blautenb 2003/10/11 23:23:40
Modified: c/src/tools/checksig checksig.cpp
c/src/tools/templatesign templatesign.cpp
c/src/tools/threadTest threadtest.cpp
c/src/tools/xtest xtest.cpp
Log:
All Windows CAPI code now using new model of passing in handles to providers
Revision Changes Path
1.25 +19 -36 xml-security/c/src/tools/checksig/checksig.cpp
Index: checksig.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/tools/checksig/checksig.cpp,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- checksig.cpp 12 Oct 2003 01:30:13 -0000 1.24
+++ checksig.cpp 12 Oct 2003 06:23:40 -0000 1.25
@@ -208,6 +208,9 @@
bool useXSECURIResolver = false;
bool useAnonymousResolver = false;
bool useInteropResolver = false;
+#if defined (HAVE_WINCAPI)
+ HCRYPTPROV win32CSP = 0;
+#endif
bool skipRefs = false;
@@ -258,9 +261,7 @@
paramCount++;
- HCRYPTPROV
win32RSACSP;
-
- if (!CryptAcquireContext(&win32RSACSP,
+ if (!CryptAcquireContext(&win32CSP,
NULL,
NULL,
PROV_RSA_FULL,
@@ -273,7 +274,7 @@
HCRYPTKEY k;
HCRYPTHASH h;
BOOL fResult = CryptCreateHash(
- win32RSACSP,
+ win32CSP,
CALG_SHA,
0,
0,
@@ -296,7 +297,7 @@
// Now create a key
fResult = CryptDeriveKey(
- win32RSACSP,
+ win32CSP,
CALG_RC2,
h,
CRYPT_EXPORTABLE,
@@ -309,13 +310,12 @@
// Wrap in a WinCAPI object
WinCAPICryptoKeyHMAC * hk;
- hk = new WinCAPICryptoKeyHMAC();
- hk->setWinKey(win32RSACSP, k);
+ hk = new WinCAPICryptoKeyHMAC(win32CSP);
+ hk->setWinKey(k);
key = hk;
CryptDestroyHash(h);
-// CryptReleaseContext(win32RSACSP, 0);
}
@@ -331,32 +331,9 @@
#if defined (HAVE_WINCAPI) && !defined(HAVE_OPENSSL)
- if (win32DSSCSP == 0) {
- WinCAPICryptoProvider * cp;
- // Obtain default PROV_DSS
- if (!CryptAcquireContext(&win32DSSCSP,
- NULL,
- NULL,
- PROV_DSS,
- CRYPT_VERIFYCONTEXT)) {
- cerr << "Error acquiring DSS Crypto Service
Provider" << endl;
- return 2;
- }
-
- if (!CryptAcquireContext(&win32RSACSP,
- NULL,
- NULL,
- PROV_RSA_FULL,
- CRYPT_VERIFYCONTEXT)) {
- cerr << "Error acquiring RSA Crypto Service
Provider" << endl;
- return 2;
- }
-
- // Use default DSS provider
- cp = new WinCAPICryptoProvider(win32DSSCSP, win32RSACSP);
- XSECPlatformUtils::SetCryptoProvider(cp);
-
- }
+ // Use default DSS provider
+ WinCAPICryptoProvider * cp = new WinCAPICryptoProvider();
+ XSECPlatformUtils::SetCryptoProvider(cp);
#endif
@@ -528,7 +505,7 @@
#else
# if defined (HAVE_WINCAPI)
WinCAPICryptoKeyHMAC * hmacKey;
- hmacKey = new WinCAPICryptoKeyHMAC();
+ hmacKey = new WinCAPICryptoKeyHMAC(0);
# endif
#endif
hmacKey->setKey((unsigned char *) hmacKeyStr,
strlen(hmacKeyStr));
@@ -595,6 +572,12 @@
delete [] (char *) e;
retResult = 1;
}
+
+#if defined (HAVE_WINCAPI)
+ // Clean up the handle to the CSP
+ if (win32CSP != 0)
+ CryptReleaseContext(win32CSP, 0);
+#endif
// Janitor will clean up the parser
return retResult;
1.14 +56 -50 xml-security/c/src/tools/templatesign/templatesign.cpp
Index: templatesign.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/tools/templatesign/templatesign.cpp,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- templatesign.cpp 12 Oct 2003 01:30:13 -0000 1.13
+++ templatesign.cpp 12 Oct 2003 06:23:40 -0000 1.14
