27c65f8abd
Change-Id: I1bcdd01aad7fc2ee2d2f635b0ae4c4183c9ab092 Reviewed-on: https://gerrit.libreoffice.org/6571 Reviewed-by: David Tardon <dtardon@redhat.com> Tested-by: David Tardon <dtardon@redhat.com>
3308 lines
111 KiB
Diff
3308 lines
111 KiB
Diff
--- misc/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.am 2009-06-25 22:53:18.000000000 +0200
|
|
+++ misc/build/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.am 2009-09-21 14:02:48.563253008 +0200
|
|
@@ -3,6 +3,7 @@
|
|
xmlsecmscryptoincdir = $(includedir)/xmlsec1/xmlsec/mscrypto
|
|
|
|
xmlsecmscryptoinc_HEADERS = \
|
|
+akmngr.h \
|
|
app.h \
|
|
certkeys.h \
|
|
crypto.h \
|
|
--- misc/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.in 2009-06-25 22:53:30.000000000 +0200
|
|
+++ misc/build/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.in 2009-09-21 14:02:48.571021349 +0200
|
|
@@ -281,6 +281,7 @@
|
|
NULL =
|
|
xmlsecmscryptoincdir = $(includedir)/xmlsec1/xmlsec/mscrypto
|
|
xmlsecmscryptoinc_HEADERS = \
|
|
+akmngr.h \
|
|
app.h \
|
|
certkeys.h \
|
|
crypto.h \
|
|
--- misc/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.am 2009-06-25 22:53:18.000000000 +0200
|
|
+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.am 2009-09-21 14:02:48.577933031 +0200
|
|
@@ -10,6 +10,9 @@
|
|
keysstore.h \
|
|
pkikeys.h \
|
|
x509.h \
|
|
+akmngr.h \
|
|
+tokens.h \
|
|
+ciphers.h \
|
|
$(NULL)
|
|
|
|
install-exec-hook:
|
|
--- misc/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.in 2009-06-25 22:53:31.000000000 +0200
|
|
+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.in 2009-09-21 14:02:48.585376325 +0200
|
|
@@ -288,6 +288,9 @@
|
|
keysstore.h \
|
|
pkikeys.h \
|
|
x509.h \
|
|
+akmngr.h \
|
|
+tokens.h \
|
|
+ciphers.h \
|
|
$(NULL)
|
|
|
|
all: all-am
|
|
--- misc/xmlsec1-1.2.14/include/xmlsec/nss/app.h 2009-06-25 22:53:18.000000000 +0200
|
|
+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/app.h 2009-09-21 14:02:48.612847068 +0200
|
|
@@ -22,6 +22,9 @@
|
|
#include <xmlsec/keysmngr.h>
|
|
#include <xmlsec/transforms.h>
|
|
|
|
+#include <xmlsec/nss/tokens.h>
|
|
+#include <xmlsec/nss/akmngr.h>
|
|
+
|
|
/**
|
|
* Init/shutdown
|
|
*/
|
|
@@ -36,6 +39,8 @@
|
|
xmlSecKeyPtr key);
|
|
XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr,
|
|
const char* uri);
|
|
+XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKeySlot(xmlSecKeysMngrPtr mngr,
|
|
+ xmlSecNssKeySlotPtr keySlot);
|
|
XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr,
|
|
const char* filename,
|
|
xmlSecKeyDataType type);
|
|
--- misc/xmlsec1-1.2.14/include/xmlsec/nss/keysstore.h 2009-06-25 22:53:18.000000000 +0200
|
|
+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/keysstore.h 2009-09-21 14:02:48.626261748 +0200
|
|
@@ -16,6 +16,8 @@
|
|
#endif /* __cplusplus */
|
|
|
|
#include <xmlsec/xmlsec.h>
|
|
+#include <xmlsec/keysmngr.h>
|
|
+#include <xmlsec/nss/tokens.h>
|
|
|
|
/****************************************************************************
|
|
*
|
|
@@ -31,6 +33,8 @@
|
|
XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId xmlSecNssKeysStoreGetKlass (void);
|
|
XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKey (xmlSecKeyStorePtr store,
|
|
xmlSecKeyPtr key);
|
|
+XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKeySlot(xmlSecKeyStorePtr store,
|
|
+ xmlSecNssKeySlotPtr keySlot);
|
|
XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store,
|
|
const char *uri,
|
|
xmlSecKeysMngrPtr keysMngr);
|
|
--- misc/xmlsec1-1.2.14/src/nss/Makefile.am 2009-06-25 22:53:18.000000000 +0200
|
|
+++ misc/build/xmlsec1-1.2.14/src/nss/Makefile.am 2009-09-21 14:02:48.591560472 +0200
|
|
@@ -35,6 +35,9 @@
|
|
kw_des.c \
|
|
kw_aes.c \
|
|
globals.h \
|
|
+ akmngr.c \
|
|
+ keywrapers.c \
|
|
+ tokens.c \
|
|
$(NULL)
|
|
|
|
if SHAREDLIB_HACK
|
|
--- misc/xmlsec1-1.2.14/src/nss/Makefile.in 2009-06-25 22:53:33.000000000 +0200
|
|
+++ misc/build/xmlsec1-1.2.14/src/nss/Makefile.in 2009-09-21 14:02:48.599339718 +0200
|
|
@@ -72,7 +72,8 @@
|
|
am__libxmlsec1_nss_la_SOURCES_DIST = app.c bignum.c ciphers.c crypto.c \
|
|
digests.c hmac.c pkikeys.c signatures.c symkeys.c x509.c \
|
|
x509vfy.c keysstore.c keytrans.c kw_des.c kw_aes.c globals.h \
|
|
- ../strings.c
|
|
+ ../strings.c \
|
|
+ akmngr.c keywrapers.c tokens.c
|
|
am__objects_1 =
|
|
@SHAREDLIB_HACK_TRUE@am__objects_2 = libxmlsec1_nss_la-strings.lo
|
|
am_libxmlsec1_nss_la_OBJECTS = libxmlsec1_nss_la-app.lo \
|
|
@@ -83,6 +84,8 @@
|
|
libxmlsec1_nss_la-x509.lo libxmlsec1_nss_la-x509vfy.lo \
|
|
libxmlsec1_nss_la-keysstore.lo libxmlsec1_nss_la-keytrans.lo \
|
|
libxmlsec1_nss_la-kw_des.lo libxmlsec1_nss_la-kw_aes.lo \
|
|
+ libxmlsec1_nss_la-akmngr.lo libxmlsec1_nss_la-keywrapers.lo \
|
|
+ libxmlsec1_nss_la-tokens.lo \
|
|
$(am__objects_1) $(am__objects_2)
|
|
libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS)
|
|
libxmlsec1_nss_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
|
|
@@ -333,6 +336,7 @@
|
|
libxmlsec1_nss_la_SOURCES = app.c bignum.c ciphers.c crypto.c \
|
|
digests.c hmac.c pkikeys.c signatures.c symkeys.c x509.c \
|
|
x509vfy.c keysstore.c keytrans.c kw_des.c kw_aes.c globals.h \
|
|
+ akmngr.c keywrapers.c tokens.c \
|
|
$(NULL) $(am__append_1)
|
|
libxmlsec1_nss_la_LIBADD = \
|
|
../libxmlsec1.la \
|
|
@@ -439,6 +443,9 @@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-symkeys.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509.Plo@am__quote@
|
|
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509vfy.Plo@am__quote@
|
|
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo@am__quote@
|
|
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Plo@am__quote@
|
|
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-tokens.Plo@am__quote@
|
|
|
|
.c.o:
|
|
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
|
|
@@ -468,6 +475,27 @@
|
|
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
|
|
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
|
|
|
|
+libxmlsec1_nss_la-akmngr.lo: akmngr.c
|
|
+@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-akmngr.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo" -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c; \
|
|
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo"; exit 1; fi
|
|
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='akmngr.c' object='libxmlsec1_nss_la-akmngr.lo' libtool=yes @AMDEPBACKSLASH@
|
|
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
|
|
+@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c
|
|
+
|
|
+libxmlsec1_nss_la-keywrapers.lo: keywrapers.c
|
|
+@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-keywrapers.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo" -c -o libxmlsec1_nss_la-keywrapers.lo `test -f 'keywrapers.c' || echo '$(srcdir)/'`keywrapers.c; \
|
|
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo"; exit 1; fi
|
|
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='keywrapers.c' object='libxmlsec1_nss_la-keywrapers.lo' libtool=yes @AMDEPBACKSLASH@
|
|
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
|
|
+@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-keywrapers.lo `test -f 'keywrapers.c' || echo '$(srcdir)/'`keywrapers.c
|
|
+
|
|
+libxmlsec1_nss_la-tokens.lo: tokens.c
|
|
+@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-tokens.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo" -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c; \
|
|
+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-tokens.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo"; exit 1; fi
|
|
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tokens.c' object='libxmlsec1_nss_la-tokens.lo' libtool=yes @AMDEPBACKSLASH@
|
|
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
|
|
+@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c
|
|
+
|
|
libxmlsec1_nss_la-bignum.lo: bignum.c
|
|
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-bignum.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo -c -o libxmlsec1_nss_la-bignum.lo `test -f 'bignum.c' || echo '$(srcdir)/'`bignum.c
|
|
@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo $(DEPDIR)/libxmlsec1_nss_la-bignum.Plo
|
|
--- misc/xmlsec1-1.2.14/src/nss/hmac.c 2009-06-26 06:18:13.000000000 +0200
|
|
+++ misc/build/xmlsec1-1.2.14/src/nss/hmac.c 2009-09-21 14:02:48.649065288 +0200
|
|
@@ -23,8 +23,8 @@
|
|
#include <xmlsec/transforms.h>
|
|
#include <xmlsec/errors.h>
|
|
|
|
-#include <xmlsec/nss/app.h>
|
|
#include <xmlsec/nss/crypto.h>
|
|
+#include <xmlsec/nss/tokens.h>
|
|
|
|
/* sizes in bits */
|
|
#define XMLSEC_NSS_MIN_HMAC_SIZE 80
|
|
@@ -286,13 +286,13 @@
|
|
keyItem.data = xmlSecBufferGetData(buffer);
|
|
keyItem.len = xmlSecBufferGetSize(buffer);
|
|
|
|
- slot = PK11_GetBestSlot(ctx->digestType, NULL);
|
|
+ slot = xmlSecNssSlotGet(ctx->digestType);
|
|
if(slot == NULL) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
|
|
- "PK11_GetBestSlot",
|
|
+ "xmlSecNssSlotGet",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ "error code=%d", PORT_GetError());
|
|
return(-1);
|
|
}
|
|
|
|
--- misc/xmlsec1-1.2.14/src/nss/keysstore.c 2009-06-25 22:53:18.000000000 +0200
|
|
+++ misc/build/xmlsec1-1.2.14/src/nss/keysstore.c 2009-09-21 14:02:48.633533885 +0200
|
|
@@ -1,36 +1,56 @@
|
|
/**
|
|
* XMLSec library
|
|
*
|
|
- * Nss keys store that uses Simple Keys Store under the hood. Uses the
|
|
- * Nss DB as a backing store for the finding keys, but the NSS DB is
|
|
- * not written to by the keys store.
|
|
- * So, if store->findkey is done and the key is not found in the simple
|
|
- * keys store, the NSS DB is looked up.
|
|
- * If store is called to adopt a key, that key is not written to the NSS
|
|
- * DB.
|
|
- * Thus, the NSS DB can be used to pre-load keys and becomes an alternate
|
|
- * source of keys for xmlsec
|
|
- *
|
|
* This is free software; see Copyright file in the source
|
|
* distribution for precise wording.
|
|
*
|
|
* Copyright (c) 2003 America Online, Inc. All rights reserved.
|
|
*/
|
|
+
|
|
+/**
|
|
+ * NSS key store uses a key list and a slot list as the key repository. NSS slot
|
|
+ * list is a backup repository for the finding keys. If a key is not found from
|
|
+ * the key list, the NSS slot list is looked up.
|
|
+ *
|
|
+ * Any key in the key list will not save to pkcs11 slot. When a store to called
|
|
+ * to adopt a key, the key is resident in the key list; While a store to called
|
|
+ * to set a is resident in the key list; While a store to called to set a slot
|
|
+ * list, which means that the keys in the listed slot can be used for xml sign-
|
|
+ * nature or encryption.
|
|
+ *
|
|
+ * Then, a user can adjust slot list to effect the crypto behaviors of xmlSec.
|
|
+ *
|
|
+ * The framework will decrease the user interfaces to administrate xmlSec crypto
|
|
+ * engine. He can only focus on NSS layer functions. For examples, after the
|
|
+ * user set up a slot list handler to the keys store, he do not need to do any
|
|
+ * other work atop xmlSec interfaces, his action on the slot list handler, such
|
|
+ * as add a token to, delete a token from the list, will directly effect the key
|
|
+ * store behaviors.
