xmlsig 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.rdoc +0 -0
- data/ext/xmlsig/BioWrap.h +98 -0
- data/ext/xmlsig/DSig.cpp +109 -0
- data/ext/xmlsig/DSig.h +81 -0
- data/ext/xmlsig/DSigCtx.h +72 -0
- data/ext/xmlsig/Exceptions.cpp +151 -0
- data/ext/xmlsig/Exceptions.h +214 -0
- data/ext/xmlsig/Key.cpp +582 -0
- data/ext/xmlsig/Key.h +338 -0
- data/ext/xmlsig/KeyInfoCtx.h +67 -0
- data/ext/xmlsig/KeyStore.cpp +180 -0
- data/ext/xmlsig/KeyStore.h +157 -0
- data/ext/xmlsig/KeysMngrWrap.h +62 -0
- data/ext/xmlsig/NodeSet.h +60 -0
- data/ext/xmlsig/Signer.cpp +691 -0
- data/ext/xmlsig/Signer.h +373 -0
- data/ext/xmlsig/TrustVerifier.cpp +145 -0
- data/ext/xmlsig/TrustVerifier.h +174 -0
- data/ext/xmlsig/Verifier.cpp +677 -0
- data/ext/xmlsig/Verifier.h +313 -0
- data/ext/xmlsig/X509Certificate.cpp +362 -0
- data/ext/xmlsig/X509Certificate.h +146 -0
- data/ext/xmlsig/XPath.cpp +173 -0
- data/ext/xmlsig/XPath.h +156 -0
- data/ext/xmlsig/XPathCtx.h +68 -0
- data/ext/xmlsig/XmlCharBuf.h +60 -0
- data/ext/xmlsig/XmlDoc.cpp +278 -0
- data/ext/xmlsig/XmlDoc.h +157 -0
- data/ext/xmlsig/XmlElement.cpp +151 -0
- data/ext/xmlsig/XmlElement.h +134 -0
- data/ext/xmlsig/countptr.h +260 -0
- data/ext/xmlsig/extconf.rb +58 -0
- data/ext/xmlsig/runtests.rb +23 -0
- data/ext/xmlsig/swig/countptr.i +27 -0
- data/ext/xmlsig/swig/exceptions.i +79 -0
- data/ext/xmlsig/swig/ruby.i +17 -0
- data/ext/xmlsig/swig/xmlsig.i +405 -0
- data/ext/xmlsig/t/tc_cert.rb +34 -0
- data/ext/xmlsig/t/tc_interface.rb +158 -0
- data/ext/xmlsig/t/tc_signer.rb +501 -0
- data/ext/xmlsig/t/tc_tsik.rb +490 -0
- data/ext/xmlsig/t/tc_verifier.rb +151 -0
- data/ext/xmlsig/t/tsik_interop/sign.rb +48 -0
- data/ext/xmlsig/t/tsik_interop/verify.rb +31 -0
- data/ext/xmlsig/t/tsik_interop/verify_own.rb +46 -0
- data/ext/xmlsig/xmlsig.cpp +13363 -0
- data/lib/xmlsig.rb +1 -0
- metadata +113 -0
data/ext/xmlsig/Key.h
ADDED
@@ -0,0 +1,338 @@
|
|
1
|
+
/*
|
2
|
+
* (C) Copyright 2006 VeriSign, Inc.
|
3
|
+
* Developed by Sxip Identity
|
4
|
+
*
|
5
|
+
* Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
* you may not use this file except in compliance with the License.
|
7
|
+
* You may obtain a copy of the License at
|
8
|
+
*
|
9
|
+
* http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
*
|
11
|
+
* Unless required by applicable law or agreed to in writing, software
|
12
|
+
* distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
* See the License for the specific language governing permissions and
|
15
|
+
* limitations under the License.
