp>
  +#include <xsec/framework/XSECAlgorithmHandler.hpp>
  +#include <xsec/framework/XSECAlgorithmMapper.hpp>
   #include <xsec/utils/XSECPlatformUtils.hpp>
   #include <xsec/utils/XSECDOMUtils.hpp>
   #include <xsec/utils/XSECBinTXFMInputStream.hpp>
  @@ -261,6 +263,16 @@
   
   }	
   
  +DSIGTransformC14n * DSIGReference::appendCanonicalizationTransform(
  +		const XMLCh * canonicalizationAlgorithmURI) {
  +	
  +	canonicalizationMethod cm;
  +	XSECmapURIToCanonicalizationMethod(canonicalizationAlgorithmURI, cm);
  +
  +	return appendCanonicalizationTransform(cm);
  +
  +}	
  +
   DSIGTransformXPath * DSIGReference::appendXPathTransform(const char * expr) {
   
   	DOMElement *txfmElt;
  @@ -298,15 +310,33 @@
   
   DOMElement *DSIGReference::createBlankReference(const XMLCh * URI, hashMethod hm, char
* type) {
   
  +	// Deprecated - use the algorithm URI based method instead
  +
  +	safeBuffer hURI;
  +
  +	if (hashMethod2URI(hURI, hm) == false) {
  +		throw XSECException(XSECException::UnknownSignatureAlgorithm,
  +			"DSIGReference::createBlankReference - Hash method unknown");
  +	}
  +
  +	return createBlankReference(URI, hURI.sbStrToXMLCh(), MAKE_UNICODE_STRING(type));
  +
  +}
  +
  +DOMElement *DSIGReference::createBlankReference(const XMLCh * URI, 
  +												const XMLCh * hashAlgorithmURI, 
  +												const XMLCh * type) {
  +
   	// Reset this Reference just in case
   	
  -	me_hashMethod = hm;
   	m_isManifest = false;
   	mp_preHash = NULL;
   	mp_manifestList = NULL;
   	mp_transformsNode = NULL;
   	mp_transformList = NULL;
   
  +	XSECmapURIToHashMethod(hashAlgorithmURI, me_hashMethod);
  +
   	safeBuffer str;
   	DOMDocument *doc = mp_env->getParentDocument();
   	const XMLCh * prefix = mp_env->getDSIGNSPrefix();
  @@ -318,8 +348,7 @@
   
   	// Set type
   	if (type != NULL)
  -		ret->setAttributeNS(NULL, MAKE_UNICODE_STRING("Type"),
  -			MAKE_UNICODE_STRING(type));
  +		ret->setAttributeNS(NULL, MAKE_UNICODE_STRING("Type"), type);
   
   	// Set URI
   	if (URI != NULL) {
  @@ -338,14 +367,13 @@
   	ret->appendChild(digestMethod);
   	mp_env->doPrettyPrint(ret);
   
  -	if (!hashMethod2URI(str, hm)) {
  -	
  -		throw XSECException(XSECException::SignatureCreationError,
  -			"Attempt to use undefined Digest Method in SignedInfo Creation");
  +	digestMethod->setAttributeNS(NULL, DSIGConstants::s_unicodeStrAlgorithm, 
  +		hashAlgorithmURI);
   
  -	}
  +	// Retrieve the attribute value for later use
  +	mp_algorithmURI = 
  +		digestMethod->getAttributeNS(NULL, DSIGConstants::s_unicodeStrAlgorithm);
   
  -	digestMethod->setAttributeNS(NULL, DSIGConstants::s_unicodeStrAlgorithm, str.sbStrToXMLCh());
   
   	// DigestValue
   
  @@ -627,58 +655,10 @@
   
   	}
   
  -	// Determine hashing algorithm
  -
  -	if (strEquals(atts->item(i)->getNodeValue(), DSIGConstants::s_unicodeStrURISHA1))
{
  -
  -		me_hashMethod = HASH_SHA1;
  -
  -	}
  -
  -	else if (strEquals(atts->item(i)->getNodeValue(), DSIGConstants::s_unicodeStrURISHA224))
{
  -
  -		me_hashMethod = HASH_SHA224;
  -
  -	}
  -
  -	else if (strEquals(atts->item(i)->getNodeValue(), DSIGConstants::s_unicodeStrURISHA256))
{
  -
  -		me_hashMethod = HASH_SHA256;
  -
  -	}
  -
  -	else if (strEquals(atts->item(i)->getNodeValue(), DSIGConstants::s_unicodeStrURISHA384))
{
  -
  -		me_hashMethod = HASH_SHA384;
  -
  -	}
  -
  -	else if (strEquals(atts->item(i)->getNodeValue(), DSIGConstants::s_unicodeStrURISHA512))
{
  -
  -		me_hashMethod = HASH_SHA512;
  -
  -	}
  -
  -	else if (strEquals(atts->item(i)->getNodeValue(), DSIGConstants::s_unicodeStrURIMD5))
{
  -
  -		me_hashMethod = HASH_MD5;
  -
  -	}
  -
  -	else {
  -
  -		safeBuffer tmp, error;
  -
  -		error << (*mp_formatter << atts->item(0)->getNodeValue());
  -
  -		tmp.sbStrcpyIn("Unknown DigestMethod Algorithm : '");
  -		tmp.sbStrcatIn(error);
  -		tmp.sbStrcatIn("'.");
  -
  -		throw XSECException(XSECException::UnknownTransform, tmp.rawCharBuffer());
  -
  -	}
  +	mp_algorithmURI = atts->item(i)->getNodeValue();
   
  +	// Determine hashing algorithm
  +	XSECmapURIToHashMethod(mp_algorithmURI, me_hashMethod);
   
   	// Find the hash value node
   
  @@ -1265,34 +1245,28 @@
   #endif
   
   	
  -	// Determine what the digest method actually is
  +	// Get the mapping for the hash transform
   
