xmlsig 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. data/README.rdoc +0 -0
  2. data/ext/xmlsig/BioWrap.h +98 -0
  3. data/ext/xmlsig/DSig.cpp +109 -0
  4. data/ext/xmlsig/DSig.h +81 -0
  5. data/ext/xmlsig/DSigCtx.h +72 -0
  6. data/ext/xmlsig/Exceptions.cpp +151 -0
  7. data/ext/xmlsig/Exceptions.h +214 -0
  8. data/ext/xmlsig/Key.cpp +582 -0
  9. data/ext/xmlsig/Key.h +338 -0
  10. data/ext/xmlsig/KeyInfoCtx.h +67 -0
  11. data/ext/xmlsig/KeyStore.cpp +180 -0
  12. data/ext/xmlsig/KeyStore.h +157 -0
  13. data/ext/xmlsig/KeysMngrWrap.h +62 -0
  14. data/ext/xmlsig/NodeSet.h +60 -0
  15. data/ext/xmlsig/Signer.cpp +691 -0
  16. data/ext/xmlsig/Signer.h +373 -0
  17. data/ext/xmlsig/TrustVerifier.cpp +145 -0
  18. data/ext/xmlsig/TrustVerifier.h +174 -0
  19. data/ext/xmlsig/Verifier.cpp +677 -0
  20. data/ext/xmlsig/Verifier.h +313 -0
  21. data/ext/xmlsig/X509Certificate.cpp +362 -0
  22. data/ext/xmlsig/X509Certificate.h +146 -0
  23. data/ext/xmlsig/XPath.cpp +173 -0
  24. data/ext/xmlsig/XPath.h +156 -0
  25. data/ext/xmlsig/XPathCtx.h +68 -0
  26. data/ext/xmlsig/XmlCharBuf.h +60 -0
  27. data/ext/xmlsig/XmlDoc.cpp +278 -0
  28. data/ext/xmlsig/XmlDoc.h +157 -0
  29. data/ext/xmlsig/XmlElement.cpp +151 -0
  30. data/ext/xmlsig/XmlElement.h +134 -0
  31. data/ext/xmlsig/countptr.h +260 -0
  32. data/ext/xmlsig/extconf.rb +58 -0
  33. data/ext/xmlsig/runtests.rb +23 -0
  34. data/ext/xmlsig/swig/countptr.i +27 -0
  35. data/ext/xmlsig/swig/exceptions.i +79 -0
  36. data/ext/xmlsig/swig/ruby.i +17 -0
  37. data/ext/xmlsig/swig/xmlsig.i +405 -0
  38. data/ext/xmlsig/t/tc_cert.rb +34 -0
  39. data/ext/xmlsig/t/tc_interface.rb +158 -0
  40. data/ext/xmlsig/t/tc_signer.rb +501 -0
  41. data/ext/xmlsig/t/tc_tsik.rb +490 -0
  42. data/ext/xmlsig/t/tc_verifier.rb +151 -0
  43. data/ext/xmlsig/t/tsik_interop/sign.rb +48 -0
  44. data/ext/xmlsig/t/tsik_interop/verify.rb +31 -0
  45. data/ext/xmlsig/t/tsik_interop/verify_own.rb +46 -0
  46. data/ext/xmlsig/xmlsig.cpp +13363 -0
  47. data/lib/xmlsig.rb +1 -0
  48. metadata +113 -0
data/ext/xmlsig/Key.h ADDED
@@ -0,0 +1,338 @@
1
+ /*
2
+ * (C) Copyright 2006 VeriSign, Inc.
3
+ * Developed by Sxip Identity
4
+ *
5
+ * Licensed under the Apache License, Version 2.0 (the "License");
6
+ * you may not use this file except in compliance with the License.
7
+ * You may obtain a copy of the License at
8
+ *
9
+ * http://www.apache.org/licenses/LICENSE-2.0
10
+ *
11
+ * Unless required by applicable law or agreed to in writing, software
12
+ * distributed under the License is distributed on an "AS IS" BASIS,
13
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ * See the License for the specific language governing permissions and
15
+ * limitations under the License.
