// Load elements
void XKMSPendingRequestImpl::load() {
if (m_msg.mp_messageAbstractTypeElement == NULL) {
// Attempt to load an empty element
throw XSECException(XSECException::XKMSError,
"XKMSPendingRequest::load - called on empty DOM");
}
if (!strEquals(getXKMSLocalName(m_msg.mp_messageAbstractTypeElement),
XKMSConstants::s_tagPendingRequest)) {
throw XSECException(XSECException::XKMSError,
"XKMSPendingRequest::load - called incorrect node");
}
// Load the base message
m_request.load();
// Now check for ResponseId attribute
mp_responseIdAttr =
m_msg.mp_messageAbstractTypeElement->getAttributeNodeNS(NULL, XKMSConstants::s_tagResponseId);
if (mp_responseIdAttr == NULL) {
// Attempt to load an empty element
throw XSECException(XSECException::ExpectedXKMSChildNotFound,
"XKMSPendingRequest::load - No ResponseId attribute found");
}
}
void TXFMXPath::evaluateEnvelope(DOMNode *t) {
// A special case where the XPath expression is already known
if (document == NULL) {
throw XSECException(XSECException::XPathError,
"Attempt to define XPath Name Space before setInput called");
}
DOMElement * e = document->getDocumentElement();
if (e == NULL) {
throw XSECException(XSECException::XPathError,
"Element node not found in Document");
}
// Set the xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
e->setAttributeNS(DSIGConstants::s_unicodeStrURIXMLNS, MAKE_UNICODE_STRING("xmlns:dsig"), DSIGConstants::s_unicodeStrURIDSIG);
// Evaluate
evaluateExpr(t, XPATH_EXPR_ENVELOPE);
// Now we are done, remove the namespace
e->removeAttributeNS(DSIGConstants::s_unicodeStrURIXMLNS, MAKE_UNICODE_STRING("dsig"));
}
void XKMSRecoverRequestImpl::load(void) {
if (m_msg.mp_messageAbstractTypeElement == NULL) {
// Attempt to load an empty element
throw XSECException(XSECException::XKMSError,
"XKMSRecoverRequest::load - called on empty DOM");
}
if (!strEquals(getXKMSLocalName(m_msg.mp_messageAbstractTypeElement),
XKMSConstants::s_tagRecoverRequest)) {
throw XSECException(XSECException::XKMSError,
"XKMSRecoverRequest::load - called on incorrect node");
}
// Load the base message
m_request.load();
// Now check for any RecoverKeyBinding elements
DOMElement * tmpElt = findFirstElementChild(m_msg.mp_messageAbstractTypeElement);
while (tmpElt != NULL && !strEquals(getXKMSLocalName(tmpElt), XKMSConstants::s_tagRecoverKeyBinding)) {
tmpElt = findNextElementChild(tmpElt);
}
if (tmpElt != NULL) {
XSECnew(mp_recoverKeyBinding, XKMSRecoverKeyBindingImpl(m_msg.mp_env, tmpElt));
mp_recoverKeyBinding->load();
tmpElt = findNextElementChild(tmpElt);
}
else {
throw XSECException(XSECException::ExpectedXKMSChildNotFound,
"XKMSRecoverRequest::load - Expected RecoverKeyBinding node");
}
// Authentication Element
if (tmpElt != NULL && strEquals(getXKMSLocalName(tmpElt), XKMSConstants::s_tagAuthentication)) {
XSECnew(mp_authentication, XKMSAuthenticationImpl(m_msg.mp_env, tmpElt));
mp_authentication->load(mp_recoverKeyBinding->getId());
}
else {
throw XSECException(XSECException::ExpectedXKMSChildNotFound,
"XKMSRecoverRequest::load - Expected Authentication node");
}
}
bool DSIGAlgorithmHandlerDefault::appendHashTxfm(
TXFMChain * inputBytes,
const XMLCh * URI) {
hashMethod hm;
// Is this a URI we recognise?
