diff options
Diffstat (limited to 'include/xmlsec/keyinfo.h')
-rw-r--r-- | include/xmlsec/keyinfo.h | 285 |
1 files changed, 285 insertions, 0 deletions
diff --git a/include/xmlsec/keyinfo.h b/include/xmlsec/keyinfo.h new file mode 100644 index 00000000..5d7cf0e0 --- /dev/null +++ b/include/xmlsec/keyinfo.h @@ -0,0 +1,285 @@ +/** + * XML Security Library (http://www.aleksey.com/xmlsec). + * + * <dsig:KeyInfo> element processing + * (http://www.w3.org/TR/xmlSec-core/#sec-KeyInfo: + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + */ +#ifndef __XMLSEC_KEYINFO_H__ +#define __XMLSEC_KEYINFO_H__ + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + +#include <time.h> + +#include <libxml/tree.h> + +#include <xmlsec/xmlsec.h> +#include <xmlsec/list.h> +#include <xmlsec/keysdata.h> +#include <xmlsec/keys.h> +#include <xmlsec/transforms.h> + +/**************************************************************************** + * + * High-level functions + * + ****************************************************************************/ +XMLSEC_EXPORT int xmlSecKeyInfoNodeRead (xmlNodePtr keyInfoNode, + xmlSecKeyPtr key, + xmlSecKeyInfoCtxPtr keyInfoCtx); +XMLSEC_EXPORT int xmlSecKeyInfoNodeWrite (xmlNodePtr keyInfoNode, + xmlSecKeyPtr key, + xmlSecKeyInfoCtxPtr keyInfoCtx); + +/** + * xmlSecKeyInfoMode: + * @xmlSecKeyInfoModeRead: read <dsig:KeyInfo /> element. + * @xmlSecKeyInfoModeWrite: write <dsig:KeyInfo /> element. + * + * The @xmlSecKeyInfoCtx operation mode (read or write). + */ +typedef enum { + xmlSecKeyInfoModeRead = 0, + xmlSecKeyInfoModeWrite +} xmlSecKeyInfoMode; + +/** + * XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND: + * + * If flag is set then we will continue reading <dsig:KeyInfo /> + * element even when key is already found. + */ +#define XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND 0x00000001 + +/** + * XMLSEC_KEYINFO_FLAGS_STOP_ON_UNKNOWN_CHILD: + * + * If flag is set then we abort if an unknown <dsig:KeyInfo /> + * child is found. + */ +#define XMLSEC_KEYINFO_FLAGS_STOP_ON_UNKNOWN_CHILD 0x00000002 + +/** + * XMLSEC_KEYINFO_FLAGS_KEYNAME_STOP_ON_UNKNOWN: + * + * If flags is set then we abort if an unknown key name + * (content of <dsig:KeyName /> element) is found. + */ +#define XMLSEC_KEYINFO_FLAGS_KEYNAME_STOP_ON_UNKNOWN 0x00000004 + +/** + * XMLSEC_KEYINFO_FLAGS_KEYVALUE_STOP_ON_UNKNOWN_CHILD: + * + * If flags is set then we abort if an unknown <dsig:KeyValue /> + * child is found. + */ +#define XMLSEC_KEYINFO_FLAGS_KEYVALUE_STOP_ON_UNKNOWN_CHILD 0x00000008 + +/** + * XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_UNKNOWN_HREF: + * + * If flag is set then we abort if an unknown href attribute + * of <dsig:RetrievalMethod /> element is found. + */ +#define XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_UNKNOWN_HREF 0x00000010 + +/** + * XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_MISMATCH_HREF: + * + * If flag is set then we abort if an href attribute <dsig:RetrievalMethod /> + * element does not match the real key data type. + */ +#define XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_MISMATCH_HREF 0x00000020 + +/** + * XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD: + * + * If flags is set then we abort if an unknown <dsig:X509Data /> + * child is found. + */ +#define XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD 0x00000100 + +/** + * XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS: + * + * If flag is set then we'll load certificates from <dsig:X509Data /> + * element without verification. + */ +#define XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS 0x00000200 + +/** + * XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT: + * + * If flag is set then we'll stop when we could not resolve reference + * to certificate from <dsig:X509IssuerSerial />, <dsig:X509SKI /> or + * <dsig:X509SubjectName /> elements. + */ +#define XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT 0x00000400 + +/** + * XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT: + * + * If the flag is set then we'll stop when <dsig:X509Data /> element + * processing does not return a verified certificate. + */ +#define XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT 0x00000800 + +/** + * XMLSEC_KEYINFO_FLAGS_ENCKEY_DONT_STOP_ON_FAILED_DECRYPTION: + * + * If the flag is set then we'll stop when <enc:EncryptedKey /> element + * processing fails. + */ +#define XMLSEC_KEYINFO_FLAGS_ENCKEY_DONT_STOP_ON_FAILED_DECRYPTION 0x00001000 + +/** + * XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE: + * + * If the flag is set then we'll stop when we found an empty node. + * Otherwise we just ignore it. + */ +#define XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE 0x00002000 + +/** + * XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS: + * + * If the flag is set then we'll skip strict checking of certs and CRLs + */ +#define XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS 0x00004000 + +/** + * xmlSecKeyInfoCtx: + * @userData: the pointer to user data (xmlsec and xmlsec-crypto + * never touch this). + * @flags: the bit mask for flags that control processin. + * @flags2: reserved for future. + * @mode: do we read or write <dsig:KeyInfo /> element. + * @keysMngr: the pointer to current keys manager. + * @enabledKeyData: the list of enabled @xmlSecKeyDataId (if list is + * empty then all data ids are enabled). + * @base64LineSize: the max columns size for base64 encoding. + * @retrievalMethodCtx: the transforms context for <dsig:RetrievalMethod /> + * element processing. + * @maxRetrievalMethodLevel: the max recursion level when processing + * <dsig:RetrievalMethod /> element; default level is 1 + * (see also @curRetrievalMethodLevel). + * @encCtx: the encryption context for <dsig:EncryptedKey /> element + * processing. + * @maxEncryptedKeyLevel: the max recursion level when processing + * <enc:EncryptedKey /> element; default level is 1 + * (see @curEncryptedKeyLevel). + * @certsVerificationTime: the time to use for X509 certificates verification + * ("not valid before" and "not valid after" checks); + * if @certsVerificationTime is equal to 0 (default) + * then we verify certificates against the system's + * clock "now". + * @certsVerificationDepth: the max certifications chain length (default is 9). + * @pgpReserved: reserved for PGP. + * @curRetrievalMethodLevel: the current <dsig:RetrievalMethod /> element + * processing level (see @maxRetrievalMethodLevel). + * @curEncryptedKeyLevel: the current <enc:EncryptedKey /> element + * processing level (see @maxEncryptedKeyLevel). + * @keyReq: the current key requirements. + * @reserved0: reserved for the future. + * @reserved1: reserved for the future. + * + * The <dsig:KeyInfo /> reading or writing context. + */ +struct _xmlSecKeyInfoCtx { + void* userData; + unsigned int flags; + unsigned int flags2; + xmlSecKeysMngrPtr keysMngr; + xmlSecKeyInfoMode mode; + xmlSecPtrList enabledKeyData; + int base64LineSize; + + /* RetrievalMethod */ + xmlSecTransformCtx retrievalMethodCtx; + int maxRetrievalMethodLevel; + +#ifndef XMLSEC_NO_XMLENC + /* EncryptedKey */ + xmlSecEncCtxPtr encCtx; + int maxEncryptedKeyLevel; +#endif /* XMLSEC_NO_XMLENC */ + +#ifndef XMLSEC_NO_X509 + /* x509 certificates */ + time_t certsVerificationTime; + int certsVerificationDepth; +#endif /* XMLSEC_NO_X509 */ + + /* PGP */ + void* pgpReserved; /* TODO */ + + /* internal data */ + int curRetrievalMethodLevel; + int curEncryptedKeyLevel; + xmlSecKeyReq keyReq; + + /* for the future */ + void* reserved0; + void* reserved1; +}; + +XMLSEC_EXPORT xmlSecKeyInfoCtxPtr xmlSecKeyInfoCtxCreate (xmlSecKeysMngrPtr keysMngr); +XMLSEC_EXPORT void xmlSecKeyInfoCtxDestroy (xmlSecKeyInfoCtxPtr keyInfoCtx); +XMLSEC_EXPORT int xmlSecKeyInfoCtxInitialize (xmlSecKeyInfoCtxPtr keyInfoCtx, + xmlSecKeysMngrPtr keysMngr); +XMLSEC_EXPORT void xmlSecKeyInfoCtxFinalize (xmlSecKeyInfoCtxPtr keyInfoCtx); +XMLSEC_EXPORT void xmlSecKeyInfoCtxReset (xmlSecKeyInfoCtxPtr keyInfoCtx); +XMLSEC_EXPORT int xmlSecKeyInfoCtxCopyUserPref (xmlSecKeyInfoCtxPtr dst, + xmlSecKeyInfoCtxPtr src); +XMLSEC_EXPORT int xmlSecKeyInfoCtxCreateEncCtx (xmlSecKeyInfoCtxPtr keyInfoCtx); +XMLSEC_EXPORT void xmlSecKeyInfoCtxDebugDump (xmlSecKeyInfoCtxPtr keyInfoCtx, + FILE* output); +XMLSEC_EXPORT void xmlSecKeyInfoCtxDebugXmlDump (xmlSecKeyInfoCtxPtr keyInfoCtx, + FILE* output); +/** + * xmlSecKeyDataNameId + * + * The <dsig:KeyName> processing class. + */ +#define xmlSecKeyDataNameId xmlSecKeyDataNameGetKlass() +XMLSEC_EXPORT xmlSecKeyDataId xmlSecKeyDataNameGetKlass (void); + +/** + * xmlSecKeyDataValueId + * + * The <dsig:KeyValue> processing class. + */ +#define xmlSecKeyDataValueId xmlSecKeyDataValueGetKlass() +XMLSEC_EXPORT xmlSecKeyDataId xmlSecKeyDataValueGetKlass (void); + +/** + * xmlSecKeyDataRetrievalMethodId + * + * The <dsig:RetrievalMethod> processing class. + */ +#define xmlSecKeyDataRetrievalMethodId xmlSecKeyDataRetrievalMethodGetKlass() +XMLSEC_EXPORT xmlSecKeyDataId xmlSecKeyDataRetrievalMethodGetKlass(void); + +#ifndef XMLSEC_NO_XMLENC +/** + * xmlSecKeyDataEncryptedKeyId + * + * The <enc:EncryptedKey> processing class. + */ +#define xmlSecKeyDataEncryptedKeyId xmlSecKeyDataEncryptedKeyGetKlass() +XMLSEC_EXPORT xmlSecKeyDataId xmlSecKeyDataEncryptedKeyGetKlass(void); +#endif /* XMLSEC_NO_XMLENC */ + +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif /* __XMLSEC_KEYINFO_H__ */ + |