|
|
+ *
|
|
+ * For example, a scenariio:
|
|
+ * 0. Create a slot list;( NSS interfaces )
|
|
+ * 1. Create a keys store;( xmlSec interfaces )
|
|
+ * 2. Set slot list with the keys store;( xmlSec Interfaces )
|
|
+ * 3. Add a slot to the slot list;( NSS interfaces )
|
|
+ * 4. Perform xml signature; ( xmlSec Interfaces )
|
|
+ * 5. Deleter a slot from the slot list;( NSS interfaces )
|
|
+ * 6. Perform xml encryption; ( xmlSec Interfaces )
|
|
+ * 7. Perform xml signature;( xmlSec Interfaces )
|
|
+ * 8. Destroy the keys store;( xmlSec Interfaces )
|
|
+ * 8. Destroy the slot list.( NSS Interfaces )
|
|
+ */
|
|
#include "globals.h"
|
|
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
|
|
#include <nss.h>
|
|
-#include <cert.h>
|
|
#include <pk11func.h>
|
|
+#include <prinit.h>
|
|
#include <keyhi.h>
|
|
|
|
-#include <libxml/tree.h>
|
|
-
|
|
#include <xmlsec/xmlsec.h>
|
|
-#include <xmlsec/buffer.h>
|
|
-#include <xmlsec/base64.h>
|
|
+#include <xmlsec/keys.h>
|
|
#include <xmlsec/errors.h>
|
|
#include <xmlsec/xmltree.h>
|
|
|
|
@@ -38,82 +58,461 @@
|
|
|
|
#include <xmlsec/nss/crypto.h>
|
|
#include <xmlsec/nss/keysstore.h>
|
|
-#include <xmlsec/nss/x509.h>
|
|
+#include <xmlsec/nss/tokens.h>
|
|
+#include <xmlsec/nss/ciphers.h>
|
|
#include <xmlsec/nss/pkikeys.h>
|
|
|
|
/****************************************************************************
|
|
*
|
|
- * Nss Keys Store. Uses Simple Keys Store under the hood
|
|
+ * Internal NSS key store context
|
|
*
|
|
- * Simple Keys Store ptr is located after xmlSecKeyStore
|
|
+ * This context is located after xmlSecKeyStore
|
|
*
|
|
***************************************************************************/
|
|
+typedef struct _xmlSecNssKeysStoreCtx xmlSecNssKeysStoreCtx ;
|
|
+typedef struct _xmlSecNssKeysStoreCtx* xmlSecNssKeysStoreCtxPtr ;
|
|
+
|
|
+struct _xmlSecNssKeysStoreCtx {
|
|
+ xmlSecPtrListPtr keyList ;
|
|
+ xmlSecPtrListPtr slotList ;
|
|
+} ;
|
|
+
|
|
#define xmlSecNssKeysStoreSize \
|
|
- (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr))
|
|
+ ( sizeof( xmlSecKeyStore ) + sizeof( xmlSecNssKeysStoreCtx ) )
|
|
|
|
-#define xmlSecNssKeysStoreGetSS(store) \
|
|
- ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \
|
|
- (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \
|
|
- (xmlSecKeyStorePtr*)NULL)
|
|
-
|
|
-static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store);
|
|
-static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store);
|
|
-static xmlSecKeyPtr xmlSecNssKeysStoreFindKey (xmlSecKeyStorePtr store,
|
|
- const xmlChar* name,
|
|
- xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
+#define xmlSecNssKeysStoreGetCtx( data ) \
|
|
+ ( ( xmlSecNssKeysStoreCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyStore ) ) )
|
|
|
|
-static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
|
|
- sizeof(xmlSecKeyStoreKlass),
|
|
- xmlSecNssKeysStoreSize,
|
|
+int xmlSecNssKeysStoreAdoptKeySlot(
|
|
+ xmlSecKeyStorePtr store ,
|
|
+ xmlSecNssKeySlotPtr keySlot
|
|
+) {
|
|
+ xmlSecNssKeysStoreCtxPtr context = NULL ;
|
|
+
|
|
+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
|
|
+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
|
|
+ context = xmlSecNssKeysStoreGetCtx( store ) ;
|
|
+ if( context == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
|
|
+ "xmlSecNssKeysStoreGetCtx" ,
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+ return -1 ;
|
|
+ }
|
|
+
|
|
+ if( context->slotList == NULL ) {
|
|
+ if( ( context->slotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ) == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
|
|
+ "xmlSecPtrListCreate" ,
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+ return -1 ;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ if( !xmlSecPtrListCheckId( context->slotList , xmlSecNssKeySlotListId ) ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
|
|
+ "xmlSecPtrListCheckId" ,
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+ return -1 ;
|
|
+ }
|
|
+
|
|
+ if( xmlSecPtrListAdd( context->slotList , keySlot ) < 0 ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
|
|
+ "xmlSecPtrListAdd" ,
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+ return -1 ;
|
|
+ }
|
|
+ return 0 ;
|
|
+}
|
|
|
|
- /* data */
|
|
- BAD_CAST "NSS-keys-store", /* const xmlChar* name; */
|
|
-
|
|
- /* constructors/destructor */
|
|
- xmlSecNssKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */
|
|
- xmlSecNssKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */
|
|
- xmlSecNssKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */
|
|
-
|
|
- /* reserved for the future */
|
|
- NULL, /* void* reserved0; */
|
|
- NULL, /* void* reserved1; */
|
|
-};
|
|
+int xmlSecNssKeysStoreAdoptKey(
|
|
+ xmlSecKeyStorePtr store ,
|
|
+ xmlSecKeyPtr key
|
|
+) {
|
|
+ xmlSecNssKeysStoreCtxPtr context = NULL ;
|
|
+
|
|
+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
|
|
+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
|
|
+
|
|
+ context = xmlSecNssKeysStoreGetCtx( store ) ;
|
|
+ if( context == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
|
|
+ "xmlSecNssKeysStoreGetCtx" ,
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+ return -1 ;
|
|
+ }
|
|
+
|
|
+ if( context->keyList == NULL ) {
|
|
+ if( ( context->keyList = xmlSecPtrListCreate( xmlSecKeyPtrListId ) ) == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
|
|
+ "xmlSecPtrListCreate" ,
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+ return -1 ;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ if( !xmlSecPtrListCheckId( context->keyList , xmlSecKeyPtrListId ) ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
|
|
+ "xmlSecPtrListCheckId" ,
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+ return -1 ;
|
|
+ }
|
|
+
|
|
+ if( xmlSecPtrListAdd( context->keyList , key ) < 0 ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
|
|
+ "xmlSecPtrListAdd" ,
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+ return -1 ;
|
|
+ }
|
|
|
|
-/**
|
|
- * xmlSecNssKeysStoreGetKlass:
|
|
- *
|
|
- * The Nss list based keys store klass.
|
|
+ return 0 ;
|
|
+}
|
|
+
|
|
+/*
|
|
+ * xmlSecKeyStoreInitializeMethod:
|
|
+ * @store: the store.
|
|
+ *
|
|
+ * Keys store specific initialization method.
|
|
*
|
|
- * Returns: Nss list based keys store klass.
|
|
+ * Returns 0 on success or a negative value if an error occurs.
|
|
*/
|
|
-xmlSecKeyStoreId
|
|
-xmlSecNssKeysStoreGetKlass(void) {
|
|
- return(&xmlSecNssKeysStoreKlass);
|
|
+static int
|
|
+xmlSecNssKeysStoreInitialize(
|
|
+ xmlSecKeyStorePtr store
|
|
+) {
|
|
+ xmlSecNssKeysStoreCtxPtr context = NULL ;
|
|
+
|
|
+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
|
|
+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
|
|
+
|
|
+ context = xmlSecNssKeysStoreGetCtx( store ) ;
|
|
+ if( context == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
|
|
+ "xmlSecNssKeysStoreGetCtx" ,
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+ return -1 ;
|
|
+ }
|
|
+
|
|
+ context->keyList = NULL ;
|
|
+ context->slotList = NULL ;
|
|
+
|
|
+ return 0 ;
|
|
}
|
|
|
|
/**
|
|
- * xmlSecNssKeysStoreAdoptKey:
|
|
- * @store: the pointer to Nss keys store.
|
|
- * @key: the pointer to key.
|
|
- *
|
|
- * Adds @key to the @store.
|
|
*
|
|
- * Returns: 0 on success or a negative value if an error occurs.
|
|
+ * xmlSecKeyStoreFinalizeMethod:
|
|
+ * @store: the store.
|
|
+ *
|
|
+ * Keys store specific finalization (destroy) method.
|
|
*/
|
|
-int
|
|
-xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) {
|
|
- xmlSecKeyStorePtr *ss;
|
|
-
|
|
- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
|
|
- xmlSecAssert2((key != NULL), -1);
|
|
+void
|
|
+xmlSecNssKeysStoreFinalize(
|
|
+ xmlSecKeyStorePtr store
|
|
+) {
|
|
+ xmlSecNssKeysStoreCtxPtr context = NULL ;
|
|
+
|
|
+ xmlSecAssert( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) ) ;
|
|
+ xmlSecAssert( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) ) ;
|
|
+
|
|
+ context = xmlSecNssKeysStoreGetCtx( store ) ;
|
|
+ if( context == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
|
|
+ "xmlSecNssKeysStoreGetCtx" ,
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+ return ;
|
|
+ }
|
|
+
|
|
+ if( context->keyList != NULL ) {
|
|
+ xmlSecPtrListDestroy( context->keyList ) ;
|
|
+ context->keyList = NULL ;
|
|
+ }
|
|
+
|
|
+ if( context->slotList != NULL ) {
|
|
+ xmlSecPtrListDestroy( context->slotList ) ;
|
|
+ context->slotList = NULL ;
|
|
+ }
|
|
+}
|
|
+
|
|
+xmlSecKeyPtr
|
|
+xmlSecNssKeysStoreFindKeyFromSlot(
|
|
+ PK11SlotInfo* slot,
|
|
+ const xmlChar* name,
|
|
+ xmlSecKeyInfoCtxPtr keyInfoCtx
|
|
+) {
|
|
+ xmlSecKeyPtr key = NULL ;
|
|
+ xmlSecKeyDataPtr data = NULL ;
|
|
+ int length ;
|
|
+
|
|
+ xmlSecAssert2( slot != NULL , NULL ) ;
|
|
+ xmlSecAssert2( name != NULL , NULL ) ;
|
|
+ xmlSecAssert2( keyInfoCtx != NULL , NULL ) ;
|
|
+
|
|
+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSymmetric ) == xmlSecKeyDataTypeSymmetric ) {
|
|
+ PK11SymKey* symKey ;
|
|
+ PK11SymKey* curKey ;
|
|
+
|
|
+ /* Find symmetric key from the slot by name */
|
|
+ symKey = PK11_ListFixedKeysInSlot( slot , ( char* )name , NULL ) ;
|
|
+ for( curKey = symKey ; curKey != NULL ; curKey = PK11_GetNextSymKey( curKey ) ) {
|
|
+ /* Check the key request */
|
|
+ length = PK11_GetKeyLength( curKey ) ;
|
|
+ length *= 8 ;
|
|
+ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
|
|
+ ( length > 0 ) &&
|
|
+ ( length < keyInfoCtx->keyReq.keyBitsSize ) )
|
|
+ continue ;
|
|
+
|
|
+ /* We find a eligible key */
|
|
+ data = xmlSecNssSymKeyDataKeyAdopt( curKey ) ;
|
|
+ if( data == NULL ) {
|
|
+ /* Do nothing */
|
|
+ }
|
|
+ break ;
|
|
+ }
|
|
+
|
|
+ /* Destroy the sym key list */
|
|
+ for( curKey = symKey ; curKey != NULL ; ) {
|
|
+ symKey = curKey ;
|
|
+ curKey = PK11_GetNextSymKey( symKey ) ;
|
|
+ PK11_FreeSymKey( symKey ) ;
|
|
+ }
|
|
+ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
|
|
+ SECKEYPublicKeyList* pubKeyList ;
|
|
+ SECKEYPublicKey* pubKey ;
|
|
+ SECKEYPublicKeyListNode* curPub ;
|
|
+
|
|
+ /* Find asymmetric key from the slot by name */
|
|
+ pubKeyList = PK11_ListPublicKeysInSlot( slot , ( char* )name ) ;
|
|
+ pubKey = NULL ;
|
|
+ curPub = PUBKEY_LIST_HEAD(pubKeyList);
|
|
+ for( ; !PUBKEY_LIST_END(curPub, pubKeyList) ; curPub = PUBKEY_LIST_NEXT( curPub ) ) {
|
|
+ /* Check the key request */
|
|
+ length = SECKEY_PublicKeyStrength( curPub->key ) ;
|
|
+ length *= 8 ;
|
|
+ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
|
|
+ ( length > 0 ) &&
|
|
+ ( length < keyInfoCtx->keyReq.keyBitsSize ) )
|
|
+ continue ;
|
|
+
|
|
+ /* We find a eligible key */
|
|
+ pubKey = curPub->key ;
|
|
+ break ;
|
|
+ }
|
|
+
|
|
+ if( pubKey != NULL ) {
|
|
+ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
|
|
+ if( data == NULL ) {
|
|
+ /* Do nothing */
|
|
+ }
|
|
+ }
|
|
+
|
|
+ /* Destroy the public key list */
|
|
+ SECKEY_DestroyPublicKeyList( pubKeyList ) ;
|
|
+ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
|
|
+ SECKEYPrivateKeyList* priKeyList = NULL ;
|
|
+ SECKEYPrivateKey* priKey = NULL ;
|
|
+ SECKEYPrivateKeyListNode* curPri ;
|
|
+
|
|
+ /* Find asymmetric key from the slot by name */
|
|
+ priKeyList = PK11_ListPrivKeysInSlot( slot , ( char* )name , NULL ) ;
|
|
+ priKey = NULL ;
|
|
+ curPri = PRIVKEY_LIST_HEAD(priKeyList);
|
|
+ for( ; !PRIVKEY_LIST_END(curPri, priKeyList) ; curPri = PRIVKEY_LIST_NEXT( curPri ) ) {
|
|
+ /* Check the key request */
|
|
+ length = PK11_SignatureLen( curPri->key ) ;
|
|
+ length *= 8 ;
|
|
+ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
|
|
+ ( length > 0 ) &&
|
|
+ ( length < keyInfoCtx->keyReq.keyBitsSize ) )
|
|
+ continue ;
|
|
+
|
|
+ /* We find a eligible key */
|
|
+ priKey = curPri->key ;
|
|
+ break ;
|
|
+ }
|
|
+
|
|
+ if( priKey != NULL ) {
|
|
+ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
|
|
+ if( data == NULL ) {
|
|
+ /* Do nothing */
|
|
+ }
|
|
+ }
|
|
+
|
|
+ /* Destroy the private key list */
|
|
+ SECKEY_DestroyPrivateKeyList( priKeyList ) ;
|
|
+ }
|
|
+
|
|
+ /* If we have gotten the key value */
|
|
+ if( data != NULL ) {
|
|
+ if( ( key = xmlSecKeyCreate() ) == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ NULL ,
|
|
+ "xmlSecKeyCreate" ,
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+
|
|
+ xmlSecKeyDataDestroy( data ) ;
|
|
+ return NULL ;
|
|
+ }
|
|
+
|
|
+ if( xmlSecKeySetValue( key , data ) < 0 ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ NULL ,
|
|
+ "xmlSecKeySetValue" ,
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+
|
|
+ xmlSecKeyDestroy( key ) ;
|
|
+ xmlSecKeyDataDestroy( data ) ;
|
|
+ return NULL ;
|
|
+ }
|
|
+ }
|
|
|
|
- ss = xmlSecNssKeysStoreGetSS(store);
|
|
- xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
|
|
- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
|
|
+ return(key);
|
|
+}
|
|
+
|
|
+/**
|
|
+ * xmlSecKeyStoreFindKeyMethod:
|
|
+ * @store: the store.
|
|
+ * @name: the desired key name.
|
|
+ * @keyInfoCtx: the pointer to key info context.
|
|
+ *
|
|
+ * Keys store specific find method. The caller is responsible for destroying
|
|
+ * the returned key using #xmlSecKeyDestroy method.
