2 * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 * @file SignatureReader.cpp
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
20 * @brief SignatureReader is used to parse widget digital signature.
22 #include <vcore/SignatureReader.h>
24 #include <vcore/CertificateLoader.h>
26 namespace ValidationCore {
27 static const std::string XML_NAMESPACE =
28 "http://www.w3.org/2000/09/xmldsig#";
29 static const std::string XML_NAMESPACE_DIGITALSIG =
30 "http://wacapps.net/ns/digsig";
31 static const std::string XML_OBJ_NS =
32 "http://www.w3.org/2009/xmldsig-properties";
35 static const std::string TOKEN_SIGNATURE = "Signature";
36 static const std::string TOKEN_SIGNED_INFO = "SignedInfo";
37 static const std::string TOKEN_CANONICALIZATION_METHOD =
38 "CanonicalizationMethod";
39 static const std::string TOKEN_SIGNATURE_METHOD = "SignatureMethod";
40 static const std::string TOKEN_REFERENCE = "Reference";
41 static const std::string TOKEN_TRANSFORMS = "Transforms";
42 static const std::string TOKEN_TRANSFORM = "Transform";
43 static const std::string TOKEN_DIGEST_METHOD = "DigestMethod";
44 static const std::string TOKEN_DIGEST_VALUE = "DigestValue";
45 static const std::string TOKEN_SIGNATURE_VALUE = "SignatureValue";
46 static const std::string TOKEN_KEY_INFO = "KeyInfo";
47 static const std::string TOKEN_X509DATA = "X509Data";
48 static const std::string TOKEN_X509CERTIFICATE = "X509Certificate";
49 static const std::string TOKEN_KEY_VALUE = "KeyValue";
50 static const std::string TOKEN_RSA_KEY_VALUE = "RSAKeyValue";
51 static const std::string TOKEN_MODULUS_COMPONENT = "Modulus";
52 static const std::string TOKEN_EXPONENT_COMPONENT = "Exponent";
53 static const std::string TOKEN_ECKEY_VALUE = "ECKeyValue";
54 static const std::string TOKEN_NAMED_CURVE = "NamedCurve";
55 static const std::string TOKEN_PUBLIC_KEY = "PublicKey";
56 static const std::string TOKEN_OBJECT = "Object";
57 static const std::string TOKEN_SIGNATURE_PROPERTIES = "SignatureProperties";
58 static const std::string TOKEN_SIGNATURE_PROPERTY = "SignatureProperty";
59 static const std::string TOKEN_PROFILE = "Profile";
60 static const std::string TOKEN_ROLE = "Role";
61 static const std::string TOKEN_IDENTIFIER = "Identifier";
62 static const std::string TOKEN_DSAKEYVALUE = "DSAKeyValue";
63 static const std::string TOKEN_DSA_P_COMPONENT = "P";
64 static const std::string TOKEN_DSA_Q_COMPONENT = "Q";
65 static const std::string TOKEN_DSA_G_COMPONENT = "G";
66 static const std::string TOKEN_DSA_Y_COMPONENT = "Y";
67 static const std::string TOKEN_DSA_J_COMPONENT = "J";
68 static const std::string TOKEN_DSA_SEED_COMPONENT = "Seed";
69 static const std::string TOKEN_DSA_PGENCOUNTER_COMPONENT = "PgenCounter";
70 static const std::string TOKEN_TARGET_RESTRICTION = "TargetRestriction";
74 static const std::string TOKEN_ALGORITHM = "Algorithm";
75 static const std::string TOKEN_URI = "URI";
76 static const std::string TOKEN_ID = "Id";
77 static const std::string TOKEN_TARGET = "Target";
78 static const std::string TOKEN_IMEI = "IMEI";
