1 /**
2  * Licensed to the Apache Software Foundation (ASF) under one
3  * or more contributor license agreements. See the NOTICE file
4  * distributed with this work for additional information
5  * regarding copyright ownership. The ASF licenses this file
6  * to you under the Apache License, Version 2.0 (the
7  * "License"); you may not use this file except in compliance
8  * with the License. You may obtain a copy of the License at
9  *
10  * http://www.apache.org/licenses/LICENSE-2.0
11  *
12  * Unless required by applicable law or agreed to in writing,
13  * software distributed under the License is distributed on an
14  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15  * KIND, either express or implied. See the License for the
16  * specific language governing permissions and limitations
17  * under the License.
18  */
19 
20 /*
21  * XSEC
22  *
23  * DSIGKeyInfoX509 := A "Super" key that defines a certificate with a sub-key that defines
24  *                the signing key
25  *
26  * $Id: DSIGKeyInfoX509.hpp 1808174 2017-09-12 21:50:30Z scantor $
27  *
28  */
29 
30 #ifndef DSIGKEYINFOX509_INCLUDE
31 #define DSIGKEYINFOX509_INCLUDE
32 
33 #include <xsec/utils/XSECSafeBuffer.hpp>
34 #include <xsec/dsig/DSIGKeyInfo.hpp>
35 #include <xsec/enc/XSECCryptoX509.hpp>
36 
37 #include <vector>
38 
39 XSEC_USING_XERCES(DOMElement);
40 
41 /**
42  * @ingroup pubsig
43  */
44 
45 /**
46  * @brief The class for \<X509Data\> nodes in a KeyInfo list.
47  *
48  * Class for holding information on a X509Data node as well as setting
49  * such a node in a signature.
50  *
51  */
52 
53 
54 class XSEC_EXPORT DSIGKeyInfoX509 : public DSIGKeyInfo {
55 
56 public:
57 
58 
59 	struct X509Holder {
60 
61 		const XMLCh			* mp_encodedX509;		// Base64 encoding
62 		XSECCryptoX509		* mp_cryptoX509;		// The certificate
63 
64 	};
65 
66 #if defined(XSEC_NO_NAMESPACES)
67 	typedef vector<X509Holder *>			X509ListType;
68     typedef vector<const XMLCh *>           X509CRLListType;
69 #else
70 	typedef std::vector<X509Holder *>		X509ListType;
71     typedef std::vector<const XMLCh *>      X509CRLListType;
72 #endif
73 
74 #if defined(XSEC_SIZE_T_IN_NAMESPACE_STD)
75 	typedef std::size_t		size_type;
76 #else
77 	typedef size_t			size_type;
78 #endif
79 
80 	/** @name Constructors and Destructors */
81 	//@{
82 
83 	/**
84 	 * \brief Constructor used when XML structures exist.
85 	 *
86 	 * Constructor called by interface class when loading an
87 	 * X509Data element from DOM nodes.
88 	 *
89 	 * @param env Operating environment
90 	 * @param X509Data DOMNode at start of data
91 	 */
92 
93 	DSIGKeyInfoX509(const XSECEnv * env, XERCES_CPP_NAMESPACE_QUALIFIER DOMNode *X509Data);
94 
95 	/**
96 	 * \brief Constructor called when building XML structures
97 	 *
98 	 * Constructor called by interface class when an XML
99 	 * structure is being built by a user calling the API
100 	 *
101 	 * @param env Operating environment
102 	 */
103 
104 	DSIGKeyInfoX509(const XSECEnv * env);
105 
106 	/**
107 	 * \brief Destructor
108 	 */
109 
110 	virtual ~DSIGKeyInfoX509();
111 
112 	//@}
113 
114 	/** @name Load function and get methods */
115 	//@{
116 
117 	/**
118 	 * \brief Function called to load an XML structure
119 	 *
120 	 * Function called by intercace class to load an X509Data structure
121 	 * from DOMNodes.
122 	 */
123 
124 	virtual void load();
125 
126 	/**
127 	 * \brief Get the name of the certificate
128 	 *
129 	 * Get the name stored in the X509SubjectName element (if it
130 	 * exists).
131 	 *
132 	 * @returns A pointer to a buffer containing the name
133 	 * (NULL if not set.)
134 	 */
135 
136 	const XMLCh * getX509SubjectName(void) const;
137 
138 	/**
139 	 * \brief Get the name of the certificate (interface function)
140 	 *
141 	 * Get the name stored in the X509SubjectName element (if it
142 	 * exists).
143 	 *
144 	 * @returns A pointer to the buffer containing the name (or NULL if not set).
145 	 * The decoded string is returned.
146 	 * @see setX509SubjectName(void)
147 	 */
148 
149 	const XMLCh * getKeyName(void) const;
150 
151     /**
152      * \brief Get the X509Digest Algorithm
153      *
154      * Get the Algorithm for the X509Digest.
155      *
156      * @returns A pointer to the buffer containing the algorithm
157      * (0 if not set.)
