void XENCEncryptionMethodImpl::setMGF(const XMLCh * mgf) {
if (mp_mgfAlgorithmAttr == NULL) {
// Need to create
if (mp_oaepParamsTextNode == NULL && mp_digestAlgorithmAttr == NULL && mp_keySizeTextNode == NULL) {
mp_env->doPrettyPrint(mp_encryptionMethodElement);
}
// Get some setup values
safeBuffer str;
DOMDocument *doc = mp_env->getParentDocument();
const XMLCh * prefix = mp_env->getXENC11NSPrefix();
makeQName(str, prefix, s_MGF);
DOMElement *e = doc->createElementNS(DSIGConstants::s_unicodeStrURIXENC11, str.rawXMLChBuffer());
mp_encryptionMethodElement->appendChild(e);
mp_env->doPrettyPrint(mp_encryptionMethodElement);
e->setAttributeNS(NULL,
DSIGConstants::s_unicodeStrAlgorithm,
mgf);
// Set namespace
if (prefix[0] == XERCES_CPP_NAMESPACE_QUALIFIER chNull) {
str.sbTranscodeIn("xmlns");
}
else {
str.sbTranscodeIn("xmlns:");
str.sbXMLChCat(prefix);
}
e->setAttributeNS(DSIGConstants::s_unicodeStrURIXMLNS,
str.rawXMLChBuffer(),
DSIGConstants::s_unicodeStrURIXENC11);
// Now retrieve for later use
mp_mgfAlgorithmAttr =
e->getAttributeNodeNS(NULL,
DSIGConstants::s_unicodeStrAlgorithm);
if (mp_mgfAlgorithmAttr == NULL) {
throw XSECException(XSECException::EncryptionMethodError,
"XENCEncryptionMethod::setMGF - Error creating Algorithm Attribute");
}
}
else {
mp_mgfAlgorithmAttr->setNodeValue(mgf);
}
}
void DSIGTransformXPath::setNamespace(const char * prefix, const char * value) {
safeBuffer str;
str.sbStrcpyIn("xmlns:");
str.sbStrcatIn((char *) prefix);
DOMElement *x;
x = static_cast <DOMElement *> (mp_xpathNode);
// if (x == NULL) {
//
// throw XSECException(XSECException::TransformError,
// "Found a non ELEMENT node as the XPath node in DSIGTransformXPath");
// }
x->setAttributeNS(DSIGConstants::s_unicodeStrURIXMLNS,
str.sbStrToXMLCh(),
MAKE_UNICODE_STRING(value));
mp_NSMap = mp_xpathNode->getAttributes();
}
DOMElement * DSIGTransformXPath::createBlankTransform(DOMDocument * parentDoc) {
safeBuffer str;
const XMLCh * prefix;
DOMElement *ret;
DOMDocument *doc = mp_env->getParentDocument();
prefix = mp_env->getDSIGNSPrefix();
// Create the transform node
makeQName(str, prefix, "Transform");
ret = doc->createElementNS(DSIGConstants::s_unicodeStrURIDSIG, str.rawXMLChBuffer());
ret->setAttributeNS(NULL,DSIGConstants::s_unicodeStrAlgorithm, DSIGConstants::s_unicodeStrURIXPATH);
// Create the XPath element
makeQName(str, prefix, "XPath");
mp_xpathNode = doc->createElementNS(DSIGConstants::s_unicodeStrURIDSIG, str.rawXMLChBuffer());
mp_exprTextNode = doc->createTextNode(MAKE_UNICODE_STRING(""));
ret->appendChild(mp_xpathNode);
mp_xpathNode->appendChild(mp_exprTextNode);
mp_txfmNode = ret;
return ret;
}
void TXFMXPath::evaluateEnvelope(DOMNode *t) {
// A special case where the XPath expression is already known
if (document == NULL) {
throw XSECException(XSECException::XPathError,
"Attempt to define XPath Name Space before setInput called");
}
DOMElement * e = document->getDocumentElement();
if (e == NULL) {
throw XSECException(XSECException::XPathError,
"Element node not found in Document");
}
// Set the xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
