vcore/vcore/XmlsecAdapter.h

   1 /*
   2  * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
   3  *
   4  *    Licensed under the Apache License, Version 2.0 (the "License");
   5  *    you may not use this file except in compliance with the License.
   6  *    You may obtain a copy of the License at
   7  *
   8  *        http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  *    Unless required by applicable law or agreed to in writing, software
  11  *    distributed under the License is distributed on an "AS IS" BASIS,
  12  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  *    See the License for the specific language governing permissions and
  14  *    limitations under the License.
  15  */
  16 /*
  17  * @file        XmlSecAdapter.h
  18  * @author      Bartlomiej Grzelewski (b.grzelewski@samsung.com)
  19  * @version     2.0
  20  * @brief
  21  */
  22 #pragma once
  23
  24 #include <string>
  25 #include <list>
  26
  27 #include <xmlsec/keysmngr.h>
  28
  29 #include <dpl/exception.h>
  30 #include <dpl/singleton.h>
  31
  32 #include <vcore/Certificate.h>
  33 #include <vcore/SignatureData.h>
  34
  35 namespace ValidationCore {
  36 class XmlSec {
  37
  38 public:
  39         XmlSec();
  40         virtual ~XmlSec();
  41
  42         XmlSec(const XmlSec &) = delete;
  43         XmlSec &operator=(const XmlSec &) = delete;
  44         XmlSec(XmlSec &&) = delete;
  45         XmlSec &operator=(XmlSec &&) = delete;
  46
  47         struct XmlSecContext {
  48                 /* You _must_ set one of the value: certificatePath or certificate. */
  49                 XmlSecContext()
  50                         : validationTime(0)
  51                         , allowBrokenChain(false)
  52                         , errorBrokenChain(false) {}
  53
  54                 /*
  55                  * Absolute path to signature file.
  56                  */
  57                 std::string signatureFile;
  58                 /*
  59                  * Direcotory with signed data.
  60                  * If you leave it empty xmlsec will use directory extracted
  61                  * from signatureFile.
  62                  */
  63                 std::string workingDirectory;
  64                 /*
  65                  * Path to trusted certificate.
  66                  */
  67                 std::string certificatePath;
  68                 /*
  69                  * Trusted certificate. In most cases it should be Root CA certificate.
  70                  */
  71                 CertificatePtr certificatePtr;
  72                 /*
  73                  * Validation date.
  74                  * 0 - uses current time.
  75                  */
  76                 time_t validationTime;
  77                 /*
  78                  * Input parameter.
  79                  * If true, signature validation will not be interrupted by chain error.
  80                  * If true and chain is broken then the value errorBrokenChain will be
  81                  * set to true.
  82                  */
  83                 bool allowBrokenChain;
  84                 /*
  85                  * Output parameter.
  86                  * This will be set if chain is incomplete or broken.
  87                  */
  88                 bool errorBrokenChain;
  89                 /*
  90                  * Output parameter.
  91                  * Reference checked by xmlsec
  92                  */
  93                 ReferenceSet referenceSet;
  94         };
  95
  96         struct Exception {
  97                 DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base)
  98                 DECLARE_EXCEPTION_TYPE(Base, InternalError)
  99                 DECLARE_EXCEPTION_TYPE(Base, InvalidFormat)
 100                 DECLARE_EXCEPTION_TYPE(Base, InvalidSig)
 101                 DECLARE_EXCEPTION_TYPE(Base, OutOfMemory)
 102         };
 103
 104         /* context - input/output param. */
 105         void validate(XmlSecContext &context);
 106         void validateNoHash(XmlSecContext &context);
 107         void validatePartialHash(XmlSecContext &context, const std::list<std::string> &targetUri);
 108
 109 private:
 110         enum class ValidateMode : int {
 111                 NORMAL,
 112                 NO_HASH,
 113                 PARTIAL_HASH
 114         };
 115
 116         ValidateMode m_mode;
 117         bool m_initialized;
 118         const std::list<std::string> *m_pList;
 119
 120         void loadDERCertificateMemory(XmlSecContext &context, xmlSecKeysMngrPtr mngr);
 121         void loadPEMCertificateFile(XmlSecContext &context, xmlSecKeysMngrPtr mngr);
 122         void validateInternal(XmlSecContext &context);
 123         void validateFile(XmlSecContext &context, xmlSecKeysMngrPtr mngr);
 124
 125         static std::string s_prefixPath;
 126         static int fileMatchCallback(const char *filename);
 127         static void *fileOpenCallback(const char *filename);
 128         static int fileReadCallback(void *context, char *buffer, int len);
 129         static int fileCloseCallback(void *context);
 130         static void fileExtractPrefix(XmlSecContext &context);
 131 };
 132
 133 typedef VcoreDPL::Singleton<XmlSec> XmlSecSingleton;
 134
 135 } // namespace ValidationCore