diff --git a/ccsrc/Helpers/helpers_externals.cc b/ccsrc/Helpers/helpers_externals.cc index fd7582801945d2cbe4537d286340b98e6730fb72..d4dfde6086ae8beaf710bc7e0a96f4b5ab718960 100644 --- a/ccsrc/Helpers/helpers_externals.cc +++ b/ccsrc/Helpers/helpers_externals.cc @@ -1,9 +1,14 @@ -#include "LibHelpers_Functions.hh" #include +#include +#include +#include + +#include "LibHelpers_Functions.hh" #include "base_time.hh" #include "converter.hh" #include "loggers.hh" +#include "xml_converters.hh" #ifndef M_PI #define M_PI 3.14159265358979323846 @@ -74,4 +79,59 @@ namespace LibHelpers__Functions { return os; } + static unsigned char random_char() { + std::random_device rd; + std::mt19937 gen(rd()); + std::uniform_int_distribution<> dis(0, 255); + return static_cast(dis(gen)); + } + + static std::string generate_hex(const unsigned int len) { + std::stringstream ss; + for(auto i = 0; i < len; i++) { + auto rc = random_char(); + std::stringstream hexstream; + hexstream << std::hex << int(rc); + auto hex = hexstream.str(); + ss << (hex.length() < 2 ? '0' + hex : hex); + } + return ss.str(); + } + + /** + * @brief Generate a new UUID + * @return The UUID in string format on success, a null string otherwise + */ + CHARSTRING fx__generate__uuid() { // ddb848c4-f7fd-445f-bdc8-033d15d7c528 + loggers::get_instance().log(">>> fx__generate__uuid"); + + std::stringstream ss; + ss << generate_hex(6) << "-"; + ss << generate_hex(2) << "-"; + ss << generate_hex(2) << "-"; + ss << generate_hex(2) << "-"; + ss << generate_hex(6); + + CHARSTRING uuid(ss.str().c_str()); + loggers::get_instance().log_msg("fx__generate__uuid: ", uuid); + return uuid; + } + + /** + * @brief Retrieve the current local date/time formatted as yyyy-mm-ddThh:mm:ss.lll+nn:00 + * @return The the current date/time on success, a null string otherwise + */ + CHARSTRING fx__get__current__date__time() { //2018-01-18T13:19:35.367+01:00 + loggers::get_instance().log(">>> fx__get__current__date__time"); + + time_t t = std::time(nullptr); + auto tm = *std::localtime(&t); + std::ostringstream oss; + oss << std::put_time(&tm, "%FT%T");//%FT%T%Z + + CHARSTRING dt(oss.str().c_str()); + loggers::get_instance().log_msg("fx__get__current__date__time: ", dt); + return dt; + } + } // namespace LibHelpers__Functions diff --git a/ccsrc/Protocols/Xml/include/xml_converters.hh b/ccsrc/Protocols/Xml/include/xml_converters.hh index 97710742a539e1d352f5552b9d4539e57a0b3ba2..ed1599595f69c97066d51e7c7abb28164a646aaa 100644 --- a/ccsrc/Protocols/Xml/include/xml_converters.hh +++ b/ccsrc/Protocols/Xml/include/xml_converters.hh @@ -35,6 +35,7 @@ public: public: int xml_canonicalization(const std::string& p_to_canonical, std::string& p_canonicalized) const; + int xml_transform(const std::string& p_to_transform, std::string& p_transformed) const; }; // End of class xml_converters diff --git a/ccsrc/Protocols/Xml/src/xml_converters.cc b/ccsrc/Protocols/Xml/src/xml_converters.cc index aebace2db03217b991cf6e3fbedcda11eba4c557..989e62eddd1656387765eb7e0613e178158ccdf8 100644 --- a/ccsrc/Protocols/Xml/src/xml_converters.cc +++ b/ccsrc/Protocols/Xml/src/xml_converters.cc @@ -14,9 +14,77 @@ #include #include +#include +#include +#include +#include xml_converters* xml_converters::_instance = nullptr; +// FIXME Use libxslt +int xml_converters::xml_transform(const std::string& p_to_transform, std::string& p_transformed) const { + loggers::get_instance().log(">>> xml_converters::xml_transform: '%s'", p_to_transform.c_str()); + + + xmlDocPtr doc = xmlReadMemory(p_to_transform.c_str(), p_to_transform.length(), "noname.xml", NULL, 0); + xmlChar *xmlbuff; + int buffersize; + xmlDocDumpFormatMemory(doc, &xmlbuff, &buffersize, 1); + loggers::get_instance().log("xml_converters::xml_transform: tree dump: '%s'", (char *) xmlbuff); + //"\\n\\t\\n\\t\\t\\n\\t\\t\\n\\t\\t\\t\\n\\t\\t\\t\\n\\t\\t\\t\\n\\t\\t\\n\\t\\n\\t" + + //xsltApplyStylesheet(cur, doc, params); + xmlFree(xmlbuff); + xmlFreeDoc(doc); + + + int first = p_to_transform.find('>'); + int next = 0; + while ((first != -1) && (first < p_to_transform.length())) { + //loggers::get_instance().log("xml_converters::xml_transform: first: '%d'", first); + //loggers::get_instance().log("xml_converters::xml_transform: next: '%d'", next); + p_transformed += p_to_transform.substr(next, first - next + 1); + //loggers::get_instance().log("xml_converters::xml_transform: p_to_transform: '%s'", p_to_transform.c_str()); + //loggers::get_instance().log("xml_converters::xml_transform: p_transformed: '%s'", p_transformed.c_str()); + next = first + 1; + while ( + (p_to_transform[next] == '\r') || + (p_to_transform[next] == '\n') || + (p_to_transform[next] == '\t') || + (p_to_transform[next] == ' ') + ) { // Skip CR, LF, TAG and SPACE + next += 1; + } // End of 'while'statement + first = p_to_transform.find('>', next); + } // End of 'while'statement + + // + first = p_transformed.find("ns4:"); + while ((first != -1) && (first < p_to_transform.length())) { + p_transformed = p_transformed.substr(0, first) + p_transformed.substr(first + 4, p_transformed.length() - 4 - 1); + loggers::get_instance().log("xml_converters::xml_transform: New p_transformed (1): '%s'", p_transformed.c_str()); + first = p_transformed.find("ns4:"); + } // End of 'while'statement + + first = p_transformed.find("xmlns:ns4"); + while ((first != -1) && (first < p_to_transform.length())) { + next = p_transformed.find("\">", first + 1); + p_transformed = p_transformed.substr(0, first - 1) + p_transformed.substr(next + 1, p_transformed.length() - next - 1); + loggers::get_instance().log("xml_converters::xml_transform: New p_transformed (2): '%s'", p_transformed.c_str()); + first = p_transformed.find("xmlns:ns4"); + } // End of 'while'statement + + // + first = p_transformed.find("", first + 8 + 1); + p_transformed = p_transformed.substr(0, first + 8) + p_transformed.substr(next + 1, p_transformed.length() - next - 1); + } + + loggers::get_instance().log("<<< xml_converters::xml_transform: '%s'", p_transformed.c_str()); + return 0; +} + int xml_converters::xml_canonicalization(const std::string& p_to_canonical, std::string& p_canonicalized) const { loggers::get_instance().log(">>> xml_converters::xml_canonicalization: '%s'", p_to_canonical.c_str()); @@ -34,14 +102,12 @@ int xml_converters::xml_canonicalization(const std::string& p_to_canonical, std: } // Do canonicalization - loggers::get_instance().log("xml_converters::xml_canonicalization: Before"); - if (xmlC14NExecute(doc, (xmlC14NIsVisibleCallback)&xml_converters::xml_node_set_contains_callback, nullptr, XML_C14N_1_1, nullptr, 1, buffer) == -1) { + if (xmlC14NExecute(doc, nullptr/*(xmlC14NIsVisibleCallback)&xml_converters::xml_node_set_contains_callback*/, nullptr, XML_C14N_EXCLUSIVE_1_0, nullptr, 1, buffer) == -1) { loggers::get_instance().log("xml_converters::xml_canonicalization: Failed to read XML input"); xmlFreeDoc(doc); xmlOutputBufferClose(buffer); return -1; } - loggers::get_instance().log("xml_converters::xml_canonicalization: After"); // Retrieve the canonicalization XML document const char* data = (const char*)xmlOutputBufferGetContent(buffer); diff --git a/ccsrc/security/include/security_services.hh b/ccsrc/security/include/security_services.hh index 9c28a4da63acbba7bfd2e87fb4b0cca91e89e9c3..7c32f0579df4d148139617275be1ec6e447d5bc9 100644 --- a/ccsrc/security/include/security_services.hh +++ b/ccsrc/security/include/security_services.hh @@ -48,7 +48,7 @@ public: /*! \publicsection */ * \param[in] TODO The raw message to be signed * \return 0 on success, -1 otherwise */ - int do_sign(const OCTETSTRING& p_encoded_message, const CHARSTRING& p_certificate_name, const CHARSTRING& p_private_key_name, const CHARSTRING& p_private_key_passwd, OCTETSTRING& p_signature, OCTETSTRING& p_digest, CHARSTRING& p_x509_certificate_subject, CHARSTRING& p_x509_certificate_pem, CHARSTRING& p_pull_request_canonicalized); + int do_sign(const OCTETSTRING& p_encoded_message, const OCTETSTRING& p_empty_signature, const CHARSTRING& p_certificate_name, const CHARSTRING& p_private_key_name, const CHARSTRING& p_private_key_passwd, OCTETSTRING& p_signature, OCTETSTRING& p_digest, CHARSTRING& p_x509_certificate_subject, CHARSTRING& p_x509_certificate_pem, CHARSTRING& p_pull_request_canonicalized); /*! * \fn int build_path(const std::string& p_root_directory); * \brief Verify message signature @@ -56,5 +56,5 @@ public: /*! \publicsection */ * \param[in] TODO * \return true on success, false otherwise */ - bool do_sign_verify(const CHARSTRING& p_message, const UNIVERSAL_CHARSTRING& p_canonicalization_method, const UNIVERSAL_CHARSTRING& p_signature_method, const UNIVERSAL_CHARSTRING& p_digest_method, const UNIVERSAL_CHARSTRING& p_digest_value, const UNIVERSAL_CHARSTRING& p_signature_value, const UNIVERSAL_CHARSTRING& p_subject_name, const UNIVERSAL_CHARSTRING& p_certificate, const CHARSTRING& p_debug_message); + bool do_sign_verify(const CHARSTRING& p_message, const OCTETSTRING& p_empty_signature, const UNIVERSAL_CHARSTRING& p_canonicalization_method, const UNIVERSAL_CHARSTRING& p_signature_method, const UNIVERSAL_CHARSTRING& p_digest_method, const UNIVERSAL_CHARSTRING& p_digest_value, const UNIVERSAL_CHARSTRING& p_signature_value, const UNIVERSAL_CHARSTRING& p_subject_name, const UNIVERSAL_CHARSTRING& p_certificate, CHARSTRING& p_debug_message); }; \ No newline at end of file diff --git a/ccsrc/security/src/security_externals.cc b/ccsrc/security/src/security_externals.cc index c8ec692a1fe69148457a07aa304a0f176d9e6a81..e129ea7a0b935d598f908f901948fb9210de8347 100644 --- a/ccsrc/security/src/security_externals.cc +++ b/ccsrc/security/src/security_externals.cc @@ -12,6 +12,66 @@ static std::unique_ptr _security_services; +static int transform_signature_workaround(std::string& str) { + loggers::get_instance().log(">>> transform_signature_workaround: '%s'", str.c_str()); + int first = str.find("<"); + while ((first != -1) && (first < str.length())) { + str = str.substr(0, first) + "<" + str.substr(first + 4, str.length() - 4); + //loggers::get_instance().log("transform_signature_workaround: New str (1): '%s'", str.c_str()); + first = str.find("<"); + } // End of 'while'statement + first = str.find(">"); + while ((first != -1) && (first < str.length())) { + str = str.substr(0, first) + ">" + str.substr(first + 4, str.length() - 4); + //loggers::get_instance().log("transform_signature_workaround: New str (2): '%s'", str.c_str()); + first = str.find(">"); + } // End of 'while'statement + first = str.find("""); + while ((first != -1) && (first < str.length())) { + str = str.substr(0, first) + "'" + str.substr(first + 6, str.length() - 6); + //loggers::get_instance().log("transform_signature_workaround: New str (3): '%s'", str.c_str()); + first = str.find("""); + } // End of 'while'statement + + std::replace(str.begin(), str.end(), '\'', '\"'); + + loggers::get_instance().log("<<< transform_signature_workaround: '%s'", str.c_str()); + return 0; +} + +static int transform_xslt_workaround(std::string& str) { + loggers::get_instance().log(">>> transform_xslt_workaround: '%s'", str.c_str()); + + int start = str.find(""); + //loggers::get_instance().log("transform_xslt_workaround: stop='%d' ", stop); + int first = str.find("<", start); + while ((first != -1) && (first < stop)) { + //loggers::get_instance().log("transform_xslt_workaround: first='%d' ", first); + str = str.substr(0, first - 1) + "<" + str.substr(first + 1, str.length() - 1); + //loggers::get_instance().log("transform_xslt_workaround: New str (1): '%s'", str.c_str()); + first = str.find("<", first); + } // End of 'while'statement + first = str.find(">", start); + while ((first != -1) && (first < stop)) { + //loggers::get_instance().log("transform_xslt_workaround: first='%d' ", first); + str = str.substr(0, first - 1) + ">" + str.substr(first + 1, str.length() - 1); + //loggers::get_instance().log("transform_xslt_workaround: New str (1): '%s'", str.c_str()); + first = str.find(">", first); + } // End of 'while'statement + first = str.find("\"", start); + while ((first != -1) && (first < stop)) { + //loggers::get_instance().log("transform_xslt_workaround: first='%d' ", first); + str = str.substr(0, first - 1) + """ + str.substr(first + 1, str.length() - 1); + //loggers::get_instance().log("transform_xslt_workaround: New str (1): '%s'", str.c_str()); + first = str.find("\"", first); + } // End of 'while'statement + + loggers::get_instance().log("<<< transform_xslt_workaround: '%s'", str.c_str()); + return 0; +} + INTEGER LibSecurity__Certificates::fx__init__certs__db(const CHARSTRING& p_certs_db_path) { loggers::get_instance().log_msg(">>> fx__init__certs__db: ", p_certs_db_path); @@ -69,10 +129,70 @@ OCTETSTRING LibSecurity__Hash::fx__hash(const OCTETSTRING& p_to_be_hashed, const return hash; } -INTEGER LibSecurity__Signature::fx__sign(const OCTETSTRING& p_encoded_message, const CHARSTRING& p_certificate_name, const CHARSTRING& p_private_key_name, const CHARSTRING& p_private_key_passwd, OCTETSTRING& p_signature, OCTETSTRING& p_digest, CHARSTRING& p_x509_certificate_subject, CHARSTRING& p_x509_certificate_pem, CHARSTRING& p_pull_request_canonicalized) { +OCTETSTRING LibSecurity__Signature::fx__enc__xmldsig__signed__info(const http__www__w3__org__2000__09__xmldsig::Signature_signedInfo& s) { // FIXME Use enc/dec TITAN function external function f_enc_value(in Value x) return bitstring with { extension "prototype(convert) encode(abc)" } + loggers::get_instance().log(">>> fx__enc__xmldsig__signed__info"); + + TTCN_EncDec::clear_error(); + TTCN_EncDec::set_error_behavior(TTCN_EncDec::ET_ALL, TTCN_EncDec::EB_DEFAULT); + TTCN_Buffer encoding_buffer; + + s.encode(http__www__w3__org__2000__09__xmldsig::Signature_signedInfo_descr_, encoding_buffer, TTCN_EncDec::CT_XER, XER_EXTENDED); + + // FIXME Update + std::string str(static_cast((const char*)encoding_buffer.get_data()), encoding_buffer.get_len() + static_cast((const char*)encoding_buffer.get_data())); + loggers::get_instance().log("fx__enc__xmldsig__signed__info: Before str: '%s'", str.c_str()); + transform_signature_workaround(str); + loggers::get_instance().log("fx__enc__xmldsig__signed__info: Afer str: '%s'", str.c_str()); + + OCTETSTRING os = char2oct(CHARSTRING(str.c_str())); + loggers::get_instance().log_msg("fx__enc__xmldsig__signed__info: os: ", os); + + return os; +} + +OCTETSTRING LibSecurity__Signature::fx__enc__xmldsig(const http__www__w3__org__2000__09__xmldsig::Signature& s) { // FIXME Use enc/dec TITAN function external function f_enc_value(in Value x) return bitstring with { extension "prototype(convert) encode(abc)" } + loggers::get_instance().log(">>> fx__enc__xmldsig"); + + TTCN_EncDec::clear_error(); + TTCN_EncDec::set_error_behavior(TTCN_EncDec::ET_ALL, TTCN_EncDec::EB_DEFAULT); + TTCN_Buffer encoding_buffer; + + s.encode(http__www__w3__org__2000__09__xmldsig::Signature_descr_, encoding_buffer, TTCN_EncDec::CT_XER, XER_EXTENDED); + + // FIXME Update + std::string str(static_cast((const char*)encoding_buffer.get_data()), encoding_buffer.get_len() + static_cast((const char*)encoding_buffer.get_data())); + loggers::get_instance().log("fx__enc__xmldsig: Before str: '%s'", str.c_str()); + transform_signature_workaround(str); + loggers::get_instance().log("fx__enc__xmldsig: Afer str: '%s'", str.c_str()); + + OCTETSTRING os = char2oct(CHARSTRING(str.c_str())); + loggers::get_instance().log_msg("fx__enc__xmldsig: os: ", os); + + return os; +} + +INTEGER LibSecurity__Signature::fx__dec__xmldsig(const BITSTRING& bs, http__www__w3__org__2000__09__xmldsig::Signature& s) { // FIXME Use enc/dec TITAN function external function f_enc_value(in Value x) return bitstring with { extension "prototype(convert) encode(abc)" } + loggers::get_instance().log(">>> fx__dec__xmldsig"); + + std::string str(static_cast(oct2char(bit2oct(bs)))); + loggers::get_instance().log("fx__dec__xmldsig: Before str: '%s'", str.c_str()); + transform_xslt_workaround(str); + loggers::get_instance().log("fx__dec__xmldsig: Afer str: '%s'", str.c_str()); + + TTCN_EncDec::clear_error(); + TTCN_EncDec::set_error_behavior(TTCN_EncDec::ET_ALL, TTCN_EncDec::EB_DEFAULT); + TTCN_Buffer decoding_buffer(OCTETSTRING(str.length(), (const unsigned char*)str.c_str())); + + s.decode(http__www__w3__org__2000__09__xmldsig::Signature_descr_, decoding_buffer, TTCN_EncDec::CT_XER, XER_EXTENDED); + + loggers::get_instance().log_msg("<<< fx__dec__xmldsig: ", s); + return 0; +} + +INTEGER LibSecurity__Signature::fx__sign(const OCTETSTRING& p_encoded_message, const OCTETSTRING& p_empty_signature, const CHARSTRING& p_certificate_name, const CHARSTRING& p_private_key_name, const CHARSTRING& p_private_key_passwd, OCTETSTRING& p_signature, OCTETSTRING& p_digest, CHARSTRING& p_x509_certificate_subject, CHARSTRING& p_x509_certificate_pem, CHARSTRING& p_pull_request_canonicalized) { loggers::get_instance().log_msg(">>> fx__sign: ", p_encoded_message); - if (_security_services->do_sign(p_encoded_message, p_certificate_name, p_private_key_name, p_private_key_passwd, p_signature, p_digest, p_x509_certificate_subject, p_x509_certificate_pem, p_pull_request_canonicalized) == -1) { + if (_security_services->do_sign(p_encoded_message, p_empty_signature, p_certificate_name, p_private_key_name, p_private_key_passwd, p_signature, p_digest, p_x509_certificate_subject, p_x509_certificate_pem, p_pull_request_canonicalized) == -1) { loggers::get_instance().log("fx__sign: Failed to signed message"); return -1; } @@ -80,14 +200,13 @@ INTEGER LibSecurity__Signature::fx__sign(const OCTETSTRING& p_encoded_message, c return 0; } -BOOLEAN LibSecurity__Signature::fx__do__sign__verify(const CHARSTRING& p_message, const UNIVERSAL_CHARSTRING& p_canonicalization_method, const UNIVERSAL_CHARSTRING& p_signature_method, const UNIVERSAL_CHARSTRING& p_digest_method, const UNIVERSAL_CHARSTRING& p_digest_value, const UNIVERSAL_CHARSTRING& p_signature_value, const UNIVERSAL_CHARSTRING& p_subject_name, const UNIVERSAL_CHARSTRING& p_certificate, const CHARSTRING& p_debug_message) { +BOOLEAN LibSecurity__Signature::fx__do__sign__verify(const CHARSTRING& p_message, const OCTETSTRING& p_empty_signature, const UNIVERSAL_CHARSTRING& p_canonicalization_method, const UNIVERSAL_CHARSTRING& p_signature_method, const UNIVERSAL_CHARSTRING& p_digest_method, const UNIVERSAL_CHARSTRING& p_digest_value, const UNIVERSAL_CHARSTRING& p_signature_value, const UNIVERSAL_CHARSTRING& p_subject_name, const UNIVERSAL_CHARSTRING& p_certificate, CHARSTRING& p_debug_message) { loggers::get_instance().log(">>> fx__do__sign__verify"); - if (!