|
16
|
+
*/
|
17
|
+
#ifndef _KEY_H
|
18
|
+
#define _KEY_H
|
19
|
+
#include <string>
|
20
|
+
#include <vector>
|
21
|
+
#include <assert.h>
|
22
|
+
#include <xmlsec/keysdata.h>
|
23
|
+
#include <xmlsec/keys.h>
|
24
|
+
#include "Exceptions.h"
|
25
|
+
|
26
|
+
class Key;
|
27
|
+
|
28
|
+
#include "countptr.h"
|
29
|
+
typedef CountPtrTo<Key> KeyPtr;
|
30
|
+
|
31
|
+
#include "X509Certificate.h"
|
32
|
+
using namespace std;
|
33
|
+
|
34
|
+
/// @cond NO_INTERFACE
|
35
|
+
/**
|
36
|
+
* Wrap a raw xmlSecKeyPtr. Does not reference count.
|
37
|
+
*/
|
38
|
+
class KeyPtrWrap
|
39
|
+
{
|
40
|
+
public:
|
41
|
+
KeyPtrWrap() : key(0)
|
42
|
+
{}
|
43
|
+
KeyPtrWrap(xmlSecKeyPtr newkey) : key(newkey)
|
44
|
+
{}
|
45
|
+
KeyPtrWrap(const KeyPtrWrap&);
|
46
|
+
~KeyPtrWrap();
|
47
|
+
|
48
|
+
const KeyPtrWrap& operator= (const KeyPtrWrap&);
|
49
|
+
const KeyPtrWrap& operator= (xmlSecKeyPtr);
|
50
|
+
|
51
|
+
xmlSecKeyPtr operator-> ()
|
52
|
+
{
|
53
|
+
assert(key);
|
54
|
+
return key;
|
55
|
+
}
|
56
|
+
const xmlSecKeyPtr operator-> () const
|
57
|
+
{
|
58
|
+
assert(key);
|
59
|
+
return key;
|
60
|
+
}
|
61
|
+
|
62
|
+
operator xmlSecKeyPtr ()
|
63
|
+
{
|
64
|
+
return key;
|
65
|
+
}
|
66
|
+
|
67
|
+
bool isValid () const;
|
68
|
+
operator const void* () const
|
69
|
+
{
|
70
|
+
return isValid() ? key : 0;
|
71
|
+
}
|
72
|
+
|
73
|
+
xmlSecKeyPtr copy () const;
|
74
|
+
KeyPtrWrap& create ();
|
75
|
+
|
76
|
+
xmlSecKeyPtr getKey () const
|
77
|
+
{
|
78
|
+
return key;
|
79
|
+
}
|
80
|
+
|
81
|
+
protected:
|
82
|
+
void freeKey();
|
83
|
+
|
84
|
+
xmlSecKeyPtr key;
|
85
|
+
};
|
86
|
+
/// @endcond
|
87
|
+
|
88
|
+
/**
|
89
|
+
* Encapsulates a digital key.
|
90
|
+
* The Key class provides an interface to the lower level xmlsec1 key
|
91
|
+
* data structure.
|
92
|
+
*
|
93
|
+
* The Key may contain a private or public key associated with
|
94
|
+
* the following different algorithms:
|
95
|
+
* - dsa - Digital Signature Algorithm
|
96
|
+
* - rsa - RSA public key cryptosystem
|
97
|
+
* - hmac - HMAC message authentication code
|
98
|
+
*
|
99
|
+
* Key objects may also contain X.509 certificates (X509Certificate
|
100
|
+
* objects), which will then be included in signed documents. The Key
|
101
|
+
* may also be extracted from an X.509 certificate.
|
102
|
+
*
|
103
|
+
* File formats supported are:
|
104
|
+
* - binary key data
|
105
|
+
* - PEM key data (cert or public/private key)
|
106
|
+
* - DER key data (cert or public/private key)
|
107
|
+
* - PKCS8 PEM private key
|
108
|
+
* - PKCS8 DER private ke.
|
109
|
+
* - PKCS12 format (bag of keys and certs)
|
110
|
+
* - PEM cert
|
111
|
+
* - DER cert
|
112
|
+
*/
|
113
|
+
class Key
|
114
|
+
{
|
115
|
+
public:
|
116
|
+
/**
|
117
|
+
* Create an empty Key object.
|
118
|
+
*/
|
119
|
+
Key ();
|
120
|
+
/**
|
121
|
+
* Creates a duplicate key from a raw xmlsec pointer.