79 static const std::string TOKEN_MEID = "MEID";
83 static const std::string TOKEN_ATTR_PROFILE = "profile";
84 static const std::string TOKEN_ATTR_ROLE = "role";
85 static const std::string TOKEN_ATTR_IDENTIFIER = "identifier";
89 //static const std::string TOKEN_ALGORITHM_XML_EXC_CAN =
90 // "http://www.w3.org/2001/10/xml-exc-c14n#";
91 //static const std::string TOKEN_ALGORITHM_RSA_SHA256 =
92 // "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
93 //static const std::string TOKEN_ALGORITHM_DSA_SHA1 =
94 // "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
95 //static const std::string TOKEN_ALGORITHM_ECDSA_SHA256 =
96 // "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256";
97 //static const std::string TOKEN_ALGORITHM_SHA1 =
98 // "http://www.w3.org/2000/09/xmldsig#sha1";
99 //static const std::string TOKEN_ALGORITHM_SHA256 =
100 // "http://www.w3.org/2001/04/xmlenc#sha256";
101 //static const std::string TOKEN_ALGORITHM_SHA384 =
102 // "http://www.w3.org/2001/04/xmldsig-more#sha384";
103 //static const std::string TOKEN_ALGORITHM_SHA512 =
104 // "http://www.w3.org/2001/04/xmlenc#sha512";
106 SignatureReader::SignatureReader() :
107 m_signaturePropertiesCounter(0),
108 m_targetRestrictionObjectFound(false),
112 * member func pointers map
114 m_parserSchema.addBeginTagCallback(TOKEN_SIGNATURE,
116 &SignatureReader::blankFunction);
117 m_parserSchema.addBeginTagCallback(TOKEN_SIGNED_INFO,
119 &SignatureReader::blankFunction);
120 m_parserSchema.addBeginTagCallback(TOKEN_CANONICALIZATION_METHOD,
122 &SignatureReader::blankFunction);
123 m_parserSchema.addBeginTagCallback(TOKEN_SIGNATURE_METHOD,
125 &SignatureReader::blankFunction);
126 m_parserSchema.addBeginTagCallback(TOKEN_REFERENCE,
128 &SignatureReader::blankFunction);
129 m_parserSchema.addBeginTagCallback(TOKEN_TRANSFORMS,
131 &SignatureReader::blankFunction);
132 m_parserSchema.addBeginTagCallback(TOKEN_TRANSFORM,
134 &SignatureReader::blankFunction);
135 m_parserSchema.addBeginTagCallback(TOKEN_DIGEST_METHOD,
137 &SignatureReader::blankFunction);
138 m_parserSchema.addBeginTagCallback(TOKEN_DIGEST_VALUE,
140 &SignatureReader::blankFunction);
141 m_parserSchema.addBeginTagCallback(TOKEN_SIGNATURE_VALUE,
143 &SignatureReader::blankFunction);
144 m_parserSchema.addBeginTagCallback(TOKEN_KEY_INFO,
146 &SignatureReader::tokenKeyInfo);
147 m_parserSchema.addBeginTagCallback(TOKEN_X509DATA,
149 &SignatureReader::tokenX509Data);
150 m_parserSchema.addBeginTagCallback(TOKEN_X509CERTIFICATE,
152 &SignatureReader::tokenX509Certificate);
153 m_parserSchema.addBeginTagCallback(TOKEN_ECKEY_VALUE,
155 &SignatureReader::blankFunction);
156 m_parserSchema.addBeginTagCallback(TOKEN_NAMED_CURVE,
158 &SignatureReader::tokenNamedCurve);
159 m_parserSchema.addBeginTagCallback(TOKEN_PUBLIC_KEY,
161 &SignatureReader::tokenPublicKey);
162 m_parserSchema.addBeginTagCallback(TOKEN_OBJECT,
164 &SignatureReader::tokenObject);
165 m_parserSchema.addBeginTagCallback(TOKEN_SIGNATURE_PROPERTIES,
167 &SignatureReader::tokenSignatureProperties);