|
|
+ *
|
|
+ * Returns the pointer to a key or NULL if key is not found or an error occurs.
|
|
+ */
|
|
+static xmlSecKeyPtr
|
|
+xmlSecNssKeysStoreFindKey(
|
|
+ xmlSecKeyStorePtr store ,
|
|
+ const xmlChar* name ,
|
|
+ xmlSecKeyInfoCtxPtr keyInfoCtx
|
|
+) {
|
|
+ xmlSecNssKeysStoreCtxPtr context = NULL ;
|
|
+ xmlSecKeyPtr key = NULL ;
|
|
+ xmlSecNssKeySlotPtr keySlot = NULL ;
|
|
+ xmlSecSize pos ;
|
|
+ xmlSecSize size ;
|
|
+
|
|
+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , NULL ) ;
|
|
+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , NULL ) ;
|
|
+ xmlSecAssert2( keyInfoCtx != NULL , NULL ) ;
|
|
+
|
|
+ context = xmlSecNssKeysStoreGetCtx( store ) ;
|
|
+ if( context == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
|
|
+ "xmlSecNssKeysStoreGetCtx" ,
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+ return NULL ;
|
|
+ }
|
|
+
|
|
+ /*-
|
|
+ * Look for key at keyList at first.
|
|
+ */
|
|
+ if( context->keyList != NULL ) {
|
|
+ size = xmlSecPtrListGetSize( context->keyList ) ;
|
|
+ for( pos = 0 ; pos < size ; pos ++ ) {
|
|
+ key = ( xmlSecKeyPtr )xmlSecPtrListGetItem( context->keyList , pos ) ;
|
|
+ if( key != NULL && xmlSecKeyMatch( key , name , &( keyInfoCtx->keyReq ) ) ) {
|
|
+ return xmlSecKeyDuplicate( key ) ;
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+
|
|
+ /*-
|
|
+ * Find the key from slotList
|
|
+ */
|
|
+ if( context->slotList != NULL ) {
|
|
+ PK11SlotInfo* slot = NULL ;
|
|
+
|
|
+ size = xmlSecPtrListGetSize( context->slotList ) ;
|
|
+ for( pos = 0 ; pos < size ; pos ++ ) {
|
|
+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( context->slotList , pos ) ;
|
|
+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
|
|
+ if( slot == NULL ) {
|
|
+ continue ;
|
|
+ } else {
|
|
+ key = xmlSecNssKeysStoreFindKeyFromSlot( slot, name, keyInfoCtx ) ;
|
|
+ if( key == NULL ) {
|
|
+ continue ;
|
|
+ } else {
|
|
+ return( key ) ;
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+ }
|
|
+
|
|
+ /*-
|
|
+ * Create a session key if we can not find the key from keyList and slotList
|
|
+ */
|
|
+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSession ) == xmlSecKeyDataTypeSession ) {
|
|
+ key = xmlSecKeyGenerate( keyInfoCtx->keyReq.keyId , keyInfoCtx->keyReq.keyBitsSize , xmlSecKeyDataTypeSession ) ;
|
|
+ if( key == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
|
|
+ "xmlSecKeySetValue" ,
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+ return NULL ;
|
|
+ }
|
|
+
|
|
+ return key ;
|
|
+ }
|
|
+
|
|
+ /**
|
|
+ * We have no way to find the key any more.
|
|
+ */
|
|
+ return NULL ;
|
|
+}
|
|
+
|
|
+static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
|
|
+ sizeof( xmlSecKeyStoreKlass ) ,
|
|
+ xmlSecNssKeysStoreSize ,
|
|
+ BAD_CAST "implicit_nss_keys_store" ,
|
|
+ xmlSecNssKeysStoreInitialize ,
|
|
+ xmlSecNssKeysStoreFinalize ,
|
|
+ xmlSecNssKeysStoreFindKey ,
|
|
+ NULL ,
|
|
+ NULL
|
|
+} ;
|
|
|
|
- return (xmlSecSimpleKeysStoreAdoptKey(*ss, key));
|
|
+/**
|
|
+ * xmlSecNssKeysStoreGetKlass:
|
|
+ *
|
|
+ * The simple list based keys store klass.
|
|
+ *
|
|
+ */
|
|
+xmlSecKeyStoreId
|
|
+xmlSecNssKeysStoreGetKlass( void ) {
|
|
+ return &xmlSecNssKeysStoreKlass ;
|
|
}
|
|
|
|
+/**************************
|
|
+ * Application routines
|
|
+ */
|
|
+
|
|
/**
|
|
* xmlSecNssKeysStoreLoad:
|
|
* @store: the pointer to Nss keys store.
|
|
@@ -252,234 +651,147 @@
|
|
*/
|
|
int
|
|
xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) {
|
|
- xmlSecKeyStorePtr *ss;
|
|
+ xmlSecKeyInfoCtx keyInfoCtx;
|
|
+ xmlSecNssKeysStoreCtxPtr context ;
|
|
+ xmlSecPtrListPtr list;
|
|
+ xmlSecKeyPtr key;
|
|
+ xmlSecSize i, keysSize;
|
|
+ xmlDocPtr doc;
|
|
+ xmlNodePtr cur;
|
|
+ xmlSecKeyDataPtr data;
|
|
+ xmlSecPtrListPtr idsList;
|
|
+ xmlSecKeyDataId dataId;
|
|
+ xmlSecSize idsSize, j;
|
|
+ int ret;
|
|
|
|
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
|
|
- xmlSecAssert2((filename != NULL), -1);
|
|
-
|
|
- ss = xmlSecNssKeysStoreGetSS(store);
|
|
- xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
|
|
- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
|
|
-
|
|
- return (xmlSecSimpleKeysStoreSave(*ss, filename, type));
|
|
-}
|
|
-
|
|
-static int
|
|
-xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) {
|
|
- xmlSecKeyStorePtr *ss;
|
|
+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ), -1 ) ;
|
|
+ xmlSecAssert2(filename != NULL, -1);
|
|
|
|
- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
|
|
+ context = xmlSecNssKeysStoreGetCtx( store ) ;
|
|
+ xmlSecAssert2( context != NULL, -1 );
|
|
|
|
- ss = xmlSecNssKeysStoreGetSS(store);
|
|
- xmlSecAssert2((*ss == NULL), -1);
|
|
+ list = context->keyList ;
|
|
+ xmlSecAssert2( list != NULL, -1 );
|
|
+ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1);
|
|
|
|
- *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
|
|
- if(*ss == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ /* create doc */
|
|
+ doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs);
|
|
+ if(doc == NULL) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
|
|
- "xmlSecKeyStoreCreate",
|
|
+ "xmlSecCreateTree",
|
|
XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- "xmlSecSimpleKeysStoreId");
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
}
|
|
|
|
- return(0);
|
|
-}
|
|
-
|
|
-static void
|
|
-xmlSecNssKeysStoreFinalize(xmlSecKeyStorePtr store) {
|
|
- xmlSecKeyStorePtr *ss;
|
|
-
|
|
- xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId));
|
|
-
|
|
- ss = xmlSecNssKeysStoreGetSS(store);
|
|
- xmlSecAssert((ss != NULL) && (*ss != NULL));
|
|
-
|
|
- xmlSecKeyStoreDestroy(*ss);
|
|
-}
|
|
-
|
|
-static xmlSecKeyPtr
|
|
-xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
|
|
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
- xmlSecKeyStorePtr* ss;
|
|
- xmlSecKeyPtr key = NULL;
|
|
- xmlSecKeyPtr retval = NULL;
|
|
- xmlSecKeyReqPtr keyReq = NULL;
|
|
- CERTCertificate *cert = NULL;
|
|
- SECKEYPublicKey *pubkey = NULL;
|
|
- SECKEYPrivateKey *privkey = NULL;
|
|
- xmlSecKeyDataPtr data = NULL;
|
|
- xmlSecKeyDataPtr x509Data = NULL;
|
|
- int ret;
|
|
-
|
|
- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL);
|
|
- xmlSecAssert2(keyInfoCtx != NULL, NULL);
|
|
-
|
|
- ss = xmlSecNssKeysStoreGetSS(store);
|
|
- xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL);
|
|
-
|
|
- key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx);
|
|
- if (key != NULL) {
|
|
- return (key);
|
|
- }
|
|
-
|
|
- /* Try to find the key in the NSS DB, and construct an xmlSecKey.
|
|
- * we must have a name to lookup keys in NSS DB.
|
|
- */
|
|
- if (name == NULL) {
|
|
- goto done;
|
|
- }
|
|
+ idsList = xmlSecKeyDataIdsGet();
|
|
+ xmlSecAssert2(idsList != NULL, -1);
|
|
|
|
- /* what type of key are we looking for?
|
|
- * TBD: For now, we'll look only for public/private keys using the
|
|
- * name as a cert nickname. Later on, we can attempt to find
|
|
- * symmetric keys using PK11_FindFixedKey
|
|
- */
|
|
- keyReq = &(keyInfoCtx->keyReq);
|
|
- if (keyReq->keyType &
|
|
- (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) {
|
|
- cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name);
|
|
- if (cert == NULL) {
|
|
- goto done;
|
|
- }
|
|
+ keysSize = xmlSecPtrListGetSize(list);
|
|
+ idsSize = xmlSecPtrListGetSize(idsList);
|
|
+ for(i = 0; i < keysSize; ++i) {
|
|
+ key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i);
|
|
+ xmlSecAssert2(key != NULL, -1);
|
|
|
|
- if (keyReq->keyType & xmlSecKeyDataTypePublic) {
|
|
- pubkey = CERT_ExtractPublicKey(cert);
|
|
- if (pubkey == NULL) {
|
|
+ cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs);
|
|
+ if(cur == NULL) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "CERT_ExtractPublicKey",
|
|
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
- goto done;
|
|
- }
|
|
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
|
|
+ "xmlSecAddChild",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ "node=%s",
|
|
+ xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
|
|
+ xmlFreeDoc(doc);
|
|
+ return(-1);
|
|
}
|
|
|
|
- if (keyReq->keyType & xmlSecKeyDataTypePrivate) {
|
|
- privkey = PK11_FindKeyByAnyCert(cert, NULL);
|
|
- if (privkey == NULL) {
|
|
+ /* special data key name */
|
|
+ if(xmlSecKeyGetName(key) != NULL) {
|
|
+ if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "PK11_FindKeyByAnyCert",
|
|
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
- goto done;
|
|
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
|
|
+ "xmlSecAddChild",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ "node=%s",
|
|
+ xmlSecErrorsSafeString(xmlSecNodeKeyName));
|
|
+ xmlFreeDoc(doc);
|
|
+ return(-1);
|
|
}
|
|
}
|
|
|
|
- data = xmlSecNssPKIAdoptKey(privkey, pubkey);
|
|
- if(data == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecNssPKIAdoptKey",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
- goto done;
|
|
- }
|
|
- privkey = NULL;
|
|
- pubkey = NULL;
|
|
-
|
|
- key = xmlSecKeyCreate();
|
|
- if (key == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecKeyCreate",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
- return (NULL);
|
|
- }
|
|
-
|
|
- x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id);
|
|
- if(x509Data == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecKeyDataCreate",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- "transform=%s",
|
|
- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id)));
|
|
- goto done;
|
|
- }
|
|
+ /* create nodes for other keys data */
|
|
+ for(j = 0; j < idsSize; ++j) {
|
|
+ dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j);
|
|
+ xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1);
|
|
+
|
|
+ if(dataId->dataNodeName == NULL) {
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ data = xmlSecKeyGetData(key, dataId);
|
|
+ if(data == NULL) {
|
|
+ continue;
|
|
+ }
|
|
|
|
- ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert);
|
|
- if (ret < 0) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecNssKeyDataX509AdoptKeyCert",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- "data=%s",
|
|
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
|
|
- goto done;
|
|
- }
|
|
- cert = CERT_DupCertificate(cert);
|
|
- if (cert == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "CERT_DupCertificate",
|
|
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
- "data=%s",
|
|
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
|
|
- goto done;
|
|
+ if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
|
|
+ "xmlSecAddChild",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ "node=%s",
|
|
+ xmlSecErrorsSafeString(dataId->dataNodeName));
|
|
+ xmlFreeDoc(doc);
|
|
+ return(-1);
|
|
+ }
|
|
}
|
|
|
|
- ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert);
|
|
+ ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
|
|
if (ret < 0) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecNssKeyDataX509AdoptCert",
|
|
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
|
|
+ "xmlSecKeyInfoCtxInitialize",
|
|
XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- "data=%s",
|
|
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
|
|
- goto done;
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ xmlFreeDoc(doc);
|
|
+ return(-1);
|
|
}
|
|
- cert = NULL;
|
|
|
|
- ret = xmlSecKeySetValue(key, data);
|
|
- if (ret < 0) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecKeySetValue",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- "data=%s",
|
|
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
|
|
- goto done;
|
|
- }
|
|
- data = NULL;
|
|
+ keyInfoCtx.mode = xmlSecKeyInfoModeWrite;
|
|
+ keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
|
|
+ keyInfoCtx.keyReq.keyType = type;
|
|
+ keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny;
|
|
|
|
- ret = xmlSecKeyAdoptData(key, x509Data);
|
|
+ /* finally write key in the node */
|
|
+ ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx);
|
|
if (ret < 0) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecKeyAdoptData",
|
|
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
|
|
+ "xmlSecKeyInfoNodeWrite",
|
|
XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- "data=%s",
|
|
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
|
|
- goto done;
|
|
- }
|
|
- x509Data = NULL;
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
|
|
+ xmlFreeDoc(doc);
|
|
+ return(-1);
|
|
+ }
|
|
|
|