|
122
|
+
* @param key Key to copy
|
123
|
+
*/
|
124
|
+
Key (xmlSecKeyPtr key);
|
125
|
+
/**
|
126
|
+
* Create a key from an X.509 certificate.
|
127
|
+
* @param cert Certificate to create key from
|
128
|
+
*/
|
129
|
+
Key (X509CertificatePtr cert);
|
130
|
+
/**
|
131
|
+
* Create key from an X.509 certificate chain.
|
132
|
+
* @param certs Certificates to create key from (use first in chain)
|
133
|
+
*/
|
134
|
+
Key (vector<X509CertificatePtr> certs);
|
135
|
+
/**
|
136
|
+
* Destructor.
|
137
|
+
* Will free the internal key representation, if one has been created.
|
138
|
+
*/
|
139
|
+
~Key ();
|
140
|
+
|
141
|
+
/**
|
142
|
+
* Load a key from a file.
|
143
|
+
* @param fileName The name of the file
|
144
|
+
* @param format The key data format string. Must be one of the
|
145
|
+
* following strings:
|
146
|
+
* - binary
|
147
|
+
* - pem
|
148
|
+
* - der
|
149
|
+
* - pkcs8_pem
|
150
|
+
* - pkcs8_der
|
151
|
+
* - pkcs12
|
152
|
+
* - cert_pem
|
153
|
+
* - cert_der
|
154
|
+
* - unknown
|
155
|
+
* @param password Optionally provide a password to unlock the
|
156
|
+
* key. Empty string means "no password".
|
157
|
+
* @return 0 on success, -1 if something went wrong
|
158
|
+
* @throws IOError on load failure
|
159
|
+
*/
|
160
|
+
int loadFromFile (string fileName, string format, string password);
|
161
|
+
/**
|
162
|
+
* Load a key from an XML file containing a key info node
|
163
|
+
* @param fileName The name of the file
|
164
|
+
* @return 0 on success, -1 if something went wrong
|
165
|
+
*/
|
166
|
+
int loadFromKeyInfoFile (string fileName);
|
167
|
+
/**
|
168
|
+
* Load an HMAC key from a string.
|
169
|
+
* @param hMACString A string
|
170
|
+
* @return 0 on success, -1 on error
|
171
|
+
*/
|
172
|
+
int loadHMACFromString (string hMACString);
|
173
|
+
|
174
|
+
/**
|
175
|
+
* Set key name
|
176
|
+
* @param name Name of key
|
177
|
+
* @return 0 on success, -1 if something went wrong
|
178
|
+
*/
|
179
|
+
int setName (string name);
|
180
|
+
/**
|
181
|
+
* Get key name.
|
182
|
+
* @return name, possibly empty
|
183
|
+
*/
|
184
|
+
string getName ();
|
185
|
+
/**
|
186
|
+
* Key validity check.
|
187
|
+
* @return true if key and key's id are non-null
|
188
|
+
*/
|
189
|
+
int isValid () const;
|
190
|
+
|
191
|
+
/**
|
192
|
+
* Retrieve certificate from key if it exists.
|
193
|
+
* @return An X509 certificate, or null if none exists
|
194
|
+
*/
|
195
|
+
X509CertificatePtr getCertificate ();
|
196
|
+
/**
|
197
|
+
* Retrieve all certificates from key.
|
198
|
+
* @return X509 certificates, or an empty list if none exists
|
199
|
+
*/
|
200
|
+
vector<X509CertificatePtr> getCertificateChain ();
|
201
|
+
|
202
|
+
/// @cond NO_INTERFACE
|
203
|
+
/**
|
204
|
+
* Copy constructor, creates duplicate key.
|
205
|
+
* @param key Key to copy
|
206
|
+
*/
|
207
|
+
Key (const Key& key);
|
208
|
+
/**
|
209
|
+
* Assignment operator creates duplicate key
|
210
|
+
* @param key Key to copy
|
211
|
+
* @return Copied key
|
212
|
+
*/
|
213
|
+
const Key& operator= (const Key& key);
|
214
|
+
/**
|
215
|
+
* Create a new key
|
216
|
+
* @return 0 on success, -1 if something went wrong
|
217
|
+
*/
|
218
|
+
int create ();
|
219
|
+
/**
|
220
|
+
* Dump the contents of the key to stdout.
