xmlsig 0.0.1

data/ext/xmlsig/X509Certificate.h

@@ -0,0 +1,146 @@
+/*
+ * (C) Copyright 2006 VeriSign, Inc.
+ * Developed by Sxip Identity
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef _X509CERTIFICATE_H
+#define _X509CERTIFICATE_H
+
+#include <string>
+#include <openssl/x509.h>
+
+class X509Certificate;
+
+#include "countptr.h"
+typedef CountPtrTo<X509Certificate> X509CertificatePtr;
+
+#include "Key.h"
+using namespace std;
+
+/**
+ * An X.509 certificate class.
+ * X509Certificate wraps the OpenSSL representation of the X509
+ * structure.
+ */
+class X509Certificate
+{
+public:
+    /**
+     * Construct an empty certificate object.
+     */
+    X509Certificate ();
+    /**
+     * Copy constructor
+     * @param cert another X509Certificate object
+     */
+    X509Certificate (const X509Certificate& cert);
+    /**
+     * Destructor.  Frees the internal OpenSSL X509 object.
+     */
+    ~X509Certificate ();
+    /**
+     * Load a certificate from a file.
+     * @param fileName The name of the file
+     * @param format Key data format string (see Key::loadFromFile() for format list)
+     * @return 0 on success, -1 if something went wrong
+     * @throws IOError on failure to read the certificate from the file
+     */
+    int loadFromFile (string fileName, string format);
+    /**
+     * Get the subject DN from the certificate.
+     * @return the subject DN as a string
+     * @throws LibError if cert not loaded
+     */
+    string getSubjectDN ();
+    /**
+     * Get the issuer DN from the certificate.
+     * @return the subject DN as a string
+     * @throws LibError if cert not loaded
+     */
+    string getIssuerDN ();
+    /**
+     * Get the version of the cert.
+     * @return the version of the cert 
+     * @throws LibError if cert not loaded
+     */
+    int getVersion ();
+    /**
+     * Determine if the certificate is currently valid based on the notBefore and notAfter fields.
+     * @return 1 if valid, 0 if not valid
+     * @throws LibError if cert not loaded or invalid cert data
+     */
+    int isValid ();
+    /**
+     * Create a Key from the certificate.
+     * @return the key contained in the certificate
+     * @throws LibError on failure to create the key or retrieve the key data
+     */
+    KeyPtr getKey () const;
+    /**
+     * Verify that the certificate was signed by the private key
+     * corresponding to the given public key.
+     * @param key public key to check certificate against
+     * @return >0 if verifies, 0 if verify fails, <0 on error
+     * @throws KeyError if the key is invalid or the wrong type
+     * @throws LibError if the X509_verify library call fails
+     */
+    int verify (KeyPtr key);
+    
+    // stub
+    int getBasicConstraints ();
+
+    /// @cond NO_INTERFACE
+    /**
+     * Construct from copy of a raw OpenSSL certificate pointer.
+     * @param x509ptr a raw OpenSSL certificate pointer
+     * @throws MemoryError if unable to create a copy of the certificate
+     */
+    X509Certificate (X509* x509ptr);
+    /**
+     * Assignment operator creates a duplicate X509Certificate.
+     * @param cert X509Certificate to copy
+     * @return Copied certificate
+     */
+    const X509Certificate& operator= (const X509Certificate& cert);
+    /**
+     * Create a duplicate X509 certificate
+     * @return a raw pointer to an OpenSSL certificate, null on failure
+     * @throws MemoryError if unable to create a copy of the certificate
+     */
+    X509* getDup () const;
+    /**
+     * Casting operator to convert to an X509* pointer
+     */
+    operator X509* ()
+    {
+        return ptr;
+    }
+    /**
+     * Compare this X509Certificate with another one.
+     * @param other X509Certificate to compare with this one
+     * @return 1 if certificates are equal, 0 if they are not
+     */
+    int isEqualTo (X509Certificate& other);
+
+protected:
+    X509* ptr;
+    /**
+     * Extract a string from a X509_NAME object
+     * @return the subject name
+     */
+    xmlChar* nameToString (X509_NAME* nm);
+/// @endcond
+};
+
+#endif // _X509CERTIFICATE_H