- retval = key;
|
|
- key = NULL;
|
|
+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
|
|
}
|
|
|
|
-done:
|
|
- if (cert != NULL) {
|
|
- CERT_DestroyCertificate(cert);
|
|
- }
|
|
- if (pubkey != NULL) {
|
|
- SECKEY_DestroyPublicKey(pubkey);
|
|
- }
|
|
- if (privkey != NULL) {
|
|
- SECKEY_DestroyPrivateKey(privkey);
|
|
- }
|
|
- if (data != NULL) {
|
|
- xmlSecKeyDataDestroy(data);
|
|
- }
|
|
- if (x509Data != NULL) {
|
|
- xmlSecKeyDataDestroy(x509Data);
|
|
- }
|
|
- if (key != NULL) {
|
|
- xmlSecKeyDestroy(key);
|
|
+ /* now write result */
|
|
+ ret = xmlSaveFormatFile(filename, doc, 1);
|
|
+ if (ret < 0) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
|
|
+ "xmlSaveFormatFile",
|
|
+ XMLSEC_ERRORS_R_XML_FAILED,
|
|
+ "filename=%s",
|
|
+ xmlSecErrorsSafeString(filename));
|
|
+ xmlFreeDoc(doc);
|
|
+ return(-1);
|
|
}
|
|
|
|
- return (retval);
|
|
+ xmlFreeDoc(doc);
|
|
+ return(0);
|
|
}
|
|
--- misc/xmlsec1-1.2.14/src/nss/pkikeys.c 2009-06-25 22:53:18.000000000 +0200
|
|
+++ misc/build/xmlsec1-1.2.14/src/nss/pkikeys.c 2009-09-21 14:02:48.657352624 +0200
|
|
@@ -24,6 +24,7 @@
|
|
#include <xmlsec/nss/crypto.h>
|
|
#include <xmlsec/nss/bignum.h>
|
|
#include <xmlsec/nss/pkikeys.h>
|
|
+#include <xmlsec/nss/tokens.h>
|
|
|
|
/**************************************************************************
|
|
*
|
|
@@ -115,6 +116,8 @@
|
|
xmlSecNssPKIKeyDataCtxPtr ctxSrc)
|
|
{
|
|
xmlSecNSSPKIKeyDataCtxFree(ctxDst);
|
|
+ ctxDst->privkey = NULL ;
|
|
+ ctxDst->pubkey = NULL ;
|
|
if (ctxSrc->privkey != NULL) {
|
|
ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey);
|
|
if(ctxDst->privkey == NULL) {
|
|
@@ -588,13 +591,13 @@
|
|
goto done;
|
|
}
|
|
|
|
- slot = PK11_GetBestSlot(CKM_DSA, NULL);
|
|
+ slot = xmlSecNssSlotGet(CKM_DSA);
|
|
if(slot == NULL) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
- "PK11_GetBestSlot",
|
|
+ "xmlSecNssSlotGet",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ "error code=%d", PORT_GetError());
|
|
ret = -1;
|
|
goto done;
|
|
}
|
|
@@ -792,14 +795,14 @@
|
|
if (slot != NULL) {
|
|
PK11_FreeSlot(slot);
|
|
}
|
|
- if (ret != 0) {
|
|
+
|
|
if (pubkey != NULL) {
|
|
SECKEY_DestroyPublicKey(pubkey);
|
|
}
|
|
if (data != NULL) {
|
|
xmlSecKeyDataDestroy(data);
|
|
}
|
|
- }
|
|
+
|
|
return(ret);
|
|
}
|
|
|
|
@@ -818,7 +821,7 @@
|
|
|
|
ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
|
|
xmlSecAssert2(ctx != NULL, -1);
|
|
- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
|
|
+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
|
|
|
|
if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
|
|
/* we can have only private key or public key */
|
|
@@ -940,7 +943,8 @@
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
"PK11_PQG_ParamGen",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
- "size=%d", sizeBits);
|
|
+ "size=%d, error code=%d", sizeBits, PORT_GetError());
|
|
+ ret = -1;
|
|
goto done;
|
|
}
|
|
|
|
@@ -950,11 +954,12 @@
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
"PK11_PQG_VerifyParams",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
- "size=%d", sizeBits);
|
|
+ "size=%d, error code=%d", sizeBits, PORT_GetError());
|
|
+ ret = -1;
|
|
goto done;
|
|
}
|
|
|
|
- slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL);
|
|
+ slot = xmlSecNssSlotGet(CKM_DSA_KEY_PAIR_GEN);
|
|
PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
|
|
privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams,
|
|
&pubkey, PR_FALSE, PR_TRUE, NULL);
|
|
@@ -964,8 +969,9 @@
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
"PK11_GenerateKeyPair",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ "error code=%d", PORT_GetError());
|
|
|
|
+ ret = -1;
|
|
goto done;
|
|
}
|
|
|
|
@@ -979,6 +985,8 @@
|
|
goto done;
|
|
}
|
|
|
|
+ privkey = NULL ;
|
|
+ pubkey = NULL ;
|
|
ret = 0;
|
|
|
|
done:
|
|
@@ -991,16 +999,13 @@
|
|
if (pqgVerify != NULL) {
|
|
PK11_PQG_DestroyVerify(pqgVerify);
|
|
}
|
|
- if (ret == 0) {
|
|
- return (0);
|
|
- }
|
|
if (pubkey != NULL) {
|
|
SECKEY_DestroyPublicKey(pubkey);
|
|
}
|
|
if (privkey != NULL) {
|
|
SECKEY_DestroyPrivateKey(privkey);
|
|
}
|
|
- return(-1);
|
|
+ return(ret);
|
|
}
|
|
|
|
static xmlSecKeyDataType
|
|
@@ -1010,10 +1015,10 @@
|
|
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown);
|
|
ctx = xmlSecNssPKIKeyDataGetCtx(data);
|
|
xmlSecAssert2(ctx != NULL, -1);
|
|
- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
|
|
+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
|
|
if (ctx->privkey != NULL) {
|
|
return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
|
|
- } else {
|
|
+ } else if( ctx->pubkey != NULL ) {
|
|
return(xmlSecKeyDataTypePublic);
|
|
}
|
|
|
|
@@ -1027,7 +1032,7 @@
|
|
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0);
|
|
ctx = xmlSecNssPKIKeyDataGetCtx(data);
|
|
xmlSecAssert2(ctx != NULL, -1);
|
|
- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
|
|
+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
|
|
|
|
return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
|
|
}
|
|
@@ -1216,13 +1221,13 @@
|
|
goto done;
|
|
}
|
|
|
|
- slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL);
|
|
+ slot = xmlSecNssSlotGet(CKM_RSA_PKCS);
|
|
if(slot == NULL) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
- "PK11_GetBestSlot",
|
|
+ "xmlSecNssSlotGet",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ "error code=%d", PORT_GetError());
|
|
ret = -1;
|
|
goto done;
|
|
}
|
|
@@ -1384,7 +1389,7 @@
|
|
|
|
ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
|
|
xmlSecAssert2(ctx != NULL, -1);
|
|
- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
|
|
+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/
|
|
|
|
|
|
if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
|
|
@@ -1455,7 +1460,7 @@
|
|
params.keySizeInBits = sizeBits;
|
|
params.pe = 65537;
|
|
|
|
- slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL);
|
|
+ slot = xmlSecNssSlotGet(CKM_RSA_PKCS_KEY_PAIR_GEN);
|
|
PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
|
|
privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, ¶ms,
|
|
&pubkey, PR_FALSE, PR_TRUE, NULL);
|
|
@@ -1525,7 +1530,7 @@
|
|
|
|
ctx = xmlSecNssPKIKeyDataGetCtx(data);
|
|
xmlSecAssert2(ctx != NULL, -1);
|
|
- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
|
|
+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/
|
|
|
|
return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
|
|
}
|
|
--- misc/xmlsec1-1.2.14/src/nss/symkeys.c 2009-06-25 22:53:18.000000000 +0200
|
|
+++ misc/build/xmlsec1-1.2.14/src/nss/symkeys.c 2009-09-21 14:02:48.620574832 +0200
|
|
@@ -15,20 +15,41 @@
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
|
|
+#include <pk11func.h>
|
|
+#include <nss.h>
|
|
+
|
|
#include <xmlsec/xmlsec.h>
|
|
#include <xmlsec/xmltree.h>
|
|
+#include <xmlsec/base64.h>
|
|
#include <xmlsec/keys.h>
|
|
#include <xmlsec/keyinfo.h>
|
|
#include <xmlsec/transforms.h>
|
|
#include <xmlsec/errors.h>
|
|
|
|
#include <xmlsec/nss/crypto.h>
|
|
+#include <xmlsec/nss/ciphers.h>
|
|
+#include <xmlsec/nss/tokens.h>
|
|
|
|
/*****************************************************************************
|
|
*
|
|
- * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary
|
|
+ * Symmetic (binary) keys - a wrapper over slot information and PK11SymKey
|
|
*
|
|
****************************************************************************/
|
|
+typedef struct _xmlSecNssSymKeyDataCtx xmlSecNssSymKeyDataCtx ;
|
|
+typedef struct _xmlSecNssSymKeyDataCtx* xmlSecNssSymKeyDataCtxPtr ;
|
|
+
|
|
+struct _xmlSecNssSymKeyDataCtx {
|
|
+ CK_MECHANISM_TYPE cipher ; /* the symmetic key mechanism */
|
|
+ PK11SlotInfo* slot ; /* the key resident slot */
|
|
+ PK11SymKey* symkey ; /* the symmetic key */
|
|
+} ;
|
|
+
|
|
+#define xmlSecNssSymKeyDataSize \
|
|
+ ( sizeof( xmlSecKeyData ) + sizeof( xmlSecNssSymKeyDataCtx ) )
|
|
+
|
|
+#define xmlSecNssSymKeyDataGetCtx( data ) \
|
|
+ ( ( xmlSecNssSymKeyDataCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyData ) ) )
|
|
+
|
|
static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data);
|
|
static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
|
|
xmlSecKeyDataPtr src);
|
|
@@ -67,107 +88,743 @@
|
|
(xmlSecKeyDataIsValid((data)) && \
|
|
xmlSecNssSymKeyDataKlassCheck((data)->id))
|
|
|
|
+/**
|
|
+ * xmlSecNssSymKeyDataAdoptKey:
|
|
+ * @data: the pointer to symmetric key data.
|
|
+ * @symkey: the symmetric key
|
|
+ *
|
|
+ * Set the value of symmetric key data.
|
|
+ *
|
|
+ * Returns 0 on success or a negative value if an error occurs.
|
|
+ */
|
|
+int
|
|
+xmlSecNssSymKeyDataAdoptKey(
|
|
+ xmlSecKeyDataPtr data ,
|
|
+ PK11SymKey* symkey
|
|
+) {
|
|
+ xmlSecNssSymKeyDataCtxPtr context = NULL ;
|
|
+
|
|
+ xmlSecAssert2( xmlSecNssSymKeyDataCheckId( data ), -1 ) ;
|
|
+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), -1 ) ;
|
|
+ xmlSecAssert2( symkey != NULL, -1 ) ;
|
|
+
|
|
+ context = xmlSecNssSymKeyDataGetCtx( data ) ;
|
|
+ xmlSecAssert2(context != NULL, -1);
|
|
+
|
|
+ context->cipher = PK11_GetMechanism( symkey ) ;
|
|
+
|
|
+ if( context->slot != NULL ) {
|
|
+ PK11_FreeSlot( context->slot ) ;
|
|
+ context->slot = NULL ;
|
|
+ }
|
|
+ context->slot = PK11_GetSlotFromKey( symkey ) ;
|
|
+
|
|
+ if( context->symkey != NULL ) {
|
|
+ PK11_FreeSymKey( context->symkey ) ;
|
|
+ context->symkey = NULL ;
|
|
+ }
|
|
+ context->symkey = PK11_ReferenceSymKey( symkey ) ;
|
|
+
|
|
+ return 0 ;
|
|
+}
|
|
+
|
|
+xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt(
|
|
+ PK11SymKey* symKey
|
|
+) {
|
|
+ xmlSecKeyDataPtr data = NULL ;
|
|
+ CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM ;
|
|
+
|
|
+ xmlSecAssert2( symKey != NULL , NULL ) ;
|
|
+
|
|
+ mechanism = PK11_GetMechanism( symKey ) ;
|
|
+ switch( mechanism ) {
|
|
+ case CKM_DES3_KEY_GEN :
|
|
+ case CKM_DES3_CBC :
|
|
+ case CKM_DES3_MAC :
|
|
+ data = xmlSecKeyDataCreate( xmlSecNssKeyDataDesId ) ;
|
|
+ if( data == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ NULL ,
|
|
+ "xmlSecKeyDataCreate" ,
|
|
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
+ "xmlSecNssKeyDataDesId" ) ;
|
|
+ return NULL ;
|
|
+ }
|
|
+ break ;
|
|
+ case CKM_AES_KEY_GEN :
|
|
+ case CKM_AES_CBC :
|
|
+ case CKM_AES_MAC :
|
|
+ data = xmlSecKeyDataCreate( xmlSecNssKeyDataAesId ) ;
|
|
+ if( data == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ NULL ,
|
|
+ "xmlSecKeyDataCreate" ,
|
|
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
+ "xmlSecNssKeyDataDesId" ) ;
|
|
+ return NULL ;
|
|
+ }
|
|
+ break ;
|
|
+ default :
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ NULL ,
|
|
+ NULL ,
|
|
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
+ "Unsupported mechanism" ) ;
|
|
+ return NULL ;
|
|
+ }
|
|
+
|
|
+ if( xmlSecNssSymKeyDataAdoptKey( data , symKey ) < 0 ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ NULL ,
|
|
+ "xmlSecNssSymKeyDataAdoptKey" ,
|
|
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+
|
|
+ xmlSecKeyDataDestroy( data ) ;
|
|
+ return NULL ;
|
|
+ }
|
|
+
|
|
+ return data ;
|
|
+}
|
|
+
|
|
+
|
|
+PK11SymKey*
|
|
+xmlSecNssSymKeyDataGetKey(
|
|
+ xmlSecKeyDataPtr data
|
|
+) {
|
|
+ xmlSecNssSymKeyDataCtxPtr ctx;
|
|
+ PK11SymKey* symkey ;
|
|
+
|
|
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), NULL);
|
|
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), NULL);
|
|
+
|
|
+ ctx = xmlSecNssSymKeyDataGetCtx(data);
|
|
+ xmlSecAssert2(ctx != NULL, NULL);
|
|
+
|
|
+ if( ctx->symkey != NULL ) {
|
|
+ symkey = PK11_ReferenceSymKey( ctx->symkey ) ;
|
|
+ } else {
|
|
+ symkey = NULL ;
|
|
+ }
|
|
+
|
|
+ return(symkey);
|
|
+}
|
|
+
|
|
static int
|
|
xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) {
|
|
+ xmlSecNssSymKeyDataCtxPtr ctx;
|
|
+
|
|
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
|
|
-
|
|
- return(xmlSecKeyDataBinaryValueInitialize(data));
|
|
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), -1);
|
|
+
|
|
+ ctx = xmlSecNssSymKeyDataGetCtx(data);
|
|
+ xmlSecAssert2(ctx != NULL, -1);
|
|
+
|
|
+ memset( ctx, 0, sizeof(xmlSecNssSymKeyDataCtx));
|
|
+
|
|
+ /* Set the block cipher mechanism */
|
|
+#ifndef XMLSEC_NO_DES
|
|
+ if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) {
|
|
+ ctx->cipher = CKM_DES3_KEY_GEN;
|
|
+ } else
|
|
+#endif /* XMLSEC_NO_DES */
|
|
+
|
|
+#ifndef XMLSEC_NO_AES
|
|
+ if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) {
|
|
+ ctx->cipher = CKM_AES_KEY_GEN;