|
221
|
+
* Handy for debugging.
|
222
|
+
*/
|
223
|
+
void dump ();
|
224
|
+
/**
|
225
|
+
* Return the internal representation of the key
|
226
|
+
* Returns a "xmlSecKeyPtr"
|
227
|
+
* @return The internal representation of the key, or NULL if the key has not been loaded.
|
228
|
+
*/
|
229
|
+
xmlSecKeyPtr getKey () const;
|
230
|
+
/**
|
231
|
+
* Cast to xmlSecKeyPtr type
|
232
|
+
*/
|
233
|
+
operator xmlSecKeyPtr ()
|
234
|
+
{
|
235
|
+
return getKey();
|
236
|
+
}
|
237
|
+
/**
|
238
|
+
* Conversion to xmlSecKeyPtr type
|
239
|
+
*/
|
240
|
+
xmlSecKeyPtr operator-> ()
|
241
|
+
{
|
242
|
+
assert(key);
|
243
|
+
return getKey();
|
244
|
+
}
|
245
|
+
/**
|
246
|
+
* Return a duplicate of the internal representation of the key
|
247
|
+
* Returns a "xmlSecKeyPtr"
|
248
|
+
* @return The duplicate key, or NULL if the key has not been loaded.
|
249
|
+
*/
|
250
|
+
xmlSecKeyPtr dupKey () const;
|
251
|
+
/**
|
252
|
+
* @return true if valid, false if invalid
|
253
|
+
*/
|
254
|
+
operator int ()
|
255
|
+
{
|
256
|
+
return isValid();
|
257
|
+
}
|
258
|
+
/**
|
259
|
+
* @return false if valid, true if invalid
|
260
|
+
*/
|
261
|
+
int operator! ()
|
262
|
+
{
|
263
|
+
return !isValid();
|
264
|
+
}
|
265
|
+
/**
|
266
|
+
* @return true if otherKey has same values this key, false otherwise
|
267
|
+
*/
|
268
|
+
bool operator==(const Key& otherKey) const
|
269
|
+
{
|
270
|
+
return hasSameValues(otherKey);
|
271
|
+
}
|
272
|
+
/**
|
273
|
+
* @return false if otherKey has same values this key, true otherwise
|
274
|
+
*/
|
275
|
+
bool operator!=(const Key& otherKey) const
|
276
|
+
{
|
277
|
+
return !hasSameValues(otherKey);
|
278
|
+
}
|
279
|
+
/**
|
280
|
+
* Attach a certificate to the key.
|
281
|
+
* @param cert X509 certificate
|
282
|
+
* @return 0 on success, -1 if something went wrong
|
283
|
+
*/
|
284
|
+
int addCert (X509CertificatePtr cert);
|
285
|
+
/**
|
286
|
+
* Attach a list of certificate to the key.
|
287
|
+
* @param certs X509 certificates
|
288
|
+
* @return Number of certs added on success, -1 if something went wrong
|
289
|
+
*/
|
290
|
+
int addCert (vector<X509CertificatePtr> certs);
|
291
|
+
/**
|
292
|
+
* Attach certificates from another key to this key.
|
293
|
+
* @param certKey key containing X509 certificates
|
294
|
+
* @return Number of certs added on success, -1 if something went wrong
|
295
|
+
*/
|
296
|
+
int addCert (KeyPtr certKey);
|
297
|
+
/**
|
298
|
+
* Attach a certificate from a file.
|
299
|
+
* @param fileName The name of the file
|
300
|
+
* @param format Key data format string (see Key::loadFromFile() for format list)
|
301
|
+
* @return 0 on success, -1 if something went wrong
|
302
|
+
*/
|
303
|
+
int addCertFromFile (string fileName, string format);
|
304
|
+
/**
|
305
|
+
* Lookup the xmlsec keyDataFormat, given a string.
|
306
|
+
* @param formatString Key data format string (see Key::loadFromFile() for format list)
|
307
|
+
* @return The xmlSecKeyDataFormat. Returns xmlSecKeyDataFormatUnknown
|
308
|
+
* if the string does not match a known type.
