2 * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 * @file SignatureReader.cpp
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief SignatureReader is used to parse widget digital signature.
22 #include "SignatureReader.h"
24 #include "CertificateLoader.h"
26 namespace ValidationCore {
27 static const std::string XML_NAMESPACE =
28 "http://www.w3.org/2000/09/xmldsig#";
29 static const std::string XML_NAMESPACE_DIGITALSIG =
30 "http://wacapps.net/ns/digsig";
31 static const std::string XML_OBJ_NS =
32 "http://www.w3.org/2009/xmldsig-properties";
35 static const std::string TOKEN_SIGNATURE = "Signature";
36 static const std::string TOKEN_SIGNED_INFO = "SignedInfo";
37 static const std::string TOKEN_CANONICALIZATION_METHOD =
38 "CanonicalizationMethod";
39 static const std::string TOKEN_SIGNATURE_METHOD = "SignatureMethod";
40 static const std::string TOKEN_REFERENCE = "Reference";
41 static const std::string TOKEN_TRANSFORMS = "Transforms";
42 static const std::string TOKEN_TRANSFORM = "Transform";
43 static const std::string TOKEN_DIGEST_METHOD = "DigestMethod";
44 static const std::string TOKEN_DIGEST_VALUE = "DigestValue";
45 static const std::string TOKEN_SIGNATURE_VALUE = "SignatureValue";
46 static const std::string TOKEN_KEY_INFO = "KeyInfo";
47 static const std::string TOKEN_X509DATA = "X509Data";
48 static const std::string TOKEN_X509CERTIFICATE = "X509Certificate";
49 static const std::string TOKEN_KEY_VALUE = "KeyValue";
50 static const std::string TOKEN_RSA_KEY_VALUE = "RSAKeyValue";
51 static const std::string TOKEN_MODULUS_COMPONENT = "Modulus";
52 static const std::string TOKEN_EXPONENT_COMPONENT = "Exponent";
53 static const std::string TOKEN_ECKEY_VALUE = "ECKeyValue";
54 static const std::string TOKEN_NAMED_CURVE = "NamedCurve";
55 static const std::string TOKEN_PUBLIC_KEY = "PublicKey";
56 static const std::string TOKEN_OBJECT = "Object";
57 static const std::string TOKEN_SIGNATURE_PROPERTIES = "SignatureProperties";
58 static const std::string TOKEN_SIGNATURE_PROPERTY = "SignatureProperty";
59 static const std::string TOKEN_PROFILE = "Profile";
60 static const std::string TOKEN_ROLE = "Role";
61 static const std::string TOKEN_IDENTIFIER = "Identifier";
62 static const std::string TOKEN_DSAKEYVALUE = "DSAKeyValue";
63 static const std::string TOKEN_DSA_P_COMPONENT = "P";
64 static const std::string TOKEN_DSA_Q_COMPONENT = "Q";
65 static const std::string TOKEN_DSA_G_COMPONENT = "G";
66 static const std::string TOKEN_DSA_Y_COMPONENT = "Y";
67 static const std::string TOKEN_DSA_J_COMPONENT = "J";
68 static const std::string TOKEN_DSA_SEED_COMPONENT = "Seed";
69 static const std::string TOKEN_DSA_PGENCOUNTER_COMPONENT = "PgenCounter";
70 static const std::string TOKEN_TARGET_RESTRICTION = "TargetRestriction";
74 static const std::string TOKEN_ALGORITHM = "Algorithm";
75 static const std::string TOKEN_URI = "URI";
76 static const std::string TOKEN_ID = "Id";
77 static const std::string TOKEN_TARGET = "Target";
78 static const std::string TOKEN_IMEI = "IMEI";
79 static const std::string TOKEN_MEID = "MEID";
83 static const std::string TOKEN_ATTR_PROFILE = "profile";
84 static const std::string TOKEN_ATTR_ROLE = "role";
85 static const std::string TOKEN_ATTR_IDENTIFIER = "identifier";
89 //static const std::string TOKEN_ALGORITHM_XML_EXC_CAN =
90 // "http://www.w3.org/2001/10/xml-exc-c14n#";
91 //static const std::string TOKEN_ALGORITHM_RSA_SHA256 =
92 // "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
93 //static const std::string TOKEN_ALGORITHM_DSA_SHA1 =
94 // "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