if (!XSECmapURIToHashMethod(URI, hm)) {
safeBuffer sb;
sb.sbTranscodeIn("DSIGAlgorithmHandlerDefault - Unknown Hash URI : ");
sb.sbXMLChCat(URI);
throw XSECException(XSECException::AlgorithmMapperError,
sb.rawXMLChBuffer());
}
TXFMBase * txfm;
DOMDocument *d = inputBytes->getLastTxfm()->getDocument();
switch (hm) {
case HASH_SHA1 :
case HASH_SHA224 :
case HASH_SHA256 :
case HASH_SHA384 :
case HASH_SHA512 :
XSECnew(txfm, TXFMSHA1(d, hm));
break;
case HASH_MD5 :
XSECnew(txfm, TXFMMD5(d));
break;
default :
safeBuffer sb;
sb.sbTranscodeIn("DSIGAlgorithmHandlerDefault - Internal error unknown Hash, but URI known. URI : ");
sb.sbXMLChCat(URI);
throw XSECException(XSECException::AlgorithmMapperError,
sb.rawXMLChBuffer());
}
inputBytes->appendTxfm(txfm);
return true;
}
DSIGReferenceList *DSIGReference::loadReferenceListFromXML(const XSECEnv * env, DOMNode *firstReference) {
// Have the first reference element in the document,
// so want to find and load them all
DOMNode *tmpRef = firstReference;
DSIGReferenceList * refList;
DSIGReference * r;
XSECnew(refList, DSIGReferenceList());
Janitor<DSIGReferenceList> j_refList(refList);
while (tmpRef != 0) {
// Must be an element node
if (tmpRef->getNodeType() != DOMNode::ELEMENT_NODE ||
!strEquals(getDSIGLocalName(tmpRef), "Reference")) {
throw XSECException(XSECException::ExpectedDSIGChildNotFound,
"Expected <Reference> as child of <SignedInfo>");
}
XSECnew(r, DSIGReference(env, tmpRef));
refList->addReference(r);
// Load the reference before moving on
r->load();
// Find next element Node
tmpRef = tmpRef->getNextSibling();
while (tmpRef != 0 && tmpRef->getNodeType() != DOMNode::ELEMENT_NODE) {
if (tmpRef->getNodeType() == DOMNode::ENTITY_REFERENCE_NODE) {
throw XSECException(XSECException::ExpectedDSIGChildNotFound,
"EntityReference nodes in <Reference> are unsupported.");
}
tmpRef = tmpRef->getNextSibling();
}
}
j_refList.release();
return refList;
}
TXFMSHA1::TXFMSHA1(DOMDocument *doc,
XSECCryptoKey * key) : TXFMBase (doc) {
toOutput = 0; // Nothing yet to output
if (key == NULL)
// Get a SHA1 worker
mp_h = XSECPlatformUtils::g_cryptoProvider->hashSHA1();
else {
// Get an HMAC Sha1
mp_h = XSECPlatformUtils::g_cryptoProvider->hashHMACSHA1();
mp_h->setKey(key);
}
if (!mp_h) {
throw XSECException(XSECException::CryptoProviderError,
"Error requesting SHA1 object from Crypto Provider");
}
};
void DSIGObject::load(void) {
if (mp_objectNode == NULL ||
mp_objectNode->getNodeType() != DOMNode::ELEMENT_NODE ||
!strEquals(getDSIGLocalName(mp_objectNode), s_Object)) {
throw XSECException(XSECException::ObjectError,
"Expected <Object> Node in DSIGObject::load");
}
mp_idAttr = ((DOMElement *) mp_objectNode)->getAttributeNodeNS(NULL, s_Id);
if (mp_idAttr) {
#if defined (XSEC_XERCES_HAS_SETIDATTRIBUTE)
((DOMElement *) mp_objectNode)->setIdAttributeNS(NULL, s_Id);
#elif defined (XSEC_XERCES_HAS_BOOLSETIDATTRIBUTE)
((DOMElement *) mp_objectNode)->setIdAttributeNS(NULL, s_Id, true);
#endif
}