  -	switch (me_hashMethod) {
  +	XSECAlgorithmHandler * handler = 
  +		XSECPlatformUtils::g_algorithmMapper->mapURIToHandler(mp_algorithmURI);
   
  -	case HASH_SHA1 :
  -	case HASH_SHA224 :
  -	case HASH_SHA256 :
  -	case HASH_SHA384 :
  -	case HASH_SHA512 :
  +	if (handler == NULL) {
   
  -		XSECnew(currentTxfm, TXFMSHA1(d, me_hashMethod));
  -		break;
  -	
  -	case HASH_MD5 :
   
  -		XSECnew(currentTxfm, TXFMMD5(d));
  -		break;
  +		throw XSECException(XSECException::SigVfyError,
  +			"Hash method unknown in DSIGReference::calculateHash()");
  +
  +	}
   
  -	default :
  +	if (!handler->appendHashTxfm(chain, mp_algorithmURI)) {
   
  -		throw XSECException(XSECException::UnknownTransform, 
  -			"Unknown Hash type in <Reference> node");
  +		throw XSECException(XSECException::SigVfyError,
  +			"Unexpected error in handler whilst appending Hash transform");
   
   	}
   
   	// Now we have the hashing transform, run it.
   
  -	chain->appendTxfm(currentTxfm);
   	size = chain->getLastTxfm()->readBytes(toFill, maxToFill);
   
   	// Clean out document if necessary
  
  
  
  1.18      +39 -1     xml-security/c/src/dsig/DSIGReference.hpp
  
  Index: DSIGReference.hpp
  ===================================================================
  RCS file: /home/cvs/xml-security/c/src/dsig/DSIGReference.hpp,v
  retrieving revision 1.17
  retrieving revision 1.18
  diff -u -r1.17 -r1.18
  --- DSIGReference.hpp	4 Jun 2005 11:30:25 -0000	1.17
  +++ DSIGReference.hpp	5 Jul 2005 11:52:43 -0000	1.18
  @@ -148,12 +148,37 @@
   	 * @param hm The type of Digest to be used (generally SHA-1)
   	 * @param type A type string (as defined by XML Signature).
   	 * @returns The root Reference element of the newly created DOM structure.
  +	 * @deprecated Use the URI based creation method instead
   	 */
   
   	XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * 
   		createBlankReference(const XMLCh * URI, hashMethod hm, char * type);
   
   	/**
  +	 * \brief Create a Reference structure in the document.
  +	 *
  +	 * <p>This function will create a Reference structure in the owner
  +	 * document.  In some cases, a call to this function will be sufficient
  +	 * to put the required Reference in place.  In other cases, calls will
  +	 * also need to be made to the various append*Transform methods.</p>
  +	 *
  +	 * @note The XSEC Library currently makes very little use of <em>type</em>
  +	 * attributes in \<Reference\> Elements.  However this may of use to calling
  +	 * applications.
  +	 *
  +	 * @param URI The URI (data source) for this reference.  Set to NULL for
  +	 * an anonymous reference.
  +	 * @param hashAlgorithmURI The type of Digest to be used (generally SHA-1)
  +	 * @param type A type string (as defined by XML Signature).
  +	 * @returns The root Reference element of the newly created DOM structure.
  +	 */
  +
  +	XERCES_CPP_NAMESPACE_QUALIFIER DOMElement * 
  +		createBlankReference(const XMLCh * URI, 
  +			const XMLCh * hashAlgorithmURI, 
  +			const XMLCh * type);
  +
  +	/**
   	 * \brief Append an Enveloped Signature Transform to the Reference.
   	 *
   	 * Appends a simple enveloped-signature transform to the list of transforms
  @@ -213,8 +238,20 @@
   	/**
   	 * \brief Append a Canonicalization Transform to the Reference.
   	 *
  +	 * @param canonicalizationAlgorithmURI The type of canonicalisation to be added.
  +	 * @returns The newly create canonicalisation transform
  +	 */
  +
  +	DSIGTransformC14n * appendCanonicalizationTransform(
  +		const XMLCh * canonicalizationAlgorithmURI
  +	);
  +
  +	/**
  +	 * \brief Append a Canonicalization Transform to the Reference.
  +	 *
   	 * @param cm The type of canonicalisation to be added.
   	 * @returns The newly create canonicalisation transform
  +	 * @deprecated Use the AlgorithmURI based method instead
   	 */
   
   	DSIGTransformC14n * appendCanonicalizationTransform(canonicalizationMethod cm);
  @@ -494,6 +531,7 @@
   								* mp_hashValueNode;		// Node where the Hash value is stored
   	const XSECEnv				* mp_env;
   	DSIGTransformList			* mp_transformList;		// List of transforms
  +	const XMLCh					* mp_algorithmURI;		// Hash algorithm for this reference
   	
   	bool                        m_loaded;
   
  
  
  
  1.41      +145 -235  xml-security/c/src/dsig/DSIGSignature.cpp
  
  Index: DSIGSignature.cpp
  ===================================================================
  RCS file: /home/cvs/xml-security/c/src/dsig/DSIGSignature.cpp,v
  retrieving revision 1.40
  retrieving revision 1.41
  diff -u -r1.40 -r1.41
  --- DSIGSignature.cpp	15 May 2005 09:09:58 -0000	1.40
  +++ DSIGSignature.cpp	5 Jul 2005 11:52:43 -0000	1.41
  @@ -39,6 +39,8 @@
   #include <xsec/transformers/TXFMC14n.hpp>
   #include <xsec/transformers/TXFMChain.hpp>
   #include <xsec/framework/XSECError.hpp>
  +#include <xsec/framework/XSECAlgorithmHandler.hpp>
  +#include <xsec/framework/XSECAlgorithmMapper.hpp>
   #include <xsec/enc/XSECCryptoKeyDSA.hpp>
   #include <xsec/enc/XSECCryptoKeyRSA.hpp>
   #include <xsec/utils/XSECDOMUtils.hpp>
  @@ -51,6 +53,7 @@
   #include <xsec/dsig/DSIGKeyInfoPGPData.hpp>
   #include <xsec/dsig/DSIGKeyInfoSPKIData.hpp>
   #include <xsec/dsig/DSIGKeyInfoMgmtData.hpp>
  +#include <xsec/dsig/DSIGAlgorithmHandlerDefault.hpp>
   #include <xsec/framework/XSECEnv.hpp>
   