_security_services->do_sign_verify(p_message, p_canonicalization_method, p_signature_method, p_digest_method, p_digest_value, p_signature_value, p_subject_name, p_certificate, p_debug_message)) { + if (!_security_services->do_sign_verify(p_message, p_empty_signature, p_canonicalization_method, p_signature_method, p_digest_method, p_digest_value, p_signature_value, p_subject_name, p_certificate, p_debug_message)) { loggers::get_instance().log("fx__do__sign__verify: Failed to verify message signature"); return false; } return true; } - \ No newline at end of file diff --git a/ccsrc/security/src/securty_services.cc b/ccsrc/security/src/securty_services.cc index 7562e4e5b22c79c02bdc39a28032e7ed6ec1a8df..73423f2a50e03cf78676f84a00e3981a2352f00b 100644 --- a/ccsrc/security/src/securty_services.cc +++ b/ccsrc/security/src/securty_services.cc @@ -12,6 +12,7 @@ #include "sha1.hh" #include "sha256.hh" +#include "sha384.hh" #include "certs_loader.hh" #include "security_services.hh" @@ -38,19 +39,68 @@ int security_services::load_certificate(const std::string& p_certificate_name, c return _certs_db->get_certificate(p_certificate_name, p_private_key_name, p_private_key_passwd, p_certificate); } -int security_services::do_sign(const OCTETSTRING& p_encoded_message, const CHARSTRING& p_certificate_name, const CHARSTRING& p_private_key_name, const CHARSTRING& p_private_key_passwd, OCTETSTRING& p_signature, OCTETSTRING& p_digest, CHARSTRING& p_x509_certificate_subject, CHARSTRING& p_x509_certificate_pem, CHARSTRING& p_pull_request_canonicalized) { +int security_services::do_sign(const OCTETSTRING& p_encoded_message, const OCTETSTRING& p_empty_signature, const CHARSTRING& p_certificate_name, const CHARSTRING& p_private_key_name, const CHARSTRING& p_private_key_passwd, OCTETSTRING& p_signature, OCTETSTRING& p_digest, CHARSTRING& p_x509_certificate_subject, CHARSTRING& p_x509_certificate_pem, CHARSTRING& p_pull_request_canonicalized) { loggers::get_instance().log_msg(">>> security_services::do_sign: ", p_encoded_message); + loggers::get_instance().log_msg(">>> security_services::do_sign: ", p_empty_signature); loggers::get_instance().log_msg(">>> security_services::do_sign: ", p_certificate_name); loggers::get_instance().log_msg(">>> security_services::do_sign: ", p_private_key_name); loggers::get_instance().log_msg(">>> security_services::do_sign: ", p_private_key_passwd); + // Transform and canonicalize the message + // Transform: Remove all CR, LS, TAB and SPACE outside of the tags + std::string transformed; + xml_converters::get_instance().xml_transform(std::string((const char*)(static_cast(p_encoded_message)), p_encoded_message.lengthof()), transformed); + loggers::get_instance().log("security_services::do_sign: p_pull_request_transormed: ", transformed.c_str()); // Canonicalization std::string canonicalized; - xml_converters::get_instance().xml_canonicalization(std::string((const char*)(static_cast(p_encoded_message)), p_encoded_message.lengthof()), canonicalized); + xml_converters::get_instance().xml_canonicalization(transformed, canonicalized); p_pull_request_canonicalized = CHARSTRING(canonicalized.c_str()); OCTETSTRING encoded_message(char2oct(p_pull_request_canonicalized)); loggers::get_instance().log_msg("security_services::do_sign: p_pull_request_canonicalized: ", p_pull_request_canonicalized); + // Transform and canonicalize the empty signature + // Transform: Remove all CR, LS, TAB and SPACE outside of the tags + transformed.clear(); + xml_converters::get_instance().xml_transform(std::string((const char*)(static_cast(p_empty_signature)), p_empty_signature.lengthof()), transformed); + loggers::get_instance().log("security_services::do_sign: p_empty_signature transormed: '%s'", transformed.c_str()); + // Canonicalization + canonicalized.clear(); + xml_converters::get_instance().xml_canonicalization(transformed, canonicalized); + loggers::get_instance().log("security_services::do_sign: p_empty_signature canonicalized: '%s'", canonicalized.c_str()); + + // Compute the digest of the transformed/canonicalized message + loggers::get_instance().log_msg("security_services::do_sign: compute digest for ", p_pull_request_canonicalized); + int first = canonicalized.find("xmldsig#sha1"); + loggers::get_instance().log("security_services::do_sign: p_empty_signature first: '%d'", first); + const EVP_MD* sign_digest; + if (first != -1) { + sha1 digest; + digest.generate(char2oct(p_pull_request_canonicalized), p_digest); + sign_digest = EVP_sha1(); + } else { + first = canonicalized.find("xmldsig#sha256"); + loggers::get_instance().log("security_services::do_sign: p_empty_signature first: '%d'", first); + if (first != -1) { + sha256 digest; + digest.generate(char2oct(p_pull_request_canonicalized), p_digest); + sign_digest = EVP_sha256(); + } else { + first = canonicalized.find("xmldsig#sha384"); + loggers::get_instance().log("security_services::do_sign: p_empty_signature first: '%d'", first); + if (first != -1) { + sha384 digest; + digest.generate(char2oct(p_pull_request_canonicalized), p_digest); + sign_digest = EVP_sha384(); + } else { + loggers::get_instance().error("security_services::do_sign: Unsupported digest"); + } + } + } + loggers::get_instance().log_msg("security_services::do_sign: digest: ", p_digest); + std::vector to64 = converter::get_instance().buffer_to_base64(std::vector(static_cast(p_digest), p_digest.lengthof() + static_cast(p_digest))); + p_digest = OCTETSTRING(to64.size(), to64.data()); + loggers::get_instance().log_msg("security_services::do_sign: digest (64): ", p_digest); + // Retrieve certificate std::string certificate_id; if (certs_loader::get_instance().get_certificate_id(std::string(static_cast(p_certificate_name)), certificate_id) != 0) { @@ -77,10 +127,11 @@ int security_services::do_sign(const OCTETSTRING& p_encoded_message, const CHARS } p_x509_certificate_pem = CHARSTRING(str.c_str()); - // Compute the digest - sha256 digest; - digest.generate(char2oct(CHARSTRING(canonicalized.c_str())), p_digest); - loggers::get_instance().log_msg("security_services::do_sign: digest: ", p_digest); + // Update the signature + int i = canonicalized.find(""); + canonicalized = canonicalized.substr(0, i + 13) + std::string(to64.cbegin(), to64.cend()) + canonicalized.substr(i + 13, canonicalized.length() - i - 13); + OCTETSTRING to_be_signed(char2oct(CHARSTRING(canonicalized.c_str()))); + loggers::get_instance().log_msg("security_services::do_sign: to_be_signed: ", to_be_signed); // Retrive the private key const EVP_PKEY* private_key; @@ -91,13 +142,13 @@ int security_services::do_sign(const OCTETSTRING& p_encoded_message, const CHARS } loggers::get_instance().log("security_services::do_sign: private_key: '%p'", private_key); - // Create signing context + // Create signing context to sign the updated signature EVP_MD_CTX* ctx = ::EVP_MD_CTX_new(); if (ctx == NULL) { loggers::get_instance().warning("security_services::do_sign: EVP_MD_CTX_create failed, error 0x%lx", ::ERR_get_error()); return -1; } - if (::EVP_DigestSignInit(ctx, NULL, EVP_sha256(), NULL, (EVP_PKEY*)private_key) != 1) { // FIXME Add parameter to chose the digest algorithm + if (::EVP_DigestSignInit(ctx, NULL, sign_digest, NULL, (EVP_PKEY*)private_key) != 1) { // FIXME Add parameter to chose the digest algorithm loggers::get_instance().warning("security_services::do_sign: EVP_DigestSignInit failed, error 0x%lx", ::ERR_get_error()); ::EVP_MD_CTX_free(ctx); return -1; @@ -129,47 +180,101 @@ int security_services::do_sign(const OCTETSTRING& p_encoded_message, const CHARS } ::EVP_MD_CTX_free(ctx); - // Ensure that the signature round-trips - // Retrive the public key - const EVP_PKEY* public_key; - if (_certs_db->get_private_key(certificate_id, &public_key) == 1) { - loggers::get_instance().warning("security_services::do_sign: Failed to retrieve private key"); - return -1; - } - loggers::get_instance().log("security_services::do_sign: public_key: '%p'", public_key); - std::vector buffer; - _certs_db->publickey_to_string(public_key, buffer); - ctx = ::EVP_MD_CTX_new(); - if (!::EVP_DigestVerifyInit(ctx, NULL, EVP_sha256(), NULL, (EVP_PKEY*)public_key) || - !::EVP_DigestVerifyUpdate(ctx, (const unsigned char*)canonicalized.c_str(), canonicalized.length()) || - !::EVP_DigestVerifyFinal(ctx, s.data(), s.size())) { - loggers::get_instance().warning("security_services::do_sign: Failed to verify signature, error 0x%lx", ::ERR_get_error()); - ::EVP_MD_CTX_free(ctx); - s.clear(); - return -1; - } - ::EVP_MD_CTX_free(ctx); - loggers::get_instance().log("security_services::do_sign: signature was verified with public key"); + // // Ensure that the signature round-trips + // // Retrive the public key + // const EVP_PKEY* public_key; + // if (_certs_db->get_private_key(certificate_id, &public_key) == 1) { + // loggers::get_instance().warning("security_services::do_sign: Failed to retrieve private key"); + // return -1; + // } + // loggers::get_instance().log("security_services::do_sign: public_key: '%p'", public_key); + // std::vector buffer; + // _certs_db->publickey_to_string(public_key, buffer); + // ctx = ::EVP_MD_CTX_new(); + // if (!::EVP_DigestVerifyInit(ctx, NULL, sign_digest, NULL, (EVP_PKEY*)public_key) || + // !::EVP_DigestVerifyUpdate(ctx, (const unsigned char*)canonicalized.c_str(), canonicalized.length()) || + // !::EVP_DigestVerifyFinal(ctx, s.data(), s.size())) { + // loggers::get_instance().warning("security_services::do_sign: Failed to verify signature, error 0x%lx", ::ERR_get_error()); + // ::EVP_MD_CTX_free(ctx); + // s.clear(); + // return -1; + // } + //::EVP_MD_CTX_free(ctx); + //loggers::get_instance().log("security_services::do_sign: signature was verified with public key"); p_signature = OCTETSTRING(signature_length, s.data()); + loggers::get_instance().log_msg("security_services::do_sign: signature: ", p_signature); + to64 = converter::get_instance().buffer_to_base64(std::vector(static_cast(p_signature), p_signature.lengthof() + static_cast(p_signature))); + p_signature = OCTETSTRING(to64.size(), to64.data()); + loggers::get_instance().log_msg("security_services::do_sign: signature (64): ", p_signature); loggers::get_instance().log_msg("<<< security_services::do_sign: signature: ", p_signature); return 0; } -bool security_services::do_sign_verify(const CHARSTRING& p_message, const UNIVERSAL_CHARSTRING& p_canonicalization_method, const UNIVERSAL_CHARSTRING& p_signature_method, const UNIVERSAL_CHARSTRING& p_digest_method, const UNIVERSAL_CHARSTRING& p_digest_value, const UNIVERSAL_CHARSTRING& p_signature_value, const UNIVERSAL_CHARSTRING& p_subject_name, const UNIVERSAL_CHARSTRING& p_certificate, const CHARSTRING& p_debug_message) { +bool security_services::do_sign_verify(const CHARSTRING& p_message, const OCTETSTRING& p_empty_signature, const UNIVERSAL_CHARSTRING& p_canonicalization_method, const UNIVERSAL_CHARSTRING& p_signature_method, const UNIVERSAL_CHARSTRING& p_digest_method, const UNIVERSAL_CHARSTRING& p_digest_value, const UNIVERSAL_CHARSTRING& p_signature_value, const UNIVERSAL_CHARSTRING& p_subject_name, const UNIVERSAL_CHARSTRING& p_certificate, CHARSTRING& p_debug_message) { loggers::get_instance().log_msg(">>> security_services::do_sign_verify: p_message: ", p_message); loggers::get_instance().log_msg(">>> security_services::do_sign_verify: p_debug_message: ", p_debug_message); loggers::get_instance().log_msg(">>> security_services::do_sign_verify: p_canonicalization_method: ", p_canonicalization_method); loggers::get_instance().log_msg(">>> security_services::do_sign_verify: p_subject_name: ", p_subject_name); loggers::get_instance().log_msg(">>> security_services::do_sign_verify: p_signature_method: ", p_signature_method); - // Compute the digest - sha256 digest; + // Transform and canonicalize the message + // Transform: Remove all CR, LS, TAB and SPACE outside of the tags + std::string transformed; + xml_converters::get_instance().xml_transform(std::string(static_cast(p_message)), transformed); + loggers::get_instance().log("security_services::do_sign_verify: p_message_transormed: ", transformed.c_str()); + // Canonicalization + std::string