2 * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 * @file XmlSecAdapter.h
18 * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
27 #include <xmlsec/keysmngr.h>
29 #include <dpl/exception.h>
30 #include <dpl/noncopyable.h>
31 #include <dpl/singleton.h>
33 #include <vcore/Certificate.h>
34 #include <vcore/SignatureData.h>
36 namespace ValidationCore {
37 class XmlSec : public VcoreDPL::Noncopyable {
39 struct XmlSecContext {
40 /* You _must_ set one of the value: certificatePath or certificate. */
43 , allowBrokenChain(false)
44 , errorBrokenChain(false) {}
47 * Absolute path to signature file.
49 std::string signatureFile;
51 * Direcotory with signed data.
52 * If you leave it empty xmlsec will use directory extracted
55 std::string workingDirectory;
57 * Path to trusted certificate.
59 std::string certificatePath;
61 * Trusted certificate. In most cases it should be Root CA certificate.
63 CertificatePtr certificatePtr;
66 * 0 - uses current time.
68 time_t validationTime;
71 * If true, signature validation will not be interrupted by chain error.
72 * If true and chain is broken then the value errorBrokenChain will be
75 bool allowBrokenChain;
78 * This will be set if chain is incomplete or broken.
80 bool errorBrokenChain;
83 * Reference checked by xmlsec
85 ReferenceSet referenceSet;
89 DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base)
90 DECLARE_EXCEPTION_TYPE(Base, InternalError)
91 DECLARE_EXCEPTION_TYPE(Base, InvalidFormat)
92 DECLARE_EXCEPTION_TYPE(Base, InvalidSig)
93 DECLARE_EXCEPTION_TYPE(Base, OutOfMemory)
96 /* context - input/output param. */
97 void validate(XmlSecContext &context);
98 void validateNoHash(XmlSecContext &context);
99 void validatePartialHash(XmlSecContext &context, const std::list<std::string> &targetUri);
106 enum class ValidateMode : int {
114 const std::list<std::string> *m_pList;
116 void loadDERCertificateMemory(XmlSecContext &context, xmlSecKeysMngrPtr mngr);
117 void loadPEMCertificateFile(XmlSecContext &context, xmlSecKeysMngrPtr mngr);
118 void validateInternal(XmlSecContext &context);
119 void validateFile(XmlSecContext &context, xmlSecKeysMngrPtr mngr);
121 static std::string s_prefixPath;
122 static int fileMatchCallback(const char *filename);
123 static void *fileOpenCallback(const char *filename);
124 static int fileReadCallback(void *context, char *buffer, int len);
125 static int fileCloseCallback(void *context);
126 static void fileExtractPrefix(XmlSecContext &context);
129 typedef VcoreDPL::Singleton<XmlSec> XmlSecSingleton;
131 } // namespace ValidationCore