data/ext/xmlsig/XPath.cpp

@@ -0,0 +1,173 @@
+/*
+ * (C) Copyright 2006 VeriSign, Inc.
+ * Developed by Sxip Identity
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "XPath.h"
+#include "XPathCtx.h"
+#include <libxml/xpathInternals.h>
+#include <assert.h>
+
+
+XPath::XPath ()
+    : xpObj(0)
+{}
+
+
+XPath::XPath (string expr)
+    : xpExpr(expr),
+      xpObj(0)
+{}
+
+
+XPath::XPath (const XPath& xpath)
+    : xpObj(0)
+{
+    XPath::operator=(xpath);
+}
+
+
+XPath::~XPath ()
+{
+    freeXPObj();
+}
+
+
+const XPath& XPath::operator= (const XPath& xpath)
+{
+    if (&xpath != this)
+    {
+        xpExpr = xpath.xpExpr;
+        nsList = xpath.nsList;
+        freeXPObj();
+        if (xpath.xpObj != NULL)
+        {
+            xpObj = xmlXPathObjectCopy(xpath.xpObj);
+        }
+    }
+    return *this;
+}
+
+
+void XPath::freeXPObj ()
+{
+    if (xpObj)
+    {
+        xmlXPathFreeObject(xpObj);
+        xpObj = NULL;
+    }
+}
+
+
+int XPath::addNamespace (string prefix, string uri)
+{
+    if (uri.size())
+    {
+        nsList[prefix] = uri;
+    }
+    else
+    {
+        nsList.erase(prefix);
+    }
+    return 0;
+}
+
+
+string XPath::getNamespaceStr ()
+{
+    string nsStr = "";
+    for (XPathNSMap::iterator iter = nsList.begin();
+            iter != nsList.end(); iter++)
+    {
+        nsStr += "xmlns(";
+        nsStr += iter->first;
+        nsStr += "=";
+        nsStr += iter->second;
+        nsStr += ")";
+    }
+    return nsStr;
+}
+
+
+int XPath::registerNamespaces (xmlXPathContextPtr xpCtx)
+{
+    assert(xpCtx);
+    XPathNSMap::iterator iter;
+    for (iter = nsList.begin(); iter != nsList.end(); iter++)
+    {
+        int ret = xmlXPathRegisterNs(xpCtx,
+                                     BAD_CAST iter->first.c_str(),
+                                     BAD_CAST iter->second.c_str());
+        if (ret < 0)
+        {
+            THROW(LibError, "Failed to register XPath namespace", ret);
+        }
+    }
+    return 0;
+}
+
+
+int XPath::registerNamespaces (xmlXPathContextPtr xpCtx, XmlDocClassPtr xmlDoc)
+{
+    assert(xpCtx);
+    assert(xmlDoc);
+
+    xmlNodePtr rootNode = xmlDocGetRootElement(xmlDoc->getDoc());
+    if (!rootNode)
+    {
+        THROW(XMLError, "Couldn't retrieve document root element", -1);
+    }
+    for (xmlNsPtr ns = rootNode->nsDef; ns != NULL; ns = ns->next)
+    {
+        if (ns->prefix)
+        {
+            int ret = xmlXPathRegisterNs(xpCtx, ns->prefix, ns->href);
+            if (ret < 0)
+            {
+                THROW(LibError, "Failed to register XPath namespace", ret);
+            }
+        }
+    }
+    return 0;
+}
+
+
+void XPath::setXPath (string expr)
+{
+    xpExpr = expr;
+    freeXPObj();
+}
+
+
+xmlXPathObjectPtr XPath::evalExpression (XmlDocClassPtr xmlDoc, string expr)
+{
+    setXPath(expr);
+    return evalExpression(xmlDoc);
+}
+
+
+xmlXPathObjectPtr XPath::evalExpression (XmlDocClassPtr xmlDoc)
+{
+    assert(xmlDoc);
+    XPathCtx xpCtx (xmlDoc);
+    if (!xpExpr.size())
+    {
+        THROW(XPathError, "Invalid XPath expression", 0);
+    }
+    registerNamespaces(xpCtx, xmlDoc);
+    registerNamespaces(xpCtx);
+    freeXPObj();
+    xpObj = xmlXPathEvalExpression(BAD_CAST xpExpr.c_str(), xpCtx);
+    return xpObj;
+}