168 m_parserSchema.addBeginTagCallback(TOKEN_SIGNATURE_PROPERTY,
170 &SignatureReader::blankFunction);
171 m_parserSchema.addBeginTagCallback(TOKEN_PROFILE,
173 &SignatureReader::tokenProfile);
174 m_parserSchema.addBeginTagCallback(TOKEN_ROLE,
176 &SignatureReader::tokenRole);
177 m_parserSchema.addBeginTagCallback(TOKEN_IDENTIFIER,
179 &SignatureReader::blankFunction);
180 m_parserSchema.addBeginTagCallback(TOKEN_KEY_VALUE,
182 &SignatureReader::blankFunction);
183 m_parserSchema.addBeginTagCallback(TOKEN_DSAKEYVALUE,
185 &SignatureReader::blankFunction);
186 m_parserSchema.addBeginTagCallback(TOKEN_DSA_P_COMPONENT,
188 &SignatureReader::blankFunction);
189 m_parserSchema.addBeginTagCallback(TOKEN_DSA_Q_COMPONENT,
191 &SignatureReader::blankFunction);
192 m_parserSchema.addBeginTagCallback(TOKEN_DSA_G_COMPONENT,
194 &SignatureReader::blankFunction);
195 m_parserSchema.addBeginTagCallback(TOKEN_DSA_Y_COMPONENT,
197 &SignatureReader::blankFunction);
198 m_parserSchema.addBeginTagCallback(TOKEN_DSA_J_COMPONENT,
200 &SignatureReader::blankFunction);
201 m_parserSchema.addBeginTagCallback(TOKEN_DSA_SEED_COMPONENT,
203 &SignatureReader::blankFunction);
204 m_parserSchema.addBeginTagCallback(TOKEN_DSA_PGENCOUNTER_COMPONENT,
206 &SignatureReader::blankFunction);
207 m_parserSchema.addBeginTagCallback(TOKEN_RSA_KEY_VALUE,
209 &SignatureReader::blankFunction);
210 m_parserSchema.addBeginTagCallback(TOKEN_MODULUS_COMPONENT,
212 &SignatureReader::blankFunction);
213 m_parserSchema.addBeginTagCallback(TOKEN_EXPONENT_COMPONENT,
215 &SignatureReader::blankFunction);
216 m_parserSchema.addBeginTagCallback(TOKEN_TARGET_RESTRICTION,
217 XML_NAMESPACE_DIGITALSIG,
218 &SignatureReader::tokenTargetRestriction);
220 m_parserSchema.addEndTagCallback(TOKEN_SIGNATURE,
222 &SignatureReader::blankFunction);
223 m_parserSchema.addEndTagCallback(TOKEN_SIGNED_INFO,
225 &SignatureReader::blankFunction);
226 m_parserSchema.addEndTagCallback(TOKEN_CANONICALIZATION_METHOD,
228 &SignatureReader::blankFunction);
229 m_parserSchema.addEndTagCallback(TOKEN_SIGNATURE_METHOD,
231 &SignatureReader::blankFunction);
232 m_parserSchema.addEndTagCallback(TOKEN_REFERENCE,
234 &SignatureReader::blankFunction);
235 m_parserSchema.addEndTagCallback(TOKEN_TRANSFORMS,
237 &SignatureReader::blankFunction);
238 m_parserSchema.addEndTagCallback(TOKEN_TRANSFORM,
240 &SignatureReader::blankFunction);
241 m_parserSchema.addEndTagCallback(TOKEN_DIGEST_METHOD,
243 &SignatureReader::blankFunction);
244 m_parserSchema.addEndTagCallback(TOKEN_DIGEST_VALUE,
246 &SignatureReader::blankFunction);
247 m_parserSchema.addEndTagCallback(TOKEN_SIGNATURE_VALUE,
249 &SignatureReader::blankFunction);
250 m_parserSchema.addEndTagCallback(TOKEN_KEY_INFO,
252 &SignatureReader::tokenEndKeyInfo);
253 m_parserSchema.addEndTagCallback(TOKEN_X509DATA,
255 &SignatureReader::tokenEndX509Data);
256 m_parserSchema.addEndTagCallback(TOKEN_X509CERTIFICATE,
258 &SignatureReader::tokenEndX509Certificate);
259 m_parserSchema.addEndTagCallback(TOKEN_ECKEY_VALUE,