e->setAttributeNS(DSIGConstants::s_unicodeStrURIXMLNS, MAKE_UNICODE_STRING("xmlns:dsig"), DSIGConstants::s_unicodeStrURIDSIG);
// Evaluate
evaluateExpr(t, XPATH_EXPR_ENVELOPE);
// Now we are done, remove the namespace
e->removeAttributeNS(DSIGConstants::s_unicodeStrURIXMLNS, MAKE_UNICODE_STRING("dsig"));
}
void
XMLSecurityLibraryTest::testEncrypt() {
XBE_LOG_DEBUG("encrypting a xbe-message document by hand");
xsd::cxx::xml::dom::auto_ptr<xercesc::DOMDocument> doc(create("message", "http://www.xenbee.net/schema/2008/02/xbe-msg", "xbemsg"));
DOMElement* root = doc->getDocumentElement();
root->setAttributeNS(xml::string("http://www.w3.org/2000/xmlns/").c_str(),
xml::string("xmlns:xbemsg").c_str(),
xml::string("http://www.xenbee.net/schema/2008/02/xbe-msg").c_str());
/* HEADER */
DOMElement* hdrElem = doc->createElementNS(xml::string("http://www.xenbee.net/schema/2008/02/xbe-msg").c_str(),
xml::string("xbemsg:header").c_str());
root->appendChild(hdrElem);
DOMElement* toElem = doc->createElementNS(xml::string("http://www.xenbee.net/schema/2008/02/xbe-msg").c_str(),
xml::string("xbemsg:to").c_str());
hdrElem->appendChild(toElem);
DOMText* toTxt = doc->createTextNode(xml::string("foo.bar").c_str());
toElem->appendChild(toTxt);
DOMElement* fromElem = doc->createElementNS(xml::string("http://www.xenbee.net/schema/2008/02/xbe-msg").c_str(),
xml::string("xbemsg:from").c_str());
hdrElem->appendChild(fromElem);
DOMText* fromTxt = doc->createTextNode(xml::string("foo.bar").c_str());
fromElem->appendChild(fromTxt);
/* BODY */
DOMElement* bodyElem = doc->createElementNS(xml::string("http://www.xenbee.net/schema/2008/02/xbe-msg").c_str(),
xml::string("xbemsg:body").c_str());
root->appendChild(bodyElem);
/* some example content */
DOMElement* exampleContentElem = doc->createElementNS(xml::string("http://www.example.com/text").c_str(), xml::string("text").c_str());
exampleContentElem->setAttributeNS(xml::string("http://www.w3.org/2000/xmlns/").c_str(),
xml::string("xmlns").c_str(),
xml::string("http://www.example.com/text").c_str());
bodyElem->appendChild(exampleContentElem);
DOMText* exampleContentTxt = doc->createTextNode(xml::string("Hello World!").c_str());
exampleContentElem->appendChild(exampleContentTxt);
}
DOMElement * DSIGTransformEnvelope::createBlankTransform(DOMDocument * parentDoc) {
safeBuffer str;
const XMLCh * prefix;
DOMElement *ret;
DOMDocument *doc = mp_env->getParentDocument();
prefix = mp_env->getDSIGNSPrefix();
// Create the transform node
makeQName(str, prefix, "Transform");
ret = doc->createElementNS(DSIGConstants::s_unicodeStrURIDSIG, str.rawXMLChBuffer());
ret->setAttributeNS(NULL,DSIGConstants::s_unicodeStrAlgorithm, DSIGConstants::s_unicodeStrURIENVELOPE);
mp_txfmNode = ret;
return ret;
}
bool STConfig::init(const char* schemadir, const char* config)
{
saml::NDC ndc("init");
Category& log = Category::getInstance("shibtarget.STConfig");
if (!schemadir || !config) {
log.fatal("schema directory or config file not supplied");
return false;
}
// This will cause some extra console logging, but for now,
// initialize the underlying libraries.