mp_mimeTypeAttr = ((DOMElement *) mp_objectNode)->getAttributeNodeNS(NULL, s_MimeType);
mp_encodingAttr = ((DOMElement *) mp_objectNode)->getAttributeNodeNS(NULL, s_Encoding);
}
void safeBuffer::sbStrlwr(void) {
if (m_bufferType == BUFFER_UNKNOWN) {
throw XSECException(XSECException::SafeBufferError,
"Attempt to perform an operation on a buffer of incorrect type");
}
if (m_bufferType == BUFFER_CHAR) {
xsecsize_t i, l = (xsecsize_t) strlen((char *) buffer);
for (i = 0; i < l; ++i) {
if (buffer[i] >= 'A' && buffer[i] <= 'Z')
buffer[i] = (buffer[i] - 'A') + 'a';
}
}
else {
XMLCh * b = (XMLCh *) buffer;
xsecsize_t i, l = XMLString::stringLen(b);
for (i = 0; i < l; ++i) {
if (b[i] >= XERCES_CPP_NAMESPACE_QUALIFIER chLatin_A && b[i] <= XERCES_CPP_NAMESPACE_QUALIFIER chLatin_Z)
b[i] = (b[i] - XERCES_CPP_NAMESPACE_QUALIFIER chLatin_A) + XERCES_CPP_NAMESPACE_QUALIFIER chLatin_a;
}
}
}
bool DSIGAlgorithmHandlerDefault::appendSignatureHashTxfm(TXFMChain * inputBytes,
const XMLCh * URI,
XSECCryptoKey * key) {
signatureMethod sm;
hashMethod hm;
// Map to internal constants
if (!XSECmapURIToSignatureMethods(URI, sm, hm)) {
safeBuffer sb;
sb.sbTranscodeIn("DSIGAlgorithmHandlerDefault - Unknown URI : ");
sb.sbXMLChCat(URI);
throw XSECException(XSECException::AlgorithmMapperError,
sb.rawXMLChBuffer());
}
// Now append the appropriate hash transform onto the end of the chain
// If this is an HMAC of some kind - this function will add the appropriate key
TXFMBase * htxfm = addHashTxfm(sm, hm, key, inputBytes->getLastTxfm()->getDocument());
inputBytes->appendTxfm(htxfm);
return true;
}
void clearXPathNS(DOMDocument *d,
XSECXPathNodeList &toRemove,
XSECSafeBufferFormatter *formatter,
XSECNameSpaceExpander * nse) {
// Clear the XPath name spaces in the document element attribute list
DOMElement * e = d->getDocumentElement();
if (e == NULL) {
throw XSECException(XSECException::XPathError, "Element node not found in Document");
}
// Run through each node in the added nodes
const DOMNode * r = toRemove.getFirstNode();
while (r != NULL) {
e->removeAttributeNS(DSIGConstants::s_unicodeStrURIXMLNS,
r->getLocalName());
r = toRemove.getNextNode();
}
e->removeAttributeNS(DSIGConstants::s_unicodeStrURIXMLNS,
MAKE_UNICODE_STRING(KLUDGE_PREFIX));
}
// Load elements
void XKMSRegisterResultImpl::load() {
if (m_msg.mp_messageAbstractTypeElement == NULL) {
// Attempt to load an empty element
throw XSECException(XSECException::XKMSError,
"XKMSRegisterResult::load - called on empty DOM");
}
if (!strEquals(getXKMSLocalName(m_msg.mp_messageAbstractTypeElement),
XKMSConstants::s_tagRegisterResult)) {
throw XSECException(XSECException::XKMSError,
"XKMSRegisterResult::load - called incorrect node");
}
// Get any UnverifiedKeyBinding elements
DOMNodeList * nl = m_msg.mp_messageAbstractTypeElement->getElementsByTagNameNS(
XKMSConstants::s_unicodeStrURIXKMS,
XKMSConstants::s_tagKeyBinding);
if (nl != NULL) {
XKMSKeyBindingImpl * kb;
for (unsigned int i = 0; i < nl->getLength() ; ++ i) {
XSECnew(kb, XKMSKeyBindingImpl(m_msg.mp_env, (DOMElement *) nl->item(i)));