95 //static const std::string TOKEN_ALGORITHM_ECDSA_SHA256 =
96 // "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256";
97 //static const std::string TOKEN_ALGORITHM_SHA1 =
98 // "http://www.w3.org/2000/09/xmldsig#sha1";
99 //static const std::string TOKEN_ALGORITHM_SHA256 =
100 // "http://www.w3.org/2001/04/xmlenc#sha256";
101 //static const std::string TOKEN_ALGORITHM_SHA384 =
102 // "http://www.w3.org/2001/04/xmldsig-more#sha384";
103 //static const std::string TOKEN_ALGORITHM_SHA512 =
104 // "http://www.w3.org/2001/04/xmlenc#sha512";
106 SignatureReader::SignatureReader() :
107 m_signaturePropertiesCounter(0),
108 m_targetRestrictionObjectFound(false),
112 * member func pointers map
114 m_parserSchema.addBeginTagCallback(TOKEN_SIGNATURE,
116 &SignatureReader::blankFunction);
117 m_parserSchema.addBeginTagCallback(TOKEN_SIGNED_INFO,
119 &SignatureReader::blankFunction);
120 m_parserSchema.addBeginTagCallback(TOKEN_CANONICALIZATION_METHOD,
122 &SignatureReader::blankFunction);
123 m_parserSchema.addBeginTagCallback(TOKEN_SIGNATURE_METHOD,
125 &SignatureReader::blankFunction);
126 m_parserSchema.addBeginTagCallback(TOKEN_REFERENCE,
128 &SignatureReader::blankFunction);
129 m_parserSchema.addBeginTagCallback(TOKEN_TRANSFORMS,
131 &SignatureReader::blankFunction);
132 m_parserSchema.addBeginTagCallback(TOKEN_TRANSFORM,
134 &SignatureReader::blankFunction);
135 m_parserSchema.addBeginTagCallback(TOKEN_DIGEST_METHOD,
137 &SignatureReader::blankFunction);
138 m_parserSchema.addBeginTagCallback(TOKEN_DIGEST_VALUE,
140 &SignatureReader::blankFunction);
141 m_parserSchema.addBeginTagCallback(TOKEN_SIGNATURE_VALUE,
143 &SignatureReader::blankFunction);
144 m_parserSchema.addBeginTagCallback(TOKEN_KEY_INFO,
146 &SignatureReader::tokenKeyInfo);
147 m_parserSchema.addBeginTagCallback(TOKEN_X509DATA,
149 &SignatureReader::tokenX509Data);
150 m_parserSchema.addBeginTagCallback(TOKEN_X509CERTIFICATE,
152 &SignatureReader::tokenX509Certificate);
153 m_parserSchema.addBeginTagCallback(TOKEN_ECKEY_VALUE,
155 &SignatureReader::blankFunction);
156 m_parserSchema.addBeginTagCallback(TOKEN_NAMED_CURVE,
158 &SignatureReader::tokenNamedCurve);
159 m_parserSchema.addBeginTagCallback(TOKEN_PUBLIC_KEY,
161 &SignatureReader::tokenPublicKey);
162 m_parserSchema.addBeginTagCallback(TOKEN_OBJECT,
164 &SignatureReader::tokenObject);
165 m_parserSchema.addBeginTagCallback(
166 TOKEN_SIGNATURE_PROPERTIES,
169 tokenSignatureProperties);
170 m_parserSchema.addBeginTagCallback(TOKEN_SIGNATURE_PROPERTY,
172 &SignatureReader::blankFunction);
173 m_parserSchema.addBeginTagCallback(TOKEN_PROFILE,
175 &SignatureReader::tokenProfile);
176 m_parserSchema.addBeginTagCallback(TOKEN_ROLE,
178 &SignatureReader::tokenRole);
179 m_parserSchema.addBeginTagCallback(TOKEN_IDENTIFIER,
181 &SignatureReader::blankFunction);
182 m_parserSchema.addBeginTagCallback(TOKEN_KEY_VALUE,
184 &SignatureReader::blankFunction);
185 m_parserSchema.addBeginTagCallback(TOKEN_DSAKEYVALUE,
187 &SignatureReader::blankFunction);
188 m_parserSchema.addBeginTagCallback(TOKEN_DSA_P_COMPONENT,
190 &SignatureReader::blankFunction);
191 m_parserSchema.addBeginTagCallback(TOKEN_DSA_Q_COMPONENT,
193 &SignatureReader::blankFunction);
194 m_parserSchema.addBeginTagCallback(TOKEN_DSA_G_COMPONENT,
196 &SignatureReader::blankFunction);
197 m_parserSchema.addBeginTagCallback(TOKEN_DSA_Y_COMPONENT,
199 &SignatureReader::blankFunction);
200 m_parserSchema.addBeginTagCallback(TOKEN_DSA_J_COMPONENT,
202 &SignatureReader::blankFunction);
203 m_parserSchema.addBeginTagCallback(TOKEN_DSA_SEED_COMPONENT,
205 &SignatureReader::blankFunction);
