/** * xmlSecSoap11GetBody: * @envNode: the pointer to <soap:Envelope> node. * * Gets pointer to the <soap:Body> node. * * Returns pointer to <soap:Body> node or NULL if an error occurs. */ EXPORT_C xmlNodePtr xmlSecSoap11GetBody(xmlNodePtr envNode) { xmlNodePtr cur; xmlSecAssert2(envNode != NULL, NULL); /* optional Header node first */ cur = xmlSecGetNextElementNode(envNode->children); if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHeader, xmlSecSoap11Ns)) { cur = xmlSecGetNextElementNode(cur->next); } /* Body node is next */ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap11Ns)) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, xmlSecErrorsSafeString(xmlSecNodeBody), XMLSEC_ERRORS_R_NODE_NOT_FOUND, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } return(cur); }
/** * xmlSecSoap11CheckEnvelope: * @envNode: the pointer to <soap:Envelope> node. * * Validates <soap:Envelope> node structure. * * Returns: 1 if @envNode has a valid <soap:Envelope> element, 0 if it is * not valid or a negative value if an error occurs. */ int xmlSecSoap11CheckEnvelope(xmlNodePtr envNode) { xmlNodePtr cur; xmlSecAssert2(envNode != NULL, -1); /* verify envNode itself */ if(!xmlSecCheckNodeName(envNode, xmlSecNodeEnvelope, xmlSecSoap11Ns)) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, xmlSecErrorsSafeString(xmlSecNodeEnvelope), XMLSEC_ERRORS_R_NODE_NOT_FOUND, XMLSEC_ERRORS_NO_MESSAGE); return(0); } /* optional Header node first */ cur = xmlSecGetNextElementNode(envNode->children); if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHeader, xmlSecSoap11Ns)) { cur = xmlSecGetNextElementNode(cur->next); } /* required Body node is next */ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap11Ns)) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, xmlSecErrorsSafeString(xmlSecNodeBody), XMLSEC_ERRORS_R_NODE_NOT_FOUND, XMLSEC_ERRORS_NO_MESSAGE); return(0); } return(1); }
static int xmlSecOpenSSLRsaOaepNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { xmlSecOpenSSLRsaOaepCtxPtr ctx; xmlNodePtr cur; int ret; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); ctx = xmlSecOpenSSLRsaOaepGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); xmlSecAssert2(xmlSecBufferGetSize(&(ctx->oaepParams)) == 0, -1); cur = xmlSecGetNextElementNode(node->children); while(cur != NULL) { if(xmlSecCheckNodeName(cur, xmlSecNodeRsaOAEPparams, xmlSecEncNs)) { ret = xmlSecBufferBase64NodeContentRead(&(ctx->oaepParams), cur); if(ret < 0) { xmlSecInternalError("xmlSecBufferBase64NodeContentRead", xmlSecTransformGetName(transform)); return(-1); } } else if(xmlSecCheckNodeName(cur, xmlSecNodeDigestMethod, xmlSecDSigNs)) { xmlChar* algorithm; /* Algorithm attribute is required */ algorithm = xmlGetProp(cur, xmlSecAttrAlgorithm); if(algorithm == NULL) { xmlSecInvalidNodeAttributeError(cur, xmlSecAttrAlgorithm, xmlSecTransformGetName(transform), "empty"); return(-1); } /* for now we support only sha1 */ if(xmlStrcmp(algorithm, xmlSecHrefSha1) != 0) { xmlSecInvalidTransfromError2(transform, "digest algorithm=\"%s\" is not supported for rsa/oaep", xmlSecErrorsSafeString(algorithm)); xmlFree(algorithm); return(-1); } xmlFree(algorithm); } else { /* not found */ xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform)); return(-1); } /* next node */ cur = xmlSecGetNextElementNode(cur->next); } return(0); }
static int xmlSecEncCtxCipherDataNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { xmlNodePtr cur; int ret; xmlSecAssert2(encCtx != NULL, -1); xmlSecAssert2(node != NULL, -1); cur = xmlSecGetNextElementNode(node->children); /* we either have CipherValue or CipherReference node */ xmlSecAssert2(encCtx->cipherValueNode == NULL, -1); if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeCipherValue, xmlSecEncNs))) { /* don't need data from CipherData node when we are encrypting */ if(encCtx->operation == xmlSecTransformOperationDecrypt) { xmlSecTransformPtr base64Decode; /* we need to add base64 decode transform */ base64Decode = xmlSecTransformCtxCreateAndPrepend(&(encCtx->transformCtx), xmlSecTransformBase64Id); if(base64Decode == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecTransformCtxCreateAndPrepend", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } } encCtx->cipherValueNode = cur; cur = xmlSecGetNextElementNode(cur->next); } else if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeCipherReference, xmlSecEncNs))) { /* don't need data from CipherReference node when we are encrypting */ if(encCtx->operation == xmlSecTransformOperationDecrypt) { ret = xmlSecEncCtxCipherReferenceNodeRead(encCtx, cur); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecEncCtxCipherReferenceNodeRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); return(-1); } } cur = xmlSecGetNextElementNode(cur->next); } if(cur != NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_UNEXPECTED_NODE, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } return(0); }