|
|
+ } else
|
|
+#endif /* XMLSEC_NO_AES */
|
|
+
|
|
+ if(1) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
+ NULL ,
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
+ "Unsupported block cipher" ) ;
|
|
+ return(-1) ;
|
|
+ }
|
|
+
|
|
+ return(0);
|
|
}
|
|
|
|
static int
|
|
xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
|
|
+ xmlSecNssSymKeyDataCtxPtr ctxDst;
|
|
+ xmlSecNssSymKeyDataCtxPtr ctxSrc;
|
|
+
|
|
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1);
|
|
+ xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecNssSymKeyDataSize), -1);
|
|
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1);
|
|
+ xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecNssSymKeyDataSize), -1);
|
|
xmlSecAssert2(dst->id == src->id, -1);
|
|
-
|
|
- return(xmlSecKeyDataBinaryValueDuplicate(dst, src));
|
|
+
|
|
+ ctxDst = xmlSecNssSymKeyDataGetCtx(dst);
|
|
+ xmlSecAssert2(ctxDst != NULL, -1);
|
|
+
|
|
+ ctxSrc = xmlSecNssSymKeyDataGetCtx(src);
|
|
+ xmlSecAssert2(ctxSrc != NULL, -1);
|
|
+
|
|
+ ctxDst->cipher = ctxSrc->cipher ;
|
|
+
|
|
+ if( ctxSrc->slot != NULL ) {
|
|
+ if( ctxDst->slot != NULL && ctxDst->slot != ctxSrc->slot ) {
|
|
+ PK11_FreeSlot( ctxDst->slot ) ;
|
|
+ ctxDst->slot = NULL ;
|
|
+ }
|
|
+
|
|
+ if( ctxDst->slot == NULL && ctxSrc->slot != NULL )
|
|
+ ctxDst->slot = PK11_ReferenceSlot( ctxSrc->slot ) ;
|
|
+ } else {
|
|
+ if( ctxDst->slot != NULL ) {
|
|
+ PK11_FreeSlot( ctxDst->slot ) ;
|
|
+ ctxDst->slot = NULL ;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ if( ctxSrc->symkey != NULL ) {
|
|
+ if( ctxDst->symkey != NULL && ctxDst->symkey != ctxSrc->symkey ) {
|
|
+ PK11_FreeSymKey( ctxDst->symkey ) ;
|
|
+ ctxDst->symkey = NULL ;
|
|
+ }
|
|
+
|
|
+ if( ctxDst->symkey == NULL && ctxSrc->symkey != NULL )
|
|
+ ctxDst->symkey = PK11_ReferenceSymKey( ctxSrc->symkey ) ;
|
|
+ } else {
|
|
+ if( ctxDst->symkey != NULL ) {
|
|
+ PK11_FreeSymKey( ctxDst->symkey ) ;
|
|
+ ctxDst->symkey = NULL ;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ return(0);
|
|
}
|
|
|
|
static void
|
|
xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) {
|
|
+ xmlSecNssSymKeyDataCtxPtr ctx;
|
|
+
|
|
xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
|
|
-
|
|
- xmlSecKeyDataBinaryValueFinalize(data);
|
|
+ xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize));
|
|
+
|
|
+ ctx = xmlSecNssSymKeyDataGetCtx(data);
|
|
+ xmlSecAssert(ctx != NULL);
|
|
+
|
|
+ if( ctx->slot != NULL ) {
|
|
+ PK11_FreeSlot( ctx->slot ) ;
|
|
+ ctx->slot = NULL ;
|
|
+ }
|
|
+
|
|
+ if( ctx->symkey != NULL ) {
|
|
+ PK11_FreeSymKey( ctx->symkey ) ;
|
|
+ ctx->symkey = NULL ;
|
|
+ }
|
|
+
|
|
+ ctx->cipher = CKM_INVALID_MECHANISM ;
|
|
}
|
|
|
|
static int
|
|
xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
|
|
xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
|
|
+ PK11SymKey* symKey ;
|
|
+ PK11SlotInfo* slot ;
|
|
+ xmlSecBufferPtr keyBuf;
|
|
+ xmlSecSize len;
|
|
+ xmlSecKeyDataPtr data;
|
|
+ xmlSecNssSymKeyDataCtxPtr ctx;
|
|
+ SECItem keyItem ;
|
|
+ int ret;
|
|
+
|
|
+ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
|
|
+ xmlSecAssert2(key != NULL, -1);
|
|
+ xmlSecAssert2(node != NULL, -1);
|
|
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
|
|
+
|
|
+ /* Create a new KeyData from a id */
|
|
+ data = xmlSecKeyDataCreate(id);
|
|
+ if(data == NULL ) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ "xmlSecKeyDataCreate",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ return(-1);
|
|
+ }
|
|
+
|
|
+ ctx = xmlSecNssSymKeyDataGetCtx(data);
|
|
+ xmlSecAssert2(ctx != NULL, -1);
|
|
+
|
|
+ /* Create a buffer for raw symmetric key value */
|
|
+ if( ( keyBuf = xmlSecBufferCreate( 128 ) ) == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ "xmlSecBufferCreate" ,
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+ xmlSecKeyDataDestroy( data ) ;
|
|
+ return(-1) ;
|
|
+ }
|
|
+
|
|
+ /* Read the raw key value */
|
|
+ if( xmlSecBufferBase64NodeContentRead( keyBuf , node ) < 0 ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+
|
|
+ xmlSecBufferDestroy( keyBuf ) ;
|
|
+ xmlSecKeyDataDestroy( data ) ;
|
|
+ return(-1) ;
|
|
+ }
|
|
+
|
|
+ /* Get slot */
|
|
+ slot = xmlSecNssSlotGet(ctx->cipher);
|
|
+ if( slot == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ "xmlSecNssSlotGet" ,
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+
|
|
+ xmlSecBufferDestroy( keyBuf ) ;
|
|
+ xmlSecKeyDataDestroy( data ) ;
|
|
+ return(-1) ;
|
|
+ }
|
|
+
|
|
+ /* Wrap the raw key value SECItem */
|
|
+ keyItem.type = siBuffer ;
|
|
+ keyItem.data = xmlSecBufferGetData( keyBuf ) ;
|
|
+ keyItem.len = xmlSecBufferGetSize( keyBuf ) ;
|
|
+
|
|
+ /* Import the raw key into slot temporalily and get the key handler*/
|
|
+ symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ;
|
|
+ if( symKey == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ "PK11_ImportSymKey" ,
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+
|
|
+ PK11_FreeSlot( slot ) ;
|
|
+ xmlSecBufferDestroy( keyBuf ) ;
|
|
+ xmlSecKeyDataDestroy( data ) ;
|
|
+ return(-1) ;
|
|
+ }
|
|
+ PK11_FreeSlot( slot ) ;
|
|
+
|
|
+ /* raw key material has been copied into symKey, it isn't used any more */
|
|
+ xmlSecBufferDestroy( keyBuf ) ;
|
|
+
|
|
+ /* Adopt the symmetric key into key data */
|
|
+ ret = xmlSecNssSymKeyDataAdoptKey(data, symKey);
|
|
+ if(ret < 0) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ "xmlSecKeyDataBinaryValueSetBuffer",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ PK11_FreeSymKey( symKey ) ;
|
|
+ xmlSecKeyDataDestroy( data ) ;
|
|
+ return(-1);
|
|
+ }
|
|
+ /* symKey has been duplicated into data, it isn't used any more */
|
|
+ PK11_FreeSymKey( symKey ) ;
|
|
+
|
|
+ /* Check value */
|
|
+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ "xmlSecKeyReqMatchKeyValue",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ xmlSecKeyDataDestroy( data ) ;
|
|
+ return(0);
|
|
+ }
|
|
|
|
- return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx));
|
|
+ ret = xmlSecKeySetValue(key, data);
|
|
+ if(ret < 0) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ "xmlSecKeySetValue",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ xmlSecKeyDataDestroy( data ) ;
|
|
+ return(-1);
|
|
+ }
|
|
+
|
|
+ return(0);
|
|
}
|
|
|
|
static int
|
|
xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
|
|
xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
+ PK11SymKey* symKey ;
|
|
+
|
|
xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
|
|
-
|
|
- return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx));
|
|
+ xmlSecAssert2(key != NULL, -1);
|
|
+ xmlSecAssert2(node != NULL, -1);
|
|
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
|
|
+
|
|
+ /* Get symmetric key from "key" */
|
|
+ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key));
|
|
+ if( symKey != NULL ) {
|
|
+ SECItem* keyItem ;
|
|
+ xmlSecBufferPtr keyBuf ;
|
|
+
|
|
+ /* Extract raw key data from symmetric key */
|
|
+ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ "PK11_ExtractKeyValue",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ PK11_FreeSymKey( symKey ) ;
|
|
+ return(-1);
|
|
+ }
|
|
+
|
|
+ /* Get raw key data from "symKey" */
|
|
+ keyItem = PK11_GetKeyData( symKey ) ;
|
|
+ if(keyItem == NULL) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ "PK11_GetKeyData",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ PK11_FreeSymKey( symKey ) ;
|
|
+ return(-1);
|
|
+ }
|
|
+
|
|
+ /* Create key data buffer with raw kwy material */
|
|
+ keyBuf = xmlSecBufferCreate(keyItem->len) ;
|
|
+ if(keyBuf == NULL) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ "xmlSecBufferCreate",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ PK11_FreeSymKey( symKey ) ;
|
|
+ return(-1);
|
|
+ }
|
|
+
|
|
+ xmlSecBufferSetData( keyBuf , keyItem->data , keyItem->len ) ;
|
|
+
|
|
+ /* Write raw key material into current xml node */
|
|
+ if( xmlSecBufferBase64NodeContentWrite( keyBuf, node, XMLSEC_BASE64_LINESIZE ) < 0 ) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ "xmlSecBufferBase64NodeContentWrite",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ xmlSecBufferDestroy(keyBuf);
|
|
+ PK11_FreeSymKey( symKey ) ;
|
|
+ return(-1);
|
|
+ }
|
|
+ xmlSecBufferDestroy(keyBuf);
|
|
+ PK11_FreeSymKey( symKey ) ;
|
|
+ }
|
|
+
|
|
+ return 0 ;
|
|
}
|
|
|
|
static int
|
|
xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
|
|
const xmlSecByte* buf, xmlSecSize bufSize,
|
|
xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
|
|
+ PK11SymKey* symKey ;
|
|
+ PK11SlotInfo* slot ;
|
|
+ xmlSecKeyDataPtr data;
|
|
+ xmlSecNssSymKeyDataCtxPtr ctx;
|
|
+ SECItem keyItem ;
|
|
+ int ret;
|
|
+
|
|
+ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
|
|
+ xmlSecAssert2(key != NULL, -1);
|
|
+ xmlSecAssert2(buf != NULL, -1);
|
|
+ xmlSecAssert2(bufSize != 0, -1);
|
|
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
|
|
+
|
|
+ /* Create a new KeyData from a id */
|
|
+ data = xmlSecKeyDataCreate(id);
|
|
+ if(data == NULL ) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ "xmlSecKeyDataCreate",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ return(-1);
|
|
+ }
|
|
+
|
|
+ ctx = xmlSecNssSymKeyDataGetCtx(data);
|
|
+ xmlSecAssert2(ctx != NULL, -1);
|
|
+
|
|
+ /* Get slot */
|
|
+ slot = xmlSecNssSlotGet(ctx->cipher);
|
|
+ if( slot == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ "xmlSecNssSlotGet" ,
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+ xmlSecKeyDataDestroy( data ) ;
|
|
+ return(-1) ;
|
|
+ }
|
|
+
|
|
+ /* Wrap the raw key value SECItem */
|
|
+ keyItem.type = siBuffer ;
|
|
+ keyItem.data = buf ;
|
|
+ keyItem.len = bufSize ;
|
|
+
|
|
+ /* Import the raw key into slot temporalily and get the key handler*/
|
|
+ symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ;
|
|
+ if( symKey == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ "PK11_ImportSymKey" ,
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+ PK11_FreeSlot( slot ) ;
|
|
+ xmlSecKeyDataDestroy( data ) ;
|
|
+ return(-1) ;
|
|
+ }
|
|
+
|
|
+ /* Adopt the symmetric key into key data */
|
|
+ ret = xmlSecNssSymKeyDataAdoptKey(data, symKey);
|
|
+ if(ret < 0) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ "xmlSecKeyDataBinaryValueSetBuffer",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+ PK11_FreeSymKey( symKey ) ;
|
|
+ PK11_FreeSlot( slot ) ;
|
|
+ xmlSecKeyDataDestroy( data ) ;
|
|
+ return(-1);
|
|
+ }
|
|
+ /* symKey has been duplicated into data, it isn't used any more */
|
|
+ PK11_FreeSymKey( symKey ) ;
|
|
+ PK11_FreeSlot( slot ) ;
|
|
+
|
|
+ /* Check value */
|
|
+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ "xmlSecKeyReqMatchKeyValue",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ xmlSecKeyDataDestroy( data ) ;
|
|
+ return(0);
|
|
+ }
|
|
|
|
- return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx));
|
|
+ ret = xmlSecKeySetValue(key, data);
|
|
+ if(ret < 0) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ "xmlSecKeySetValue",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ xmlSecKeyDataDestroy( data ) ;
|
|
+ return(-1);
|
|
+ }
|
|
+
|
|
+ return(0);
|
|
}
|
|
|
|
static int
|
|
xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
|
|
xmlSecByte** buf, xmlSecSize* bufSize,
|
|
xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
+ PK11SymKey* symKey ;
|
|
+
|
|
xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
|
|
+ xmlSecAssert2(key != NULL, -1);
|
|
+ xmlSecAssert2(buf != NULL, -1);
|
|
+ xmlSecAssert2(bufSize != 0, -1);
|
|
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
|
|
+
|
|
+ /* Get symmetric key from "key" */
|
|
+ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key));
|
|
+ if( symKey != NULL ) {
|
|
+ SECItem* keyItem ;
|
|
+
|
|
+ /* Extract raw key data from symmetric key */
|
|
+ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ "PK11_ExtractKeyValue",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ PK11_FreeSymKey( symKey ) ;
|
|
+ return(-1);
|
|
+ }
|
|
+
|
|
+ /* Get raw key data from "symKey" */
|
|
+ keyItem = PK11_GetKeyData( symKey ) ;
|
|
+ if(keyItem == NULL) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ "PK11_GetKeyData",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ PK11_FreeSymKey( symKey ) ;
|
|
+ return(-1);
|
|
+ }
|
|
+
|
|
+ *bufSize = keyItem->len;
|
|
+ *buf = ( xmlSecByte* )xmlMalloc( *bufSize );
|
|
+ if( *buf == NULL ) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ NULL,