16
+ */
17
+ #ifndef _KEY_H
18
+ #define _KEY_H
19
+ #include <string>
20
+ #include <vector>
21
+ #include <assert.h>
22
+ #include <xmlsec/keysdata.h>
23
+ #include <xmlsec/keys.h>
24
+ #include "Exceptions.h"
25
+
26
+ class Key;
27
+
28
+ #include "countptr.h"
29
+ typedef CountPtrTo<Key> KeyPtr;
30
+
31
+ #include "X509Certificate.h"
32
+ using namespace std;
33
+
34
+ /// @cond NO_INTERFACE
35
+ /**
36
+ * Wrap a raw xmlSecKeyPtr. Does not reference count.
37
+ */
38
+ class KeyPtrWrap
39
+ {
40
+ public:
41
+ KeyPtrWrap() : key(0)
42
+ {}
43
+ KeyPtrWrap(xmlSecKeyPtr newkey) : key(newkey)
44
+ {}
45
+ KeyPtrWrap(const KeyPtrWrap&);
46
+ ~KeyPtrWrap();
47
+
48
+ const KeyPtrWrap& operator= (const KeyPtrWrap&);
49
+ const KeyPtrWrap& operator= (xmlSecKeyPtr);
50
+
51
+ xmlSecKeyPtr operator-> ()
52
+ {
53
+ assert(key);
54
+ return key;
55
+ }
56
+ const xmlSecKeyPtr operator-> () const
57
+ {
58
+ assert(key);
59
+ return key;
60
+ }
61
+
62
+ operator xmlSecKeyPtr ()
63
+ {
64
+ return key;
65
+ }
66
+
67
+ bool isValid () const;
68
+ operator const void* () const
69
+ {
70
+ return isValid() ? key : 0;
71
+ }
72
+
73
+ xmlSecKeyPtr copy () const;
74
+ KeyPtrWrap& create ();
75
+
76
+ xmlSecKeyPtr getKey () const
77
+ {
78
+ return key;
79
+ }
80
+
81
+ protected:
82
+ void freeKey();
83
+
84
+ xmlSecKeyPtr key;
85
+ };
86
+ /// @endcond
87
+
88
+ /**
89
+ * Encapsulates a digital key.
90
+ * The Key class provides an interface to the lower level xmlsec1 key
91
+ * data structure.
92
+ *
93
+ * The Key may contain a private or public key associated with
94
+ * the following different algorithms:
95
+ * - dsa - Digital Signature Algorithm
96
+ * - rsa - RSA public key cryptosystem
97
+ * - hmac - HMAC message authentication code
98
+ *
99
+ * Key objects may also contain X.509 certificates (X509Certificate
100
+ * objects), which will then be included in signed documents. The Key
101
+ * may also be extracted from an X.509 certificate.
102
+ *
103
+ * File formats supported are:
104
+ * - binary key data
105
+ * - PEM key data (cert or public/private key)
106
+ * - DER key data (cert or public/private key)
107
+ * - PKCS8 PEM private key
108
+ * - PKCS8 DER private ke.
109
+ * - PKCS12 format (bag of keys and certs)
110
+ * - PEM cert
111
+ * - DER cert
112
+ */
113
+ class Key
114
+ {
115
+ public:
116
+ /**
117
+ * Create an empty Key object.
118
+ */
119
+ Key ();
120
+ /**
121
+ * Creates a duplicate key from a raw xmlsec pointer.
122
+ * @param key Key to copy
123
+ */
124
+ Key (xmlSecKeyPtr key);
125
+ /**
126
+ * Create a key from an X.509 certificate.
127
+ * @param cert Certificate to create key from
128
+ */
129
+ Key (X509CertificatePtr cert);
130
+ /**
131
+ * Create key from an X.509 certificate chain.
132
+ * @param certs Certificates to create key from (use first in chain)
133
+ */
134
+ Key (vector<X509CertificatePtr> certs);
135
+ /**
136
+ * Destructor.