/** * xmlSecX509DataGetNodeContent: * @node: the pointer to <dsig:X509Data/> node. * @deleteChildren: the flag that indicates whether to remove node children after reading. * @keyInfoCtx: the pointer to <dsig:KeyInfo/> node processing context. * * Reads the contents of <dsig:X509Data/> node and returns it as * a bits mask. * * Returns the bit mask representing the <dsig:X509Data/> node content * or a negative value if an error occurs. */ EXPORT_C int xmlSecX509DataGetNodeContent (xmlNodePtr node, int deleteChildren, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlNodePtr cur, next; int deleteCurNode; int content = 0; xmlSecAssert2(node != NULL, 0); xmlSecAssert2(keyInfoCtx != NULL, -1); /* determine the current node content */ cur = xmlSecGetNextElementNode(node->children); while(cur != NULL) { deleteCurNode = 0; if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) { if(xmlSecIsEmptyNode(cur) == 1) { content |= XMLSEC_X509DATA_CERTIFICATE_NODE; deleteCurNode = 1; } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) { if(xmlSecIsEmptyNode(cur) == 1) { content |= XMLSEC_X509DATA_SUBJECTNAME_NODE; deleteCurNode = 1; } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) { if(xmlSecIsEmptyNode(cur) == 1) { content |= XMLSEC_X509DATA_ISSUERSERIAL_NODE; deleteCurNode = 1; } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) { if(xmlSecIsEmptyNode(cur) == 1) { content |= XMLSEC_X509DATA_SKI_NODE; deleteCurNode = 1; } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) { if(xmlSecIsEmptyNode(cur) == 1) { content |= XMLSEC_X509DATA_CRL_NODE; deleteCurNode = 1; } } else { } next = xmlSecGetNextElementNode(cur->next); if((deleteCurNode != 0) && (deleteChildren != 0)) { /* remove "template" nodes */ xmlUnlinkNode(cur); xmlFreeNode(cur); } cur = next; } return (content); }
static int xmlSecTransformXPointerNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { xmlSecPtrListPtr dataList; xmlSecXPathDataPtr data; xmlNodePtr cur; int ret; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPointerId), -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); dataList = xmlSecXPathTransformGetDataList(transform); xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1); xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1); /* there is only one required node */ cur = xmlSecGetNextElementNode(node->children); if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPointer, xmlSecXPointerNs))) { xmlSecInvalidNodeError(cur, xmlSecNodeXPointer, xmlSecTransformGetName(transform)); return(-1); } /* read information from the node */ data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPointer); if(data == NULL) { xmlSecInternalError("xmlSecXPathDataCreate", xmlSecTransformGetName(transform)); return(-1); } ret = xmlSecXPathDataNodeRead(data, cur); if(ret < 0) { xmlSecInternalError("xmlSecXPathDataNodeRead", xmlSecTransformGetName(transform)); xmlSecXPathDataDestroy(data); return(-1); } /* append it to the list */ ret = xmlSecPtrListAdd(dataList, data); if(ret < 0) { xmlSecInternalError("xmlSecPtrListAdd", xmlSecTransformGetName(transform)); xmlSecXPathDataDestroy(data); return(-1); } /* set correct node set type and operation */ data->nodeSetOp = xmlSecNodeSetIntersection; data->nodeSetType = xmlSecNodeSetTree; /* check that we have nothing else */ cur = xmlSecGetNextElementNode(cur->next); if(cur != NULL) { xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform)); return(-1); } return(0); }
static lasso_error_t lasso_saml20_server_load_metadata_child(LassoServer *server, LassoProviderRole role, xmlDoc *doc, xmlNode *child, GList *blacklisted_entity_ids, GList **loaded_end, xmlSecKeysMngr *keys_mngr, LassoServerLoadMetadataFlag flags) { if (xmlSecCheckNodeName(child, BAD_CAST LASSO_SAML2_METADATA_ELEMENT_ENTITY_DESCRIPTOR, BAD_CAST LASSO_SAML2_METADATA_HREF)) { return lasso_saml20_server_load_metadata_entity(server, role, doc, child, blacklisted_entity_ids, loaded_end, keys_mngr, flags); } else if (xmlSecCheckNodeName(child, BAD_CAST LASSO_SAML2_METADATA_ELEMENT_ENTITIES_DESCRIPTOR, BAD_CAST LASSO_SAML2_METADATA_HREF)) { return lasso_saml20_server_load_metadata_entities(server, role, doc, child, blacklisted_entity_ids, loaded_end, keys_mngr, flags); } return LASSO_SERVER_ERROR_INVALID_XML; }
static int xmlSecEncCtxCipherReferenceNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { xmlNodePtr cur; xmlChar* uri; int ret; xmlSecAssert2(encCtx != NULL, -1); xmlSecAssert2(node != NULL, -1); /* first read the optional uri attr and check that we can process it */ uri = xmlGetProp(node, xmlSecAttrURI); ret = xmlSecTransformCtxSetUri(&(encCtx->transformCtx), uri, node); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecTransformCtxSetUri", XMLSEC_ERRORS_R_XMLSEC_FAILED, "uri=%s", xmlSecErrorsSafeString(uri)); xmlFree(uri); return(-1); } xmlFree(uri); cur = xmlSecGetNextElementNode(node->children); /* the only one node is optional Transforms node */ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeTransforms, xmlSecEncNs))) { ret = xmlSecTransformCtxNodesListRead(&(encCtx->transformCtx), cur, xmlSecTransformUsageDSigTransform); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecTransformCtxNodesListRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(encCtx->encMethodNode))); return(-1); } cur = xmlSecGetNextElementNode(cur->next); } /* if there is something left than it's an error */ if(cur != NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_UNEXPECTED_NODE, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } return(0); }