m_keyBindingList.push_back(kb);
kb->load();
}
}
nl = m_msg.mp_messageAbstractTypeElement->getElementsByTagNameNS(
XKMSConstants::s_unicodeStrURIXKMS,
XKMSConstants::s_tagPrivateKey);
if (nl != NULL)
mp_privateKeyElement = (DOMElement *) nl->item(0);
// Load the base message
m_result.load();
}
void XKMSUseKeyWithImpl::setApplication(const XMLCh * uri) {
if (mp_applicationAttr == NULL) {
throw XSECException(XSECException::XKMSError,
"XKMSUseKeyWith::setApplication - called on non-loaded construct");
}
mp_applicationAttr->setNodeValue(uri);
}
void safeBuffer::checkBufferType(bufferType bt) const {
if (bt != m_bufferType) {
throw XSECException(XSECException::SafeBufferError,
"Attempt to perform an operation on a buffer of incorrect type");
}
}
void XENCEncryptionMethodImpl::setMGF(const XMLCh * mgf) {
if (mp_mgfAlgorithmAttr == NULL) {
// Need to create
if (mp_oaepParamsTextNode == NULL && mp_digestAlgorithmAttr == NULL && mp_keySizeTextNode == NULL) {
mp_env->doPrettyPrint(mp_encryptionMethodElement);
}
// Get some setup values
safeBuffer str;
DOMDocument *doc = mp_env->getParentDocument();
const XMLCh * prefix = mp_env->getXENC11NSPrefix();
makeQName(str, prefix, s_MGF);
DOMElement *e = doc->createElementNS(DSIGConstants::s_unicodeStrURIXENC11, str.rawXMLChBuffer());
mp_encryptionMethodElement->appendChild(e);
mp_env->doPrettyPrint(mp_encryptionMethodElement);
e->setAttributeNS(NULL,
DSIGConstants::s_unicodeStrAlgorithm,
mgf);
// Set namespace
if (prefix[0] == XERCES_CPP_NAMESPACE_QUALIFIER chNull) {
str.sbTranscodeIn("xmlns");
}
else {
str.sbTranscodeIn("xmlns:");
str.sbXMLChCat(prefix);
}
e->setAttributeNS(DSIGConstants::s_unicodeStrURIXMLNS,
str.rawXMLChBuffer(),
DSIGConstants::s_unicodeStrURIXENC11);
// Now retrieve for later use
mp_mgfAlgorithmAttr =
e->getAttributeNodeNS(NULL,
DSIGConstants::s_unicodeStrAlgorithm);
if (mp_mgfAlgorithmAttr == NULL) {
throw XSECException(XSECException::EncryptionMethodError,
"XENCEncryptionMethod::setMGF - Error creating Algorithm Attribute");
}
}
else {
mp_mgfAlgorithmAttr->setNodeValue(mgf);
}
}
XSECCryptoKey * DSIGAlgorithmHandlerDefault::createKeyForURI(
const XMLCh * uri,
const unsigned char * keyBuffer,
unsigned int keyLen
) {
throw XSECException(XSECException::AlgorithmMapperError,
"DSIGAlgorithmHandlerDefault - Key creation operations not supported");
}
bool DSIGAlgorithmHandlerDefault::appendDecryptCipherTXFM(
TXFMChain * cipherText,
XENCEncryptionMethod * encryptionMethod,
XSECCryptoKey * key,
XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument * doc
) {
throw XSECException(XSECException::AlgorithmMapperError,
"DSIGAlgorithmHandlerDefault - Encryption operations not supported");
}
bool XKMSStatusImpl::getStatusReason(StatusValue status, StatusReason reason) const {
if (status == StatusUndefined || reason == ReasonUndefined) {
throw XSECException(XSECException::StatusError,
"XKMSStatus::getStatusReason - status or reason undefined");
}