137
+ * Will free the internal key representation, if one has been created.
138
+ */
139
+ ~Key ();
140
+
141
+ /**
142
+ * Load a key from a file.
143
+ * @param fileName The name of the file
144
+ * @param format The key data format string. Must be one of the
145
+ * following strings:
146
+ * - binary
147
+ * - pem
148
+ * - der
149
+ * - pkcs8_pem
150
+ * - pkcs8_der
151
+ * - pkcs12
152
+ * - cert_pem
153
+ * - cert_der
154
+ * - unknown
155
+ * @param password Optionally provide a password to unlock the
156
+ * key. Empty string means "no password".
157
+ * @return 0 on success, -1 if something went wrong
158
+ * @throws IOError on load failure
159
+ */
160
+ int loadFromFile (string fileName, string format, string password);
161
+ /**
162
+ * Load a key from an XML file containing a key info node
163
+ * @param fileName The name of the file
164
+ * @return 0 on success, -1 if something went wrong
165
+ */
166
+ int loadFromKeyInfoFile (string fileName);
167
+ /**
168
+ * Load an HMAC key from a string.
169
+ * @param hMACString A string
170
+ * @return 0 on success, -1 on error
171
+ */
172
+ int loadHMACFromString (string hMACString);
173
+
174
+ /**
175
+ * Set key name
176
+ * @param name Name of key
177
+ * @return 0 on success, -1 if something went wrong
178
+ */
179
+ int setName (string name);
180
+ /**
181
+ * Get key name.
182
+ * @return name, possibly empty
183
+ */
184
+ string getName ();
185
+ /**
186
+ * Key validity check.
187
+ * @return true if key and key's id are non-null
188
+ */
189
+ int isValid () const;
190
+
191
+ /**
192
+ * Retrieve certificate from key if it exists.
193
+ * @return An X509 certificate, or null if none exists
194
+ */
195
+ X509CertificatePtr getCertificate ();
196
+ /**
197
+ * Retrieve all certificates from key.
198
+ * @return X509 certificates, or an empty list if none exists
199
+ */
200
+ vector<X509CertificatePtr> getCertificateChain ();
201
+
202
+ /// @cond NO_INTERFACE
203
+ /**
204
+ * Copy constructor, creates duplicate key.
205
+ * @param key Key to copy
206
+ */
207
+ Key (const Key& key);
208
+ /**
209
+ * Assignment operator creates duplicate key
210
+ * @param key Key to copy
211
+ * @return Copied key
212
+ */
213
+ const Key& operator= (const Key& key);
214
+ /**
215
+ * Create a new key
216
+ * @return 0 on success, -1 if something went wrong
217
+ */
218
+ int create ();
219
+ /**
220
+ * Dump the contents of the key to stdout.
221
+ * Handy for debugging.
222
+ */
223
+ void dump ();
224
+ /**
225
+ * Return the internal representation of the key
226
+ * Returns a "xmlSecKeyPtr"
227
+ * @return The internal representation of the key, or NULL if the key has not been loaded.
228
+ */
229
+ xmlSecKeyPtr getKey () const;
230
+ /**
231
+ * Cast to xmlSecKeyPtr type
232
+ */
233
+ operator xmlSecKeyPtr ()
234
+ {
235
+ return getKey();
236
+ }
237
+ /**
238
+ * Conversion to xmlSecKeyPtr type
239
+ */
240
+ xmlSecKeyPtr operator-> ()
241
+ {
242
+ assert(key);
243
+ return getKey();
244
+ }
245
+ /**
246
+ * Return a duplicate of the internal representation of the key
247
+ * Returns a "xmlSecKeyPtr"
248
+ * @return The duplicate key, or NULL if the key has not been loaded.