canonicalized; + xml_converters::get_instance().xml_canonicalization(transformed, canonicalized); + CHARSTRING v_pull_request_canonicalized(canonicalized.c_str()); + p_debug_message = v_pull_request_canonicalized; + //OCTETSTRING v_pull_request_canonicalized(char2oct(p_debug_message)); + loggers::get_instance().log_msg("security_services::do_sign_verify: p_debug_message: ", p_debug_message); + + // Transform and canonicalize the empty signature + // Transform: Remove all CR, LS, TAB and SPACE outside of the tags + transformed.clear(); + xml_converters::get_instance().xml_transform(std::string((const char*)(static_cast(p_empty_signature)), p_empty_signature.lengthof()), transformed); + loggers::get_instance().log("security_services::do_sign: p_empty_signature transormed: '%s'", transformed.c_str()); + // Canonicalization + canonicalized.clear(); + xml_converters::get_instance().xml_canonicalization(transformed, canonicalized); + loggers::get_instance().log("security_services::do_sign: p_empty_signature canonicalized: '%s'", canonicalized.c_str()); + + // Compute the digest of the transformed/canonicalized message + loggers::get_instance().log_msg("security_services::do_sign: compute digest for ", v_pull_request_canonicalized); + int first = canonicalized.find("xmldsig#sha1"); + loggers::get_instance().log("security_services::do_sign: p_empty_signature first: '%d'", first); OCTETSTRING dg; - digest.generate(char2oct(p_message), dg); + const EVP_MD* sign_digest; + if (first != -1) { + sha1 digest; + digest.generate(char2oct(v_pull_request_canonicalized), dg); + sign_digest = EVP_sha1(); + } else { + first = canonicalized.find("xmldsig#sha256"); + loggers::get_instance().log("security_services::do_sign_verify: p_empty_signature first: '%d'", first); + if (first != -1) { + sha256 digest; + digest.generate(char2oct(v_pull_request_canonicalized), dg); + sign_digest = EVP_sha256(); + } else { + first = canonicalized.find("xmldsig#sha384"); + loggers::get_instance().log("security_services::do_sign_verify: p_empty_signature first: '%d'", first); + if (first != -1) { + sha384 digest; + digest.generate(char2oct(v_pull_request_canonicalized), dg); + sign_digest = EVP_sha384(); + } else { + loggers::get_instance().error("security_services::do_sign_verify: Unsupported digest"); + } + } + } loggers::get_instance().log_msg("security_services::do_sign_verify: digest: ", dg); + std::vector to64 = converter::get_instance().buffer_to_base64(std::vector(static_cast(dg), dg.lengthof() + static_cast(dg))); + loggers::get_instance().log_msg("security_services::do_sign_verify: digest (64): ", OCTETSTRING(to64.size(), to64.data())); // Retrieve certificate std::string sn(static_cast(unichar2char(p_subject_name))); @@ -213,38 +318,13 @@ bool security_services::do_sign_verify(const CHARSTRING& p_message, const UNIVER std::vector buffer; _certs_db->publickey_to_string(public_key, buffer); - // Create signing context - EVP_MD_CTX* ctx = ::EVP_MD_CTX_new(); - if (ctx == NULL) { - loggers::get_instance().warning("security_services::do_sign_verify: EVP_MD_CTX_create failed, error 0x%lx", ::ERR_get_error()); - return false; - } - std::string signature_method(static_cast(unichar2char(p_signature_method))); // E.g. http://www.w3.org/2000/09/xmldsig#rsa-sha1 - const EVP_MD *md; - if (signature_method.find("sha1") != std::string::npos) { - loggers::get_instance().log("security_services::do_sign_verify: signature method: sha1"); - md = EVP_sha1(); - } else if (signature_method.find("sha256") != std::string::npos) { - loggers::get_instance().log("security_services::do_sign_verify: signature method: sha256"); - md = EVP_sha256(); - } else if (signature_method.find("sha384") != std::string::npos) { - loggers::get_instance().log("security_services::do_sign_verify: signature method: sha384"); - md = EVP_sha384(); - } else { - loggers::get_instance().error("security_services::do_sign_verify: Unsupported signature method"); - return false; - } - // Check signature - if (::EVP_DigestVerifyInit(ctx, NULL, md, NULL, (EVP_PKEY*)public_key) != 1) { - loggers::get_instance().warning("security_services::do_sign_verify: EVP_DigestVerifyInit failed, error 0x%lx", ::ERR_get_error()); - ::EVP_MD_CTX_free(ctx); - return false; - } - if(::EVP_DigestVerifyUpdate(ctx, (const char*)p_message, p_message.lengthof()) != 1) { - loggers::get_instance().warning("security_services::do_sign_verify: EVP_DigestVerifyUpdate failed, error 0x%lx - %s", ::ERR_get_error(), ::ERR_error_string(::ERR_get_error(), nullptr)); - ::EVP_MD_CTX_free(ctx); - return false; - } + // Update the DigestValue + int i = canonicalized.find(""); + canonicalized = canonicalized.substr(0, i + 13) + std::string(to64.cbegin(), to64.cend()) + canonicalized.substr(i + 13, canonicalized.length() - i - 13); + OCTETSTRING to_be_signed(char2oct(CHARSTRING(canonicalized.c_str()))); + loggers::get_instance().log_msg("security_services::do_sign: to_be_signed: ", to_be_signed); + + // Convert signature std::string signature_value(static_cast(unichar2char(p_signature_value))); // Remove CR/LF if any //signature_value.erase(std::remove(signature_value.begin(), signature_value.end(), '\r'), signature_value.end()); @@ -252,16 +332,27 @@ bool security_services::do_sign_verify(const CHARSTRING& p_message, const UNIVER loggers::get_instance().log("security_services::do_sign_verify: Before B64 decoded: '%s'", signature_value.c_str()); // Convert into bytes buffer const std::vector to_decode((const unsigned char*)signature_value.c_str(), static_cast((const unsigned char*)signature_value.c_str() + signature_value.length())); - std::vector b64 = converter::get_instance().base64_to_buffer(to_decode); - loggers::get_instance().log("security_services::do_sign_verify: B64 decoded: '%s'", converter::get_instance().bytes_to_hexa(b64, true).c_str()); - loggers::get_instance().log("security_services::do_sign_verify: B64 decoded len: '%d'", b64.size()); - if(::EVP_DigestVerifyFinal(ctx, b64.data(), b64.size()) != 1) { - loggers::get_instance().warning("security_services::do_sign_verify: EVP_DigestVerifyFinal failed, error 0x%lx - %s", ::ERR_get_error(), ::ERR_error_string(::ERR_get_error(), nullptr)); + std::vector