261 &SignatureReader::tokenEndECKeyValue);
262 m_parserSchema.addEndTagCallback(TOKEN_PUBLIC_KEY,
264 &SignatureReader::tokenEndPublicKey);
265 m_parserSchema.addEndTagCallback(TOKEN_OBJECT,
267 &SignatureReader::tokenEndObject);
268 m_parserSchema.addEndTagCallback(TOKEN_SIGNATURE_PROPERTIES,
270 &SignatureReader::blankFunction);
271 m_parserSchema.addEndTagCallback(TOKEN_SIGNATURE_PROPERTY,
273 &SignatureReader::blankFunction);
274 m_parserSchema.addEndTagCallback(TOKEN_PROFILE,
276 &SignatureReader::blankFunction);
277 m_parserSchema.addEndTagCallback(TOKEN_ROLE,
279 &SignatureReader::blankFunction);
280 m_parserSchema.addEndTagCallback(TOKEN_IDENTIFIER,
282 &SignatureReader::tokenEndIdentifier);
283 m_parserSchema.addEndTagCallback(TOKEN_KEY_VALUE,
285 &SignatureReader::blankFunction);
286 m_parserSchema.addEndTagCallback(TOKEN_DSAKEYVALUE,
288 &SignatureReader::tokenEndDSAKeyValue);
289 m_parserSchema.addEndTagCallback(TOKEN_DSA_P_COMPONENT,
291 &SignatureReader::tokenEndDSAPComponent);
292 m_parserSchema.addEndTagCallback(TOKEN_DSA_Q_COMPONENT,
294 &SignatureReader::tokenEndDSAQComponent);
295 m_parserSchema.addEndTagCallback(TOKEN_DSA_G_COMPONENT,
297 &SignatureReader::tokenEndDSAGComponent);
298 m_parserSchema.addEndTagCallback(TOKEN_DSA_Y_COMPONENT,
300 &SignatureReader::tokenEndDSAYComponent);
301 m_parserSchema.addEndTagCallback(TOKEN_DSA_J_COMPONENT,
303 &SignatureReader::tokenEndDSAJComponent);
304 m_parserSchema.addEndTagCallback(TOKEN_DSA_SEED_COMPONENT,
306 &SignatureReader::tokenEndDSASeedComponent);
307 m_parserSchema.addEndTagCallback(TOKEN_DSA_PGENCOUNTER_COMPONENT,
309 &SignatureReader::tokenEndDSAPGenCounterComponent);
310 m_parserSchema.addEndTagCallback(TOKEN_RSA_KEY_VALUE,
312 &SignatureReader::tokenEndRSAKeyValue);
313 m_parserSchema.addEndTagCallback(TOKEN_MODULUS_COMPONENT,
315 &SignatureReader::tokenEndKeyModulus);
316 m_parserSchema.addEndTagCallback(TOKEN_EXPONENT_COMPONENT,
318 &SignatureReader::tokenEndKeyExponent);
319 m_parserSchema.addEndTagCallback(TOKEN_TARGET_RESTRICTION,
321 &SignatureReader::blankFunction);
325 void SignatureReader::initialize(
326 SignatureData &signatureData,
327 const std::string &xmlscheme)
329 m_parserSchema.initialize(
330 signatureData.getSignatureFileName(),
332 SaxReader::VALIDATION_XMLSCHEME,
336 void SignatureReader::read(SignatureData &signatureData)
338 m_parserSchema.read(signatureData);
341 void SignatureReader::blankFunction(SignatureData &)
345 void SignatureReader::tokenKeyInfo(SignatureData &)
349 void SignatureReader::tokenX509Data(SignatureData &)
353 void SignatureReader::tokenX509Certificate(SignatureData &)
357 void SignatureReader::tokenPublicKey(SignatureData &)
361 void SignatureReader::tokenNamedCurve(SignatureData &)
363 m_nameCurveURI = m_parserSchema.getReader().attribute(TOKEN_URI);
366 void SignatureReader::tokenTargetRestriction(SignatureData &signatureData)
368 std::string IMEI = m_parserSchema.getReader().attribute(TOKEN_IMEI);
369 std::string MEID = m_parserSchema.getReader().attribute(TOKEN_MEID);