/** * xmlSecX509DataGetNodeContent: * @node: the pointer to <dsig:X509Data/> node. * @keyInfoCtx: the pointer to <dsig:KeyInfo/> node processing context. * * Reads the contents of <dsig:X509Data/> node and returns it as * a bits mask. * * Returns: the bit mask representing the <dsig:X509Data/> node content * or a negative value if an error occurs. */ int xmlSecX509DataGetNodeContent (xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlNodePtr cur; int content = 0; xmlSecAssert2(node != NULL, 0); xmlSecAssert2(keyInfoCtx != NULL, -1); /* determine the current node content */ cur = xmlSecGetNextElementNode(node->children); while(cur != NULL) { if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) { if(xmlSecIsEmptyNode(cur) == 1) { content |= XMLSEC_X509DATA_CERTIFICATE_NODE; } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) { if(xmlSecIsEmptyNode(cur) == 1) { content |= XMLSEC_X509DATA_SUBJECTNAME_NODE; } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) { if(xmlSecIsEmptyNode(cur) == 1) { content |= XMLSEC_X509DATA_ISSUERSERIAL_NODE; } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) { if(xmlSecIsEmptyNode(cur) == 1) { content |= XMLSEC_X509DATA_SKI_NODE; } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) { if(xmlSecIsEmptyNode(cur) == 1) { content |= XMLSEC_X509DATA_CRL_NODE; } } else { /* todo: fail on unknown child node? */ } cur = xmlSecGetNextElementNode(cur->next); } return (content); }
/** * xmlSecSoap11GetHeader: * @envNode: the pointer to <soap:Envelope> node. * * Gets pointer to the <soap:Header> node. * * Returns: pointer to <soap:Header> node or NULL if an error occurs. */ xmlNodePtr xmlSecSoap11GetHeader(xmlNodePtr envNode) { xmlNodePtr cur; xmlSecAssert2(envNode != NULL, NULL); /* optional Header node is first */ cur = xmlSecGetNextElementNode(envNode->children); if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHeader, xmlSecSoap11Ns)) { return(cur); } return(NULL); }
/** * xmlSecSoap12EnsureHeader: * @envNode: the pointer to <soap:Envelope> node. * * Gets the pointer to <soap:Header> node (if necessary, the node * is created). * * XML Schema (http://www.w3.org/2003/05/soap-envelope): * * <xs:element name="Header" type="tns:Header"/> * <xs:complexType name="Header"> * <xs:sequence> * <xs:any namespace="##any" processContents="lax" * minOccurs="0" maxOccurs="unbounded"/> * </xs:sequence> * <xs:anyAttribute namespace="##other" processContents="lax"/> * </xs:complexType> * * Returns pointer to <soap:Header> node or NULL if an error occurs. */ EXPORT_C xmlNodePtr xmlSecSoap12EnsureHeader(xmlNodePtr envNode) { xmlNodePtr hdrNode; xmlNodePtr cur; xmlSecAssert2(envNode != NULL, NULL); /* try to find Header node first */ cur = xmlSecGetNextElementNode(envNode->children); if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHeader, xmlSecSoap12Ns)) { return(cur); } /* if the first element child is not Header then it is Body */ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap12Ns)) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, xmlSecErrorsSafeString(xmlSecNodeBody), XMLSEC_ERRORS_R_NODE_NOT_FOUND, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } /* finally add Header node before body */ hdrNode = xmlSecAddPrevSibling(cur, xmlSecNodeHeader, xmlSecSoap12Ns); if(hdrNode == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecAddPrevSibling", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } return(hdrNode); }
/** * xmlSecGCryptHmacNodeRead: * * HMAC (http://www.w3.org/TR/xmldsig-core/#sec-HMAC): * * The HMAC algorithm (RFC2104 [HMAC]) takes the truncation length in bits * as a parameter; if the parameter is not specified then all the bits of the * hash are output. An example of an HMAC SignatureMethod element: * <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"> * <HMACOutputLength>128</HMACOutputLength> * </SignatureMethod> * * Schema Definition: * * <simpleType name="HMACOutputLengthType"> * <restriction base="integer"/> * </simpleType> * * DTD: * * <!ELEMENT HMACOutputLength (#PCDATA)> */ static int xmlSecGCryptHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { xmlSecGCryptHmacCtxPtr ctx; xmlNodePtr cur; xmlSecAssert2(xmlSecGCryptHmacCheckId(transform), -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptHmacSize), -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); ctx = xmlSecGCryptHmacGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); cur = xmlSecGetNextElementNode(node->children); if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) { xmlChar *content; content = xmlNodeGetContent(cur); if(content != NULL) { ctx->dgstSize = atoi((char*)content); xmlFree(content); } /* Ensure that HMAC length is greater than min specified. Otherwise, an attacker can set this length to 0 or very small value */ if((int)ctx->dgstSize < xmlSecGCryptHmacGetMinOutputLength()) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, "HMAC output length is too small"); return(-1); } cur = xmlSecGetNextElementNode(cur->next); } if(cur != NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_INVALID_NODE, "no nodes expected"); return(-1); } return(0); }