@@ -802,7 +802,7 @@
OpenSSLCryptoKeyHMAC * hmacKey = new
OpenSSLCryptoKeyHMAC();
#else
# if defined (HAVE_WINCAPI)
- WinCAPICryptoKeyHMAC * hmacKey = new
WinCAPICryptoKeyHMAC();
+ WinCAPICryptoKeyHMAC * hmacKey = new
WinCAPICryptoKeyHMAC(0);
# endif
#endif
hmacKey->setKey((unsigned char *) argv[paramCount + 1],
strlen(argv[paramCount + 1]));
@@ -820,73 +820,78 @@
#if defined (HAVE_WINCAPI)
else if (stricmp(argv[paramCount], "--windss") == 0 ||
stricmp(argv[paramCount], "-wd") == 0) {
+
WinCAPICryptoProvider * cp;
- // Obtain default PROV_DSS, with default user key
container
+ // First set windows as the crypto provider
+ cp = new WinCAPICryptoProvider();
+ XSECPlatformUtils::SetCryptoProvider(cp);
+
+ // Now set the key
if (!CryptAcquireContext(&win32DSSCSP,
NULL,
NULL,
PROV_DSS,
0)) {
- cerr << "Error acquiring DSS Crypto
Service Provider" << endl;
- return 2;
+
+ cerr << "Error acquiring Crypto context -
Attempting to generate new key pair" << endl;
+
+ // Attempt to gen a new keyset
+ if (!CryptAcquireContext(&win32DSSCSP,
+ NULL,
+ NULL,
+ PROV_DSS,
+ CRYPT_NEWKEYSET)) {
+ cerr << "Error acquiring DSS
Crypto Service Provider with new keyset" << endl;
+ return 2;
+ }
+ else {
+ HCRYPTKEY k;
+ if (!CryptGenKey(win32DSSCSP,
AT_SIGNATURE, CRYPT_EXPORTABLE, &k)) {
+ cerr << "Error generating DSS
keyset" << endl;
+ return 2;
+ }
+ CryptDestroyKey(k);
+ }
}
- // We know RSA provider is not required
- cp = new WinCAPICryptoProvider();
- XSECPlatformUtils::SetCryptoProvider(cp);
- // Now get the key
- HCRYPTKEY k;
- BOOL fResult = CryptGetUserKey(
- win32DSSCSP,
- AT_SIGNATURE,
- &k);
-
- if (!fResult || k == 0) {
- cerr << "Error obtaining default user
AT_SIGNATURE key from windows DSS provider\n";
- exit(1);
- };
- winKeyDSA = new WinCAPICryptoKeyDSA(cp, k, true);
+ winKeyDSA = new WinCAPICryptoKeyDSA(win32DSSCSP,
AT_SIGNATURE, true);
key = winKeyDSA;
paramCount++;
}
else if (stricmp(argv[paramCount], "--winrsa") == 0 ||
stricmp(argv[paramCount], "-wr") == 0) {
WinCAPICryptoProvider * cp;
- // Obtain default PROV_DSS and PROV_RSA_FULL, with
default user key containers
- if (!CryptAcquireContext(&win32DSSCSP,
- NULL,
- NULL,
- PROV_DSS,
- 0)) {
- cerr << "Error acquiring DSS Crypto
Service Provider" << endl;
- return 2;
- }
+ cp = new WinCAPICryptoProvider();
+ XSECPlatformUtils::SetCryptoProvider(cp);
if (!CryptAcquireContext(&win32RSACSP,
NULL,
NULL,
PROV_RSA_FULL,
0)) {
- cerr << "Error acquiring RSA Crypto
Service Provider" << endl;
- return 2;
- }
-
- cp = new WinCAPICryptoProvider();
- XSECPlatformUtils::SetCryptoProvider(cp);
-
- // Now get the key
- HCRYPTKEY k;
- BOOL fResult = CryptGetUserKey(
- win32RSACSP,
- AT_SIGNATURE,
- &k);
- if (!fResult || k == 0) {
- cerr << "Error obtaining default user
AT_SIGNATURE key from windows RSA provider\n";
- exit(1);
- };
+ cerr << "Error acquiring Crypto context -
Attempting to generate new RSA key pair" << endl;
+
+ // Attempt to gen a new keyset
+ if (!CryptAcquireContext(&win32RSACSP,
+ NULL,
+ NULL,
+ PROV_RSA_FULL,
+ CRYPT_NEWKEYSET)) {
+ cerr << "Error acquiring RSA
Crypto Service Provider with new keyset" << endl;