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ PK11_FreeSymKey( symKey ) ;
|
|
+ return(-1);
|
|
+ }
|
|
+
|
|
+ memcpy((*buf), keyItem->data, (*bufSize));
|
|
+ PK11_FreeSymKey( symKey ) ;
|
|
+ }
|
|
|
|
- return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx));
|
|
+ return 0 ;
|
|
}
|
|
|
|
static int
|
|
xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
|
|
- xmlSecBufferPtr buffer;
|
|
+ PK11SymKey* symkey ;
|
|
+ PK11SlotInfo* slot ;
|
|
+ xmlSecNssSymKeyDataCtxPtr ctx;
|
|
+ int ret;
|
|
|
|
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
|
|
xmlSecAssert2(sizeBits > 0, -1);
|
|
|
|
- buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
|
|
- xmlSecAssert2(buffer != NULL, -1);
|
|
-
|
|
- return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8));
|
|
+ ctx = xmlSecNssSymKeyDataGetCtx(data);
|
|
+ xmlSecAssert2(ctx != NULL, -1);
|
|
+
|
|
+ if( sizeBits % 8 != 0 ) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
+ NULL,
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ "Symmetric key size must be octuple");
|
|
+ return(-1);
|
|
+ }
|
|
+
|
|
+ /* Get slot */
|
|
+ slot = xmlSecNssSlotGet(ctx->cipher);
|
|
+ if( slot == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
+ "xmlSecNssSlotGet" ,
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+ return(-1) ;
|
|
+ }
|
|
+
|
|
+ if( PK11_Authenticate( slot, PR_FALSE , NULL ) != SECSuccess ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
|
|
+ "PK11_Authenticate" ,
|
|
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+ PK11_FreeSlot( slot ) ;
|
|
+ return -1 ;
|
|
+ }
|
|
+
|
|
+ symkey = PK11_KeyGen( slot , ctx->cipher , NULL , sizeBits/8 , NULL ) ;
|
|
+ if( symkey == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
|
|
+ "PK11_KeyGen" ,
|
|
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+ PK11_FreeSlot( slot ) ;
|
|
+ return -1 ;
|
|
+ }
|
|
+
|
|
+ if( ctx->slot != NULL ) {
|
|
+ PK11_FreeSlot( ctx->slot ) ;
|
|
+ ctx->slot = NULL ;
|
|
+ }
|
|
+ ctx->slot = slot ;
|
|
+
|
|
+ if( ctx->symkey != NULL ) {
|
|
+ PK11_FreeSymKey( ctx->symkey ) ;
|
|
+ ctx->symkey = NULL ;
|
|
+ }
|
|
+ ctx->symkey = symkey ;
|
|
+
|
|
+ return 0;
|
|
}
|
|
|
|
static xmlSecKeyDataType
|
|
xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) {
|
|
- xmlSecBufferPtr buffer;
|
|
+ xmlSecNssSymKeyDataCtxPtr context = NULL ;
|
|
+ xmlSecKeyDataType type = xmlSecKeyDataTypeUnknown ;
|
|
|
|
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown);
|
|
+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), xmlSecKeyDataTypeUnknown ) ;
|
|
|
|
- buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
|
|
- xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown);
|
|
+ context = xmlSecNssSymKeyDataGetCtx( data ) ;
|
|
+ if( context == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
|
|
+ "xmlSecNssSymKeyDataGetCtx" ,
|
|
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+ return xmlSecKeyDataTypeUnknown ;
|
|
+ }
|
|
|
|
- return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown);
|
|
+ if( context->symkey != NULL ) {
|
|
+ type |= xmlSecKeyDataTypeSymmetric ;
|
|
+ } else {
|
|
+ type |= xmlSecKeyDataTypeUnknown ;
|
|
+ }
|
|
+
|
|
+ return type ;
|
|
}
|
|
|
|
static xmlSecSize
|
|
xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) {
|
|
+ xmlSecNssSymKeyDataCtxPtr context ;
|
|
+ unsigned int length = 0 ;
|
|
+
|
|
xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0);
|
|
+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), 0 ) ;
|
|
+ context = xmlSecNssSymKeyDataGetCtx( data ) ;
|
|
+ if( context == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
|
|
+ "xmlSecNssSymKeyDataGetCtx" ,
|
|
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+ return 0 ;
|
|
+ }
|
|
+
|
|
+ if( context->symkey != NULL ) {
|
|
+ length = PK11_GetKeyLength( context->symkey ) ;
|
|
+ length *= 8 ;
|
|
+ }
|
|
|
|
- return(xmlSecKeyDataBinaryValueGetSize(data));
|
|
+ return length ;
|
|
}
|
|
|
|
static void
|
|
xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) {
|
|
xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
|
|
|
|
- xmlSecKeyDataBinaryValueDebugDump(data, output);
|
|
+ /* print only size, everything else is sensitive */
|
|
+ fprintf( output , "=== %s: size=%d\n" , data->id->dataNodeName ,
|
|
+ xmlSecKeyDataGetSize(data)) ;
|
|
}
|
|
|
|
static void
|
|
xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
|
|
xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
|
|
-
|
|
- xmlSecKeyDataBinaryValueDebugXmlDump(data, output);
|
|
+
|
|
+ /* print only size, everything else is sensitive */
|
|
+ fprintf( output , "<%s size=\"%d\" />\n" , data->id->dataNodeName ,
|
|
+ xmlSecKeyDataGetSize(data)) ;
|
|
}
|
|
|
|
static int
|
|
@@ -201,7 +858,7 @@
|
|
*************************************************************************/
|
|
static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = {
|
|
sizeof(xmlSecKeyDataKlass),
|
|
- xmlSecKeyDataBinarySize,
|
|
+ xmlSecNssSymKeyDataSize,
|
|
|
|
/* data */
|
|
xmlSecNameAESKeyValue,
|
|
@@ -282,7 +939,7 @@
|
|
*************************************************************************/
|
|
static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = {
|
|
sizeof(xmlSecKeyDataKlass),
|
|
- xmlSecKeyDataBinarySize,
|
|
+ xmlSecNssSymKeyDataSize,
|
|
|
|
/* data */
|
|
xmlSecNameDESKeyValue,
|
|
@@ -364,7 +1021,7 @@
|
|
*************************************************************************/
|
|
static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = {
|
|
sizeof(xmlSecKeyDataKlass),
|
|
- xmlSecKeyDataBinarySize,
|
|
+ xmlSecNssSymKeyDataSize,
|
|
|
|
/* data */
|
|
xmlSecNameHMACKeyValue,
|
|
--- misc/xmlsec1-1.2.14/src/nss/x509.c 2009-06-25 22:53:18.000000000 +0200
|
|
+++ misc/build/xmlsec1-1.2.14/src/nss/x509.c 2009-09-21 14:02:48.642312431 +0200
|
|
@@ -34,7 +34,6 @@
|
|
#include <xmlsec/keys.h>
|
|
#include <xmlsec/keyinfo.h>
|
|
#include <xmlsec/keysmngr.h>
|
|
-#include <xmlsec/x509.h>
|
|
#include <xmlsec/base64.h>
|
|
#include <xmlsec/errors.h>
|
|
|
|
@@ -61,33 +60,18 @@
|
|
static int xmlSecNssX509CertificateNodeRead (xmlSecKeyDataPtr data,
|
|
xmlNodePtr node,
|
|
xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
-static int xmlSecNssX509CertificateNodeWrite (CERTCertificate* cert,
|
|
- xmlNodePtr node,
|
|
- xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
static int xmlSecNssX509SubjectNameNodeRead (xmlSecKeyDataPtr data,
|
|
xmlNodePtr node,
|
|
xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
-static int xmlSecNssX509SubjectNameNodeWrite (CERTCertificate* cert,
|
|
- xmlNodePtr node,
|
|
- xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
static int xmlSecNssX509IssuerSerialNodeRead (xmlSecKeyDataPtr data,
|
|
xmlNodePtr node,
|
|
xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
-static int xmlSecNssX509IssuerSerialNodeWrite (CERTCertificate* cert,
|
|
- xmlNodePtr node,
|
|
- xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
static int xmlSecNssX509SKINodeRead (xmlSecKeyDataPtr data,
|
|
xmlNodePtr node,
|
|
xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
-static int xmlSecNssX509SKINodeWrite (CERTCertificate* cert,
|
|
- xmlNodePtr node,
|
|
- xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
static int xmlSecNssX509CRLNodeRead (xmlSecKeyDataPtr data,
|
|
xmlNodePtr node,
|
|
xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
-static int xmlSecNssX509CRLNodeWrite (CERTSignedCrl* crl,
|
|
- xmlNodePtr node,
|
|
- xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data,
|
|
xmlSecKeyPtr key,
|
|
xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
@@ -104,9 +88,6 @@
|
|
xmlSecKeyInfoCtxPtr keyInfoCtx);
|
|
static xmlChar* xmlSecNssX509CrlBase64DerWrite (CERTSignedCrl* crl,
|
|
int base64LineWrap);
|
|
-static xmlChar* xmlSecNssX509NameWrite (CERTName* nm);
|
|
-static xmlChar* xmlSecNssASN1IntegerWrite (SECItem *num);
|
|
-static xmlChar* xmlSecNssX509SKIWrite (CERTCertificate* cert);
|
|
static void xmlSecNssX509CertDebugDump (CERTCertificate* cert,
|
|
FILE* output);
|
|
static void xmlSecNssX509CertDebugXmlDump (CERTCertificate* cert,
|
|
@@ -752,31 +733,22 @@
|
|
xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
|
|
xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
xmlSecKeyDataPtr data;
|
|
+ xmlNodePtr cur;
|
|
+ xmlChar* buf;
|
|
CERTCertificate* cert;
|
|
CERTSignedCrl* crl;
|
|
xmlSecSize size, pos;
|
|
- int content = 0;
|
|
- int ret;
|
|
|
|
xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1);
|
|
xmlSecAssert2(key != NULL, -1);
|
|
xmlSecAssert2(node != NULL, -1);
|
|
xmlSecAssert2(keyInfoCtx != NULL, -1);
|
|
|
|
- content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx);
|
|
- if (content < 0) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
- "xmlSecX509DataGetNodeContent",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- "content=%d", content);
|
|
- return(-1);
|
|
- } else if(content == 0) {
|
|
- /* by default we are writing certificates and crls */
|
|
- content = XMLSEC_X509DATA_DEFAULT;
|
|
+ /* todo: flag in ctx remove all existing content */
|
|
+ if(0) {
|
|
+ xmlNodeSetContent(node, NULL);
|
|
}
|
|
|
|
- /* get x509 data */
|
|
data = xmlSecKeyGetData(key, id);
|
|
if(data == NULL) {
|
|
/* no x509 data in the key */
|
|
@@ -796,79 +768,74 @@
|
|
return(-1);
|
|
}
|
|
|
|
- if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) {
|
|
- ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx);
|
|
- if(ret < 0) {
|
|
+ /* set base64 lines size from context */
|
|
+ buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
|
|
+ if(buf == NULL) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
- "xmlSecNssX509CertificateNodeWrite",
|
|
+ "xmlSecNssX509CertBase64DerWrite",
|
|
XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- "pos=%d", pos);
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
- }
|
|
}
|
|
|
|
- if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) {
|
|
- ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx);
|
|
- if(ret < 0) {
|
|
+ cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
|
|
+ if(cur == NULL) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
- "xmlSecNssX509SubjectNameNodeWrite",
|
|
+ "xmlSecAddChild",
|
|
XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- "pos=%d", pos);
|
|
+ "node=%s",
|
|
+ xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
|
|
+ xmlFree(buf);
|
|
return(-1);
|
|
- }
|
|
}
|
|
+ /* todo: add \n around base64 data - from context */
|
|
+ /* todo: add errors check */
|
|
+ xmlNodeSetContent(cur, xmlSecStringCR);
|
|
+ xmlNodeSetContent(cur, buf);
|
|
+ xmlFree(buf);
|
|
+ }
|
|
|
|
- if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) {
|
|
- ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx);
|
|
- if(ret < 0) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
- "xmlSecNssX509IssuerSerialNodeWrite",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- "pos=%d", pos);
|
|
- return(-1);
|
|
- }
|
|
+ /* write crls */
|
|
+ size = xmlSecNssKeyDataX509GetCrlsSize(data);
|
|
+ for(pos = 0; pos < size; ++pos) {
|
|
+ crl = xmlSecNssKeyDataX509GetCrl(data, pos);
|
|
+ if(crl == NULL) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ "xmlSecNssKeyDataX509GetCrl",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ "pos=%d", pos);
|
|
+ return(-1);
|
|
}
|
|
|
|
- if((content & XMLSEC_X509DATA_SKI_NODE) != 0) {
|
|
- ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx);
|
|
- if(ret < 0) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
- "xmlSecNssX509SKINodeWrite",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- "pos=%d", pos);
|
|
- return(-1);
|
|
- }
|
|
+ /* set base64 lines size from context */
|
|
+ buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
|
|
+ if(buf == NULL) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ "xmlSecNssX509CrlBase64DerWrite",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ return(-1);
|
|
}
|
|
- }
|
|
|
|
- /* write crls if needed */
|
|
- if((content & XMLSEC_X509DATA_CRL_NODE) != 0) {
|
|
- size = xmlSecNssKeyDataX509GetCrlsSize(data);
|
|
- for(pos = 0; pos < size; ++pos) {
|
|
- crl = xmlSecNssKeyDataX509GetCrl(data, pos);
|
|
- if(crl == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
- "xmlSecNssKeyDataX509GetCrl",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- "pos=%d", pos);
|
|
- return(-1);
|
|
- }
|
|
-
|
|
- ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx);
|
|