158      */
159 
160 	const XMLCh* getX509DigestAlgorithm(void) const;
161 
162     /**
163      * \brief Get the X509Digest value
164      *
165      * Get the value for the X509Digest.
166      *
167      * @returns A pointer to the buffer containing the digest
168      * (0 if not set.)
169      */
170 
171 	const XMLCh* getX509DigestValue(void) const;
172 
173     /**
174      * \brief Get the IssuerSerialName
175      *
176      * Get the name of the Issuer (stored in the X509IssuerSerial element).
177      *
178      * @returns A pointer to the buffer containing the issuer name.
179      * (0 if not set.)
180      */
181 
182 	const XMLCh * getX509IssuerName(void) const;
183 
184 	/**
185 	 * \brief Get the IsserSerialNumber
186 	 *
187 	 * Get the serial number of the certificate of the issuer of the
188 	 * signing certificate.
189 	 *
190 	 * @returns A pointer to the string containing the IssuerSerialNumber.
191 	 * (0 if not set.)  This is the decoded string.
192 	 * @see setX509IssuerSerial
193 	 */
194 
195 	const XMLCh * getX509IssuerSerialNumber(void) const;
196 
197 	/**
198 	 * \brief Get the first associated CRL
199 	 *
200 	 * Return the string containing the base64 encoded CRL that was held in
201 	 * the first X509CRL node
202 	 *
203 	 * @returns A pointer to the string containing the CRL
204 	 * (0 if not set)
205 	 */
206 
207 	const XMLCh * getX509CRL(void) const;
208 
209     /**
210      * \brief Find the number of CRLs held
211      *
212      * Find the number of CRLs held in the X509Data structures.
213      *
214      * @returns The number of CRLs
215      */
216 
217     int getX509CRLListSize(void) const;
218 
219     /**
220      * \brief Get the DER encoded CRL pointed to in the list.
221      *
222      * Use the index to find the required CRL and return a pointer
223      * to the buffer containing the encoded CRL.
224      *
225      * @returns A pointer to the buffer containing the CRL or 0 if
226      * no CRL exists at that point in the list.
227      */
228 
229     const XMLCh * getX509CRLItem(int item) const;
230 
231 	/**
232 	 * \brief Get the SKI value (if set)
233 	 *
234 	 * The SKI (Subject Key Identifier) can be used to reference a
235 	 * required certificate.  If this was set in the KeyInfo element,
236 	 * this function will return the value
237 	 *
238 	 * @returns the base64 encoded (plan - not DER) encoded SKI value
239 	 */
240 
241 	const XMLCh * getX509SKI(void) const;
242 
243 	/**
244 	 * \brief Return the raw Retrieval method to find this certificate
245 	 *
246 	 * In some cases, the KeyInfo RetrievalMethod references a raw certificate
247 	 * In such cases, the library simply creates a KeyInfoX509 object and sets
248 	 * this string to allow others to find the certificate
249 	 */
250 
251 	const XMLCh * getRawRetrievalURI(void) const;
252 
253 	/**
254 	 * \brief Find the number of certificates held
255 	 *
256 	 * Find the number of certificates held in the X509Data structures.
257 	 *
258 	 * @returns The number of certificates
259 	 */
260 
261 	int getCertificateListSize(void) const;
262 
263 	/**
264 	 * \brief Get the DER encoded certificate pointed to in the list.
265 	 *
266 	 * Use the index to find the required certificate and return a pointer
267 	 * to the buffer containing the encoded certificate.
268 	 *
269 	 * @returns A pointer to the buffer containing the certificate or 0 if
270 	 * no certificate exists at that point in the list.
271 	 */
272 
273 	const XMLCh * getCertificateItem(int item) const;
274 
275 	/**
276 	 * \brief Get the Crypto Interface X509 structure version of the certificate
277 	 *
278 	 * Use the index to find the required certificate and return a pointer
279 	 * to the XSECCryptoX509 cert
280 	 *
281 	 * @returns A pointer to the XSECCryptoX509 cert structure
282 	 */
283 
284 	XSECCryptoX509 * getCertificateCryptoItem(int item);
285 
286     /**
287 	 * \brief Get the Crypto Interface X509 structure version of the certificate
288 	 *
289 	 * Use the index to find the required certificate and return a pointer
290 	 * to the XSECCryptoX509 cert
291 	 *
292 	 * @returns A pointer to the XSECCryptoX509 cert structure
293 	 */
294 
295 	const XSECCryptoX509 * getCertificateCryptoItem(int item) const;
296 
297 	/**
298 	 * \brief Interface function to find the type of this KeyInfo
299 	 */
300 
getKeyInfoType(void) const301 	virtual keyInfoType getKeyInfoType(void) const {return DSIGKeyInfo::KEYINFO_X509;}
302 
303 	//@}
304 
305 	/** @name Create and Set functions */
306 	//@{
307 
308 	/**
309 	 * \brief Create a new X509 data element.
310 	 *
311 	 * Create a blank (empty) X509Data element that can then be used
312 	 * by the application to add X509Data elements.
313 	 *
314 	 * @returns A pointer to the new X509Data element.