   // Xerces includes
  @@ -61,10 +64,46 @@
   XERCES_CPP_NAMESPACE_USE
   
   // --------------------------------------------------------------------------------
  +//           Init
  +// --------------------------------------------------------------------------------
  +
  +
  +void DSIGSignature::Initialise(void) {
  +
  +	DSIGAlgorithmHandlerDefault def;
  +	
  +	// Register default signature algorithm handlers
  +
  +	XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIRSA_SHA1, def);
  +	XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIRSA_SHA224,
def);
  +	XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIRSA_SHA256,
def);
  +	XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIRSA_SHA384,
def);
  +	XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIRSA_SHA512,
def);
  +	XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIDSA_SHA1, def);
  +	XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIHMAC_SHA1, def);
  +	XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIHMAC_SHA224,
def);
  +	XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIHMAC_SHA256,
def);
  +	XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIHMAC_SHA384,
def);
  +	XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIHMAC_SHA512,
def);
  +
  +	// Register default hashing algorithm handlers
  +
  +	XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURISHA1, def);
  +	XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURISHA224, def);
  +	XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURISHA256, def);
  +	XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURISHA384, def);
  +	XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURISHA512, def);
  +	XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURIMD5, def);
  +
  +}
  +
  +// --------------------------------------------------------------------------------
   //           Some useful utility functions
   // --------------------------------------------------------------------------------
   
   
  +#if 0
  +
   bool compareBase64StringToRaw(safeBuffer &b64SB, 
   							  unsigned char * raw, 
   							  unsigned int rawLen, 
  @@ -202,6 +241,9 @@
   	b64SB.sbStrcpyIn((char *) b64Str);
   
   }
  +
  +#endif /* 0 */
  +
   // --------------------------------------------------------------------------------
   //           Get the Canonicalised BYTE_STREAM of the SignedInfo
   // --------------------------------------------------------------------------------
  @@ -509,12 +551,44 @@
   
   }
   
  +// --------------------------------------------------------------------------------
  +//           Creating Blank Signature
  +// --------------------------------------------------------------------------------
   
   DOMElement *DSIGSignature::createBlankSignature(DOMDocument *doc,
   			canonicalizationMethod cm,
   			signatureMethod	sm,
   			hashMethod hm) {
   
  +	// This is now deprecated.  Because this is so, we go the long way - translate
  +	// to URI and then call the "standard" method, which will translate back to 
  +	// internal enums if possible
  +
  +	const XMLCh * cURI;
  +	safeBuffer sURI;
  +
  +	if ((cURI = canonicalizationMethod2UNICODEURI(cm)) == NULL) {
  +		throw XSECException(XSECException::UnknownCanonicalization,
  +			"DSIGSignature::createBlankSignature - Canonicalisation method unknown");
  +	}
  +
  +	if (signatureHashMethod2URI(sURI, sm, hm) == false) {
  +		throw XSECException(XSECException::UnknownSignatureAlgorithm,
  +			"DSIGSignature::createBlankSignature - Signature/Hash method unknown");
  +	}
  +
  +	return createBlankSignature(doc, cURI, sURI.sbStrToXMLCh());
  +
  +}
  +
  +
  +DOMElement *DSIGSignature::createBlankSignature(
  +		DOMDocument *doc,
  +		const XMLCh * canonicalizationAlgorithmURI,
  +		const XMLCh * signatureAlgorithmURI) {
  +
  +	// "New" method to create a blank signature, based on URIs.
  +
   	mp_doc = doc;
   	mp_env->setParentDocument(doc);
   
  @@ -545,7 +619,8 @@
   	// Create the skeleton SignedInfo
   	XSECnew(mp_signedInfo, DSIGSignedInfo(mp_doc, mp_formatter, mp_env));
   	
  -	mp_sigNode->appendChild(mp_signedInfo->createBlankSignedInfo(cm, sm, hm));
  +	mp_sigNode->appendChild(mp_signedInfo->createBlankSignedInfo(
  +		canonicalizationAlgorithmURI, signatureAlgorithmURI));
   	mp_env->doPrettyPrint(mp_sigNode);
   
   	// Create a dummy signature value (dummy until signed)
  @@ -565,6 +640,8 @@
   	return sigNode;
   }
   
  +
  +
   // --------------------------------------------------------------------------------
   //           Creating References
   // --------------------------------------------------------------------------------
  @@ -577,6 +654,15 @@
   
   }
   
  +DSIGReference * DSIGSignature::createReference(
  +		const XMLCh * URI,
  +		const XMLCh * hashAlgorithmURI, 
  +		const XMLCh * type) {
  +
  +	return mp_signedInfo->createReference(URI, hashAlgorithmURI, type);
  +
  +}
  +
   // --------------------------------------------------------------------------------
   //           Manipulation of KeyInfo elements
   // --------------------------------------------------------------------------------
  @@ -802,10 +888,7 @@
   */
   }
   
  -unsigned int DSIGSignature::calculateSignedInfoHash(unsigned char * hashBuf, 
  -													unsigned int hashBufLen) {
  -
  -	// Calculate the hash and store in the hashBuf
  +TXFMChain * DSIGSignature::getSignedInfoInput(void) {
   