249
+ */
250
+ xmlSecKeyPtr dupKey () const;
251
+ /**
252
+ * @return true if valid, false if invalid
253
+ */
254
+ operator int ()
255
+ {
256
+ return isValid();
257
+ }
258
+ /**
259
+ * @return false if valid, true if invalid
260
+ */
261
+ int operator! ()
262
+ {
263
+ return !isValid();
264
+ }
265
+ /**
266
+ * @return true if otherKey has same values this key, false otherwise
267
+ */
268
+ bool operator==(const Key& otherKey) const
269
+ {
270
+ return hasSameValues(otherKey);
271
+ }
272
+ /**
273
+ * @return false if otherKey has same values this key, true otherwise
274
+ */
275
+ bool operator!=(const Key& otherKey) const
276
+ {
277
+ return !hasSameValues(otherKey);
278
+ }
279
+ /**
280
+ * Attach a certificate to the key.
281
+ * @param cert X509 certificate
282
+ * @return 0 on success, -1 if something went wrong
283
+ */
284
+ int addCert (X509CertificatePtr cert);
285
+ /**
286
+ * Attach a list of certificate to the key.
287
+ * @param certs X509 certificates
288
+ * @return Number of certs added on success, -1 if something went wrong
289
+ */
290
+ int addCert (vector<X509CertificatePtr> certs);
291
+ /**
292
+ * Attach certificates from another key to this key.
293
+ * @param certKey key containing X509 certificates
294
+ * @return Number of certs added on success, -1 if something went wrong
295
+ */
296
+ int addCert (KeyPtr certKey);
297
+ /**
298
+ * Attach a certificate from a file.
299
+ * @param fileName The name of the file
300
+ * @param format Key data format string (see Key::loadFromFile() for format list)
301
+ * @return 0 on success, -1 if something went wrong
302
+ */
303
+ int addCertFromFile (string fileName, string format);
304
+ /**
305
+ * Lookup the xmlsec keyDataFormat, given a string.
306
+ * @param formatString Key data format string (see Key::loadFromFile() for format list)
307
+ * @return The xmlSecKeyDataFormat. Returns xmlSecKeyDataFormatUnknown
308
+ * if the string does not match a known type.
309
+ */
310
+ static xmlSecKeyDataFormat findKeyDataFormat (string formatString);
311
+ /**
312
+ * Find key info in document and load the key from there.
313
+ * @param xmlDoc XML document pointer
314
+ * @param keysMngr optional keys manager pointer
315
+ * @return 0 on success, -1 if something went wrong
316
+ */
317
+ int loadFromKeyInfo (xmlDocPtr xmlDoc, xmlSecKeysMngrPtr keysMngr = 0);
318
+ /**
319
+ * Load the key from a key info node.
320
+ * @param xmlNode XML node pointer pointing to a key info node
321
+ * @param keysMngr optional keys manager pointer
322
+ * @return 0 on success, -1 if something went wrong
323
+ */
324
+ int loadFromKeyInfo (xmlNodePtr xmlNode, xmlSecKeysMngrPtr keysMngr = 0);
325
+ /**
326
+ * @return true if otherKey has same values this key, false otherwise
327
+ */
328
+ bool hasSameValues(const Key& otherKey) const;
329
+
330
+ protected:
331
+ /**
332
+ * The internal representation of the key.
333
+ */
334
+ KeyPtrWrap key;
335
+ /// @endcond
336
+ };
337
+
338
+ #endif
@@ -0,0 +1,67 @@
1
+ /*
2
+ * (C) Copyright 2006 VeriSign, Inc.
3
+ * Developed by Sxip Identity
4
+ *
5
+ * Licensed under the Apache License, Version 2.0 (the "License");
6
+ * you may not use this file except in compliance with the License.
7
+ * You may obtain a copy of the License at
8
+ *
9
+ * http://www.apache.org/licenses/LICENSE-2.0
10
+ *
11
+ * Unless required by applicable law or agreed to in writing, software
12
+ * distributed under the License is distributed on an "AS IS" BASIS,
13
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ * See the License for the specific language governing permissions and
15
+ * limitations under the License.