315 	 */
316 
317 	XERCES_CPP_NAMESPACE_QUALIFIER DOMElement *
318 		createBlankX509Data(void);
319 
320 	/**
321 	 * \brief Set the X509SubjectName element in the KeyInfo element.
322 	 *
323 	 * If a X509SubjectName element exists, replace the text with the
324 	 * provided text.  Otherwise create the element and set the text.
325 	 *
326 	 * @note XMLDSIG requires Distinguished Names be encoded in a defined
327 	 * manner (escaping '<' characters etc.).  This method will perform
328 	 * this encoding prior to creating the DOM nodes.
329 	 *
330 	 * @param name The name to set.
331 	 */
332 
333 	void setX509SubjectName(const XMLCh * name);
334 
335 	/**
336 	 * \brief Set the IssuerSerial element
337 	 *
338 	 * If an X509IssuerSerial exists, replace the values with those provided,
339 	 * otherwise create a new element and set the values appropriately.
340 	 *
341 	 * @note XMLDSIG requires Distinguished Names be encoded in a defined
342 	 * manner (escaping '<' characters etc.).  This method will perform
343 	 * this encoding prior to creating the DOM nodes.
344 	 *
345 	 * @param name The name of the issuer.
346 	 * @param serial The serial number of the issuer's certificate
347 	 */
348 
349 	void setX509IssuerSerial(const XMLCh * name, const XMLCh * serial);
350 
351     /**
352      * \brief Set the dsig11:X509Digest element
353      *
354      * If a dsig11:X509Digest exists, replace the values with those provided,
355      * otherwise create a new element and set the values appropriately.
356      *
357      * @param algorithm The algorithm type
358      * @param value The digest value
359      */
360 
361     void setX509Digest(const XMLCh * algorithm, const XMLCh * value);
362 
363 	/**
364      * \brief Add a CRL.
365 	 *
366      * Append an X509CRL element to the list of CRLs
367      * stored at the end of this KeyInfo element.
368 	 *
369      * @param crl A pointer to the base64 encoded CRL,
370      * exactly as it will appear in the XML structure.
371 	 */
372 
373 	void setX509CRL(const XMLCh * crl);
374 
375     /**
376      * \brief Add a CRL.
377      *
378      * Append an X509CRL element to the list of CRLs
379      * stored at the end of this KeyInfo element.
380      *
381      * @param crl A pointer to the base64 encoded CRL,
382      * exactly as it will appear in the XML structure.
383      */
384 
385     void appendX509CRL(const XMLCh * crl);
386 
387 	/**
388 	 * \brief Set the SKI element
389 	 *
390 	 * The SKI node provides a reference to the Subject Key Identifier of
391 	 * a certificate.
392 	 *
393 	 * This function takes a base64 encoded ski and sets it into the
394 	 * appropriate node
395 	 *
396 	 * @param ski The base64 plain (non-DER) encoded SKI value
397 	 */
398 
399 	void setX509SKI(const XMLCh * ski);
400 
401 	/**
402 	 * \brief set the retrieval URI
403 	 *
404 	 * Generally to be used by internal library processes only.
405 	 * This sets the retrieval URI - but does _not_ manipulate the DOM
406 	 * in any way.
407 	 *
408 	 * @param uri The URI string to use
409 	 */
410 
411 	void setRawRetrievalURI(const XMLCh * uri);
412 
413 	/**
414 	 * \brief Add a certificate.
415 	 *
416 	 * Append an X509Certificate element to the list of certificates
417 	 * stored at the end of this KeyInfo element.
418 	 *
419 	 * @param base64Certificate A pointer to the base64 encoded certificate,
420 	 * exactly as it will appear in the XML structure.
421 	 */
422 
423 	void appendX509Certificate(const XMLCh * base64Certificate);
424 
425 	//@}
426 
427 
428 private:
429 
430 	DSIGKeyInfoX509();
431 
432 	X509ListType		m_X509List;				// The X509 structures
433 	X509CRLListType     m_X509CRLList;          // The X509CRL list
434 	XMLCh 				* mp_X509IssuerName;	// Parameters from KeyInfo (not cert)
435 	const XMLCh 		* mp_X509SerialNumber;
436 	XMLCh 				* mp_X509SubjectName;
437 	const XMLCh			* mp_X509SKI;
438 	XMLCh				* mp_rawRetrievalURI;
439 
440 	// Text nodes holding information
441 
442 	XERCES_CPP_NAMESPACE_QUALIFIER DOMNode	* mp_X509SubjectNameTextNode;
443 	XERCES_CPP_NAMESPACE_QUALIFIER DOMNode	* mp_X509IssuerNameTextNode;
444 	XERCES_CPP_NAMESPACE_QUALIFIER DOMNode	* mp_X509SerialNumberTextNode;
445 	XERCES_CPP_NAMESPACE_QUALIFIER DOMNode	* mp_X509SKITextNode;
446 	XERCES_CPP_NAMESPACE_QUALIFIER DOMNode  * mp_X509DigestTextNode;
447 
448 };
449 
450 
451 
452 #endif /* #define DSIGKEYX509_INCLUDE */
453