SAMLConfig& samlConf=SAMLConfig::getConfig();
if (schemadir)
samlConf.schema_dir = schemadir;
SAMLSOAPBinding::version=string("Shibboleth: ") + PACKAGE_VERSION;
try {
if (!samlConf.init()) {
log.fatal("Failed to initialize SAML Library");
return false;
}
}
catch (...) {
log.fatal("Died initializing SAML Library");
return false;
}
ShibConfig& shibConf=ShibConfig::getConfig();
try {
if (!shibConf.init()) {
log.fatal("Failed to initialize Shib library");
samlConf.term();
return false;
}
}
catch (...) {
log.fatal("Died initializing Shib library.");
samlConf.term();
return false;
}
try {
// Register plugin types.
#ifndef WIN32
shibConf.m_plugMgr.regFactory(shibtarget::XML::UnixListenerType,&UnixListenerFactory);
#endif
shibConf.m_plugMgr.regFactory(shibtarget::XML::TCPListenerType,&TCPListenerFactory);
shibConf.m_plugMgr.regFactory(shibtarget::XML::MemorySessionCacheType,&MemoryCacheFactory);
shibConf.m_plugMgr.regFactory(shibtarget::XML::RequestMapType,&XMLRequestMapFactory);
//shibConf.m_plugMgr.regFactory(shibtarget::XML::htaccessType,&htaccessFactory);
saml::XML::registerSchema(ShibTargetConfig::SHIBTARGET_NS,shibtarget::XML::SHIBTARGET_SCHEMA_ID);
log.info("loading configuration file: %s", config);
static const XMLCh uri[] = { chLatin_u, chLatin_r, chLatin_i, chNull };
DOMImplementation* impl=DOMImplementationRegistry::getDOMImplementation(NULL);
DOMDocument* dummydoc=impl->createDocument();
DOMElement* dummy = dummydoc->createElementNS(NULL,XML::Literals::ShibbolethTargetConfig);
auto_ptr_XMLCh src(config);
dummy->setAttributeNS(NULL,uri,src.get());
m_ini=ShibTargetConfigFactory(dummy);
dummydoc->release();
pair<bool,unsigned int> skew=m_ini->getUnsignedInt("clockSkew");
samlConf.clock_skew_secs=skew.first ? skew.second : 180;
m_tranLog=new FixedContextCategory(SHIBTRAN_LOGCAT);
m_tranLog->info("opened transaction log");
m_tranLogLock = Mutex::create();
}
catch (...) {
log.fatal("caught exception while loading/initializing configuration");
delete m_ini;
shibConf.term();
samlConf.term();
return false;
}
log.info("finished initializing");
return true;
}
XERCES_CPP_NAMESPACE_USE
#if !defined(XSEC_NO_XPATH)
#include <iostream>
#define KLUDGE_PREFIX "berindsig"
// Helper function
void setXPathNS(DOMDocument *d,
DOMNamedNodeMap *xAtts,
XSECXPathNodeList &addedNodes,
XSECSafeBufferFormatter *formatter,
XSECNameSpaceExpander * nse) {
// if set then set the name spaces in the attribute list else clear them
DOMElement * e = d->getDocumentElement();
if (e == NULL) {
throw XSECException(XSECException::XPathError, "Element node not found in Document");
}
if (xAtts != 0) {
int xAttsCount = xAtts->getLength();
// Check all is OK with the Xalan Document and first element
if (d == NULL) {
throw XSECException(XSECException::XPathError, "Attempt to define XPath Name Space before setInput called");
}
// Run through each attribute looking for name spaces
const XMLCh *xpName;
safeBuffer xpNameSB;
const XMLCh *xpLocalName;
const XMLCh *xpValue;
for (int xCounter = 0; xCounter < xAttsCount; ++xCounter) {
if (nse == NULL || !nse->nodeWasAdded(xAtts->item(xCounter))) {
xpName = xAtts->item(xCounter)->getNodeName();
xpNameSB << (*formatter << xpName);
if (xpNameSB.sbStrncmp("xmlns", 5) == 0) {
// Check whether a node of this name already exists
xpLocalName = xAtts->item(xCounter)->getLocalName();