|
309
|
+
*/
|
310
|
+
static xmlSecKeyDataFormat findKeyDataFormat (string formatString);
|
311
|
+
/**
|
312
|
+
* Find key info in document and load the key from there.
|
313
|
+
* @param xmlDoc XML document pointer
|
314
|
+
* @param keysMngr optional keys manager pointer
|
315
|
+
* @return 0 on success, -1 if something went wrong
|
316
|
+
*/
|
317
|
+
int loadFromKeyInfo (xmlDocPtr xmlDoc, xmlSecKeysMngrPtr keysMngr = 0);
|
318
|
+
/**
|
319
|
+
* Load the key from a key info node.
|
320
|
+
* @param xmlNode XML node pointer pointing to a key info node
|
321
|
+
* @param keysMngr optional keys manager pointer
|
322
|
+
* @return 0 on success, -1 if something went wrong
|
323
|
+
*/
|
324
|
+
int loadFromKeyInfo (xmlNodePtr xmlNode, xmlSecKeysMngrPtr keysMngr = 0);
|
325
|
+
/**
|
326
|
+
* @return true if otherKey has same values this key, false otherwise
|
327
|
+
*/
|
328
|
+
bool hasSameValues(const Key& otherKey) const;
|
329
|
+
|
330
|
+
protected:
|
331
|
+
/**
|
332
|
+
* The internal representation of the key.
|
333
|
+
*/
|
334
|
+
KeyPtrWrap key;
|
335
|
+
/// @endcond
|
336
|
+
};
|
337
|
+
|
338
|
+
#endif
|
@@ -0,0 +1,67 @@
|
|
1
|
+
/*
|
2
|
+
* (C) Copyright 2006 VeriSign, Inc.
|
3
|
+
* Developed by Sxip Identity
|
4
|
+
*
|
5
|
+
* Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
* you may not use this file except in compliance with the License.
|
7
|
+
* You may obtain a copy of the License at
|
8
|
+
*
|
9
|
+
* http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
*
|
11
|
+
* Unless required by applicable law or agreed to in writing, software
|
12
|
+
* distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
* See the License for the specific language governing permissions and
|
15
|
+
* limitations under the License.
|
16
|
+
*/
|
17
|
+
#ifndef _KEYINFOCTX_H
|
18
|
+
#define _KEYINFOCTX_H
|
19
|
+
|
20
|
+
#include <xmlsec/keyinfo.h>
|
21
|
+
#include <assert.h>
|
22
|
+
#include "Exceptions.h"
|
23
|
+
|
24
|
+
class KeyInfoCtx
|
25
|
+
{
|
26
|
+
public:
|
27
|
+
KeyInfoCtx (xmlSecKeysMngrPtr keysMngr = 0)
|
28
|
+
: keyInfoCtx (0)
|
29
|
+
{
|
30
|
+
keyInfoCtx = xmlSecKeyInfoCtxCreate(keysMngr);
|
31
|
+
if (!keyInfoCtx)
|
32
|
+
{
|
33
|
+
THROW_NORET(MemoryError, "Couldn't create key info context");
|
34
|
+
}
|
35
|
+
}
|
36
|
+
|
37
|
+
~KeyInfoCtx ()
|
38
|
+
{
|
39
|
+
if (keyInfoCtx)
|
40
|
+
{
|
41
|
+
xmlSecKeyInfoCtxDestroy(keyInfoCtx);
|
42
|
+
}
|
43
|
+
}
|
44
|
+
|
45
|
+
operator int ()
|
46
|
+
{
|
47
|
+
return keyInfoCtx != NULL;
|
48
|
+
}
|
49
|
+
int operator! ()
|
50
|
+
{
|
51
|
+
return keyInfoCtx == NULL;
|
52
|
+
}
|
53
|
+
xmlSecKeyInfoCtxPtr operator-> ()
|
54
|
+
{
|
55
|
+
assert(keyInfoCtx);
|
56
|
+
return keyInfoCtx;
|
57
|
+
}
|
58
|
+
operator xmlSecKeyInfoCtxPtr ()
|
59
|
+
{
|
60
|
+
return keyInfoCtx;
|
61
|
+
}
|
62
|
+
|
63
|
+
protected:
|
64
|
+
xmlSecKeyInfoCtxPtr keyInfoCtx;
|
65
|
+
};
|
66
|
+
|
67
|
+
#endif
|
@@ -0,0 +1,180 @@
|
|
1
|
+
/*
|
2
|
+
* (C) Copyright 2006 VeriSign, Inc.