   	TXFMBase * txfm;
   	TXFMChain * chain;
  @@ -861,93 +944,41 @@
   			"Canonicalisation method unknown in DSIGSignature::calculateSignedInfoHash()");
   
   	}
  +	
  +	j_chain.release();
  +	return chain;
   
  -	// Setup Hash
  -
  -	switch (mp_signedInfo->getHashMethod()) {
  -
  -	case HASH_SHA1 :
  -
  -		if (mp_signedInfo->getSignatureMethod() == SIGNATURE_HMAC){
  -			if (mp_signingKey->getKeyType() != XSECCryptoKey::KEY_HMAC) {
  -				throw XSECException(XSECException::SigVfyError,
  -					"DSIGSignature::calculateSignedInfoHash - non HMAC key passed in to HMAC signature");
  -			}
  -			XSECnew(txfm, TXFMSHA1(mp_doc, HASH_SHA1, mp_signingKey));
  -		}
  -		else  {
  -			XSECnew(txfm, TXFMSHA1(mp_doc));
  -		}
  -
  -		break;
  -
  -	case HASH_SHA224 :
  -
  -		if (mp_signedInfo->getSignatureMethod() == SIGNATURE_HMAC){
  -			if (mp_signingKey->getKeyType() != XSECCryptoKey::KEY_HMAC) {
  -				throw XSECException(XSECException::SigVfyError,
  -					"DSIGSignature::calculateSignedInfoHash - non HMAC key passed in to HMAC signature");
  -			}
  -			XSECnew(txfm, TXFMSHA1(mp_doc, HASH_SHA224, mp_signingKey));
  -		}
  -		else  {
  -			XSECnew(txfm, TXFMSHA1(mp_doc, HASH_SHA224));
  -		}
  -
  -		break;
  -
  -	case HASH_SHA256 :
  -
  -		if (mp_signedInfo->getSignatureMethod() == SIGNATURE_HMAC){
  -			if (mp_signingKey->getKeyType() != XSECCryptoKey::KEY_HMAC) {
  -				throw XSECException(XSECException::SigVfyError,
  -					"DSIGSignature::calculateSignedInfoHash - non HMAC key passed in to HMAC signature");
  -			}
  -			XSECnew(txfm, TXFMSHA1(mp_doc, HASH_SHA256, mp_signingKey));
  -		}
  -		else  {
  -			XSECnew(txfm, TXFMSHA1(mp_doc, HASH_SHA256));
  -		}
  +}
   
  -		break;
  +unsigned int DSIGSignature::calculateSignedInfoHash(unsigned char * hashBuf, 
  +													unsigned int hashBufLen) {
   
  -	case HASH_SHA384 :
  +	// Get the SignedInfo input bytes
  +	TXFMChain * chain = getSignedInfoInput();
  +	Janitor<TXFMChain> j_chain(chain);
   
  -		if (mp_signedInfo->getSignatureMethod() == SIGNATURE_HMAC){
  -			if (mp_signingKey->getKeyType() != XSECCryptoKey::KEY_HMAC) {
  -				throw XSECException(XSECException::SigVfyError,
  -					"DSIGSignature::calculateSignedInfoHash - non HMAC key passed in to HMAC signature");
  -			}
  -			XSECnew(txfm, TXFMSHA1(mp_doc, HASH_SHA384, mp_signingKey));
  -		}
  -		else  {
  -			XSECnew(txfm, TXFMSHA1(mp_doc, HASH_SHA384));
  -		}
  +	// Setup Hash
  +	// First find the appropriate handler for the URI
  +	XSECAlgorithmHandler * handler = 
  +		XSECPlatformUtils::g_algorithmMapper->mapURIToHandler(
  +					mp_signedInfo->getAlgorithmURI());
   
  -		break;
  +	if (handler == NULL) {
   
  -	case HASH_SHA512 :
   
  -		if (mp_signedInfo->getSignatureMethod() == SIGNATURE_HMAC){
  -			if (mp_signingKey->getKeyType() != XSECCryptoKey::KEY_HMAC) {
  -				throw XSECException(XSECException::SigVfyError,
  -					"DSIGSignature::calculateSignedInfoHash - non HMAC key passed in to HMAC signature");
  -			}
  -			XSECnew(txfm, TXFMSHA1(mp_doc, HASH_SHA512, mp_signingKey));
  -		}
  -		else  {
  -			XSECnew(txfm, TXFMSHA1(mp_doc, HASH_SHA512));
  -		}
  +		throw XSECException(XSECException::SigVfyError,
  +			"Hash method unknown in DSIGSignature::calculateSignedInfoHash()");
   
  -		break;
  +	}
   
  -	default :
  +	if (!handler->appendSignatureHashTxfm(chain, mp_signedInfo->getAlgorithmURI(), mp_signingKey))
{
   
   		throw XSECException(XSECException::SigVfyError,
  -			"Hash method unknown in DSIGSignature::calculateSignedInfoHash()");
  +			"Unexpected error in handler whilst appending Signature Hash transform");
   
   	}
   
  +
   #if 0
   	TXFMOutputFile * of = new TXFMOutputFile(mp_doc);
   
  @@ -956,8 +987,6 @@
   	hashVal=of;
   #endif
   
  -	chain->appendTxfm(txfm);
  -
   	// Write hash to the buffer
   	int hashLen;
   
  @@ -1018,78 +1047,34 @@
   
   	}
   
  +	// Get the SignedInfo input bytes
  +	TXFMChain * chain = getSignedInfoInput();
  +	Janitor<TXFMChain> j_chain(chain);
   
   	hashLen = calculateSignedInfoHash(hash, 4096);
   