xpValue = xAtts->item(xCounter)->getNodeValue();
if (e->hasAttributeNS(DSIGConstants::s_unicodeStrURIXMLNS, xpLocalName) == false) {
// Nope
e->setAttributeNS(DSIGConstants::s_unicodeStrURIXMLNS, xpName, xpValue);
addedNodes.addNode(e->getAttributeNodeNS(DSIGConstants::s_unicodeStrURIXMLNS, xpLocalName));
}
}
}
}
}
// Insert the kludge namespace
safeBuffer k("xmlns:");
k.sbStrcatIn(KLUDGE_PREFIX);
e->setAttributeNS(DSIGConstants::s_unicodeStrURIXMLNS,
MAKE_UNICODE_STRING(k.rawCharBuffer()),
DSIGConstants::s_unicodeStrURIDSIG);
}
int main(int /*argc*/, char ** /*argv*/) {
Normalizer *normalizer = new Normalizer();
DOMDocument *doc = normalizer->createDocument();
bool *tmpTrue = new bool(true);
bool *tmpFalse = new bool(false);
DOMElement* docFirstElement = doc->createElementNS(X("http://www.test.com"),X("docEle"));
doc->appendChild(docFirstElement);
DOMElement* docFirstElementChild = doc->createElementNS(X("http://www.test2.com"),X("docEleChild"));
docFirstElement->appendChild(docFirstElementChild);
//create default ns
doc->normalizeDocument();
normalizer->serializeNode(doc);
XERCES_STD_QUALIFIER cout << "\n\n";
//add in binding
docFirstElement->setPrefix(X("po"));
doc->normalizeDocument();
normalizer->serializeNode(doc);
XERCES_STD_QUALIFIER cout << "\n\n";
//use default
DOMElement* docFirstElementChildChild = doc->createElementNS(X("http://www.test2.com"),X("docEleChildChild"));
docFirstElementChild->appendChild(docFirstElementChildChild);
doc->normalizeDocument();
normalizer->serializeNode(doc);
XERCES_STD_QUALIFIER cout << "\n\n";
// this block is needed to destroy the XMLBuffer
{
//use a binding
XMLBuffer buf;
buf.set(XMLUni::fgXMLNSString);
buf.append(chColon);
buf.append(X("po2"));
docFirstElementChild->removeAttributeNS(XMLUni::fgXMLNSURIName, XMLUni::fgXMLNSString);
docFirstElement->removeAttributeNS(XMLUni::fgXMLNSURIName, XMLUni::fgXMLNSString);
docFirstElement->setAttributeNS(XMLUni::fgXMLNSURIName, buf.getRawBuffer(), X("http://www.test2.com"));
docFirstElementChild->setPrefix(X("po2"));
doc->normalizeDocument();
normalizer->serializeNode(doc);
XERCES_STD_QUALIFIER cout << "\n\n";
}
//some siblngs to ensure the scope stacks are working
docFirstElementChildChild = doc->createElementNS(X("http://www.test3.com"),X("docEleChildChild2"));
docFirstElementChild->appendChild(docFirstElementChildChild);
docFirstElementChildChild = doc->createElementNS(X("http://www.test4.com"),X("po4:docEleChildChild3"));
docFirstElementChild->appendChild(docFirstElementChildChild);
docFirstElementChildChild = doc->createElementNS(X("http://www.test4.com"),X("po4:docEleChildChild4"));
docFirstElementChild->appendChild(docFirstElementChildChild);
doc->normalizeDocument();
normalizer->serializeNode(doc);
XERCES_STD_QUALIFIER cout << "\n\n";
//conflicting prefix
docFirstElementChildChild->setAttributeNS(XMLUni::fgXMLNSURIName, X("po4"), X("conflict"));
doc->normalizeDocument();
normalizer->serializeNode(doc);
XERCES_STD_QUALIFIER cout << "\n\n";
//conflicting default
docFirstElementChildChild = doc->createElementNS(X("http://www.test4.com"),X("docEleChildChild5"));
docFirstElementChild->appendChild(docFirstElementChildChild);
docFirstElementChildChild->setAttributeNS(XMLUni::fgXMLNSURIName, XMLUni::fgXMLNSString, X("conflict"));
doc->normalizeDocument();