+ return 2;
+ }
+ else {
+ HCRYPTKEY k;
+ if (!CryptGenKey(win32RSACSP,
AT_SIGNATURE, CRYPT_EXPORTABLE, &k)) {
+ cerr << "Error generating RSA
keyset" << endl;
+ return 2;
+ }
+ CryptDestroyKey(k);
+ }
+ }
- winKeyRSA = new WinCAPICryptoKeyRSA(cp, k, true);
+ winKeyRSA = new WinCAPICryptoKeyRSA(win32RSACSP,
AT_SIGNATURE, true);
key = winKeyRSA;
paramCount++;
}
@@ -895,11 +900,12 @@
WinCAPICryptoProvider * cp;
// Obtain default PROV_RSA, with default user key
container
+ // Note we open in VERIFYCONTEXT as we do not require a
assymetric key pair
if (!CryptAcquireContext(&win32RSACSP,
NULL,
NULL,
PROV_RSA_FULL,
- 0)) {
+ CRYPT_VERIFYCONTEXT)) {
cerr << "Error acquiring RSA Crypto
Service Provider" << endl;
return 2;
}
@@ -946,8 +952,8 @@
// Wrap in a WinCAPI object
WinCAPICryptoKeyHMAC * hk;
- hk = new WinCAPICryptoKeyHMAC();
- hk->setWinKey(win32RSACSP, k);
+ hk = new WinCAPICryptoKeyHMAC(win32RSACSP);
+ hk->setWinKey(k);
key = hk;
1.6 +18 -1 xml-security/c/src/tools/threadTest/threadtest.cpp
Index: threadtest.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/tools/threadTest/threadtest.cpp,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- threadtest.cpp 11 Sep 2003 11:11:55 -0000 1.5
+++ threadtest.cpp 12 Oct 2003 06:23:40 -0000 1.6
@@ -76,7 +76,15 @@
#include <xsec/framework/XSECProvider.hpp>
#include <xsec/dsig/DSIGSignature.hpp>
#include <xsec/dsig/DSIGReference.hpp>
-#include <xsec/enc/OpenSSL/OpenSSLCryptoKeyHMAC.hpp>
+#if defined (HAVE_OPENSSL)
+# include <xsec/enc/OpenSSL/OpenSSLCryptoKeyHMAC.hpp>
+#else
+# if defined (HAVE_WINCAPI)
+# include <xsec/enc/WinCAPI/WinCAPICryptoKeyHMAC.hpp>
+# else
+# error No crypto provider available
+# endif
+#endif
#include <xercesc/util/PlatformUtils.hpp>
#include <xercesc/dom/DOM.hpp>
@@ -281,7 +289,11 @@
sig->appendKeyName(MAKE_UNICODE_STRING("The secret key is
\"secret\""));
+#if defined (HAVE_OPENSSL)
OpenSSLCryptoKeyHMAC * hmacKey = new OpenSSLCryptoKeyHMAC();
+#else
+ WinCAPICryptoKeyHMAC * hmacKey = new WinCAPICryptoKeyHMAC(0);
+#endif
hmacKey->setKey((unsigned char *) "secret", strlen("secret"));
sig->setSigningKey(hmacKey);
sig->sign();
@@ -390,7 +402,12 @@
DSIGSignature * sig = g_provider->newSignatureFromDOM(myDoc);
+#if defined (HAVE_OPENSSL)
OpenSSLCryptoKeyHMAC *hmacKey = new OpenSSLCryptoKeyHMAC();
+#else
+ WinCAPICryptoKeyHMAC *hmacKey = new WinCAPICryptoKeyHMAC(0);
+#endif
+
hmacKey->setKey((unsigned char *) secretKey, strlen(secretKey));
sig->setSigningKey(hmacKey);
sig->load();
1.23 +2 -2 xml-security/c/src/tools/xtest/xtest.cpp
Index: xtest.cpp
===================================================================
RCS file: /home/cvs/xml-security/c/src/tools/xtest/xtest.cpp,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- xtest.cpp 6 Oct 2003 12:16:37 -0000 1.22
+++ xtest.cpp 12 Oct 2003 06:23:40 -0000 1.23
@@ -296,7 +296,7 @@
}
#else
# if defined (HAVE_WINCAPI)
- WinCAPICryptoKeyHMAC * hmacKey = new WinCAPICryptoKeyHMAC();
+ WinCAPICryptoKeyHMAC * hmacKey = new WinCAPICryptoKeyHMAC(0);
if (first) {
cerr << "Using Windows Crypto API as the cryptography provider"
<< endl;
first = false;