   	// Now set up to verify
  -	bool sigVfyRet = false;
  +	// First find the appropriate handler for the URI
  +	XSECAlgorithmHandler * handler = 
  +		XSECPlatformUtils::g_algorithmMapper->mapURIToHandler(
  +					mp_signedInfo->getAlgorithmURI());
   
  -	switch (mp_signingKey->getKeyType()) {
  -
  -	case (XSECCryptoKey::KEY_DSA_PUBLIC) :
  -	case (XSECCryptoKey::KEY_DSA_PAIR) :
  -
  -		if (mp_signedInfo == NULL || mp_signedInfo->getSignatureMethod() != SIGNATURE_DSA)
{
  -
  -			throw XSECException(XSECException::SigVfyError,
  -				"Key type does not match <SignedInfo> signature type");
  -
  -		}
  -
  -		sigVfyRet = ((XSECCryptoKeyDSA *) mp_signingKey)->verifyBase64Signature(
  -			hash, 
  -			hashLen,
  -			(char *) m_signatureValueSB.rawBuffer(), 
  -			m_signatureValueSB.sbStrlen());
  -
  -		if (!sigVfyRet)
  -			m_errStr.sbXMLChCat("DSA Validation of <SignedInfo> failed");
  -
  -		break;
  -
  -	case (XSECCryptoKey::KEY_RSA_PUBLIC) :
  -	case (XSECCryptoKey::KEY_RSA_PAIR) :
  -
  -		if (mp_signedInfo == NULL || mp_signedInfo->getSignatureMethod() != SIGNATURE_RSA)
{
  -		
  -			throw XSECException(XSECException::SigVfyError,
  -				"Key type does not match <SignedInfo> signature type");
  -
  -		}
  -
  -		sigVfyRet = ((XSECCryptoKeyRSA *) mp_signingKey)->verifySHA1PKCS1Base64Signature(
  -			hash,
  -			hashLen,
  -			m_signatureValueSB.rawCharBuffer(),
  -			m_signatureValueSB.sbStrlen());
  -
  -		if (sigVfyRet == false) {
  -
  -			m_errStr.sbXMLChCat("RSA Validation of <SignedInfo> failed");
  -
  -		}
  -
  -		break;
  -
  -	case (XSECCryptoKey::KEY_HMAC) :
  -
  -		// Already done - just compare calculated value with read value
  -		sigVfyRet = compareBase64StringToRaw(m_signatureValueSB, 
  -			hash, 
  -			hashLen,
  -			mp_signedInfo->getHMACOutputLength());
  -		if (!sigVfyRet)
  -			m_errStr.sbXMLChCat("HMAC Validation of <SignedInfo> failed");
  -
  -		break;
  -
  -	default :
  +	if (handler == NULL) {
   
   		throw XSECException(XSECException::SigVfyError,
  -			"Key found, but don't know how to check the signature using it");
  +			"Hash method unknown in DSIGSignature::verifySignatureOnlyInternal()");
   
   	}
   
  +	bool sigVfyRet = handler->verifyBase64Signature(chain, 
  +		mp_signedInfo->getAlgorithmURI(), 
  +		m_signatureValueSB.rawCharBuffer(), 
  +		mp_signedInfo->getHMACOutputLength(),
  +		mp_signingKey);
  +
  +	if (!sigVfyRet)
  +		m_errStr.sbXMLChCat("Validation of <SignedInfo> failed");
  +
   	return sigVfyRet;
   
   }
  @@ -1162,106 +1147,31 @@
   	// Set up the reference list hashes - including any manifests
   	mp_signedInfo->hash();
   
  -	// Calculate the hash to be signed
  -
  -	unsigned char hash[4096];
  -	int hashLen;
  -
  -	hashLen = calculateSignedInfoHash(hash, 4096);
  -	
  -	// Now check the calculated hash
  -
  -	char b64Buf[1024];
  -	unsigned int b64Len;
  -	safeBuffer b64SB;
  -	
  -	switch (mp_signingKey->getKeyType()) {
  -
  -	case (XSECCryptoKey::KEY_DSA_PRIVATE) :
  -	case (XSECCryptoKey::KEY_DSA_PAIR) :
  -
  -		if (mp_signedInfo == NULL || mp_signedInfo->getSignatureMethod() != SIGNATURE_DSA)
{
  -
  -			throw XSECException(XSECException::SigningError,
  -				"Key type does not match <SignedInfo> signature type");
  -
  -		}
  -
  -		b64Len = ((XSECCryptoKeyDSA *) mp_signingKey)->signBase64Signature(
  -			hash, 
  -			hashLen,
  -			(char *) b64Buf, 
  -			1024);
  -
  -		if (b64Len <= 0) {
  -
  -			throw XSECException(XSECException::SigningError,
  -				"Unknown error occured during a DSA Signing operation");
  -
  -		}
  -
  -		if (b64Buf[b64Len-1] == '\n')
  -			b64Buf[b64Len-1] = '\0';
  -		else
  -			b64Buf[b64Len] = '\0';
  -
  -		break;
  -
  -	case (XSECCryptoKey::KEY_RSA_PRIVATE) :
  -	case (XSECCryptoKey::KEY_RSA_PAIR) :
  -
  -		if (mp_signedInfo == NULL || mp_signedInfo->getSignatureMethod() != SIGNATURE_RSA)
{
  -
  -			throw XSECException(XSECException::SigningError,
  -				"Key type does not match <SignedInfo> signature type");
  -
  -		}
  -
  -		b64Len = ((XSECCryptoKeyRSA *) mp_signingKey)->signSHA1PKCS1Base64Signature(
  -			hash, 
  -			hashLen,
  -			(char *) b64Buf, 
  -			1024);
  -
  -		if (b64Len <= 0) {
  -
  -			throw XSECException(XSECException::SigningError,
  -				"Unknown error occured during a RSA Signing operation");
  -
  -		}
  -
  -		// Clean up some "funnies" and make sure the string is NULL terminated
  +	// Get the SignedInfo input bytes
  +	TXFMChain * chain = getSignedInfoInput();
  +	Janitor<TXFMChain> j_chain(chain);
   