s = converter::get_instance().base64_to_buffer(to_decode); + loggers::get_instance().log("security_services::do_sign_verify: B64 decoded: '%s'", converter::get_instance().bytes_to_hexa(s, true).c_str()); + loggers::get_instance().log("security_services::do_sign_verify: B64 decoded len: '%d'", s.size()); + + // Create signing context + EVP_MD_CTX* ctx = ::EVP_MD_CTX_new(); + if (ctx == NULL) { + loggers::get_instance().warning("security_services::do_sign_verify: EVP_MD_CTX_create failed, error 0x%lx", ::ERR_get_error()); + return false; + } + // Check signature + if (!::EVP_DigestVerifyInit(ctx, NULL, sign_digest, NULL, (EVP_PKEY*)public_key) || + !::EVP_DigestVerifyUpdate(ctx, (const unsigned char*)canonicalized.c_str(), canonicalized.length()) || + !::EVP_DigestVerifyFinal(ctx, s.data(), s.size())) { + loggers::get_instance().warning("security_services::do_sign_verify: Failed to verify signature, error 0x%lx", ::ERR_get_error()); ::EVP_MD_CTX_free(ctx); + s.clear(); return false; } - ::EVP_MD_CTX_free(ctx); + loggers::get_instance().log("security_services::do_sign_verify: signature was verified with public key"); return true; } diff --git a/ttcn/LibHelpers/module.mk b/ttcn/LibHelpers/module.mk index f56baa1fef8bb060de060807beb7eaabbfe06155..3012e9ec294564dc8a314708af657cc350d8f19f 100644 --- a/ttcn/LibHelpers/module.mk +++ b/ttcn/LibHelpers/module.mk @@ -1,3 +1,2 @@ sources := \ ttcn/LibHelpers_Functions.ttcn - diff --git a/ttcn/LibHelpers/ttcn/LibHelpers_Functions.ttcn b/ttcn/LibHelpers/ttcn/LibHelpers_Functions.ttcn index e0f996785dc76110d4d8e6bd35125957359bcb30..f7edf9619881c752eee169fadceff511fca7848c 100644 --- a/ttcn/LibHelpers/ttcn/LibHelpers_Functions.ttcn +++ b/ttcn/LibHelpers/ttcn/LibHelpers_Functions.ttcn @@ -172,6 +172,14 @@ module LibHelpers_Functions { */ external function fx_dec_base64(in octetstring p_to_decode) return octetstring; + /** + * @desc Generate a new UUID + * @return The UUID in string format on success, a null string otherwise + */ + external function fx_generate_uuid() return charstring; + + external function fx_get_current_date_time() return charstring; + } // End of externals } // End of module LibHelpers_Functions diff --git a/ttcn/LibHttp/ttcn/LibHttp_XmlMessageBodyTypes.ttcn b/ttcn/LibHttp/ttcn/LibHttp_XmlMessageBodyTypes.ttcn index b82bee9aed673737bac8cf268503ada126d86583..96cfb2f44087a1dd1b5b08643c684627b8797aba 100644 --- a/ttcn/LibHttp/ttcn/LibHttp_XmlMessageBodyTypes.ttcn +++ b/ttcn/LibHttp/ttcn/LibHttp_XmlMessageBodyTypes.ttcn @@ -19,5 +19,6 @@ module LibHttp_XmlMessageBodyTypes { } } with { + encode "XML"; variant "" } // End of LibHttp_XmlMessageBodyTypes diff --git a/ttcn/LibSecurity/module.mk b/ttcn/LibSecurity/module.mk index 4514de44b0bc85ce6118e9784c5667f77a419276..79a47a2a5e92dba75534c337755b8668a4d154df 100644 --- a/ttcn/LibSecurity/module.mk +++ b/ttcn/LibSecurity/module.mk @@ -2,4 +2,7 @@ sources := \ ttcn/LibSecurity_Hash.ttcn \ ttcn/LibSecurity_Hmac.ttcn \ ttcn/LibSecurity_Signature.ttcn \ - ttcn/LibSecurity_Certificates.ttcn + ttcn/LibSecurity_Certificates.ttcn \ + ttcn/http_www_w3_org_2000_09_xmldsig.ttcn \ + + diff --git a/ttcn/LibSecurity/ttcn/LibSecurity_Signature.ttcn b/ttcn/LibSecurity/ttcn/LibSecurity_Signature.ttcn index 74065a613aafe3ad1bdcdfb0f2e99616d5ff6027..bf2b5e19fa689ab8e2ddacdb53930e94b3740b98 100644 --- a/ttcn/LibSecurity/ttcn/LibSecurity_Signature.ttcn +++ b/ttcn/LibSecurity/ttcn/LibSecurity_Signature.ttcn @@ -1,5 +1,17 @@ module LibSecurity_Signature { + import from http_www_w3_org_2000_09_xmldsig all; + + external function fx_enc_xmldsig_signed_info(in Signature.signedInfo s) return octetstring; // Use encvalue decoration + //external function fx_enc_PullRequest_1(in PullRequest p_pull_request) return bitstring with {extension "prototype(convert) encode(XML)"} + //external function fx_dec_PullRequest_1(inout bitstring b, out PullRequest p_pull_request)return integer with {extension "prototype(sliding) decode(XML)"} + + external function fx_enc_xmldsig(in Signature s) return octetstring; // Use encvalue decoration + //external function fx_enc_PullRequest_1(in PullRequest p_pull_request) return bitstring with {extension "prototype(convert) encode(XML)"} + //external function fx_dec_PullRequest_1(inout bitstring b, out PullRequest p_pull_request)return integer with {extension "prototype(sliding) decode(XML)"} + + external function fx_dec_xmldsig(in bitstring bs, out Signature s) return integer; + /** * @desc Sign message * @param [in] p_encoded_message The raw message to be signed @@ -14,6 +26,7 @@ module LibSecurity_Signature { */ function f_sign( in octetstring p_encoded_message, + in octetstring p_empty_signature, in charstring p_certificate_name, in charstring p_private_key_name, in charstring p_private_key_passwd, @@ -23,10 +36,10 @@ module LibSecurity_Signature { out charstring p_x509_certificate_pem, out charstring p_pull_request_canonicalized ) return integer { - return fx_sign(p_encoded_message, p_certificate_name, p_private_key_name, p_private_key_passwd, p_signature, p_digest, p_x509_certificate_subject, p_x509_certificate_pem, p_pull_request_canonicalized); + return fx_sign(p_encoded_message, p_empty_signature, p_certificate_name, p_private_key_name, p_private_key_passwd, p_signature, p_digest, p_x509_certificate_subject, p_x509_certificate_pem, p_pull_request_canonicalized); } - external function fx_sign(in octetstring p_encoded_message, in charstring p_certificate_name, in charstring p_private_key_name, in charstring p_private_key_passwd, out octetstring p_signature, out octetstring p_digest, out charstring p_x509_certificate_subject, out charstring p_x509_certificate_pem, out charstring p_pull_request_canonicalized) return integer; + external function fx_sign(in octetstring p_encoded_message, in octetstring p_empty_signature, in charstring p_certificate_name, in charstring p_private_key_name, in charstring p_private_key_passwd, out octetstring p_signature, out octetstring p_digest, out charstring p_x509_certificate_subject, out charstring p_x509_certificate_pem, out charstring p_pull_request_canonicalized) return integer; /** * @desc