2 * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 * @file XmlSecAdapter.h
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
27 #include <xmlsec/keysmngr.h>
29 #include <dpl/exception.h>
30 #include <dpl/singleton.h>
32 #include <vcore/Certificate.h>
33 #include <vcore/SignatureData.h>
35 namespace ValidationCore {
42 XmlSec(const XmlSec &) = delete;
43 XmlSec &operator=(const XmlSec &) = delete;
44 XmlSec(XmlSec &&) = delete;
45 XmlSec &operator=(XmlSec &&) = delete;
47 struct XmlSecContext {
48 /* You _must_ set one of the value: certificatePath or certificate. */
51 , allowBrokenChain(false)
52 , errorBrokenChain(false) {}
55 * Absolute path to signature file.
57 std::string signatureFile;
59 * Direcotory with signed data.
60 * If you leave it empty xmlsec will use directory extracted
63 std::string workingDirectory;
65 * Path to trusted certificate.
67 std::string certificatePath;
69 * Trusted certificate. In most cases it should be Root CA certificate.
71 CertificatePtr certificatePtr;
74 * 0 - uses current time.
76 time_t validationTime;
79 * If true, signature validation will not be interrupted by chain error.
80 * If true and chain is broken then the value errorBrokenChain will be
83 bool allowBrokenChain;
86 * This will be set if chain is incomplete or broken.
88 bool errorBrokenChain;
91 * Reference checked by xmlsec
93 ReferenceSet referenceSet;
97 DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base)
98 DECLARE_EXCEPTION_TYPE(Base, InternalError)
99 DECLARE_EXCEPTION_TYPE(Base, InvalidFormat)
100 DECLARE_EXCEPTION_TYPE(Base, InvalidSig)
101 DECLARE_EXCEPTION_TYPE(Base, OutOfMemory)
104 /* context - input/output param. */
105 void validate(XmlSecContext &context);
106 void validateNoHash(XmlSecContext &context);
107 void validatePartialHash(XmlSecContext &context, const std::list<std::string> &targetUri);
110 enum class ValidateMode : int {
118 const std::list<std::string> *m_pList;
120 void loadDERCertificateMemory(XmlSecContext &context, xmlSecKeysMngrPtr mngr);
121 void loadPEMCertificateFile(XmlSecContext &context, xmlSecKeysMngrPtr mngr);
122 void validateInternal(XmlSecContext &context);
123 void validateFile(XmlSecContext &context, xmlSecKeysMngrPtr mngr);
125 static std::string s_prefixPath;
126 static int fileMatchCallback(const char *filename);
127 static void *fileOpenCallback(const char *filename);
128 static int fileReadCallback(void *context, char *buffer, int len);
129 static int fileCloseCallback(void *context);
130 static void fileExtractPrefix(XmlSecContext &context);
133 typedef VcoreDPL::Singleton<XmlSec> XmlSecSingleton;
135 } // namespace ValidationCore