  -		if (b64Buf[b64Len-1] == '\n')
  -			b64Buf[b64Len-1] = '\0';
  -		else
  -			b64Buf[b64Len] = '\0';
  +	// Calculate the hash to be signed
   
  -		break;
  +	safeBuffer b64Buf;
   
  -	case (XSECCryptoKey::KEY_HMAC) :
  +	XSECAlgorithmHandler * handler = 
  +		XSECPlatformUtils::g_algorithmMapper->mapURIToHandler(
  +					mp_signedInfo->getAlgorithmURI());
   
  -		if (mp_signedInfo == NULL || mp_signedInfo->getSignatureMethod() != SIGNATURE_HMAC)
{
  +	if (handler == NULL) {
   
  -			throw XSECException(XSECException::SigningError,
  -				"Key type does not match <SignedInfo> signature type");
   
  -		}
  +		throw XSECException(XSECException::SigVfyError,
  +			"Hash method unknown in DSIGSignature::sign()");
   
  -		// Signature already created, so just translate to base 64 and enter string
  -		
  -		convertRawToBase64String(b64SB, 
  -								hash, 
  -								hashLen, 
  -								mp_signedInfo->getHMACOutputLength());
  -		
  -		strncpy(b64Buf, (char *) b64SB.rawBuffer(), 1024);
  -		break;
  +	}
   
  -	default :
  +	if (!handler->signToSafeBuffer(chain, mp_signedInfo->getAlgorithmURI(), 
  +								   mp_signingKey, mp_signedInfo->getHMACOutputLength(), b64Buf)) {
   
   		throw XSECException(XSECException::SigVfyError,
  -			"Key found, but don't know how to sign the document using it");
  +			"Unexpected error in handler whilst appending Signature Hash transform");
   
   	}
   
  @@ -1275,11 +1185,11 @@
   	if (tmpElt == NULL) {
   		// Need to create the underlying TEXT_NODE
   		DOMDocument * doc = mp_signatureValueNode->getOwnerDocument();
  -		tmpElt = doc->createTextNode(MAKE_UNICODE_STRING(b64Buf));
  +		tmpElt = doc->createTextNode(b64Buf.sbStrToXMLCh());
   		mp_signatureValueNode->appendChild(tmpElt);
   	}
   	else {
  -		tmpElt->setNodeValue(MAKE_UNICODE_STRING(b64Buf));
  +		tmpElt->setNodeValue(b64Buf.sbStrToXMLCh());
   	}
   
   	// And copy to the local buffer
  
  
  
  1.27      +63 -1     xml-security/c/src/dsig/DSIGSignature.hpp
  
  Index: DSIGSignature.hpp
  ===================================================================
  RCS file: /home/cvs/xml-security/c/src/dsig/DSIGSignature.hpp,v
  retrieving revision 1.26
  retrieving revision 1.27
  diff -u -r1.26 -r1.27
  --- DSIGSignature.hpp	4 Jun 2005 11:30:25 -0000	1.26
  +++ DSIGSignature.hpp	5 Jul 2005 11:52:43 -0000	1.27
  @@ -294,11 +294,41 @@
   	 * Different hash methods can be used for reference elements.
   	 *
   	 * @param doc The document the Signature DOM structure will be inserted into.
  +	 * @param canonicalizationAlgorithmURI The canonicalisation method to use.
  +	 * @param signatureAlgorithmURI The Signature algorithm (defined by URI) to use
  +	 * @returns The newly created \<Signature\> element that the caller should insert
in
  +	 * the document.
  +	 */
  +
  +	XERCES_CPP_NAMESPACE_QUALIFIER DOMElement *createBlankSignature(
  +		XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument *doc,
  +		const XMLCh * canonicalizationAlgorithmURI,
  +		const XMLCh * signatureAlgorithmURI
  +	);
  +
  +	/**
  +	 * \brief Create a \<Signature\> DOM structure.
  +	 *
  +	 * <p>The DOM structure created is still divorced from the document.  The callee
  +	 * needs to take the returned \<Signature\> Element node and insert it at the
  +	 * appropriate place in their document.</p>
  +	 *
  +	 * <p>The signature is a skeleton only.  There are no references or KeyInfo
  +	 * elements inserted.  However the DSIGSignature structures are set up with the
  +	 * new information, so once an element has been created and a signing key has been
  +	 * set, a call to #sign will sign appropriately.
  +	 *
  +	 * @note The digest method (hash method) set here is for the signing function only.
  +	 * Different hash methods can be used for reference elements.
  +	 *
  +	 * @param doc The document the Signature DOM structure will be inserted into.
   	 * @param cm The canonicalisation method to use.
   	 * @param sm The signature algorithm to be used.
   	 * @param hm The Digest function to be used for the actual signatures.
   	 * @returns The newly created \<Signature\> element that the caller should insert
in
   	 * the document.
  +	 * @deprecated Use the URI based creation method instead, as this supports 
  +	 * signature algorithms that are not known to the library directly.
   	 */
   
   	XERCES_CPP_NAMESPACE_QUALIFIER DOMElement *createBlankSignature(
  @@ -324,6 +354,7 @@
   	 * @param hm The hashing (digest) method to be used for this reference
   	 * @param type A "type" string (as defined in XML Signature).
   	 * @returns The newly created DSIGReference element.
  +	 * @deprecated Use the URI based creation method instead
   	 *
   	 */
   
  @@ -334,6 +365,31 @@
   		char * type = NULL
   	);
   