Verify signature @@ -35,7 +48,8 @@ module LibSecurity_Signature { * @return true on success, false otherwise */ function f_do_sign_verify( - in charstring p_message, + in charstring p_message, + in octetstring p_empty_signature, in universal charstring p_canonicalization_method, in universal charstring p_signature_method, in universal charstring p_digest_method, @@ -43,11 +57,11 @@ module LibSecurity_Signature { in universal charstring p_signature_value, in universal charstring p_subject_name, in universal charstring p_certificate, - in charstring p_debug_message + out charstring p_debug_message ) return boolean { - return fx_do_sign_verify(p_message, p_canonicalization_method, p_signature_method, p_digest_method, p_digest_value, p_signature_value, p_subject_name, p_certificate, p_debug_message); + return fx_do_sign_verify(p_message, p_empty_signature, p_canonicalization_method, p_signature_method, p_digest_method, p_digest_value, p_signature_value, p_subject_name, p_certificate, p_debug_message); } - external function fx_do_sign_verify(in charstring p_message, in universal charstring p_canonicalization_method, in universal charstring p_signature_method, in universal charstring p_digest_method, in universal charstring p_digest_value, in universal charstring p_signature_value, in universal charstring p_subject_name, in universal charstring p_certificate, in charstring p_debug_message) return boolean; + external function fx_do_sign_verify(in charstring p_message, in octetstring p_empty_signature, in universal charstring p_canonicalization_method, in universal charstring p_signature_method, in universal charstring p_digest_method, in universal charstring p_digest_value, in universal charstring p_signature_value, in universal charstring p_subject_name, in universal charstring p_certificate, out charstring p_debug_message) return boolean; } // End of LibSecurity_Signature \ No newline at end of file diff --git a/ttcn/LibSecurity/ttcn/http_www_w3_org_2000_09_xmldsig.ttcn b/ttcn/LibSecurity/ttcn/http_www_w3_org_2000_09_xmldsig.ttcn new file mode 100644 index 0000000000000000000000000000000000000000..5bea6b72d97cc492d9b5f1829a8ab94d402e918d --- /dev/null +++ b/ttcn/LibSecurity/ttcn/http_www_w3_org_2000_09_xmldsig.ttcn @@ -0,0 +1,110 @@ +/******************************************************************************* +* Copyright (c) 2000-2022 Ericsson Telecom AB +* +* XSD to TTCN-3 Translator version: CRL 113 200/6 R6B +* +* All rights reserved. This program and the accompanying materials +* are made available under the terms of the Eclipse Public License v2.0 +* which accompanies this distribution, and is available at +* https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.html +*******************************************************************************/ +// +// File: http_www_w3_org_2000_09_xmldsig.ttcn +// Description: +// References: +// Rev: +// Prodnr: +// Updated: Thu Jul 7 00:55:24 2022 +// Contact: http://ttcn.ericsson.se +// +//////////////////////////////////////////////////////////////////////////////// +// Generated from file(s): +// - signature.xsd +// /* xml version = "1.0" encoding = "utf-8" */ +// /* targetnamespace = "http://www.w3.org/2000/09/xmldsig#" */ +//////////////////////////////////////////////////////////////////////////////// +// Modification header(s): +//----------------------------------------------------------------------------- +// Modified by: +// Modification date: +// Description: +// Modification contact: +//------------------------------------------------------------------------------ +//////////////////////////////////////////////////////////////////////////////// + + +module http_www_w3_org_2000_09_xmldsig { + + +import from XSD all; + +//import from http_www_cise_eu_sevicemodel_v1_message all; + + +type record Signature +{ + record { + record { + XSD.String algorithm + } canonicalizationMethod, + record { + XSD.String algorithm + } signatureMethod, + record { + XSD.String uRI, + record { + record { + XSD.String algorithm, + XSD.String path + } transform + } transforms, + record { + XSD.String algorithm + } digestMethod, + XSD.String digestValue + } reference + } signedInfo, + XSD.String signatureValue, + record { + record { + XSD.String x509SubjectName, + XSD.String x509Certificate + } x509Data + } keyInfo +} +with { + variant "element"; + variant (signedInfo) "name as capitalized"; + variant (signedInfo.canonicalizationMethod) "name as capitalized"; + variant (signedInfo.canonicalizationMethod.algorithm) "name as capitalized"; + variant (signedInfo.canonicalizationMethod.algorithm) "attribute"; + variant (signedInfo.signatureMethod) "name as capitalized"; + variant (signedInfo.signatureMethod.algorithm) "name as capitalized"; + variant (signedInfo.signatureMethod.algorithm) "attribute"; + variant (signedInfo.reference) "name as capitalized"; + variant (signedInfo.reference.uRI) "name as capitalized"; + variant (signedInfo.reference.uRI) "attribute"; + variant (signedInfo.reference.transforms) "name as capitalized"; + variant (signedInfo.reference.transforms.transform) "name as capitalized"; + variant (signedInfo.reference.transforms.transform.algorithm) "name as capitalized"; + variant (signedInfo.reference.transforms.transform.algorithm) "attribute"; + variant (signedInfo.reference.transforms.transform.path) "untagged"; + variant (signedInfo.reference.digestMethod) "name as capitalized"; + variant (signedInfo.reference.digestMethod.algorithm) "name as capitalized"; + variant (signedInfo.reference.digestMethod.algorithm) "attribute"; + variant (signedInfo.reference.digestValue) "name as capitalized"; + variant (signatureValue) "name as capitalized"; + variant (keyInfo) "name as capitalized"; + variant (keyInfo.x509Data) "name as capitalized"; + variant (keyInfo.x509Data.x509SubjectName) "name as capitalized"; + variant (keyInfo.x509Data.x509Certificate) "name as capitalized"; +}; + + +} +with { + encode "XML"; + variant "namespace as 'http://www.w3.org/2000/09/xmldsig#'"; + variant "controlNamespace 'http://www.w3.org/2001/XMLSchema-instance' prefix 'xsi'"; + variant "elementFormQualified"; +}