normalizer->serializeNode(doc);
XERCES_STD_QUALIFIER cout << "\n\n";
//set the xmlns to ""
DOMElement *noNamespaceEle = doc->createElementNS(X(""),X("noNamespace"));
docFirstElementChildChild->appendChild(noNamespaceEle);
doc->normalizeDocument();
normalizer->serializeNode(doc);
XERCES_STD_QUALIFIER cout << "\n\n";
//now lets do a bit off attribute testing on the doc ele
docFirstElement->setAttributeNS(X("http://testattr.com"), X("attr1"), X("value"));
docFirstElement->setAttributeNS(X("http://testattr.com"), X("attr2"), X("value"));
docFirstElement->setAttributeNS(X("http://testattr2.com"), X("attr3"), X("value"));
docFirstElement->setAttributeNS(X("http://www.test.com"), X("attr4"), X("value"));
docFirstElement->setAttributeNS(X("http://testattr2.com"), X("po:attr5"), X("value"));
docFirstElement->setAttributeNS(X("http://testattr2.com"), X("poFake:attr6"), X("value"));
docFirstElement->setAttributeNS(X("http://testattr3.com"), X("po3:attr7"), X("value"));
doc->normalizeDocument();
normalizer->serializeNode(doc);
XERCES_STD_QUALIFIER cout << "\n\n";
//and now on one of its children
docFirstElementChildChild->setAttributeNS(X("http://testattr.com"), X("attr1"), X("value"));
docFirstElementChildChild->setAttributeNS(X("http://testattr.com"), X("attr2"), X("value"));
docFirstElementChildChild->setAttributeNS(X("http://testattr2.com"), X("attr3"), X("value"));
docFirstElementChildChild->setAttributeNS(X("http://www.test.com"), X("attr4"), X("value"));
docFirstElementChildChild->setAttributeNS(X("http://testattr2.com"), X("po:attr5"), X("value"));
docFirstElementChildChild->setAttributeNS(X("http://testattr2.com"), X("poFake:attr6"), X("value"));
docFirstElementChildChild->setAttributeNS(X("http://testattr3.com"), X("po3:attr7"), X("value"));
docFirstElementChildChild->setAttributeNS(X("http://testattr4.com"), X("po4:attr8"), X("value"));
//test for a clash with our NSx attrs
docFirstElementChildChild->setAttributeNS(X("http://testclash.com"), X("NS1:attr9"), X("value"));
docFirstElementChildChild->setAttributeNS(XMLUni::fgXMLNSURIName, X("xmlns:NS1"), X("http://testclash.com"));
//clash with standard prefix
docFirstElementChildChild->setAttributeNS(X("http://testattr5.com"), X("po:attr10"), X("value"));
doc->normalizeDocument();
normalizer->serializeNode(doc);
XERCES_STD_QUALIFIER cout << "\n\n";
//2 prefix with the same uri
docFirstElementChildChild = doc->createElementNS(X("http://www.uri1.com"),X("docEleChildChild6"));
docFirstElementChild->appendChild(docFirstElementChildChild);
docFirstElementChildChild->setAttributeNS(XMLUni::fgXMLNSURIName, X("xmlns:uri1"), X("http://www.uri1.com"));
docFirstElementChildChild->setAttributeNS(XMLUni::fgXMLNSURIName, X("xmlns:uri1b"), X("http://www.uri1.com"));
docFirstElementChildChild->setAttributeNS(X("http://www.uri1.com"), X("uri1:attr1"), X("value"));
docFirstElementChildChild->setAttributeNS(X("http://www.uri1.com"), X("uri1b:attr2"), X("value"));
doc->normalizeDocument();
normalizer->serializeNode(doc);
XERCES_STD_QUALIFIER cout << "\n\n";
//check to see we use the nearest binding and for more inheritence
DOMElement *docFirstElementChildChildChild = doc->createElementNS(X("http://www.uri1.com"),X("docEleChildChildChild"));
docFirstElementChildChild->appendChild(docFirstElementChildChildChild);
