1 /** 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 */ 19 20 /* 21 * XSEC 22 * 23 * WinCAPICryptoX509:= Windows CAPI based class for handling X509 (V3) certificates 24 * 25 * Author(s): Berin Lautenbach 26 * 27 * $Id: WinCAPICryptoX509.hpp 1817863 2017-12-11 22:47:43Z scantor $ 28 * 29 */ 30 31 #ifndef WINCAPICRYPTOX509_INCLUDE 32 #define WINCAPICRYPTOX509_INCLUDE 33 34 #include <xsec/framework/XSECDefs.hpp> 35 #include <xsec/enc/XSECCryptoX509.hpp> 36 37 #if defined (XSEC_HAVE_WINCAPI) 38 39 #define _WIN32_WINNT 0x0400 40 #include <wincrypt.h> 41 42 class WinCAPICryptoProvider; 43 44 /** 45 * \brief WinCAPI implementation class for interface for X509 certificates. 46 * @ingroup wincapicrypto 47 * 48 * The library uses classes derived from this to process X509 Certificates. 49 * 50 */ 51 52 class XSEC_EXPORT WinCAPICryptoX509 : public XSECCryptoX509 { 53 54 public : 55 56 /** @name Constructors and Destructors */ 57 //@{ 58 59 /** 60 * \brief Constructor for X509 objects 61 * 62 * The windows constructor requires RSA or DSS crypto providers, 63 * depending on the key type within the cert. 64 * 65 * @param provRSA A handle to the PROV_RSA_FULL type provider that the 66 * interface should use when importing keys and manipulating certs 67 * @param provDSS A handle to the PROV_DSS type provider that the 68 * interface should use when importing keys and manipulating certs 69 */ 70 71 WinCAPICryptoX509(HCRYPTPROV provRSA, HCRYPTPROV provDSS); 72 73 /** 74 * \brief Constructor for X509 objects 75 * 76 * @param pCertContext A certificate handle 77 * @param provRSA A handle to the PROV_RSA_FULL type provider that the 78 * interface should use when importing keys and manipulating certs 79 * @param provDSS A handle to the PROV_DSS type provider that the 80 * interface should use when importing keys and manipulating certs 81 */ 82 83 WinCAPICryptoX509(PCCERT_CONTEXT pCertContext, 84 HCRYPTPROV provRSA, HCRYPTPROV provDSS); 85 86 virtual ~WinCAPICryptoX509(); 87 88 //@} 89 /** @name Key Interface methods */ 90 //@{ 91 92 /** 93 * \brief Return the type of the key stored in the certificate. 94 * 95 * Will extract the key from the certificate to return the appropriate 96 * type 97 * 98 */ 99 100 virtual XSECCryptoKey::KeyType getPublicKeyType() const; 101 102 /** 103 * \brief Get a copy of the public key. 104 * 105 * Extracts the public key from the certificate and returns the appropriate 106 * WinCAPICryrptoKey (DSA or RSA) object 107 * 108 */ 109 110 virtual XSECCryptoKey * clonePublicKey() const; 111 112 /** 113 * \brief Returns a string that identifies the crypto owner of this library. 114 */ 115 116 virtual const XMLCh * getProviderName() const; 117 118 //@} 119 120 /** @name Load and Get the certificate */ 121 //@{ 122 123 /** 124 * \brief Load a certificate into the object. 125 * 126 * Take a base64 DER encoded certificate and load. 127 * 128 * @param buf A buffer containing the Base64 encoded certificate 129 * @param len The number of bytes of data in the certificate. 130 */ 131 132 virtual void loadX509Base64Bin(const char * buf, unsigned int len); 133 134 /** 135 * \brief Get a Base64 DER encoded copy of the certificate 136 * 137 * @returns A safeBuffer containing the DER encoded certificate 138 */ 139 getDEREncodingSB(void)140 virtual safeBuffer &getDEREncodingSB(void) {return m_DERX509;} 141 142 /** 143 * \brief Get a Base64 DER encoded copy of the certificate 144 * 145 * @returns A safeBuffer containing the DER encoded certificate 146 */ 147 getDEREncodingSB(void) const148 virtual const safeBuffer &getDEREncodingSB(void) const {return m_DERX509;} 149 150 //@} 151 152 private: 153 154 safeBuffer m_DERX509; 155 PCCERT_CONTEXT mp_certContext; 156 157 HCRYPTPROV m_pRSA; 158 HCRYPTPROV m_pDSS; 159 160 }; 161 162 #endif /* XSEC_HAVE_WINCAPI */ 163 #endif /* WINCAPICRYPTOX509_INCLUDE */ 164 165