/** * This is step 2, point 4: if the input sourceId list doesn't contain the Id attribute of the current node, * then exclude it from the output, instead of processing it. */ static int xmlSecTransformRelationshipProcessNode(xmlSecTransformPtr transform, xmlOutputBufferPtr buf, xmlNodePtr cur) { int found = -1; xmlSecRelationshipCtxPtr ctx; xmlSecSize ii; int ret; xmlSecAssert2(transform != NULL, -1); xmlSecAssert2(buf != NULL, -1); xmlSecAssert2(cur != NULL, -1); if(xmlSecCheckNodeName(cur, xmlSecNodeRelationship, xmlSecRelationshipsNs)) { xmlChar* id = xmlGetProp(cur, xmlSecRelationshipAttrId); if(id == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlGetProp(xmlSecRelationshipAttrId)", XMLSEC_ERRORS_R_XML_FAILED, "name=Id"); return(-1); } ctx = xmlSecRelationshipGetCtx(transform); for(ii = 0; ii < xmlSecPtrListGetSize(ctx->sourceIdList); ++ii) { if(xmlStrcmp(xmlSecPtrListGetItem(ctx->sourceIdList, ii), id) == 0) { found = 1; break; } } xmlFree(id); if(found < 0) { return(0); } } ret = xmlSecTransformRelationshipProcessElementNode(transform, buf, cur); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecTransformRelationshipProcessElementNode", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } return(0); }
static int xmlSecRelationshipReadNode(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { xmlSecRelationshipCtxPtr ctx; xmlNodePtr cur; int ret; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformRelationshipId), -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecRelationshipSize), -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); ctx = xmlSecRelationshipGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); cur = node->children; while(cur != NULL) { if(xmlSecCheckNodeName(cur, xmlSecNodeRelationshipReference, xmlSecRelationshipReferenceNs)) { xmlChar* sourceId; sourceId = xmlGetProp(cur, xmlSecRelationshipAttrSourceId); if(sourceId == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, "xmlGetProp", xmlSecErrorsSafeString(xmlSecRelationshipAttrSourceId), XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(node))); return(-1); } ret = xmlSecPtrListAdd(ctx->sourceIdList, sourceId); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecPtrListAdd", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlFree(sourceId); return(-1); } } cur = cur->next; } return(0); }
static int xmlSecOpenSSLHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { xmlSecOpenSSLHmacCtxPtr ctx; xmlNodePtr cur; xmlSecAssert2(xmlSecOpenSSLHmacCheckId(transform), -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1); xmlSecAssert2(node!= NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); ctx = xmlSecOpenSSLHmacGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); cur = xmlSecGetNextElementNode(node->children); if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) { xmlChar *content; content = xmlNodeGetContent(cur); if(content != NULL) { ctx->dgstSize = atoi((char*)content); xmlFree(content); } /* Ensure that HMAC length is greater than min specified. Otherwise, an attacker can set this length to 0 or very small value */ if((int)ctx->dgstSize < xmlSecOpenSSLHmacGetMinOutputLength()) { xmlSecInvalidNodeContentError(cur, xmlSecTransformGetName(transform), "HMAC output length is too small"); return(-1); } cur = xmlSecGetNextElementNode(cur->next); } if(cur != NULL) { xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform)); return(-1); } return(0); }
static int xmlSecOpenSSLHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { xmlSecOpenSSLHmacCtxPtr ctx; xmlNodePtr cur; xmlSecAssert2(xmlSecOpenSSLHmacCheckId(transform), -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1); xmlSecAssert2(node!= NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); ctx = xmlSecOpenSSLHmacGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); cur = xmlSecGetNextElementNode(node->children); if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) { xmlChar *content; content = xmlNodeGetContent(cur); if(content != NULL) { ctx->dgstSize = atoi((char*)content); xmlFree(content); } /* todo: error if dgstSize == 0 ?*/ cur = xmlSecGetNextElementNode(cur->next); } if(cur != NULL) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_UNEXPECTED_NODE, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } return(0); }
static int xmlSecEncCtxEncDataNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { xmlNodePtr cur; int ret; xmlSecAssert2(encCtx != NULL, -1); xmlSecAssert2((encCtx->operation == xmlSecTransformOperationEncrypt) || (encCtx->operation == xmlSecTransformOperationDecrypt), -1); xmlSecAssert2(node != NULL, -1); switch(encCtx->mode) { case xmlEncCtxModeEncryptedData: if(!xmlSecCheckNodeName(node, xmlSecNodeEncryptedData, xmlSecEncNs)) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, xmlSecErrorsSafeString(xmlSecNodeGetName(node)), XMLSEC_ERRORS_R_INVALID_NODE, "expected=%s", xmlSecErrorsSafeString(xmlSecNodeEncryptedData)); return(-1); } break; case xmlEncCtxModeEncryptedKey: if(!xmlSecCheckNodeName(node, xmlSecNodeEncryptedKey, xmlSecEncNs)) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, xmlSecErrorsSafeString(xmlSecNodeGetName(node)), XMLSEC_ERRORS_R_INVALID_NODE, "expected=%s", xmlSecErrorsSafeString(xmlSecNodeEncryptedKey)); return(-1); } break; } /* first read node data */ xmlSecAssert2(encCtx->id == NULL, -1); xmlSecAssert2(encCtx->type == NULL, -1); xmlSecAssert2(encCtx->mimeType == NULL, -1); xmlSecAssert2(encCtx->encoding == NULL, -1); xmlSecAssert2(encCtx->recipient == NULL, -1); xmlSecAssert2(encCtx->carriedKeyName == NULL, -1); encCtx->id = xmlGetProp(node, xmlSecAttrId); encCtx->type = xmlGetProp(node, xmlSecAttrType); encCtx->mimeType = xmlGetProp(node, xmlSecAttrMimeType); encCtx->encoding = xmlGetProp(node, xmlSecAttrEncoding); if(encCtx->mode == xmlEncCtxModeEncryptedKey) { encCtx->recipient = xmlGetProp(node, xmlSecAttrRecipient); /* todo: check recipient? */ } cur = xmlSecGetNextElementNode(node->children); /* first node is optional EncryptionMethod, we'll read it later */ xmlSecAssert2(encCtx->encMethodNode == NULL, -1); if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeEncryptionMethod, xmlSecEncNs))) { encCtx->encMethodNode = cur; cur = xmlSecGetNextElementNode(cur->next); } /* next node is optional KeyInfo, we'll process it later */ xmlSecAssert2(encCtx->keyInfoNode == NULL, -1); if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs))) { encCtx->keyInfoNode = cur; cur = xmlSecGetNextElementNode(cur->next); } /* next is required CipherData node */ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeCipherData, xmlSecEncNs))) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_INVALID_NODE, "node=%s", xmlSecErrorsSafeString(xmlSecNodeCipherData)); return(-1); } ret = xmlSecEncCtxCipherDataNodeRead(encCtx, cur); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecEncCtxCipherDataNodeRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } cur = xmlSecGetNextElementNode(cur->next); /* next is optional EncryptionProperties node (we simply ignore it) */ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeEncryptionProperties, xmlSecEncNs))) { cur = xmlSecGetNextElementNode(cur->next); } /* there are more possible nodes for the <EncryptedKey> node */ if(encCtx->mode == xmlEncCtxModeEncryptedKey) { /* next is optional ReferenceList node (we simply ignore it) */ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeReferenceList, xmlSecEncNs))) { cur = xmlSecGetNextElementNode(cur->next); } /* next is optional CarriedKeyName node (we simply ignore it) */ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeCarriedKeyName, xmlSecEncNs))) { encCtx->carriedKeyName = xmlNodeGetContent(cur); if(encCtx->carriedKeyName == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, "node=%s", xmlSecErrorsSafeString(xmlSecNodeCipherData)); return(-1); } /* TODO: decode the name? */ cur = xmlSecGetNextElementNode(cur->next); } } /* if there is something left than it's an error */ if(cur != NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_UNEXPECTED_NODE, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } /* now read the encryption method node */ xmlSecAssert2(encCtx->encMethod == NULL, -1); if(encCtx->encMethodNode != NULL) { encCtx->encMethod = xmlSecTransformCtxNodeRead(&(encCtx->transformCtx), encCtx->encMethodNode, xmlSecTransformUsageEncryptionMethod); if(encCtx->encMethod == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecTransformCtxNodeRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(encCtx->encMethodNode))); return(-1); } } else if(encCtx->defEncMethodId != xmlSecTransformIdUnknown) { encCtx->encMethod = xmlSecTransformCtxCreateAndAppend(&(encCtx->transformCtx), encCtx->defEncMethodId); if(encCtx->encMethod == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecTransformCtxAppend", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } } else { xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_DATA, "encryption method not specified"); return(-1); } encCtx->encMethod->operation = encCtx->operation; /* we have encryption method, find key */ ret = xmlSecTransformSetKeyReq(encCtx->encMethod, &(encCtx->keyInfoReadCtx.keyReq)); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecTransformSetKeyReq", XMLSEC_ERRORS_R_XMLSEC_FAILED, "transform=%s", xmlSecErrorsSafeString(xmlSecTransformGetName(encCtx->encMethod))); return(-1); } /* TODO: KeyInfo node != NULL and encKey != NULL */ if((encCtx->encKey == NULL) && (encCtx->keyInfoReadCtx.keysMngr != NULL) && (encCtx->keyInfoReadCtx.keysMngr->getKey != NULL)) { encCtx->encKey = (encCtx->keyInfoReadCtx.keysMngr->getKey)(encCtx->keyInfoNode, &(encCtx->keyInfoReadCtx)); } /* check that we have exactly what we want */ if((encCtx->encKey == NULL) || (!xmlSecKeyMatch(encCtx->encKey, NULL, &(encCtx->keyInfoReadCtx.keyReq)))) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_KEY_NOT_FOUND, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } /* set the key to the transform */ ret = xmlSecTransformSetKey(encCtx->encMethod, encCtx->encKey); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecTransformSetKey", XMLSEC_ERRORS_R_XMLSEC_FAILED, "transform=%s", xmlSecErrorsSafeString(xmlSecTransformGetName(encCtx->encMethod))); return(-1); } /* if we need to write result to xml node then we need base64 encode it */ if((encCtx->operation == xmlSecTransformOperationEncrypt) && (encCtx->cipherValueNode != NULL)) { xmlSecTransformPtr base64Encode; /* we need to add base64 encode transform */ base64Encode = xmlSecTransformCtxCreateAndAppend(&(encCtx->transformCtx), xmlSecTransformBase64Id); if(base64Encode == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecTransformCtxCreateAndAppend", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } base64Encode->operation = xmlSecTransformOperationEncode; encCtx->resultBase64Encoded = 1; } return(0); }
static int xmlSecOpenSSLRsaOaepNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { xmlSecOpenSSLRsaOaepCtxPtr ctx; xmlNodePtr cur; int ret; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); ctx = xmlSecOpenSSLRsaOaepGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); xmlSecAssert2(xmlSecBufferGetSize(&(ctx->oaepParams)) == 0, -1); cur = xmlSecGetNextElementNode(node->children); while(cur != NULL) { if(xmlSecCheckNodeName(cur, xmlSecNodeRsaOAEPparams, xmlSecEncNs)) { ret = xmlSecBufferBase64NodeContentRead(&(ctx->oaepParams), cur); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecBufferBase64NodeContentRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } } else if(xmlSecCheckNodeName(cur, xmlSecNodeDigestMethod, xmlSecDSigNs)) { xmlChar* algorithm; /* Algorithm attribute is required */ algorithm = xmlGetProp(cur, xmlSecAttrAlgorithm); if(algorithm == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecAttrAlgorithm), XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); return(-1); } /* for now we support only sha1 */ if(xmlStrcmp(algorithm, xmlSecHrefSha1) != 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(algorithm), XMLSEC_ERRORS_R_INVALID_TRANSFORM, "digest algorithm is not supported for rsa/oaep"); xmlFree(algorithm); return(-1); } xmlFree(algorithm); } else { /* not found */ xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_UNEXPECTED_NODE, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } /* next node */ cur = xmlSecGetNextElementNode(cur->next); } return(0); }
static int xmlSecTransformXPathNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { xmlSecPtrListPtr dataList; xmlSecXPathDataPtr data; xmlNodePtr cur; xmlChar* tmp; int tmpSize; int ret; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPathId), -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); dataList = xmlSecXPathTransformGetDataList(transform); xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1); xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1); /* there is only one required node */ cur = xmlSecGetNextElementNode(node->children); if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPath, xmlSecDSigNs))) { xmlSecInvalidNodeError(cur, xmlSecNodeXPath, xmlSecTransformGetName(transform)); return(-1); } /* read information from the node */ data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath); if(data == NULL) { xmlSecInternalError("xmlSecXPathDataCreate", xmlSecTransformGetName(transform)); return(-1); } ret = xmlSecXPathDataNodeRead(data, cur); if(ret < 0) { xmlSecInternalError("xmlSecXPathDataNodeRead", xmlSecTransformGetName(transform)); xmlSecXPathDataDestroy(data); return(-1); } /* append it to the list */ ret = xmlSecPtrListAdd(dataList, data); if(ret < 0) { xmlSecInternalError("xmlSecPtrListAdd", xmlSecTransformGetName(transform)); xmlSecXPathDataDestroy(data); return(-1); } /* create full XPath expression */ xmlSecAssert2(data->expr != NULL, -1); tmpSize = xmlStrlen(data->expr) + strlen(xpathPattern) + 1; tmp = (xmlChar*) xmlMalloc(sizeof(xmlChar) * tmpSize); if(tmp == NULL) { xmlSecMallocError(sizeof(xmlChar) * tmpSize, xmlSecTransformGetName(transform)); return(-1); } ret = xmlStrPrintf(tmp, tmpSize, xpathPattern, (char*)data->expr); if(ret < 0) { xmlSecXmlError("xmlStrPrintf", xmlSecTransformGetName(transform)); xmlFree(tmp); return(-1); } xmlFree(data->expr); data->expr = tmp; /* set correct node set type and operation */ data->nodeSetOp = xmlSecNodeSetIntersection; data->nodeSetType = xmlSecNodeSetNormal; /* check that we have nothing else */ cur = xmlSecGetNextElementNode(cur->next); if(cur != NULL) { xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform)); return(-1); } return(0); }
static int xmlSecTransformXPointerNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { xmlSecPtrListPtr dataList; xmlSecXPathDataPtr data; xmlNodePtr cur; int ret; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPointerId), -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); dataList = xmlSecXPathTransformGetDataList(transform); xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1); xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1); /* there is only one required node */ cur = xmlSecGetNextElementNode(node->children); if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPointer, xmlSecXPointerNs))) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_INVALID_NODE, "expected=%s", xmlSecErrorsSafeString(xmlSecNodeXPath)); return(-1); } /* read information from the node */ data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPointer); if(data == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecXPathDataCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } ret = xmlSecXPathDataNodeRead(data, cur); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecXPathDataNodeRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecXPathDataDestroy(data); return(-1); } /* append it to the list */ ret = xmlSecPtrListAdd(dataList, data); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecPtrListAdd", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecXPathDataDestroy(data); return(-1); } /* set correct node set type and operation */ data->nodeSetOp = xmlSecNodeSetIntersection; data->nodeSetType = xmlSecNodeSetTree; /* check that we have nothing else */ cur = xmlSecGetNextElementNode(cur->next); if(cur != NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_UNEXPECTED_NODE, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } return(0); }
static int xmlSecTransformXPathNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { xmlSecPtrListPtr dataList; xmlSecXPathDataPtr data; xmlNodePtr cur; xmlChar* tmp; int ret; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPathId), -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); dataList = xmlSecXPathTransformGetDataList(transform); xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1); xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1); /* there is only one required node */ cur = xmlSecGetNextElementNode(node->children); if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPath, xmlSecDSigNs))) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_INVALID_NODE, "expected=%s", xmlSecErrorsSafeString(xmlSecNodeXPath)); return(-1); } /* read information from the node */ data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath); if(data == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecXPathDataCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } ret = xmlSecXPathDataNodeRead(data, cur); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecXPathDataNodeRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecXPathDataDestroy(data); return(-1); } /* append it to the list */ ret = xmlSecPtrListAdd(dataList, data); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecPtrListAdd", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecXPathDataDestroy(data); return(-1); } /* create full XPath expression */ xmlSecAssert2(data->expr != NULL, -1); tmp = (xmlChar*) xmlMalloc(sizeof(xmlChar) * (xmlStrlen(data->expr) + strlen(xpathPattern) + 1)); if(tmp == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "size=%d", (int)(xmlStrlen(data->expr) + strlen(xpathPattern) + 1)); return(-1); } sprintf((char*)tmp, xpathPattern, (char*)data->expr); xmlFree(data->expr); data->expr = tmp; /* set correct node set type and operation */ data->nodeSetOp = xmlSecNodeSetIntersection; data->nodeSetType = xmlSecNodeSetNormal; /* check that we have nothing else */ cur = xmlSecGetNextElementNode(cur->next); if(cur != NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_UNEXPECTED_NODE, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } return(0); }
static int xmlSecTransformXPath2NodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { xmlSecPtrListPtr dataList; xmlSecXPathDataPtr data; xmlNodePtr cur; xmlChar* op; int ret; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPath2Id), -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); dataList = xmlSecXPathTransformGetDataList(transform); xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1); xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1); /* There are only xpath nodes */ cur = xmlSecGetNextElementNode(node->children); while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeXPath2, xmlSecXPath2Ns)) { /* read information from the node */ data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath2); if(data == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecXPathDataCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } ret = xmlSecXPathDataNodeRead(data, cur); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecXPathDataNodeRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecXPathDataDestroy(data); return(-1); } /* append it to the list */ ret = xmlSecPtrListAdd(dataList, data); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecPtrListAdd", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecXPathDataDestroy(data); return(-1); } /* set correct node set type and operation */ data->nodeSetType = xmlSecNodeSetTree; op = xmlGetProp(cur, xmlSecAttrFilter); if(op == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecAttrFilter), XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); return(-1); } if(xmlStrEqual(op, xmlSecXPath2FilterIntersect)) { data->nodeSetOp = xmlSecNodeSetIntersection; } else if(xmlStrEqual(op, xmlSecXPath2FilterSubtract)) { data->nodeSetOp = xmlSecNodeSetSubtraction; } else if(xmlStrEqual(op, xmlSecXPath2FilterUnion)) { data->nodeSetOp = xmlSecNodeSetUnion; } else { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecAttrFilter), XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, "filter=%s", xmlSecErrorsSafeString(op)); xmlFree(op); return(-1); } xmlFree(op); cur = xmlSecGetNextElementNode(cur->next); } /* check that we have nothing else */ if(cur != NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_UNEXPECTED_NODE, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } return(0); }
