1 /**
2  * Licensed to the Apache Software Foundation (ASF) under one
3  * or more contributor license agreements. See the NOTICE file
4  * distributed with this work for additional information
5  * regarding copyright ownership. The ASF licenses this file
6  * to you under the Apache License, Version 2.0 (the
7  * "License"); you may not use this file except in compliance
8  * with the License. You may obtain a copy of the License at
9  *
10  * http://www.apache.org/licenses/LICENSE-2.0
11  *
12  * Unless required by applicable law or agreed to in writing,
13  * software distributed under the License is distributed on an
14  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15  * KIND, either express or implied. See the License for the
16  * specific language governing permissions and limitations
17  * under the License.
18  */
19 
20 /*
21  * XSEC
22  *
23  * WinCAPICryptoX509:= Windows CAPI based class for handling X509 (V3) certificates
24  *
25  * Author(s): Berin Lautenbach
26  *
27  * $Id: WinCAPICryptoX509.hpp 1817863 2017-12-11 22:47:43Z scantor $
28  *
29  */
30 
31 #ifndef WINCAPICRYPTOX509_INCLUDE
32 #define WINCAPICRYPTOX509_INCLUDE
33 
34 #include <xsec/framework/XSECDefs.hpp>
35 #include <xsec/enc/XSECCryptoX509.hpp>
36 
37 #if defined (XSEC_HAVE_WINCAPI)
38 
39 #define _WIN32_WINNT 0x0400
40 #include <wincrypt.h>
41 
42 class WinCAPICryptoProvider;
43 
44 /**
45  * \brief WinCAPI implementation class for interface for X509 certificates.
46  * @ingroup wincapicrypto
47  *
48  * The library uses classes derived from this to process X509 Certificates.
49  *
50  */
51 
52 class XSEC_EXPORT WinCAPICryptoX509 : public XSECCryptoX509 {
53 
54 public :
55 
56 	/** @name Constructors and Destructors */
57 	//@{
58 
59 	/**
60 	 * \brief Constructor for X509 objects
61 	 *
62 	 * The windows constructor requires RSA or DSS crypto providers,
63 	 * depending on the key type within the cert.
64 	 *
65 	 * @param provRSA A handle to the PROV_RSA_FULL type provider that the
66 	 * interface should use when importing keys and manipulating certs
67 	 * @param provDSS A handle to the PROV_DSS type provider that the
68 	 * interface should use when importing keys and manipulating certs
69 	 */
70 
71 	WinCAPICryptoX509(HCRYPTPROV provRSA, HCRYPTPROV provDSS);
72 
73 	/**
74 	 * \brief Constructor for X509 objects
75 	 *
76 	 * @param pCertContext A certificate handle
77 	 * @param provRSA A handle to the PROV_RSA_FULL type provider that the
78 	 * interface should use when importing keys and manipulating certs
79 	 * @param provDSS A handle to the PROV_DSS type provider that the
80 	 * interface should use when importing keys and manipulating certs
81 	 */
82 
83 	WinCAPICryptoX509(PCCERT_CONTEXT pCertContext,
84 			HCRYPTPROV provRSA, HCRYPTPROV provDSS);
85 
86 	virtual ~WinCAPICryptoX509();
87 
88 	//@}
89 	/** @name Key Interface methods */
90 	//@{
91 
92 	/**
93 	 * \brief Return the type of the key stored in the certificate.
94 	 *
95 	 * Will extract the key from the certificate to return the appropriate
96 	 * type
97 	 *
98 	 */
99 
100 	virtual XSECCryptoKey::KeyType getPublicKeyType() const;
101 
102 	/**
103 	 * \brief Get a copy of the public key.
104 	 *
105 	 * Extracts the public key from the certificate and returns the appropriate
106 	 * WinCAPICryrptoKey (DSA or RSA) object
107 	 *
108 	 */
109 
110 	virtual XSECCryptoKey * clonePublicKey() const;
111 
112 	/**
113 	 * \brief Returns a string that identifies the crypto owner of this library.
114 	 */
115 
116     virtual const XMLCh * getProviderName() const;
117 
118 	//@}
119 
120 	/** @name Load and Get the certificate */
121 	//@{
122 
123 	/**
124 	 * \brief Load a certificate into the object.
125 	 *
126 	 * Take a base64 DER encoded certificate and load.
127 	 *
128 	 * @param buf A buffer containing the Base64 encoded certificate
129 	 * @param len The number of bytes of data in the certificate.
130 	 */
131 
132 	virtual void loadX509Base64Bin(const char * buf, unsigned int len);
133 
134 	/**
135 	 * \brief Get a Base64 DER encoded copy of the certificate
136 	 *
137 	 * @returns A safeBuffer containing the DER encoded certificate
138 	 */
139 
getDEREncodingSB(void)140 	virtual safeBuffer &getDEREncodingSB(void) {return m_DERX509;}
141 
142     /**
143 	 * \brief Get a Base64 DER encoded copy of the certificate
144 	 *
145 	 * @returns A safeBuffer containing the DER encoded certificate
146 	 */
147 
getDEREncodingSB(void) const148 	virtual const safeBuffer &getDEREncodingSB(void) const {return m_DERX509;}
149 
150 	//@}
151 
152 private:
153 
154 	safeBuffer				m_DERX509;
155 	PCCERT_CONTEXT			mp_certContext;
156 
157 	HCRYPTPROV				m_pRSA;
158 	HCRYPTPROV				m_pDSS;
159 
160 };
161 
162 #endif /* XSEC_HAVE_WINCAPI */
163 #endif /* WINCAPICRYPTOX509_INCLUDE */
164 
165