|
3
|
+
* Developed by Sxip Identity
|
4
|
+
*
|
5
|
+
* Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
* you may not use this file except in compliance with the License.
|
7
|
+
* You may obtain a copy of the License at
|
8
|
+
*
|
9
|
+
* http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
*
|
11
|
+
* Unless required by applicable law or agreed to in writing, software
|
12
|
+
* distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
* See the License for the specific language governing permissions and
|
15
|
+
* limitations under the License.
|
16
|
+
*/
|
17
|
+
#include <string>
|
18
|
+
#include <xmlsec/keysmngr.h>
|
19
|
+
#include <xmlsec/openssl/app.h>
|
20
|
+
#include <xmlsec/openssl/x509.h>
|
21
|
+
#include "KeyStore.h"
|
22
|
+
#include "Key.h"
|
23
|
+
using namespace std;
|
24
|
+
|
25
|
+
|
26
|
+
KeyStore::KeyStore ()
|
27
|
+
: mMngr (0)
|
28
|
+
{
|
29
|
+
mMngr = xmlSecKeysMngrCreate();
|
30
|
+
if (mMngr == NULL)
|
31
|
+
{
|
32
|
+
THROW_NORET(MemoryError, "Failed to create keys manager");
|
33
|
+
}
|
34
|
+
if (xmlSecOpenSSLAppDefaultKeysMngrInit(mMngr) < 0)
|
35
|
+
{
|
36
|
+
THROW_NORET(KeyError, "Failed to initialize keys manager");
|
37
|
+
}
|
38
|
+
}
|
39
|
+
|
40
|
+
|
41
|
+
KeyStore::~KeyStore ()
|
42
|
+
{
|
43
|
+
if (mMngr)
|
44
|
+
{
|
45
|
+
xmlSecKeysMngrDestroy(mMngr);
|
46
|
+
mMngr = NULL;
|
47
|
+
}
|
48
|
+
}
|
49
|
+
|
50
|
+
|
51
|
+
int KeyStore::addCert (X509CertificatePtr cert, int isTrusted)
|
52
|
+
{
|
53
|
+
assert(mMngr);
|
54
|
+
xmlSecKeyDataStorePtr x509Store = xmlSecKeysMngrGetDataStore(mMngr, xmlSecOpenSSLX509StoreId);
|
55
|
+
if (!x509Store)
|
56
|
+
{
|
57
|
+
THROW(LibError, "Failed to get X509 store from keys manager", -1);
|
58
|
+
}
|
59
|
+
X509* rawcert = cert->getDup();
|
60
|
+
if (!rawcert)
|
61
|
+
{
|
62
|
+
return -1;
|
63
|
+
}
|
64
|
+
if (xmlSecOpenSSLX509StoreAdoptCert(x509Store,
|
65
|
+
rawcert,
|
66
|
+
isTrusted ? xmlSecKeyDataTypeTrusted : 0) < 0)
|
67
|
+
{
|
68
|
+
THROW(LibError, "Unable to adopt cert", -1);
|
69
|
+
}
|
70
|
+
return 0;
|
71
|
+
}
|
72
|
+
|
73
|
+
|
74
|
+
int KeyStore::addTrustedCert (X509CertificatePtr cert)
|
75
|
+
{
|
76
|
+
return addCert(cert, 1);
|
77
|
+
}
|
78
|
+
|
79
|
+
|
80
|
+
int KeyStore::addUntrustedCert (X509CertificatePtr cert)
|
81
|
+
{
|
82
|
+
return addCert(cert, 0);
|
83
|
+
}
|
84
|
+
|
85
|
+
|
86
|
+
int KeyStore::addCertFromFile (string fileName, string format, int isTrusted)
|
87
|
+
{
|
88
|
+
assert(mMngr);
|
89
|
+
xmlSecKeyDataFormat formatId = Key::findKeyDataFormat(format.c_str());