docFirstElementChildChild->setAttributeNS(XMLUni::fgXMLNSURIName, X("xmlns:nearerThanPo"), X("http://www.test.com"));
docFirstElementChildChildChild->setAttributeNS(X("http://testattr.com"), X("attr2"), X("value"));
docFirstElementChildChildChild->setAttributeNS(X("http://www.test.com"), X("attr1"), X("value"));
doc->normalizeDocument();
normalizer->serializeNode(doc);
XERCES_STD_QUALIFIER cout << "\n\n";
//NS1.1 stuff
//test creating default prefix when NS1 has been set to ""
noNamespaceEle->setAttributeNS(XMLUni::fgXMLNSURIName, X("xmlns:NS1"), X(""));
DOMElement *noNamespaceChild = doc->createElementNS(X("http://testclash.com"),X("testing1.1Stuff"));
noNamespaceEle->appendChild(noNamespaceChild);
doc->normalizeDocument();
normalizer->serializeNode(doc);
noNamespaceChild = doc->createElementNS(X("http://testclash.com"),X("NS1:testing1.1Stuff"));
noNamespaceEle->appendChild(noNamespaceChild);
noNamespaceChild->setAttributeNS(X("http://www.someRandomUri.com"), X("attr"), X("value"));
doc->normalizeDocument();
normalizer->serializeNode(doc);
//check error conditions
XERCES_STD_QUALIFIER cout << "error conditions" << XERCES_STD_QUALIFIER endl;
DOMConfiguration *conf = doc->getDOMConfig();
conf->setParameter(XMLUni::fgDOMErrorHandler, normalizer);
conf->setParameter(XMLUni::fgDOMNamespaces, true);
DOMElement *level1Node = doc->createElement(X("level1Node"));
docFirstElement->appendChild(level1Node);
doc->normalizeDocument();
docFirstElement->removeChild(level1Node);
docFirstElement->setAttribute(X("level1Attr"), X("level1"));
doc->normalizeDocument();
docFirstElement->removeAttribute(X("level1Attr"));
//cant check this as Xerces does not let us do it
// noNamespaceChild->setAttributeNS(X("http://www.someRandomUri.com"), X("xmlns"), X("value"));
// doc->normalizeDocument();
//lets do a sanity test on a comment
DOMComment *comment = doc->createComment(X("some comment"));
docFirstElement->appendChild(comment);
doc->normalizeDocument();
normalizer->serializeNode(doc);
conf->setParameter(XMLUni::fgDOMComments, false);
docFirstElement->appendChild(comment);
doc->normalizeDocument();
normalizer->serializeNode(doc);
//and on a CDATA
DOMCDATASection *cData = doc->createCDATASection(X("some cdata"));
docFirstElement->appendChild(cData);
doc->normalizeDocument();
normalizer->serializeNode(doc);
conf->setParameter(XMLUni::fgDOMCDATASections, false);
docFirstElement->appendChild(cData);
doc->normalizeDocument();
normalizer->serializeNode(doc);
delete normalizer;
delete tmpTrue;
delete tmpFalse;
return 0;
}
DOMElement *DSIGReference::createBlankReference(const XMLCh * URI,
const XMLCh * hashAlgorithmURI,
const XMLCh * type) {
// Reset this Reference just in case
m_isManifest = false;
mp_preHash = NULL;
mp_manifestList = NULL;
mp_transformsNode = NULL;
mp_transformList = NULL;
XSECmapURIToHashMethod(hashAlgorithmURI, me_hashMethod);
safeBuffer str;
DOMDocument *doc = mp_env->getParentDocument();
const XMLCh * prefix = mp_env->getDSIGNSPrefix();
makeQName(str, prefix, "Reference");
DOMElement *ret = doc->createElementNS(DSIGConstants::s_unicodeStrURIDSIG, str.rawXMLChBuffer());
mp_referenceNode = ret;
// Set type
if (type != NULL)
ret->setAttributeNS(NULL, MAKE_UNICODE_STRING("Type"), type);
// Set URI
if (URI != NULL) {
ret->setAttributeNS(NULL, s_unicodeStrURI, URI);