206 m_parserSchema.addBeginTagCallback(TOKEN_DSA_PGENCOUNTER_COMPONENT,
208 &SignatureReader::blankFunction);
209 m_parserSchema.addBeginTagCallback(TOKEN_RSA_KEY_VALUE,
211 &SignatureReader::blankFunction);
212 m_parserSchema.addBeginTagCallback(TOKEN_MODULUS_COMPONENT,
214 &SignatureReader::blankFunction);
215 m_parserSchema.addBeginTagCallback(TOKEN_EXPONENT_COMPONENT,
217 &SignatureReader::blankFunction);
218 m_parserSchema.addBeginTagCallback(TOKEN_TARGET_RESTRICTION,
219 XML_NAMESPACE_DIGITALSIG,
220 &SignatureReader::tokenTargetRestriction);
222 m_parserSchema.addEndTagCallback(TOKEN_SIGNATURE,
224 &SignatureReader::blankFunction);
225 m_parserSchema.addEndTagCallback(TOKEN_SIGNED_INFO,
227 &SignatureReader::blankFunction);
228 m_parserSchema.addEndTagCallback(TOKEN_CANONICALIZATION_METHOD,
230 &SignatureReader::blankFunction);
231 m_parserSchema.addEndTagCallback(TOKEN_SIGNATURE_METHOD,
233 &SignatureReader::blankFunction);
234 m_parserSchema.addEndTagCallback(TOKEN_REFERENCE,
236 &SignatureReader::blankFunction);
237 m_parserSchema.addEndTagCallback(TOKEN_TRANSFORMS,
239 &SignatureReader::blankFunction);
240 m_parserSchema.addEndTagCallback(TOKEN_TRANSFORM,
242 &SignatureReader::blankFunction);
243 m_parserSchema.addEndTagCallback(TOKEN_DIGEST_METHOD,
245 &SignatureReader::blankFunction);
246 m_parserSchema.addEndTagCallback(TOKEN_DIGEST_VALUE,
248 &SignatureReader::blankFunction);
249 m_parserSchema.addEndTagCallback(TOKEN_SIGNATURE_VALUE,
251 &SignatureReader::blankFunction);
252 m_parserSchema.addEndTagCallback(TOKEN_KEY_INFO,
254 &SignatureReader::tokenEndKeyInfo);
255 m_parserSchema.addEndTagCallback(TOKEN_X509DATA,
257 &SignatureReader::tokenEndX509Data);
258 m_parserSchema.addEndTagCallback(TOKEN_X509CERTIFICATE,
260 &SignatureReader::tokenEndX509Certificate);
261 m_parserSchema.addEndTagCallback(TOKEN_ECKEY_VALUE,
263 &SignatureReader::tokenEndECKeyValue);
264 m_parserSchema.addEndTagCallback(TOKEN_PUBLIC_KEY,
266 &SignatureReader::tokenEndPublicKey);
267 m_parserSchema.addEndTagCallback(TOKEN_OBJECT,
269 &SignatureReader::tokenEndObject);
270 m_parserSchema.addEndTagCallback(TOKEN_SIGNATURE_PROPERTIES,
272 &SignatureReader::blankFunction);
273 m_parserSchema.addEndTagCallback(TOKEN_SIGNATURE_PROPERTY,
275 &SignatureReader::blankFunction);
276 m_parserSchema.addEndTagCallback(TOKEN_PROFILE,
278 &SignatureReader::blankFunction);
279 m_parserSchema.addEndTagCallback(TOKEN_ROLE,
281 &SignatureReader::blankFunction);
282 m_parserSchema.addEndTagCallback(TOKEN_IDENTIFIER,
284 &SignatureReader::tokenEndIdentifier);
285 m_parserSchema.addEndTagCallback(TOKEN_KEY_VALUE,
287 &SignatureReader::blankFunction);
288 m_parserSchema.addEndTagCallback(TOKEN_DSAKEYVALUE,
290 &SignatureReader::tokenEndDSAKeyValue);
291 m_parserSchema.addEndTagCallback(TOKEN_DSA_P_COMPONENT,
293 &SignatureReader::tokenEndDSAPComponent);
294 m_parserSchema.addEndTagCallback(TOKEN_DSA_Q_COMPONENT,
296 &SignatureReader::tokenEndDSAQComponent);
297 m_parserSchema.addEndTagCallback(TOKEN_DSA_G_COMPONENT,
299 &SignatureReader::tokenEndDSAGComponent);
300 m_parserSchema.addEndTagCallback(TOKEN_DSA_Y_COMPONENT,
302 &SignatureReader::tokenEndDSAYComponent);
303 m_parserSchema.addEndTagCallback(TOKEN_DSA_J_COMPONENT,
305 &SignatureReader::tokenEndDSAJComponent);
306 m_parserSchema.addEndTagCallback(TOKEN_DSA_SEED_COMPONENT,
308 &SignatureReader::tokenEndDSASeedComponent);
309 m_parserSchema.addEndTagCallback(
310 TOKEN_DSA_PGENCOUNTER_COMPONENT,
313 tokenEndDSAPGenCounterComponent);
314 m_parserSchema.addEndTagCallback(TOKEN_RSA_KEY_VALUE,
316 &SignatureReader::tokenEndRSAKeyValue);