data/ext/xmlsig/XPath.h

@@ -0,0 +1,156 @@
+/*
+ * (C) Copyright 2006 VeriSign, Inc.
+ * Developed by Sxip Identity
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef _XPATH_H
+#define _XPATH_H
+#include <string>
+#include <map>
+#include <functional>
+#include <libxml/xpath.h>
+#include "XmlDoc.h"
+#include "Exceptions.h"
+using namespace std;
+
+typedef map<string, string, less<string> > XPathNSMap;
+
+/**
+ * XPath encapsulates a W3C XPath
+ * (http://www.w3.org/TR/1999/REC-xpath-19991116) expression and
+ * namespaces that relate to the expression.
+ */
+class XPath
+{
+public:
+    /**
+     * Creates an empty XPath helper.
+     */
+    XPath();
+    /**
+     * Creates an XPath helper with an XPath expression.
+     * @param expr An XPath expression
+     */
+    XPath(string expr);
+    /**
+     * Frees the XPath object and any results.
+     */
+    ~XPath();
+
+    /**
+     * Add namespace prefix.
+     * @return 0 on success, -1 on error
+     */
+    int addNamespace (string prefix, string uri);
+    /**
+     * Get the XPath expression.
+     * @return string containing expression
+     */
+    string getXPath () const
+    {
+        return xpExpr;
+    }
+    /**
+     * Set the XPath expression.
+     * @param expr XPath expression
+     * @return 0 on success, -1 on error
+     */
+    void setXPath (string expr);
+
+    /// @cond NO_INTERFACE
+    /**
+     * Creates a copy of an XPath helper.
+     * @param xpath An XPath helper object
+     */
+    XPath(const XPath& xpath);
+    /**
+     * Copy the given XPath object.
+     * @param xpath An XPath helper object
+     * @return The copy of the object
+     */
+    const XPath& operator=(const XPath& xpath);
+    /**
+     * Get namespace prefix definitions in a form appropriate for
+     * including in a Reference URI attribute.
+     * @return namespace prefix string of the form xmlns(prefix=uri);
+     *     multiple definitions are concatenated
+     */
+    string getNamespaceStr ();
+    /**
+     * Evaluate current expression.
+     * @param doc pointer to XmlDoc to execute XPath expression on
+     * @return xmlXPathObjectPtr with results, null on failure
+     * @throws XPathError on an invalid XPath expression
+     */
+    xmlXPathObjectPtr evalExpression (XmlDocClassPtr doc);
+    /**
+     * Evaluate given expression.
+     * @param doc pointer to XmlDoc to execute XPath expression on
+     * @param expr XPath expression
+     * @return xmlXPathObjectPtr with results, null on failure
+     * @throws XPathError on an invalid XPath expression
+     */
+    xmlXPathObjectPtr evalExpression (XmlDocClassPtr doc, string expr);
+    /**
+     * Return the current expression results
+     * @return xmlXPathObjectPtr with results, null if none exist
+     */
+    xmlXPathObjectPtr getObj()
+    {
+        return xpObj;
+    }
+
+protected:
+    /**
+     * Current XPath expression
+     */
+    string xpExpr;
+    /**
+     * List of prefix->uri mappings for XPath namespaces
+     */
+    XPathNSMap nsList;
+    /**
+     * The current expression results
+     */
+    xmlXPathObjectPtr xpObj;
+
+    /**
+     * Register the namespaces in nsList with the XPath context.
+     * @param xpCtx XPath context pointer
+     * @return 0 on success, -1 on error
+     * @throws LibError if it fails to register a namespace
+     */
+    int registerNamespaces (xmlXPathContextPtr xpCtx);
+    /**
+     * Register the namespaces defined in the root node of the
+     * document with the XPath context.
+     * @param xpCtx XPath context pointer
+     * @param xmlDoc XML document to get namespaces from
+     * @return 0 on success, -1 on error
+     * @throws LibError if it fails to register a namespace
+     * @throws XMLError if unable to retrieve the root element of the document
+     */
+    int registerNamespaces (xmlXPathContextPtr xpCtx, XmlDocClassPtr xmlDoc);
+
+    /**
+     * Dispose of current expression results
+     */
+    void freeXPObj ();
+/// @endcond
+};
+
+#include "countptr.h"
+typedef CountPtrTo<XPath> XPathPtr;
+
+#endif

data/ext/xmlsig/XPathCtx.h

@@ -0,0 +1,68 @@
+/*
+ * (C) Copyright 2006 VeriSign, Inc.
+ * Developed by Sxip Identity
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef _XPATHCTX_H
+#define _XPATHCTX_H
+
+#include <assert.h>
+#include <libxml/xpath.h>
+#include "Exceptions.h"
+
+class XPathCtx
+{
+public:
+    XPathCtx (XmlDocClassPtr xmlDoc)
+        : xpathCtx (0)
+    {
+        xpathCtx = xmlXPathNewContext(xmlDoc->getDoc());
+        if (!xpathCtx)
+        {
+            THROW_NORET(MemoryError, "Couldn't create XPath evaluation context");
+        }
+    }
+
+    ~XPathCtx ()
+    {
+        if (xpathCtx)
+        {
+            xmlXPathFreeContext(xpathCtx);
+            xpathCtx = 0;
+        }
+    }
+
+    operator int ()
+    {
+        return xpathCtx != NULL;
+    }
+    int operator! ()
+    {
+        return xpathCtx == NULL;
+    }
+    xmlXPathContextPtr operator-> ()
+    {
+        assert(xpathCtx);
+        return xpathCtx;
+    }
+    operator xmlXPathContextPtr ()
+    {
+        return xpathCtx;
+    }
+
+protected:
+    xmlXPathContextPtr xpathCtx;
+};
+
+#endif

data/ext/xmlsig/XmlCharBuf.h

@@ -0,0 +1,60 @@
+/*
+ * (C) Copyright 2006 VeriSign, Inc.
+ * Developed by Sxip Identity
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef _XMLCHARBUF_H
+#define _XMLCHARBUF_H
+
+#include <libxml/globals.h>
+
+class XmlCharBuf
+{
+public:
+    XmlCharBuf ()
+        : mbuf(0)
+    {}
+    XmlCharBuf (xmlChar* buf) 
+        : mbuf(buf)
+    {}
+    ~XmlCharBuf ()
+    {
+        if (mbuf != 0)
+        {
+            xmlFree(mbuf);
+        }
+    }
+
+    operator xmlChar** ()
+    {
+        return &mbuf;
+    }
+    operator xmlChar* ()
+    {
+        return mbuf;
+    }
+    operator const char* ()
+    {
+        return (const char*)mbuf;
+    }
+    operator int ()
+    {
+        return mbuf != 0;
+    }
+
+protected:
+    xmlChar* mbuf;
+};
+
+#endif