- if(ret < 0) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
- "xmlSecNssX509CRLNodeWrite",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- "pos=%d", pos);
|
|
- return(-1);
|
|
- }
|
|
- }
|
|
+ cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
|
|
+ if(cur == NULL) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
|
|
+ "xmlSecAddChild",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ "new_node=%s",
|
|
+ xmlSecErrorsSafeString(xmlSecNodeX509CRL));
|
|
+ xmlFree(buf);
|
|
+ return(-1);
|
|
+ }
|
|
+ /* todo: add \n around base64 data - from context */
|
|
+ /* todo: add errors check */
|
|
+ xmlNodeSetContent(cur, xmlSecStringCR);
|
|
+ xmlNodeSetContent(cur, buf);
|
|
}
|
|
|
|
return(0);
|
|
@@ -1057,46 +1024,6 @@
|
|
return(0);
|
|
}
|
|
|
|
-static int
|
|
-xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
- xmlChar* buf;
|
|
- xmlNodePtr cur;
|
|
-
|
|
- xmlSecAssert2(cert != NULL, -1);
|
|
- xmlSecAssert2(node != NULL, -1);
|
|
- xmlSecAssert2(keyInfoCtx != NULL, -1);
|
|
-
|
|
- /* set base64 lines size from context */
|
|
- buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
|
|
- if(buf == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecNssX509CertBase64DerWrite",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
- return(-1);
|
|
- }
|
|
-
|
|
- cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
|
|
- if(cur == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecAddChild",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- "node=%s",
|
|
- xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
|
|
- xmlFree(buf);
|
|
- return(-1);
|
|
- }
|
|
-
|
|
- /* todo: add \n around base64 data - from context */
|
|
- /* todo: add errors check */
|
|
- xmlNodeSetContent(cur, xmlSecStringCR);
|
|
- xmlNodeSetContent(cur, buf);
|
|
- xmlFree(buf);
|
|
- return(0);
|
|
-}
|
|
-
|
|
static int
|
|
xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
xmlSecKeyDataStorePtr x509Store;
|
|
@@ -1120,19 +1047,13 @@
|
|
}
|
|
|
|
subject = xmlNodeGetContent(node);
|
|
- if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) {
|
|
- if(subject != NULL) {
|
|
- xmlFree(subject);
|
|
- }
|
|
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
|
|
+ if(subject == NULL) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
|
|
XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
|
|
XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
- }
|
|
- return(0);
|
|
}
|
|
|
|
cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx);
|
|
@@ -1169,40 +1090,6 @@
|
|
return(0);
|
|
}
|
|
|
|
-static int
|
|
-xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
|
|
- xmlChar* buf = NULL;
|
|
- xmlNodePtr cur = NULL;
|
|
-
|
|
- xmlSecAssert2(cert != NULL, -1);
|
|
- xmlSecAssert2(node != NULL, -1);
|
|
-
|
|
- buf = xmlSecNssX509NameWrite(&(cert->subject));
|
|
- if(buf == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecNssX509NameWrite(&(cert->subject))",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
- return(-1);
|
|
- }
|
|
-
|
|
- cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs);
|
|
- if(cur == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecAddChild",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- "node=%s",
|
|
- xmlSecErrorsSafeString(xmlSecNodeX509SubjectName));
|
|
- xmlFree(buf);
|
|
- return(-1);
|
|
- }
|
|
- xmlSecNodeEncodeAndSetContent(cur, buf);
|
|
- xmlFree(buf);
|
|
- return(0);
|
|
-}
|
|
-
|
|
static int
|
|
xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
xmlSecKeyDataStorePtr x509Store;
|
|
@@ -1228,21 +1115,9 @@
|
|
}
|
|
|
|
cur = xmlSecGetNextElementNode(node->children);
|
|
- if(cur == NULL) {
|
|
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
|
|
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
|
|
- "node=%s",
|
|
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
|
|
- return(-1);
|
|
- }
|
|
- return(0);
|
|
- }
|
|
|
|
/* the first is required node X509IssuerName */
|
|
- if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
|
|
+ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
|
|
@@ -1336,78 +1211,6 @@
|
|
return(0);
|
|
}
|
|
|
|
-static int
|
|
-xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
|
|
- xmlNodePtr cur;
|
|
- xmlNodePtr issuerNameNode;
|
|
- xmlNodePtr issuerNumberNode;
|
|
- xmlChar* buf;
|
|
-
|
|
- xmlSecAssert2(cert != NULL, -1);
|
|
- xmlSecAssert2(node != NULL, -1);
|
|
-
|
|
- /* create xml nodes */
|
|
- cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs);
|
|
- if(cur == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecAddChild",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- "node=%s",
|
|
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial));
|
|
- return(-1);
|
|
- }
|
|
-
|
|
- issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs);
|
|
- if(issuerNameNode == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecAddChild",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- "node=%s",
|
|
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
|
|
- return(-1);
|
|
- }
|
|
-
|
|
- issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs);
|
|
- if(issuerNumberNode == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecAddChild",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- "node=%s",
|
|
- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
|
|
- return(-1);
|
|
- }
|
|
-
|
|
- /* write data */
|
|
- buf = xmlSecNssX509NameWrite(&(cert->issuer));
|
|
- if(buf == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecNssX509NameWrite(&(cert->issuer))",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
- return(-1);
|
|
- }
|
|
- xmlSecNodeEncodeAndSetContent(issuerNameNode, buf);
|
|
- xmlFree(buf);
|
|
-
|
|
- buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber));
|
|
- if(buf == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
- return(-1);
|
|
- }
|
|
- xmlNodeSetContent(issuerNumberNode, buf);
|
|
- xmlFree(buf);
|
|
-
|
|
- return(0);
|
|
-}
|
|
-
|
|
static int
|
|
xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
xmlSecKeyDataStorePtr x509Store;
|
|
@@ -1431,11 +1234,7 @@
|
|
}
|
|
|
|
ski = xmlNodeGetContent(node);
|
|
- if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) {
|
|
- if(ski != NULL) {
|
|
- xmlFree(ski);
|
|
- }
|
|
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
|
|
+ if(ski == NULL) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
|
|
@@ -1443,8 +1242,6 @@
|
|
"node=%s",
|
|
xmlSecErrorsSafeString(xmlSecNodeX509SKI));
|
|
return(-1);
|
|
- }
|
|
- return(0);
|
|
}
|
|
|
|
cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx);
|
|
@@ -1479,41 +1276,6 @@
|
|
return(0);
|
|
}
|
|
|
|
-static int
|
|
-xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
|
|
- xmlChar *buf = NULL;
|
|
- xmlNodePtr cur = NULL;
|
|
-
|
|
- xmlSecAssert2(cert != NULL, -1);
|
|
- xmlSecAssert2(node != NULL, -1);
|
|
-
|
|
- buf = xmlSecNssX509SKIWrite(cert);
|
|
- if(buf == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecNssX509SKIWrite",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
- return(-1);
|
|
- }
|
|
-
|
|
- cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs);
|
|
- if(cur == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecAddChild",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- "new_node=%s",
|
|
- xmlSecErrorsSafeString(xmlSecNodeX509SKI));
|
|
- xmlFree(buf);
|
|
- return(-1);
|
|
- }
|
|
- xmlSecNodeEncodeAndSetContent(cur, buf);
|
|
- xmlFree(buf);
|
|
-
|
|
- return(0);
|
|
-}
|
|
-
|
|
static int
|
|
xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
xmlChar *content;
|
|
@@ -1524,19 +1286,13 @@
|
|
xmlSecAssert2(keyInfoCtx != NULL, -1);
|
|
|
|
content = xmlNodeGetContent(node);
|
|
- if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
|
|
- if(content != NULL) {
|
|
- xmlFree(content);
|
|
- }
|
|
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
|
|
+ if(content == NULL){
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
|
|
XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
|
|
XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
- }
|
|
- return(0);
|
|
}
|
|
|
|
crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx);
|
|
@@ -1556,47 +1312,6 @@
|
|
}
|
|
|
|
static int
|
|
-xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
- xmlChar* buf = NULL;
|
|
- xmlNodePtr cur = NULL;
|
|
-
|
|
- xmlSecAssert2(crl != NULL, -1);
|
|
- xmlSecAssert2(node != NULL, -1);
|
|
- xmlSecAssert2(keyInfoCtx != NULL, -1);
|
|
-
|
|
- /* set base64 lines size from context */
|
|
- buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
|
|
- if(buf == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecNssX509CrlBase64DerWrite",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
- return(-1);
|
|
- }
|
|
-
|
|
- cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
|
|
- if(cur == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecAddChild",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- "new_node=%s",
|
|
- xmlSecErrorsSafeString(xmlSecNodeX509CRL));
|
|
- xmlFree(buf);
|
|
- return(-1);
|
|
- }
|
|
- /* todo: add \n around base64 data - from context */
|
|
- /* todo: add errors check */
|
|
- xmlNodeSetContent(cur, xmlSecStringCR);
|
|
- xmlNodeSetContent(cur, buf);
|
|
- xmlFree(buf);
|
|
-
|
|
- return(0);
|
|
-}
|
|
-
|
|
-
|
|
-static int
|
|
xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
|
|
xmlSecKeyInfoCtxPtr keyInfoCtx) {
|
|
xmlSecNssX509DataCtxPtr ctx;
|
|
@@ -1604,6 +1319,10 @@
|
|
int ret;
|
|
SECStatus status;
|
|
PRTime notBefore, notAfter;
|
|
+
|
|
+ PK11SlotInfo* slot ;
|
|
+ SECKEYPublicKey *pubKey = NULL;
|
|
+ SECKEYPrivateKey *priKey = NULL;
|
|
|
|
xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1);
|
|
xmlSecAssert2(key != NULL, -1);
|
|
@@ -1636,10 +1355,14 @@
|
|
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
|
|
"CERT_DupCertificate",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ "error code=%d", PORT_GetError());
|
|
return(-1);
|
|
}
|
|
-
|
|
+
|
|
+ /*-
|
|
+ * Get Public key from cert, which does not always work for sign
|
|
+ * action.
|
|
+ *
|
|
keyValue = xmlSecNssX509CertGetKey(ctx->keyCert);
|
|
if(keyValue == NULL) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
@@ -1649,6 +1372,54 @@
|
|
XMLSEC_ERRORS_NO_MESSAGE);
|
|
return(-1);
|
|
}
|
|
+ */
|
|
+ /*-
|
|
+ * I'll search key according to KeyReq.
|
|
+ */
|
|
+ slot = cert->slot ;
|
|
+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
|
|
+ if( ( priKey = PK11_FindPrivateKeyFromCert( slot , cert , NULL ) ) == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
|
|
+ "PK11_FindPrivateKeyFromCert" ,
|
|
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+ return -1 ;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
|
|
+ if( ( pubKey = CERT_ExtractPublicKey( cert ) ) == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
|
|
+ "CERT_ExtractPublicKey" ,
|
|
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+
|
|
+
|
|
+ if( priKey != NULL )
|
|
+ SECKEY_DestroyPrivateKey( priKey ) ;
|
|
+ return -1 ;
|
|
+ }
|
|
+ }
|
|
+
|
|
+ keyValue = xmlSecNssPKIAdoptKey(priKey, pubKey);
|
|
+ if( keyValue == NULL ) {
|
|
+ xmlSecError( XMLSEC_ERRORS_HERE ,
|
|
+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
|
|
+ "xmlSecNssPKIAdoptKey" ,
|
|
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+
|
|
+ if( priKey != NULL )
|
|
+ SECKEY_DestroyPrivateKey( priKey ) ;
|
|
+
|
|
+ if( pubKey != NULL )
|
|
+ SECKEY_DestroyPublicKey( pubKey ) ;
|
|
+
|
|
+ return -1 ;
|
|
+ }
|
|
+ /* Modify keyValue get Done */
|
|
|
|
/* verify that the key matches our expectations */
|
|
if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
|
|
@@ -1950,86 +1721,6 @@
|
|
return(res);
|
|
}
|
|
|
|
-static xmlChar*
|
|
-xmlSecNssX509NameWrite(CERTName* nm) {
|
|
- xmlChar *res = NULL;
|
|
- char *str;
|
|
-
|
|
- xmlSecAssert2(nm != NULL, NULL);
|
|
-
|
|
- str = CERT_NameToAscii(nm);
|
|
- if (str == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "CERT_NameToAscii",
|
|
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
- return(NULL);
|
|
- }
|
|
-
|
|
- res = xmlStrdup(BAD_CAST str);
|
|
- if(res == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlStrdup",
|
|
- XMLSEC_ERRORS_R_MALLOC_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
- PORT_Free(str);
|
|
- return(NULL);
|
|
- }
|
|
- PORT_Free(str);
|
|
- return(res);
|
|
-}
|
|
-
|
|
-static xmlChar*
|
|
-xmlSecNssASN1IntegerWrite(SECItem *num) {
|
|
- xmlChar *res = NULL;
|
|
-
|
|