  +	/**
  +	 * \brief Add a new reference to the end of the list of \<Reference\> nodes.
  +	 *
  +	 * <p>Creates a new DSIGReference, adds it to the list of references handled
  +	 * by the owning DSIGSignature and also creates the skeleton DOM structure into
  +	 * the document.</p>
  +	 *
  +	 * @note The XSEC Library currently makes very little use of <em>type</em>
  +	 * attributes in \<Reference\> Elements.  However this may of use to calling
  +	 * applications.
  +	 *
  +	 * @see DSIGReference
  +	 * @param URI The Data that this Reference node refers to.
  +	 * @param hm The hashing (digest) method to be used for this reference
  +	 * @param type A "type" string (as defined in XML Signature).
  +	 * @returns The newly created DSIGReference element.
  +	 * @deprecated Use the URI based creation method instead
  +	 *
  +	 */
  +
  +	DSIGReference * createReference(
  +		const XMLCh * URI,
  +		const XMLCh * hashAlgorithmURI, 
  +		const XMLCh * type = NULL
  +	);
   	//@}
   
   	/** @name General and Information functions. */
  @@ -826,6 +882,10 @@
   	// Internal functions
   	void createKeyInfoElement(void);
   	bool verifySignatureOnlyInternal(void);
  +	TXFMChain * getSignedInfoInput(void);
  +
  +	// Initialisation
  +	static void Initialise(void);
   
   	XSECSafeBufferFormatter		* mp_formatter;
   	bool						m_loaded;				// Have we already loaded?
  @@ -858,6 +918,8 @@
   	// Not implemented constructors
   
   	DSIGSignature();
  +	
  +	friend class XSECPlatformUtils;
   
   	/*\@}*/
   };
  
  
  
  1.13      +57 -22    xml-security/c/src/dsig/DSIGSignedInfo.cpp
  
  Index: DSIGSignedInfo.cpp
  ===================================================================
  RCS file: /home/cvs/xml-security/c/src/dsig/DSIGSignedInfo.cpp,v
  retrieving revision 1.12
  retrieving revision 1.13
  diff -u -r1.12 -r1.13
  --- DSIGSignedInfo.cpp	20 Feb 2005 10:35:51 -0000	1.12
  +++ DSIGSignedInfo.cpp	5 Jul 2005 11:52:43 -0000	1.13
  @@ -143,11 +143,26 @@
   								hashMethod hm, 
   								char * type) {
   
  +	safeBuffer hURI;
  +
  +	if (hashMethod2URI(hURI, hm) == false) {
  +		throw XSECException(XSECException::UnknownSignatureAlgorithm,
  +			"DSIGSignedInfo::createReference - Hash method unknown");
  +	}
  +	
  +	return createReference(URI, hURI.sbStrToXMLCh(), MAKE_UNICODE_STRING(type));;
  +}
  +
  +DSIGReference * DSIGSignedInfo::createReference(
  +		const XMLCh * URI,
  +		const XMLCh * hashAlgorithmURI, 
  +		const XMLCh * type) {
  +
   	DSIGReference * ref;
   	XSECnew(ref, DSIGReference(mp_env));
   	Janitor<DSIGReference> j_ref(ref);
   
  -	DOMNode *refNode = ref->createBlankReference(URI, hm, type);
  +	DOMNode *refNode = ref->createBlankReference(URI, hashAlgorithmURI, type);
   
   	// Add the node to the end of the childeren
   	mp_signedInfoNode->appendChild(refNode);
  @@ -160,14 +175,42 @@
   	return ref;
   }
   
  +
   // --------------------------------------------------------------------------------
   //           Create an empty SignedInfo
   // --------------------------------------------------------------------------------
   
  +// deprecated
  +
   DOMElement *DSIGSignedInfo::createBlankSignedInfo(canonicalizationMethod cm,
   			signatureMethod	sm,
   			hashMethod hm) {
   
  +	// This is now deprecated.  Because this is so, we go the long way - translate
  +	// to URI and then call the "standard" method, which will translate back to 
  +	// internal enums if possible
  +
  +	const XMLCh * cURI;
  +	safeBuffer sURI;
  +
  +	if ((cURI = canonicalizationMethod2UNICODEURI(cm)) == NULL) {
  +		throw XSECException(XSECException::UnknownCanonicalization,
  +			"DSIGSignature::createBlankSignature - Canonicalisation method unknown");
  +	}
  +
  +	if (signatureHashMethod2URI(sURI, sm, hm) == false) {
  +		throw XSECException(XSECException::UnknownSignatureAlgorithm,
  +			"DSIGSignature::createBlankSignature - Signature/Hash method unknown");
  +	}
  +
  +	return createBlankSignedInfo(cURI, sURI.sbStrToXMLCh());
  +
  +}
  +
  +DOMElement * DSIGSignedInfo::createBlankSignedInfo(
  +			const XMLCh * canonicalizationAlgorithmURI,
  +			const XMLCh * signatureAlgorithmURI) {
  +
   	safeBuffer str;
   	const XMLCh * prefixNS = mp_env->getDSIGNSPrefix();
   
  @@ -179,9 +222,8 @@
   	mp_signedInfoNode = ret;
   
   	// Now create the algorithm parts
  -	m_canonicalizationMethod = cm;
  -	m_signatureMethod = sm;
  -	m_hashMethod = hm;
  +	XSECmapURIToCanonicalizationMethod(canonicalizationAlgorithmURI, m_canonicalizationMethod);
  +	XSECmapURIToSignatureMethods(signatureAlgorithmURI, m_signatureMethod, m_hashMethod);
   
   	// Canonicalisation
   
  @@ -192,14 +234,8 @@
   	mp_signedInfoNode->appendChild(canMeth);
   	mp_env->doPrettyPrint(mp_signedInfoNode);
   