16
+ */
17
+ #ifndef _KEYINFOCTX_H
18
+ #define _KEYINFOCTX_H
19
+
20
+ #include <xmlsec/keyinfo.h>
21
+ #include <assert.h>
22
+ #include "Exceptions.h"
23
+
24
+ class KeyInfoCtx
25
+ {
26
+ public:
27
+ KeyInfoCtx (xmlSecKeysMngrPtr keysMngr = 0)
28
+ : keyInfoCtx (0)
29
+ {
30
+ keyInfoCtx = xmlSecKeyInfoCtxCreate(keysMngr);
31
+ if (!keyInfoCtx)
32
+ {
33
+ THROW_NORET(MemoryError, "Couldn't create key info context");
34
+ }
35
+ }
36
+
37
+ ~KeyInfoCtx ()
38
+ {
39
+ if (keyInfoCtx)
40
+ {
41
+ xmlSecKeyInfoCtxDestroy(keyInfoCtx);
42
+ }
43
+ }
44
+
45
+ operator int ()
46
+ {
47
+ return keyInfoCtx != NULL;
48
+ }
49
+ int operator! ()
50
+ {
51
+ return keyInfoCtx == NULL;
52
+ }
53
+ xmlSecKeyInfoCtxPtr operator-> ()
54
+ {
55
+ assert(keyInfoCtx);
56
+ return keyInfoCtx;
57
+ }
58
+ operator xmlSecKeyInfoCtxPtr ()
59
+ {
60
+ return keyInfoCtx;
61
+ }
62
+
63
+ protected:
64
+ xmlSecKeyInfoCtxPtr keyInfoCtx;
65
+ };
66
+
67
+ #endif
@@ -0,0 +1,180 @@
1
+ /*
2
+ * (C) Copyright 2006 VeriSign, Inc.
3
+ * Developed by Sxip Identity
4
+ *
5
+ * Licensed under the Apache License, Version 2.0 (the "License");
6
+ * you may not use this file except in compliance with the License.
7
+ * You may obtain a copy of the License at
8
+ *
9
+ * http://www.apache.org/licenses/LICENSE-2.0
10
+ *
11
+ * Unless required by applicable law or agreed to in writing, software
12
+ * distributed under the License is distributed on an "AS IS" BASIS,
13
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ * See the License for the specific language governing permissions and
15
+ * limitations under the License.
16
+ */
17
+ #include <string>
18
+ #include <xmlsec/keysmngr.h>
19
+ #include <xmlsec/openssl/app.h>
20
+ #include <xmlsec/openssl/x509.h>
21
+ #include "KeyStore.h"
22
+ #include "Key.h"
23
+ using namespace std;
24
+
25
+
26
+ KeyStore::KeyStore ()
27
+ : mMngr (0)
28
+ {
29
+ mMngr = xmlSecKeysMngrCreate();
30
+ if (mMngr == NULL)
31
+ {
32
+ THROW_NORET(MemoryError, "Failed to create keys manager");
33
+ }
34
+ if (xmlSecOpenSSLAppDefaultKeysMngrInit(mMngr) < 0)
35
+ {
36
+ THROW_NORET(KeyError, "Failed to initialize keys manager");
37
+ }
38
+ }
39
+
40
+
41
+ KeyStore::~KeyStore ()
42
+ {
43
+ if (mMngr)
44
+ {
45
+ xmlSecKeysMngrDestroy(mMngr);
46
+ mMngr = NULL;
47
+ }
48
+ }
49
+
50
+
51
+ int KeyStore::addCert (X509CertificatePtr cert, int isTrusted)
52
+ {
53
+ assert(mMngr);
54
+ xmlSecKeyDataStorePtr x509Store = xmlSecKeysMngrGetDataStore(mMngr, xmlSecOpenSSLX509StoreId);
55
+ if (!x509Store)
56
+ {
57
+ THROW(LibError, "Failed to get X509 store from keys manager", -1);
58
+ }
59
+ X509* rawcert = cert->getDup();
60
+ if (!rawcert)
61
+ {
62
+ return -1;
63
+ }
64
+ if (xmlSecOpenSSLX509StoreAdoptCert(x509Store,