371 //less verbose way to say (IMEI && MEID) || (!IMEI && !MEID)
372 if (IMEI.empty() == MEID.empty()) {
373 //WAC 2.0 WR-4650 point 4
374 VcoreThrowMsg(SignatureReader::Exception::TargetRestriction,
375 "TargetRestriction should contain exactly one attribute.");
379 signatureData.m_imeiList.push_back(IMEI);
382 signatureData.m_meidList.push_back(MEID);
386 void SignatureReader::tokenEndKeyInfo(SignatureData &)
390 void SignatureReader::tokenEndX509Data(SignatureData &)
394 void SignatureReader::tokenEndX509Certificate(SignatureData &signatureData)
396 CertificateLoader loader;
397 if (CertificateLoader::NO_ERROR !=
398 loader.loadCertificateFromRawData(m_parserSchema.getText())) {
399 fprintf(stderr, "## [validate error]: Certificate could not be loaded\n");
400 VcoreThrowMsg(ParserSchemaException::CertificateLoaderError,
401 "Certificate could not be loaded");
403 signatureData.m_certList.push_back(loader.getCertificatePtr());
406 void SignatureReader::tokenEndRSAKeyValue(SignatureData &signatureData)
408 CertificateLoader loader;
409 if (CertificateLoader::NO_ERROR !=
410 loader.loadCertificateBasedOnExponentAndModulus(m_modulus,
412 fprintf(stderr, "## [validate error]: Certificate could not be loaded\n");
413 VcoreThrowMsg(ParserSchemaException::CertificateLoaderError,
414 "Certificate could not be loaded");
416 signatureData.m_certList.push_back(loader.getCertificatePtr());
419 void SignatureReader::tokenEndKeyModulus(SignatureData &)
421 m_modulus = m_parserSchema.getText();
424 void SignatureReader::tokenEndKeyExponent(SignatureData &)
426 m_exponent = m_parserSchema.getText();
429 void SignatureReader::tokenEndPublicKey(SignatureData &)
431 m_publicKey = m_parserSchema.getText();
434 void SignatureReader::tokenEndECKeyValue(SignatureData &signatureData)
436 CertificateLoader loader;
437 if (CertificateLoader::NO_ERROR !=
438 loader.loadCertificateWithECKEY(m_nameCurveURI, m_publicKey)) {
439 fprintf(stderr, "## [validate error]: Certificate could not be loaded\n");
440 VcoreThrowMsg(ParserSchemaException::CertificateLoaderError,
441 "Certificate could not be loaded");
443 signatureData.m_certList.push_back(loader.getCertificatePtr());
446 void SignatureReader::tokenEndObject(SignatureData &signatureData)
448 m_signaturePropertiesCounter = 0;
450 if (((!signatureData.m_imeiList.empty()) ||
451 (!signatureData.m_meidList.empty())) &&
452 m_targetRestrictionObjectFound) {
453 //WAC 2.0 WR-4650 point 1
454 VcoreThrowMsg(SignatureReader::Exception::TargetRestriction,
455 "TargetRestriction should contain exactly one ds:Object "
456 "containing zero or more wac:TargetRestriction children.");
459 if ((!signatureData.m_imeiList.empty()) ||
460 (!signatureData.m_meidList.empty())) {
461 m_targetRestrictionObjectFound = true;
465 void SignatureReader::tokenEndDSAPComponent(SignatureData &)
467 m_dsaKeyPComponent = m_parserSchema.getText();
470 void SignatureReader::tokenEndDSAQComponent(SignatureData &)
472 m_dsaKeyQComponent = m_parserSchema.getText();