  -	if (!canonicalizationMethod2URI(str, cm)) {
  -	
  -		throw XSECException(XSECException::SignatureCreationError,
  -			"Attempt to use undefined Canonicalisation Algorithm in SignedInfo Creation");
  -
  -	}
  -
  -	canMeth->setAttribute(DSIGConstants::s_unicodeStrAlgorithm, str.sbStrToXMLCh());
  +	canMeth->setAttribute(DSIGConstants::s_unicodeStrAlgorithm,
  +		canonicalizationAlgorithmURI);
   
   	// Now the SignatureMethod
   
  @@ -209,14 +245,11 @@
   	mp_signedInfoNode->appendChild(sigMeth);
   	mp_env->doPrettyPrint(mp_signedInfoNode);
   
  -	if (!signatureHashMethod2URI(str, sm, hm)) {
  -	
  -		throw XSECException(XSECException::SignatureCreationError,
  -			"Attempt to use undefined Signature/Algorithm combination in SignedInfo Creation");
  -
  -	}
  +	sigMeth->setAttributeNS(NULL, DSIGConstants::s_unicodeStrAlgorithm, 
  +		signatureAlgorithmURI);
   
  -	sigMeth->setAttribute(DSIGConstants::s_unicodeStrAlgorithm, str.sbStrToXMLCh());
  +	// Store the algorithm URI internally
  +	mp_algorithmURI = sigMeth->getAttributeNS(NULL, DSIGConstants::s_unicodeStrAlgorithm);
   
   	// Create an empty reference list
   
  @@ -226,6 +259,7 @@
   
   }
   
  +
   // --------------------------------------------------------------------------------
   //           Load the SignedInfo
   // --------------------------------------------------------------------------------
  @@ -332,9 +366,10 @@
   					"Expected Algorithm attribute in <SignatureMethod>");
   
   	}
  +	
  +	mp_algorithmURI = algorithm->getNodeValue();
   
  -
  -	tmpSB << (*mp_formatter << algorithm->getNodeValue());
  +	tmpSB << (*mp_formatter << mp_algorithmURI);
   
   	if (tmpSB.sbStrcmp(URI_ID_DSA_SHA1) == 0) {
   
  
  
  
  1.15      +49 -1     xml-security/c/src/dsig/DSIGSignedInfo.hpp
  
  Index: DSIGSignedInfo.hpp
  ===================================================================
  RCS file: /home/cvs/xml-security/c/src/dsig/DSIGSignedInfo.hpp,v
  retrieving revision 1.14
  retrieving revision 1.15
  diff -u -r1.14 -r1.15
  --- DSIGSignedInfo.hpp	4 Jun 2005 11:30:25 -0000	1.14
  +++ DSIGSignedInfo.hpp	5 Jul 2005 11:52:43 -0000	1.15
  @@ -155,9 +155,29 @@
   	 * Builds the DOM structures and sets the control
   	 * structures of the SignedInfo
   	 *
  +	 * @param canonicalizationAlgorithmURI The canonicalisation method to set the SignedInfo
as
  +	 * @param signatureAlgorithmURI Signature Method to use
  +	 * @param hm Hash method to use (for the SignedInfo, not the references)
  +	 */
  +
  +	XERCES_CPP_NAMESPACE_QUALIFIER DOMElement *
  +		createBlankSignedInfo(
  +			const XMLCh * canonicalizationAlgorithmURI,
  +			const XMLCh * signatureAlgorithmURI
  +		);
  +
  +	/**
  +	 * \brief Create an empty SignedInfo
  +	 *
  +	 * Creates the DOM structure for a SignedInfo
  +	 *
  +	 * Builds the DOM structures and sets the control
  +	 * structures of the SignedInfo
  +	 *
   	 * @param cm The canonicalisation method to set the SignedInfo as
   	 * @param sm Signature Method to use
   	 * @param hm Hash method to use (for the SignedInfo, not the references)
  +	 * @deprecated Use URI based creation method instead
   	 */
   
   	XERCES_CPP_NAMESPACE_QUALIFIER DOMElement *
  @@ -174,11 +194,29 @@
   	 * @param URI What the reference references
   	 * @param hm Digest method to use for the reference
   	 * @param type Reference type
  +	 * @deprecated Use the algorithmURI based call instead
   	 */
   
   	DSIGReference * createReference(const XMLCh * URI,
   		hashMethod hm, char * type);
   
  +
  +	/**
  +	 * \brief Create a reference to add to the SignedInfo
  +	 *
  +	 * Called by DSIGSignature to create and enter a new reference element
  +	 *
  +	 * @param URI What the reference references
  +	 * @param hashAlgorithmURI Digest method to use for the reference
  +	 * @param type Reference type
  +	 */
  +
  +	DSIGReference * createReference(
  +		const XMLCh * URI,
  +		const XMLCh * hashAlgorithmURI, 
  +		const XMLCh * type
  +	);
  +
   	//@}
   
   	/** @name Getter functions */
  @@ -193,6 +231,15 @@
   	XERCES_CPP_NAMESPACE_QUALIFIER DOMNode *getDOMNode(void);
   
   	/**
  +	 * \brief Get the Algorithm URI
  +	 *
  +	 * @returns the URI associated with the Algorithm used to generate
  +	 * the signature
  +	 */
  +
  +	const XMLCh * getAlgorithmURI() {return mp_algorithmURI;}
  +
  +	/**
   	 * \brief Get the canonicalisation method 
   	 * 
   	 * @returns Canonicalisation method
  @@ -250,6 +297,7 @@
   	hashMethod					m_hashMethod;
   	DSIGReferenceList			* mp_referenceList;
   	int							m_HMACOutputLength;
  +	const XMLCh					* mp_algorithmURI;
   	const XSECEnv				* mp_env;
   
   	// Not implemented constructors
  
  
  

Mime
View raw message