317 m_parserSchema.addEndTagCallback(TOKEN_MODULUS_COMPONENT,
319 &SignatureReader::tokenEndKeyModulus);
320 m_parserSchema.addEndTagCallback(TOKEN_EXPONENT_COMPONENT,
322 &SignatureReader::tokenEndKeyExponent);
323 m_parserSchema.addEndTagCallback(TOKEN_TARGET_RESTRICTION,
325 &SignatureReader::blankFunction);
328 void SignatureReader::tokenKeyInfo(SignatureData &signatureData)
332 void SignatureReader::tokenX509Data(SignatureData &signatureData)
336 void SignatureReader::tokenX509Certificate(SignatureData &signatureData)
340 void SignatureReader::tokenPublicKey(SignatureData &signatureData)
345 void SignatureReader::tokenNamedCurve(SignatureData &signatureData)
348 m_nameCurveURI = m_parserSchema.getReader().attribute(TOKEN_URI);
351 void SignatureReader::tokenTargetRestriction(SignatureData &signatureData)
353 std::string IMEI = m_parserSchema.getReader().attribute(
357 std::string MEID = m_parserSchema.getReader().attribute(
362 //less verbose way to say (IMEI && MEID) || (!IMEI && !MEID)
363 if (IMEI.empty() == MEID.empty()) {
364 //WAC 2.0 WR-4650 point 4
365 ThrowMsg(Exception::TargetRestrictionException,
366 "TargetRestriction should contain exactly one attribute.");
371 signatureData.m_imeiList.push_back(IMEI);
374 signatureData.m_meidList.push_back(MEID);
378 void SignatureReader::tokenEndKeyInfo(SignatureData &signatureData)
383 void SignatureReader::tokenEndX509Data(SignatureData &signatureData)
388 void SignatureReader::tokenEndX509Certificate(SignatureData &signatureData)
390 CertificateLoader loader;
391 if (CertificateLoader::NO_ERROR !=
392 loader.loadCertificateFromRawData(m_parserSchema.getText())) {
393 LogWarning("Certificate could not be loaded!");
394 ThrowMsg(ParserSchemaException::CertificateLoaderError,
395 "Certificate could not be loaded.");
397 signatureData.m_certList.push_back(loader.getCertificatePtr());
399 // KW void SignatureReader::tokenEndKeyName(SignatureData &signatureData){
400 // KW CertificateLoader loader;
401 // KW if(CertificateLoader::NO_ERROR != loader.loadCertificateBasedOnSubjectName(m_parserSchema.getText())){
402 // KW LogError("Certificate could not be loaded!");
403 // KW ThrowMsg(ParserSchemaException::CertificateLoaderError, "Certificate could not be loaded.");
405 // KW signatureData.m_certList.push_back(loader);
408 void SignatureReader::tokenEndRSAKeyValue(SignatureData &signatureData)
410 CertificateLoader loader;
411 if (CertificateLoader::NO_ERROR !=
412 loader.loadCertificateBasedOnExponentAndModulus(m_modulus,
414 LogWarning("Certificate could not be loaded!");
415 ThrowMsg(ParserSchemaException::CertificateLoaderError,
416 "Certificate could not be loaded.");
418 signatureData.m_certList.push_back(loader.getCertificatePtr());
421 void SignatureReader::tokenEndKeyModulus(SignatureData &signatureData)
424 m_modulus = m_parserSchema.getText();
427 void SignatureReader::tokenEndKeyExponent(SignatureData &signatureData)
430 m_exponent = m_parserSchema.getText();
433 void SignatureReader::tokenEndPublicKey(SignatureData &signatureData)
436 m_publicKey = m_parserSchema.getText();
439 void SignatureReader::tokenEndECKeyValue(SignatureData &signatureData)
441 CertificateLoader loader;
442 if (CertificateLoader::NO_ERROR !=
443 loader.loadCertificateWithECKEY(m_nameCurveURI, m_publicKey)) {
444 ThrowMsg(ParserSchemaException::CertificateLoaderError,
445 "Certificate could not be loaded.");
447 signatureData.m_certList.push_back(loader.getCertificatePtr());
450 void SignatureReader::tokenEndObject(SignatureData &signatureData)
452 m_signaturePropertiesCounter = 0;
454 if (((!signatureData.m_imeiList.empty()) ||