|
90
|
+
if (xmlSecOpenSSLAppKeysMngrCertLoad(mMngr, fileName.c_str(),
|
91
|
+
formatId,
|
92
|
+
isTrusted ? xmlSecKeyDataTypeTrusted : 0) < 0)
|
93
|
+
{
|
94
|
+
THROW(IOError, "Unable to load cert", -1);
|
95
|
+
}
|
96
|
+
return 0;
|
97
|
+
}
|
98
|
+
|
99
|
+
|
100
|
+
int KeyStore::addTrustedCertFromFile (string fileName, string format)
|
101
|
+
{
|
102
|
+
return addCertFromFile(fileName, format, 1);
|
103
|
+
}
|
104
|
+
|
105
|
+
|
106
|
+
int KeyStore::addUntrustedCertFromFile (string fileName, string format)
|
107
|
+
{
|
108
|
+
return addCertFromFile(fileName, format, 0);
|
109
|
+
}
|
110
|
+
|
111
|
+
|
112
|
+
int KeyStore::addKey (KeyPtr key)
|
113
|
+
{
|
114
|
+
if (!key || !key->isValid())
|
115
|
+
{
|
116
|
+
THROW(KeyError, "Invalid key", -1);
|
117
|
+
}
|
118
|
+
xmlSecKeyPtr newKey = key->dupKey();
|
119
|
+
if (newKey == NULL)
|
120
|
+
{
|
121
|
+
return -1;
|
122
|
+
}
|
123
|
+
if (xmlSecOpenSSLAppDefaultKeysMngrAdoptKey(mMngr, newKey) < 0)
|
124
|
+
{
|
125
|
+
THROW(LibError, "Can't adopt the key", -1);
|
126
|
+
}
|
127
|
+
return 0;
|
128
|
+
}
|
129
|
+
|
130
|
+
|
131
|
+
int KeyStore::addKeyFromFile (string fileName, string format, string name)
|
132
|
+
{
|
133
|
+
return addKeyFromFile(fileName, format, name, "");
|
134
|
+
}
|
135
|
+
|
136
|
+
|
137
|
+
int KeyStore::addKeyFromFile (string fileName, string format, string name, string password)
|
138
|
+
{
|
139
|
+
KeyPtr key (new Key());
|
140
|
+
|
141
|
+
if (!key)
|
142
|
+
{
|
143
|
+
THROW(MemoryError, "Unable to allocate new key", -1);
|
144
|
+
}
|
145
|
+
if (key->loadFromFile(fileName, format, password) < 0)
|
146
|
+
{
|
147
|
+
return -1;
|
148
|
+
}
|
149
|
+
key->setName(name);
|
150
|
+
return addKey(key);
|
151
|
+
}
|
152
|
+
|
153
|
+
|
154
|
+
int KeyStore::saveToFile (string fileName)
|
155
|
+
{
|
156
|
+
assert(mMngr);
|
157
|
+
if (xmlSecOpenSSLAppDefaultKeysMngrSave(mMngr, fileName.c_str(), xmlSecKeyDataTypeTrusted) < 0)
|
158
|
+
{
|
159
|
+
THROW(IOError, "Unable to save key store", -1);
|
160
|
+
}
|
161
|
+
return 0;
|
162
|
+
}
|
163
|
+
|
164
|
+
|
165
|
+
int KeyStore::loadFromFile (string fileName)
|
166
|
+
{
|
167
|
+
assert(mMngr);
|
168
|
+
if (xmlSecOpenSSLAppDefaultKeysMngrLoad(mMngr, fileName.c_str()) < 0)
|
169
|
+
{
|
170
|
+
THROW(IOError, "Unable to load key store", -1);
|
171
|
+
}
|
172
|
+
return 0;
|
173
|
+
}
|
174
|
+
|
175
|
+
|
176
|
+
xmlSecKeysMngrPtr KeyStore::getKeyStore ()
|
177
|
+
{
|
178
|
+
assert(mMngr);
|
179
|
+
return mMngr;
|
180
|
+
}
|