return (m_statusReasons[status-1][reason-1] != NULL);
}
XKMSKeyBinding * XKMSRegisterResultImpl::getKeyBindingItem(int item) const {
if (item < 0 || item >= (int) m_keyBindingList.size()) {
throw XSECException(XSECException::XKMSError,
"XKMSRegisterResult::getKeyBindingItem - item out of range");
}
return m_keyBindingList[item];
}
XKMSUnverifiedKeyBinding * XKMSLocateResultImpl::getUnverifiedKeyBindingItem(int item) const {
if (item < 0 || item >= (int) m_unverifiedKeyBindingList.size()) {
throw XSECException(XSECException::XKMSError,
"XKMSLocateResult::getUnverifiedKeyBindingItem - item out of range");
}
return m_unverifiedKeyBindingList[item];
}
void XKMSUseKeyWithImpl::setIdentifier(const XMLCh * identifier) {
if (mp_identifierAttr == NULL) {
throw XSECException(XSECException::XKMSError,
"XKMSUseKeyWith::setIdentifier - called on non-loaded construct");
}
mp_identifierAttr->setNodeValue(identifier);
}
const XMLCh * XKMSUseKeyWithImpl::getIdentifier(void) const {
if (mp_identifierAttr == NULL) {
throw XSECException(XSECException::XKMSError,
"XKMSUseKeyWith::getIdentifier - called on non-loaded construct");
}
return mp_identifierAttr->getNodeValue();
}
void DSIGTransformXPath::load(void) {
// Find the XPath expression
mp_xpathNode = mp_txfmNode->getFirstChild();
while (mp_xpathNode != 0 &&
mp_xpathNode->getNodeType() != DOMNode::ELEMENT_NODE && !strEquals(mp_xpathNode->getNodeName(), "XPath"))
mp_xpathNode = mp_xpathNode->getNextSibling();
if (mp_xpathNode == 0) {
throw XSECException(XSECException::ExpectedDSIGChildNotFound,
"Expected <XPath> Node in DSIGTransformXPath::load");
}
else {
// Check for attributes - in particular any namespaces
mp_NSMap = mp_xpathNode->getAttributes();
// Find the text node
mp_exprTextNode = findFirstChildOfType(mp_xpathNode, DOMNode::TEXT_NODE);
if (mp_exprTextNode == NULL) {
throw XSECException(XSECException::ExpectedDSIGChildNotFound,
"Expected Text Node in beneath <XPath> in DSIGTransformXPath::load");
}
// Gather the text
safeBuffer exprSB;
gatherChildrenText(mp_xpathNode, exprSB);
m_expr << (*(mp_env->getSBFormatter()) << exprSB.rawXMLChBuffer());
//m_expr << (*(mp_env->getSBFormatter()) << mp_exprTextNode->getNodeValue());
}
}
// Load elements
void XKMSCompoundResultImpl::load() {
if (m_msg.mp_messageAbstractTypeElement == NULL) {
// Attempt to load an empty element
throw XSECException(XSECException::XKMSError,
"XKMSCompoundResult::load - called on empty DOM");
}
if (!strEquals(getXKMSLocalName(m_msg.mp_messageAbstractTypeElement),
XKMSConstants::s_tagCompoundResult)) {
throw XSECException(XSECException::XKMSError,
"XKMSCompoundResult::load - called incorrect node");
}
// Load the base message
m_result.load();
// Now find all Result elements
DOMElement * e = findFirstElementChild(m_msg.mp_messageAbstractTypeElement);
while (e != NULL) {
if (strEquals(getXKMSLocalName(e), XKMSConstants::s_tagLocateResult) ||
strEquals(getXKMSLocalName(e), XKMSConstants::s_tagValidateResult)) {
// Have a legitimate Result to load
XKMSMessageAbstractTypeImpl * m =