mp_URI = ret->getAttributeNS(NULL, s_unicodeStrURI); // Used later on as a pointer
}
else {
// Anonymous reference
mp_URI = NULL;
}
// Create hash and hashValue nodes
makeQName(str, prefix, "DigestMethod");
DOMElement *digestMethod = doc->createElementNS(DSIGConstants::s_unicodeStrURIDSIG, str.rawXMLChBuffer());
mp_env->doPrettyPrint(ret);
ret->appendChild(digestMethod);
mp_env->doPrettyPrint(ret);
digestMethod->setAttributeNS(NULL, DSIGConstants::s_unicodeStrAlgorithm,
hashAlgorithmURI);
// Retrieve the attribute value for later use
mp_algorithmURI =
digestMethod->getAttributeNS(NULL, DSIGConstants::s_unicodeStrAlgorithm);
// DigestValue
makeQName(str, prefix, "DigestValue");
mp_hashValueNode = doc->createElementNS(DSIGConstants::s_unicodeStrURIDSIG, str.rawXMLChBuffer());
ret->appendChild(mp_hashValueNode);
mp_env->doPrettyPrint(ret);
mp_hashValueNode->appendChild(doc->createTextNode(MAKE_UNICODE_STRING("Not yet calculated")));
m_loaded = true;
return ret;
}
void
XMLSecurityLibraryTest::testSign() {
XBE_LOG_DEBUG("signing a xbe-message document by hand");
xsd::cxx::xml::dom::auto_ptr<xercesc::DOMDocument> doc(create("message", "http://www.xenbee.net/schema/2008/02/xbe-msg", "xbemsg"));
DOMElement* root = doc->getDocumentElement();
root->setAttributeNS(xml::string("http://www.w3.org/2000/xmlns/").c_str(),
xml::string("xmlns:xbemsg").c_str(),
xml::string("http://www.xenbee.net/schema/2008/02/xbe-msg").c_str());
/* HEADER */
DOMElement* hdrElem = doc->createElementNS(xml::string("http://www.xenbee.net/schema/2008/02/xbe-msg").c_str(),
xml::string("xbemsg:header").c_str());
root->appendChild(hdrElem);
DOMElement* toElem = doc->createElementNS(xml::string("http://www.xenbee.net/schema/2008/02/xbe-msg").c_str(),
xml::string("xbemsg:to").c_str());
hdrElem->appendChild(toElem);
DOMText* toTxt = doc->createTextNode(xml::string("foo.bar").c_str());
toElem->appendChild(toTxt);
DOMElement* fromElem = doc->createElementNS(xml::string("http://www.xenbee.net/schema/2008/02/xbe-msg").c_str(),
xml::string("xbemsg:from").c_str());
hdrElem->appendChild(fromElem);
DOMText* fromTxt = doc->createTextNode(xml::string("foo.bar").c_str());
fromElem->appendChild(fromTxt);
/* BODY */
DOMElement* bodyElem = doc->createElementNS(xml::string("http://www.xenbee.net/schema/2008/02/xbe-msg").c_str(),
xml::string("xbemsg:body").c_str());
root->appendChild(bodyElem);
/* some example content */
DOMElement* exampleContentElem = doc->createElementNS(xml::string("http://www.example.com/text").c_str(), xml::string("text").c_str());
exampleContentElem->setAttributeNS(xml::string("http://www.w3.org/2000/xmlns/").c_str(),
xml::string("xmlns").c_str(),
xml::string("http://www.example.com/text").c_str());
bodyElem->appendChild(exampleContentElem);
DOMText* exampleContentTxt = doc->createTextNode(xml::string("Hello World!").c_str());
exampleContentElem->appendChild(exampleContentTxt);
XSECProvider prov;
DSIGSignature *sig;
DOMElement *sigNode;
sig = prov.newSignature();
sig->setDSIGNSPrefix(xml::string("dsig").c_str());
// Use it to create a blank signature DOM structure from the doc
sigNode = sig->createBlankSignature(doc.get(),
CANON_C14N_NOC,
SIGNATURE_HMAC,
HASH_SHA1);
// Insert the signature DOM nodes into the doc
hdrElem->appendChild(sigNode);
// doc->normalizeDocument();
// Create an envelope reference for the text to be signed