475 void SignatureReader::tokenEndDSAGComponent(SignatureData &)
477 m_dsaKeyGComponent = m_parserSchema.getText();
480 void SignatureReader::tokenEndDSAYComponent(SignatureData &)
482 m_dsaKeyYComponent = m_parserSchema.getText();
485 void SignatureReader::tokenEndDSAJComponent(SignatureData &)
487 m_dsaKeyJComponent = m_parserSchema.getText();
490 void SignatureReader::tokenEndDSASeedComponent(SignatureData &)
492 m_dsaKeySeedComponent = m_parserSchema.getText();
495 void SignatureReader::tokenEndDSAPGenCounterComponent(SignatureData &)
497 m_dsaKeyPGenCounter = m_parserSchema.getText();
500 void SignatureReader::tokenEndDSAKeyValue(SignatureData &signatureData)
502 CertificateLoader loader;
504 if (CertificateLoader::NO_ERROR !=
505 loader.loadCertificateBasedOnDSAComponents(m_dsaKeyPComponent,
510 m_dsaKeySeedComponent,
511 m_dsaKeyPGenCounter)) {
512 fprintf(stderr, "## [validate error]: Certificate could not be loaded\n");
513 VcoreThrowMsg(ParserSchemaException::CertificateLoaderError,
514 "Certificate could not be loaded.");
516 signatureData.m_certList.push_back(loader.getCertificatePtr());
519 void SignatureReader::tokenRole(SignatureData &signatureData)
521 if (!signatureData.m_roleURI.empty()) {
522 fprintf(stderr, "## [validate error]: Multiple definition of Role is not allowed\n");
523 VcoreThrowMsg(ParserSchemaException::UnsupportedValue,
524 "Multiple definition of Role is not allowed.");
526 signatureData.m_roleURI = m_parserSchema.getReader().attribute(TOKEN_URI);
529 void SignatureReader::tokenProfile(SignatureData &signatureData)
531 if (!signatureData.m_profileURI.empty()) {
532 fprintf(stderr, "## [validate error]: Multiple definition of Profile is not allowed\n");
533 VcoreThrowMsg(ParserSchemaException::UnsupportedValue,
534 "Multiple definition of Profile is not allowed.");
536 signatureData.m_profileURI = m_parserSchema.getReader().attribute(TOKEN_URI);
539 void SignatureReader::tokenEndIdentifier(SignatureData &signatureData)
541 if (!signatureData.m_identifier.empty()) {
542 fprintf(stderr, "## [validate error]: Multiple definition of Identifier is not allowed\n");
543 VcoreThrowMsg(ParserSchemaException::UnsupportedValue,
544 "Multiple definition of Identifier is not allowed.");
546 signatureData.m_identifier = m_parserSchema.getText();
549 void SignatureReader::tokenObject(SignatureData &signatureData)
551 std::string id = m_parserSchema.getReader().attribute(TOKEN_ID);
554 fprintf(stderr, "## [validate error]: Unsupported value of Attribute Id in Object tag\n");
555 VcoreThrowMsg(ParserSchemaException::UnsupportedValue,
556 "Unsupported value of Attribute Id in Object tag.");
559 signatureData.m_objectList.push_back(id);
562 void SignatureReader::tokenSignatureProperties(SignatureData &)
564 if (++m_signaturePropertiesCounter > 1) {
565 fprintf(stderr, "## [validate error]: Only one SignatureProperties tag is allowed in Object\n");
566 VcoreThrowMsg(ParserSchemaException::UnsupportedValue,
567 "Only one SignatureProperties tag is allowed in Object");
570 } // namespace ValidationCore