(XKMSMessageAbstractTypeImpl *) m_factory.newMessageFromDOM(e);
m_resultList.push_back((XKMSResultTypeImpl *) m);
}
e = findNextElementChild(e);
}
}
void DSIGObject::appendChild(DOMNode * child) {
if (mp_objectNode == NULL) {
throw XSECException(XSECException::ObjectError,
"DSIGObject::appendChild - Object node has not been created");
}
mp_objectNode->appendChild(child);
}
unsigned int DSIGAlgorithmHandlerDefault::decryptToSafeBuffer(
TXFMChain * cipherText,
XENCEncryptionMethod * encryptionMethod,
XSECCryptoKey * key,
DOMDocument * doc,
safeBuffer & result
) {
throw XSECException(XSECException::AlgorithmMapperError,
"DSIGAlgorithmHandlerDefault - Encryption operations not supported");
}
const XMLCh * XKMSPendingRequestImpl::getResponseId(void) const {
if (mp_responseIdAttr == NULL) {
// Attempt read when not initialised
throw XSECException(XSECException::MessageAbstractTypeError,
"XKMSPendingRequest::getResponseId - called on non-initialised structure");
}
return mp_responseIdAttr->getNodeValue();
}
bool DSIGAlgorithmHandlerDefault::encryptToSafeBuffer(
TXFMChain * plainText,
XENCEncryptionMethod * encryptionMethod,
XSECCryptoKey * key,
XERCES_CPP_NAMESPACE_QUALIFIER DOMDocument * doc,
safeBuffer & result
) {
throw XSECException(XSECException::AlgorithmMapperError,
"DSIGAlgorithmHandlerDefault - Encryption operations not supported");
}
const char * DSIGKeyInfoValue::getRSAExponent(void) {
if (m_keyInfoType != KEYINFO_VALUE_RSA) {
throw XSECException(XSECException::KeyInfoError,
"Attempt to Get an RSA Exponent from a non-RSAValue KeyValue node");
}
return m_exponent.rawCharBuffer();
}
XKMSResultType * XKMSCompoundResultImpl::getResultListItem(int item) {
if (item < 0 || item >= (int) m_resultList.size()) {
throw XSECException(XSECException::XKMSError,
"XKMSCompoundResult::getResultListItem - item out of range");
}
return m_resultList[item];
}
XSECAlgorithmHandler * XSECAlgorithmMapper::mapURIToHandler(const XMLCh * URI) const {
bool allowed = true;
if (!m_whitelist.empty()) {
allowed = false;
for (WhitelistVectorType::const_iterator i = m_whitelist.begin(); !allowed && i != m_whitelist.end(); ++i) {
if (XMLString::equals(URI, *i))
allowed = true;
}
}
if (allowed && !m_blacklist.empty()) {
for (WhitelistVectorType::const_iterator i = m_blacklist.begin(); allowed && i != m_blacklist.end(); ++i) {
if (XMLString::equals(URI, *i))
allowed = false;
}
}
if (!allowed) {
safeBuffer output;
output.sbTranscodeIn("XSECAlgorithmMapper::mapURIToHandler - URI ");
output.sbXMLChCat(URI);
output.sbXMLChCat(" disallowed by whitelist/blacklist policy");
throw XSECException(XSECException::AlgorithmMapperError,
output.rawXMLChBuffer());
}
MapperEntry * entry = findEntry(URI);
if (entry == NULL) {
safeBuffer output;
output.sbTranscodeIn("XSECAlgorithmMapper::mapURIToHandler - URI ");
output.sbXMLChCat(URI);
output.sbXMLChCat(" not found");
throw XSECException(XSECException::AlgorithmMapperError,
output.rawXMLChBuffer());
}
return entry->mp_handler;
}