455 (!signatureData.m_meidList.empty())) &&
456 m_targetRestrictionObjectFound) {
457 //WAC 2.0 WR-4650 point 1
459 Exception::TargetRestrictionException,
460 "TargetRestriction should contain exactly one ds:Object containing zero or more wac:TargetRestriction children.");
463 if ((!signatureData.m_imeiList.empty()) ||
464 (!signatureData.m_meidList.empty())) {
465 m_targetRestrictionObjectFound = true;
468 void SignatureReader::tokenEndDSAPComponent(SignatureData& signatureData)
471 m_dsaKeyPComponent = m_parserSchema.getText();
474 void SignatureReader::tokenEndDSAQComponent(SignatureData& signatureData)
477 m_dsaKeyQComponent = m_parserSchema.getText();
480 void SignatureReader::tokenEndDSAGComponent(SignatureData& signatureData)
483 m_dsaKeyGComponent = m_parserSchema.getText();
486 void SignatureReader::tokenEndDSAYComponent(SignatureData& signatureData)
489 m_dsaKeyYComponent = m_parserSchema.getText();
492 void SignatureReader::tokenEndDSAJComponent(SignatureData& signatureData)
495 m_dsaKeyJComponent = m_parserSchema.getText();
498 void SignatureReader::tokenEndDSASeedComponent(SignatureData& signatureData)
501 m_dsaKeySeedComponent = m_parserSchema.getText();
504 void SignatureReader::tokenEndDSAPGenCounterComponent(
505 SignatureData& signatureData)
508 m_dsaKeyPGenCounter = m_parserSchema.getText();
511 void SignatureReader::tokenEndDSAKeyValue(SignatureData& signatureData)
513 CertificateLoader loader;
515 if (CertificateLoader::NO_ERROR !=
516 loader.loadCertificateBasedOnDSAComponents(m_dsaKeyPComponent,
521 m_dsaKeySeedComponent,
522 m_dsaKeyPGenCounter)) {
523 LogWarning("Certificate could not be loaded.");
524 ThrowMsg(ParserSchemaException::CertificateLoaderError,
525 "Certificate could not be loaded.");
527 signatureData.m_certList.push_back(loader.getCertificatePtr());
530 void SignatureReader::tokenRole(SignatureData &signatureData)
532 if (!signatureData.m_roleURI.empty()) {
533 LogWarning("Multiple definition of Role is not allowed.");
534 ThrowMsg(ParserSchemaException::UnsupportedValue,
535 "Multiple definition of Role is not allowed.");
537 signatureData.m_roleURI = m_parserSchema.getReader().attribute(TOKEN_URI);
540 void SignatureReader::tokenProfile(SignatureData &signatureData)
542 if (!signatureData.m_profileURI.empty()) {
543 LogWarning("Multiple definition of Profile is not allowed.");
544 ThrowMsg(ParserSchemaException::UnsupportedValue,
545 "Multiple definition of Profile is not allowed.");
547 signatureData.m_profileURI = m_parserSchema.getReader().attribute(TOKEN_URI);
550 void SignatureReader::tokenEndIdentifier(SignatureData &signatureData)
552 if (!signatureData.m_identifier.empty()) {
553 LogWarning("Multiple definition of Identifier is not allowed.");
554 ThrowMsg(ParserSchemaException::UnsupportedValue,
555 "Multiple definition of Identifier is not allowed.");
557 signatureData.m_identifier = m_parserSchema.getText();
560 void SignatureReader::tokenObject(SignatureData &signatureData)
562 std::string id = m_parserSchema.getReader().attribute(TOKEN_ID);
565 LogWarning("Unsupported value of Attribute Id in Object tag.");
566 ThrowMsg(ParserSchemaException::UnsupportedValue,
567 "Unsupported value of Attribute Id in Object tag.");
570 signatureData.m_objectList.push_back(id);
573 void SignatureReader::tokenSignatureProperties(SignatureData &signatureData)
576 if (++m_signaturePropertiesCounter > 1) {
577 LogWarning("Only one SignatureProperties tag is allowed in Object");
578 ThrowMsg(ParserSchemaException::UnsupportedValue,
579 "Only one SignatureProperties tag is allowed in Object");
582 } // namespace ValidationCore