vcore/vcore/XmlsecAdapter.h

   1 /*
   2  * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
   3  *
   4  *    Licensed under the Apache License, Version 2.0 (the "License");
   5  *    you may not use this file except in compliance with the License.
   6  *    You may obtain a copy of the License at
   7  *
   8  *        http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  *    Unless required by applicable law or agreed to in writing, software
  11  *    distributed under the License is distributed on an "AS IS" BASIS,
  12  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  *    See the License for the specific language governing permissions and
  14  *    limitations under the License.
  15  */
  16 /*
  17  * @file        XmlSecAdapter.h
  18  * @author      Bartlomiej Grzelewski (b.grzelewski@samsung.com)
  19  * @version     2.0
  20  * @brief
  21  */
  22 #pragma once
  23
  24 #include <string>
  25 #include <list>
  26
  27 #include <xmlsec/keysmngr.h>
  28
  29 #include <dpl/exception.h>
  30 #include <dpl/noncopyable.h>
  31 #include <dpl/singleton.h>
  32
  33 #include <vcore/Certificate.h>
  34 #include <vcore/SignatureData.h>
  35
  36 namespace ValidationCore {
  37 class XmlSec : public VcoreDPL::Noncopyable {
  38 public:
  39         struct XmlSecContext {
  40                 /* You _must_ set one of the value: certificatePath or certificate. */
  41                 XmlSecContext()
  42                         : validationTime(0)
  43                         , allowBrokenChain(false)
  44                         , errorBrokenChain(false) {}
  45
  46                 /*
  47                  * Absolute path to signature file.
  48                  */
  49                 std::string signatureFile;
  50                 /*
  51                  * Direcotory with signed data.
  52                  * If you leave it empty xmlsec will use directory extracted
  53                  * from signatureFile.
  54                  */
  55                 std::string workingDirectory;
  56                 /*
  57                  * Path to trusted certificate.
  58                  */
  59                 std::string certificatePath;
  60                 /*
  61                  * Trusted certificate. In most cases it should be Root CA certificate.
  62                  */
  63                 CertificatePtr certificatePtr;
  64                 /*
  65                  * Validation date.
  66                  * 0 - uses current time.
  67                  */
  68                 time_t validationTime;
  69                 /*
  70                  * Input parameter.
  71                  * If true, signature validation will not be interrupted by chain error.
  72                  * If true and chain is broken then the value errorBrokenChain will be
  73                  * set to true.
  74                  */
  75                 bool allowBrokenChain;
  76                 /*
  77                  * Output parameter.
  78                  * This will be set if chain is incomplete or broken.
  79                  */
  80                 bool errorBrokenChain;
  81                 /*
  82                  * Output parameter.
  83                  * Reference checked by xmlsec
  84                  */
  85                 ReferenceSet referenceSet;
  86         };
  87
  88         struct Exception {
  89                 DECLARE_EXCEPTION_TYPE(VcoreDPL::Exception, Base)
  90                 DECLARE_EXCEPTION_TYPE(Base, InternalError)
  91                 DECLARE_EXCEPTION_TYPE(Base, InvalidFormat)
  92                 DECLARE_EXCEPTION_TYPE(Base, InvalidSig)
  93                 DECLARE_EXCEPTION_TYPE(Base, OutOfMemory)
  94         };
  95
  96         /* context - input/output param. */
  97         void validate(XmlSecContext &context);
  98         void validateNoHash(XmlSecContext &context);
  99         void validatePartialHash(XmlSecContext &context, const std::list<std::string> &targetUri);
 100
 101 protected:
 102         XmlSec();
 103         ~XmlSec();
 104
 105 private:
 106         enum class ValidateMode : int {
 107                 NORMAL,
 108                 NO_HASH,
 109                 PARTIAL_HASH
 110         };
 111
 112         ValidateMode m_mode;
 113         bool m_initialized;
 114         const std::list<std::string> *m_pList;
 115
 116         void loadDERCertificateMemory(XmlSecContext &context, xmlSecKeysMngrPtr mngr);
 117         void loadPEMCertificateFile(XmlSecContext &context, xmlSecKeysMngrPtr mngr);
 118         void validateInternal(XmlSecContext &context);
 119         void validateFile(XmlSecContext &context, xmlSecKeysMngrPtr mngr);
 120
 121         static std::string s_prefixPath;
 122         static int fileMatchCallback(const char *filename);
 123         static void *fileOpenCallback(const char *filename);
 124         static int fileReadCallback(void *context, char *buffer, int len);
 125         static int fileCloseCallback(void *context);
 126         static void fileExtractPrefix(XmlSecContext &context);
 127 };
 128
 129 typedef VcoreDPL::Singleton<XmlSec> XmlSecSingleton;
 130
 131 } // namespace ValidationCore