65
+ rawcert,
66
+ isTrusted ? xmlSecKeyDataTypeTrusted : 0) < 0)
67
+ {
68
+ THROW(LibError, "Unable to adopt cert", -1);
69
+ }
70
+ return 0;
71
+ }
72
+
73
+
74
+ int KeyStore::addTrustedCert (X509CertificatePtr cert)
75
+ {
76
+ return addCert(cert, 1);
77
+ }
78
+
79
+
80
+ int KeyStore::addUntrustedCert (X509CertificatePtr cert)
81
+ {
82
+ return addCert(cert, 0);
83
+ }
84
+
85
+
86
+ int KeyStore::addCertFromFile (string fileName, string format, int isTrusted)
87
+ {
88
+ assert(mMngr);
89
+ xmlSecKeyDataFormat formatId = Key::findKeyDataFormat(format.c_str());
90
+ if (xmlSecOpenSSLAppKeysMngrCertLoad(mMngr, fileName.c_str(),
91
+ formatId,
92
+ isTrusted ? xmlSecKeyDataTypeTrusted : 0) < 0)
93
+ {
94
+ THROW(IOError, "Unable to load cert", -1);
95
+ }
96
+ return 0;
97
+ }
98
+
99
+
100
+ int KeyStore::addTrustedCertFromFile (string fileName, string format)
101
+ {
102
+ return addCertFromFile(fileName, format, 1);
103
+ }
104
+
105
+
106
+ int KeyStore::addUntrustedCertFromFile (string fileName, string format)
107
+ {
108
+ return addCertFromFile(fileName, format, 0);
109
+ }
110
+
111
+
112
+ int KeyStore::addKey (KeyPtr key)
113
+ {
114
+ if (!key || !key->isValid())
115
+ {
116
+ THROW(KeyError, "Invalid key", -1);
117
+ }
118
+ xmlSecKeyPtr newKey = key->dupKey();
119
+ if (newKey == NULL)
120
+ {
121
+ return -1;
122
+ }
123
+ if (xmlSecOpenSSLAppDefaultKeysMngrAdoptKey(mMngr, newKey) < 0)
124
+ {
125
+ THROW(LibError, "Can't adopt the key", -1);
126
+ }
127
+ return 0;
128
+ }
129
+
130
+
131
+ int KeyStore::addKeyFromFile (string fileName, string format, string name)
132
+ {
133
+ return addKeyFromFile(fileName, format, name, "");
134
+ }
135
+
136
+
137
+ int KeyStore::addKeyFromFile (string fileName, string format, string name, string password)
138
+ {
139
+ KeyPtr key (new Key());
140
+
141
+ if (!key)
142
+ {
143
+ THROW(MemoryError, "Unable to allocate new key", -1);
144
+ }
145
+ if (key->loadFromFile(fileName, format, password) < 0)
146
+ {
147
+ return -1;
148
+ }
149
+ key->setName(name);
150
+ return addKey(key);
151
+ }
152
+
153
+
154
+ int KeyStore::saveToFile (string fileName)
155
+ {
156
+ assert(mMngr);
157
+ if (xmlSecOpenSSLAppDefaultKeysMngrSave(mMngr, fileName.c_str(), xmlSecKeyDataTypeTrusted) < 0)
158
+ {
159
+ THROW(IOError, "Unable to save key store", -1);
160
+ }
161
+ return 0;
162
+ }
163
+
164
+
165
+ int KeyStore::loadFromFile (string fileName)
166
+ {
167
+ assert(mMngr);
168
+ if (xmlSecOpenSSLAppDefaultKeysMngrLoad(mMngr, fileName.c_str()) < 0)
169
+ {
170
+ THROW(IOError, "Unable to load key store", -1);
171
+ }
172
+ return 0;
173
+ }
174
+
175
+
176
+ xmlSecKeysMngrPtr KeyStore::getKeyStore ()
177
+ {
178
+ assert(mMngr);
179
+ return mMngr;
180
+ }