DSIGReference * ref = sig->createReference(xml::string("").c_str());
ref->appendEnvelopedSignatureTransform();
// Set the HMAC Key to be the string "secret"
XSECCryptoKeyHMAC *hmacKey = XSECPlatformUtils::g_cryptoProvider->keyHMAC();
hmacKey->setKey((unsigned char *) "secret", (unsigned int)strlen("secret"));
sig->setSigningKey(hmacKey);
// Add a KeyInfo element
sig->appendKeyName(xml::string("The secret key is \"secret\"").c_str());
// Sign
XBE_LOG_DEBUG("signing the document");
sig->sign();
{
std::ofstream of("resources/xbe-message-example.xml");
XbeLibUtils::serialize(of, *doc);
XBE_LOG_DEBUG("dumped signed document to: " << "resources/xbe-message-example.xml");
}
DSIGSignature *sig1 = prov.newSignatureFromDOM(doc.get());
sig1->load();
hmacKey = XSECPlatformUtils::g_cryptoProvider->keyHMAC();
hmacKey->setKey((unsigned char *) "secret", strlen("secret"));
sig1->setSigningKey(hmacKey);
XBE_LOG_DEBUG("validating the document");
bool isValid(sig1->verify());
char *_errMsgs = XMLString::transcode(sig1->getErrMsgs());
std::string errMsgs(_errMsgs);
XMLString::release(&_errMsgs);
prov.releaseSignature(sig);
prov.releaseSignature(sig1);
// Verify
CPPUNIT_ASSERT_MESSAGE(errMsgs, isValid);
XBE_LOG_DEBUG("the message is valid!");
}
Override::Override(const DOMElement* e, Category& log, const Override* base) : m_base(base), m_acl(NULL)
{
try {
// Load the property set.
load(e,log,this);
// Load any AccessControl provider.
loadACL(e,log);
// Handle nested Paths.
DOMElement* path = XMLHelper::getFirstChildElement(e,Path);
for (int i=1; path; ++i, path=XMLHelper::getNextSiblingElement(path,Path)) {
const XMLCh* n=path->getAttributeNS(NULL,name);
// Skip any leading slashes.
while (n && *n==chForwardSlash)
n++;
// Check for empty name.
if (!n || !*n) {
log.warn("skipping Path element (%d) with empty name attribute", i);
continue;
}
// Check for an embedded slash.
int slash=XMLString::indexOf(n,chForwardSlash);
if (slash>0) {
// Copy the first path segment.
XMLCh* namebuf=new XMLCh[slash + 1];
for (int pos=0; pos < slash; pos++)
namebuf[pos]=n[pos];
namebuf[slash]=chNull;
// Move past the slash in the original pathname.
n=n+slash+1;
// Skip any leading slashes again.
while (*n==chForwardSlash)
n++;
if (*n) {
// Create a placeholder Path element for the first path segment and replant under it.
DOMElement* newpath=path->getOwnerDocument()->createElementNS(shibspconstants::SHIB2SPCONFIG_NS,Path);
newpath->setAttributeNS(NULL,name,namebuf);
path->setAttributeNS(NULL,name,n);
path->getParentNode()->replaceChild(newpath,path);
newpath->appendChild(path);
// Repoint our locals at the new parent.
path=newpath;
n=path->getAttributeNS(NULL,name);
}
else {
// All we had was a pathname with trailing slash(es), so just reset it without them.
path->setAttributeNS(NULL,name,namebuf);
n=path->getAttributeNS(NULL,name);
}
delete[] namebuf;
}
Override* o=new Override(path,log,this);
pair<bool,const char*> name=o->getString("name");
char* dup=strdup(name.second);
for (char* pch=dup; *pch; pch++)
*pch=tolower(*pch);
if (m_map.count(dup)) {
log.warn("Skipping duplicate Path element (%s)",dup);
free(dup);
delete o;
continue;
}
m_map[dup]=o;
free(dup);
}
}
catch (exception&) {
delete m_acl;
for_each(m_map.begin(),m_map.end(),xmltooling::cleanup_pair<string,Override>());
throw;
}
}