- xmlSecAssert2(num != NULL, NULL);
|
|
-
|
|
- /* TODO : to be implemented after
|
|
- * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed
|
|
- */
|
|
- return(res);
|
|
-}
|
|
-
|
|
-static xmlChar*
|
|
-xmlSecNssX509SKIWrite(CERTCertificate* cert) {
|
|
- xmlChar *res = NULL;
|
|
- SECItem ski;
|
|
- SECStatus rv;
|
|
-
|
|
- xmlSecAssert2(cert != NULL, NULL);
|
|
-
|
|
- memset(&ski, 0, sizeof(ski));
|
|
-
|
|
- rv = CERT_FindSubjectKeyIDExtension(cert, &ski);
|
|
- if (rv != SECSuccess) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "CERT_FindSubjectKeyIDExtension",
|
|
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
- SECITEM_FreeItem(&ski, PR_FALSE);
|
|
- return(NULL);
|
|
- }
|
|
-
|
|
- res = xmlSecBase64Encode(ski.data, ski.len, 0);
|
|
- if(res == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecBase64Encode",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
- SECITEM_FreeItem(&ski, PR_FALSE);
|
|
- return(NULL);
|
|
- }
|
|
- SECITEM_FreeItem(&ski, PR_FALSE);
|
|
-
|
|
- return(res);
|
|
-}
|
|
-
|
|
-
|
|
static void
|
|
xmlSecNssX509CertDebugDump(CERTCertificate* cert, FILE* output) {
|
|
SECItem *sn;
|
|
--- misc/xmlsec1-1.2.14/src/nss/x509vfy.c 2009-06-25 22:53:18.000000000 +0200
|
|
+++ misc/build/xmlsec1-1.2.14/src/nss/x509vfy.c 2009-09-21 14:02:48.669245207 +0200
|
|
@@ -30,6 +30,7 @@
|
|
#include <xmlsec/keyinfo.h>
|
|
#include <xmlsec/keysmngr.h>
|
|
#include <xmlsec/base64.h>
|
|
+#include <xmlsec/bn.h>
|
|
#include <xmlsec/errors.h>
|
|
|
|
#include <xmlsec/nss/crypto.h>
|
|
@@ -61,17 +62,7 @@
|
|
|
|
static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store);
|
|
static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store);
|
|
-static int xmlSecNssX509NameStringRead (xmlSecByte **str,
|
|
- int *strLen,
|
|
- xmlSecByte *res,
|
|
- int resLen,
|
|
- xmlSecByte delim,
|
|
- int ingoreTrailingSpaces);
|
|
-static xmlSecByte * xmlSecNssX509NameRead (xmlSecByte *str,
|
|
- int len);
|
|
-
|
|
-static void xmlSecNssNumToItem(SECItem *it, unsigned long num);
|
|
-
|
|
+static int xmlSecNssIntegerToItem( const xmlChar* integer , SECItem *it ) ;
|
|
|
|
static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = {
|
|
sizeof(xmlSecKeyDataStoreKlass),
|
|
@@ -339,40 +330,28 @@
|
|
xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName,
|
|
xmlChar *issuerSerial, xmlChar *ski) {
|
|
CERTCertificate *cert = NULL;
|
|
- xmlChar *p = NULL;
|
|
CERTName *name = NULL;
|
|
SECItem *nameitem = NULL;
|
|
PRArenaPool *arena = NULL;
|
|
|
|
if (subjectName != NULL) {
|
|
- p = xmlSecNssX509NameRead(subjectName, xmlStrlen(subjectName));
|
|
- if (p == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecNssX509NameRead",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- "subject=%s",
|
|
- xmlSecErrorsSafeString(subjectName));
|
|
- goto done;
|
|
- }
|
|
-
|
|
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
|
|
if (arena == NULL) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
NULL,
|
|
"PORT_NewArena",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ "error code=%d", PORT_GetError());
|
|
goto done;
|
|
}
|
|
|
|
- name = CERT_AsciiToName((char*)p);
|
|
+ name = CERT_AsciiToName((char*)subjectName);
|
|
if (name == NULL) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
NULL,
|
|
"CERT_AsciiToName",
|
|
XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ "error code=%d", PORT_GetError());
|
|
goto done;
|
|
}
|
|
|
|
@@ -394,34 +373,23 @@
|
|
if((issuerName != NULL) && (issuerSerial != NULL)) {
|
|
CERTIssuerAndSN issuerAndSN;
|
|
|
|
- p = xmlSecNssX509NameRead(issuerName, xmlStrlen(issuerName));
|
|
- if (p == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecNssX509NameRead",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- "issuer=%s",
|
|
- xmlSecErrorsSafeString(issuerName));
|
|
- goto done;
|
|
- }
|
|
-
|
|
arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
|
|
if (arena == NULL) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
NULL,
|
|
"PORT_NewArena",
|
|
XMLSEC_ERRORS_R_CRYPTO_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ "error code=%d", PORT_GetError());
|
|
goto done;
|
|
}
|
|
|
|
- name = CERT_AsciiToName((char*)p);
|
|
+ name = CERT_AsciiToName((char*)issuerName);
|
|
if (name == NULL) {
|
|
xmlSecError(XMLSEC_ERRORS_HERE,
|
|
NULL,
|
|
"CERT_AsciiToName",
|
|
XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ "error code=%d", PORT_GetError());
|
|
goto done;
|
|
}
|
|
|
|
@@ -441,8 +409,15 @@
|
|
issuerAndSN.derIssuer.data = nameitem->data;
|
|
issuerAndSN.derIssuer.len = nameitem->len;
|
|
|
|
- /* TBD: serial num can be arbitrarily long */
|
|
- xmlSecNssNumToItem(&issuerAndSN.serialNumber, PORT_Atoi((char *)issuerSerial));
|
|
+ if( xmlSecNssIntegerToItem( issuerSerial, &issuerAndSN.serialNumber ) < 0 ) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ NULL,
|
|
+ "xmlSecNssIntegerToItem",
|
|
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
+ "serial number=%s",
|
|
+ xmlSecErrorsSafeString(issuerSerial));
|
|
+ goto done;
|
|
+ }
|
|
|
|
cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(),
|
|
&issuerAndSN);
|
|
@@ -473,9 +448,6 @@
|
|
}
|
|
|
|
done:
|
|
- if (p != NULL) {
|
|
- PORT_Free(p);
|
|
- }
|
|
if (arena != NULL) {
|
|
PORT_FreeArena(arena, PR_FALSE);
|
|
}
|
|
@@ -486,176 +458,6 @@
|
|
return(cert);
|
|
}
|
|
|
|
-static xmlSecByte *
|
|
-xmlSecNssX509NameRead(xmlSecByte *str, int len) {
|
|
- xmlSecByte name[256];
|
|
- xmlSecByte value[256];
|
|
- xmlSecByte *retval = NULL;
|
|
- xmlSecByte *p = NULL;
|
|
- int nameLen, valueLen;
|
|
-
|
|
- xmlSecAssert2(str != NULL, NULL);
|
|
-
|
|
- /* return string should be no longer than input string */
|
|
- retval = (xmlSecByte *)PORT_Alloc(len+1);
|
|
- if(retval == NULL) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "PORT_Alloc",
|
|
- XMLSEC_ERRORS_R_MALLOC_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
- return(NULL);
|
|
- }
|
|
- p = retval;
|
|
-
|
|
- while(len > 0) {
|
|
- /* skip spaces after comma or semicolon */
|
|
- while((len > 0) && isspace(*str)) {
|
|
- ++str; --len;
|
|
- }
|
|
-
|
|
- nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0);
|
|
- if(nameLen < 0) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecNssX509NameStringRead",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
- goto done;
|
|
- }
|
|
- memcpy(p, name, nameLen);
|
|
- p+=nameLen;
|
|
- *p++='=';
|
|
- if(len > 0) {
|
|
- ++str; --len;
|
|
- if((*str) == '\"') {
|
|
- valueLen = xmlSecNssX509NameStringRead(&str, &len,
|
|
- value, sizeof(value), '"', 1);
|
|
- if(valueLen < 0) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecNssX509NameStringRead",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
- goto done;
|
|
- }
|
|
- /* skip spaces before comma or semicolon */
|
|
- while((len > 0) && isspace(*str)) {
|
|
- ++str; --len;
|
|
- }
|
|
- if((len > 0) && ((*str) != ',')) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- NULL,
|
|
- XMLSEC_ERRORS_R_INVALID_DATA,
|
|
- "comma is expected");
|
|
- goto done;
|
|
- }
|
|
- if(len > 0) {
|
|
- ++str; --len;
|
|
- }
|
|
- *p++='\"';
|
|
- memcpy(p, value, valueLen);
|
|
- p+=valueLen;
|
|
- *p++='\"';
|
|
- } else if((*str) == '#') {
|
|
- /* TODO: read octect values */
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- NULL,
|
|
- XMLSEC_ERRORS_R_INVALID_DATA,
|
|
- "reading octect values is not implemented yet");
|
|
- goto done;
|
|
- } else {
|
|
- valueLen = xmlSecNssX509NameStringRead(&str, &len,
|
|
- value, sizeof(value), ',', 1);
|
|
- if(valueLen < 0) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- "xmlSecNssX509NameStringRead",
|
|
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
|
|
- XMLSEC_ERRORS_NO_MESSAGE);
|
|
- goto done;
|
|
- }
|
|
- memcpy(p, value, valueLen);
|
|
- p+=valueLen;
|
|
- if (len > 0)
|
|
- *p++=',';
|
|
- }
|
|
- } else {
|
|
- valueLen = 0;
|
|
- }
|
|
- if(len > 0) {
|
|
- ++str; --len;
|
|
- }
|
|
- }
|
|
-
|
|
- *p = 0;
|
|
- return(retval);
|
|
-
|
|
-done:
|
|
- PORT_Free(retval);
|
|
- return (NULL);
|
|
-}
|
|
-
|
|
-static int
|
|
-xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen,
|
|
- xmlSecByte *res, int resLen,
|
|
- xmlSecByte delim, int ingoreTrailingSpaces) {
|
|
- xmlSecByte *p, *q, *nonSpace;
|
|
-
|
|
- xmlSecAssert2(str != NULL, -1);
|
|
- xmlSecAssert2(strLen != NULL, -1);
|
|
- xmlSecAssert2(res != NULL, -1);
|
|
-
|
|
- p = (*str);
|
|
- nonSpace = q = res;
|
|
- while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) {
|
|
- if((*p) != '\\') {
|
|
- if(ingoreTrailingSpaces && !isspace(*p)) {
|
|
- nonSpace = q;
|
|
- }
|
|
- *(q++) = *(p++);
|
|
- } else {
|
|
- ++p;
|
|
- nonSpace = q;
|
|
- if(xmlSecIsHex((*p))) {
|
|
- if((p - (*str) + 1) >= (*strLen)) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- NULL,
|
|
- XMLSEC_ERRORS_R_INVALID_DATA,
|
|
- "two hex digits expected");
|
|
- return(-1);
|
|
- }
|
|
- *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]);
|
|
- p += 2;
|
|
- } else {
|
|
- if(((++p) - (*str)) >= (*strLen)) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- NULL,
|
|
- XMLSEC_ERRORS_R_INVALID_DATA,
|
|
- "escaped symbol missed");
|
|
- return(-1);
|
|
- }
|
|
- *(q++) = *(p++);
|
|
- }
|
|
- }
|
|
- }
|
|
- if(((p - (*str)) < (*strLen)) && ((*p) != delim)) {
|
|
- xmlSecError(XMLSEC_ERRORS_HERE,
|
|
- NULL,
|
|
- NULL,
|
|
- XMLSEC_ERRORS_R_INVALID_SIZE,
|
|
- "buffer is too small");
|
|
- return(-1);
|
|
- }
|
|
- (*strLen) -= (p - (*str));
|
|
- (*str) = p;
|
|
- return((ingoreTrailingSpaces) ? nonSpace - res + 1 : q - res);
|
|
-}
|
|
-
|
|
/* code lifted from NSS */
|
|
static void
|
|
xmlSecNssNumToItem(SECItem *it, unsigned long ui)
|
|
@@ -699,6 +501,77 @@
|
|
it->len = len;
|
|
PORT_Memcpy(it->data, bb + (sizeof(bb) - len), len);
|
|
}
|
|
+
|
|
+static int
|
|
+xmlSecNssIntegerToItem(
|
|
+ const xmlChar* integer ,
|
|
+ SECItem *item
|
|
+) {
|
|
+ xmlSecBn bn ;
|
|
+ xmlSecSize i, length ;
|
|
+ const xmlSecByte* bnInteger ;
|
|
+
|
|
+ xmlSecAssert2( integer != NULL, -1 ) ;
|
|
+ xmlSecAssert2( item != NULL, -1 ) ;
|
|
+
|
|
+ if( xmlSecBnInitialize( &bn, 0 ) < 0 ) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ NULL,
|
|
+ "xmlSecBnInitialize",
|
|
+ XMLSEC_ERRORS_R_INVALID_DATA,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ return -1 ;
|
|
+ }
|
|
+
|
|
+ if( xmlSecBnFromDecString( &bn, integer ) < 0 ) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ NULL,
|
|
+ "xmlSecBnFromDecString",
|
|
+ XMLSEC_ERRORS_R_INVALID_DATA,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ xmlSecBnFinalize( &bn ) ;
|
|
+ return -1 ;
|
|
+ }
|
|
+
|
|
+ length = xmlSecBnGetSize( &bn ) ;
|
|
+ if( length <= 0 ) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ NULL,
|
|
+ "xmlSecBnGetSize",
|
|
+ XMLSEC_ERRORS_R_INVALID_DATA,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE);
|
|
+ }
|
|
+
|
|
+ bnInteger = xmlSecBnGetData( &bn ) ;
|
|
+ if( bnInteger == NULL ) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ NULL,
|
|
+ "xmlSecBnGetData",
|
|
+ XMLSEC_ERRORS_R_INVALID_DATA,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+ xmlSecBnFinalize( &bn ) ;
|
|
+ return -1 ;
|
|
+ }
|
|
+
|
|
+ item->data = ( unsigned char * )PORT_Alloc( length );
|
|
+ if( item->data == NULL ) {
|
|
+ xmlSecError(XMLSEC_ERRORS_HERE,
|
|
+ NULL,
|
|
+ "PORT_Alloc",
|
|
+ XMLSEC_ERRORS_R_INVALID_DATA,
|
|
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
|
|
+ xmlSecBnFinalize( &bn ) ;
|
|
+ return -1 ;
|
|
+ }
|
|
+
|
|
+ item->len = length;
|
|
+ for( i = 0 ; i < length ; i ++ )
|
|
+ item->data[i] = *( bnInteger + i ) ;
|
|
+
|
|
+ xmlSecBnFinalize( &bn ) ;
|
|
+
|
|
+ return 0 ;
|
|
+}
|
|
#endif /* XMLSEC_NO_X509 */
|
|
|
|
|
|
--- misc/xmlsec1-1.2.14/win32/Makefile.msvc 2009-06-25 22:53:18.000000000 +0200
|
|
+++ misc/build/xmlsec1-1.2.14/win32/Makefile.msvc 2009-09-21 14:02:48.607277908 +0200
|
|
@@ -218,6 +218,9 @@
|
|
$(XMLSEC_OPENSSL_INTDIR_A)\x509vfy.obj
|
|
|
|
XMLSEC_NSS_OBJS = \
|
|
+ $(XMLSEC_NSS_INTDIR)\akmngr.obj\
|
|
+ $(XMLSEC_NSS_INTDIR)\keywrapers.obj\
|
|
+ $(XMLSEC_NSS_INTDIR)\tokens.obj\
|
|
$(XMLSEC_NSS_INTDIR)\app.obj\
|
|
$(XMLSEC_NSS_INTDIR)\bignum.obj\
|
|
$(XMLSEC_NSS_INTDIR)\ciphers.obj \
|
|
@@ -253,6 +256,7 @@
|
|
$(XMLSEC_NSS_INTDIR_A)\strings.obj
|
|
|
|
XMLSEC_MSCRYPTO_OBJS = \
|
|
+ $(XMLSEC_MSCRYPTO_INTDIR)\akmngr.obj\
|
|
$(XMLSEC_MSCRYPTO_INTDIR)\app.obj\
|
|
$(XMLSEC_MSCRYPTO_INTDIR)\crypto.obj \
|
|
$(XMLSEC_MSCRYPTO_INTDIR)\ciphers.obj \
|