/** * xmlSecSoap12AddFaultSubcode: * @faultNode: the pointer to <Fault> node. * @subCodeHref: the subcode href. * @subCodeName: the subcode name. * * Adds a new <Subcode> node to the <Code> node or the last <Subcode> node. * * Returns: a pointer to the newly created <Subcode> node or NULL if an error * occurs. */ xmlNodePtr xmlSecSoap12AddFaultSubcode(xmlNodePtr faultNode, const xmlChar* subCodeHref, const xmlChar* subCodeName) { xmlNodePtr cur, subcodeNode, valueNode; xmlChar* qname; xmlSecAssert2(faultNode != NULL, NULL); xmlSecAssert2(subCodeHref != NULL, NULL); xmlSecAssert2(subCodeName != NULL, NULL); /* Code node is the first childern in Fault node */ cur = xmlSecGetNextElementNode(faultNode->children); if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeCode, xmlSecSoap12Ns)) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_NODE, "node=%s", xmlSecErrorsSafeString(xmlSecNodeCode)); return(NULL); } /* find the Code or Subcode node that does not have Subcode child */ while(1) { xmlNodePtr tmp; tmp = xmlSecFindChild(cur, xmlSecNodeSubcode, xmlSecSoap12Ns); if(tmp != NULL) { cur = tmp; } else { break; } } xmlSecAssert2(cur != NULL, NULL); /* add Subcode node */ subcodeNode = xmlSecAddChild(cur, xmlSecNodeSubcode, xmlSecSoap12Ns); if(subcodeNode == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecAddChild", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeSubcode)); return(NULL); } /* add Value node */ valueNode = xmlSecAddChild(subcodeNode, xmlSecNodeValue, xmlSecSoap12Ns); if(valueNode == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecAddChild", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeValue)); xmlUnlinkNode(subcodeNode); xmlFreeNode(subcodeNode); return(NULL); } /* create qname for fault code */ qname = xmlSecGetQName(cur, subCodeHref, subCodeName); if(qname == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecGetQName", XMLSEC_ERRORS_R_XML_FAILED, "node=%s", xmlSecErrorsSafeString(cur->name)); xmlUnlinkNode(subcodeNode); xmlFreeNode(subcodeNode); return(NULL); } /* set result qname in Value node */ xmlNodeSetContent(cur, qname); if(qname != subCodeName) { xmlFree(qname); } return(subcodeNode); }
/** * xmlSecSimpleKeysStoreLoad: * @store: the pointer to simple keys store. * @uri: the filename. * @keysMngr: the pointer to associated keys manager. * * Reads keys from an XML file. * * Returns 0 on success or a negative value if an error occurs. */ int xmlSecSimpleKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, xmlSecKeysMngrPtr keysMngr) { xmlDocPtr doc; xmlNodePtr root; xmlNodePtr cur; xmlSecKeyPtr key; xmlSecKeyInfoCtx keyInfoCtx; int ret; xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecSimpleKeysStoreId), -1); xmlSecAssert2(uri != NULL, -1); doc = xmlParseFile(uri); if(doc == NULL) { xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), "xmlParseFile", XMLSEC_ERRORS_R_XML_FAILED, "uri=%s", xmlSecErrorsSafeString(uri)); return(-1); } root = xmlDocGetRootElement(doc); if(!xmlSecCheckNodeName(root, BAD_CAST "Keys", xmlSecNs)) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), xmlSecErrorsSafeString(xmlSecNodeGetName(root)), XMLSEC_ERRORS_R_INVALID_NODE, "expected-node=<xmlsec:Keys>"); xmlFreeDoc(doc); return(-1); } cur = xmlSecGetNextElementNode(root->children); while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs)) { key = xmlSecKeyCreate(); if(key == NULL) { xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_INVALID_NODE, "expected-node=%s", xmlSecErrorsSafeString(xmlSecNodeKeyInfo)); xmlFreeDoc(doc); return(-1); } ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL); if(ret < 0) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), "xmlSecKeyInfoCtxInitialize", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecKeyDestroy(key); xmlFreeDoc(doc); return(-1); } keyInfoCtx.mode = xmlSecKeyInfoModeRead; keyInfoCtx.keysMngr = keysMngr; keyInfoCtx.flags = XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND | XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS; keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown; keyInfoCtx.keyReq.keyType = xmlSecKeyDataTypeAny; keyInfoCtx.keyReq.keyUsage= xmlSecKeyDataUsageAny; ret = xmlSecKeyInfoNodeRead(cur, key, &keyInfoCtx); if(ret < 0) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), "xmlSecKeyInfoNodeRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecKeyInfoCtxFinalize(&keyInfoCtx); xmlSecKeyDestroy(key); xmlFreeDoc(doc); return(-1); } xmlSecKeyInfoCtxFinalize(&keyInfoCtx); if(xmlSecKeyIsValid(key)) { ret = xmlSecSimpleKeysStoreAdoptKey(store, key); if(ret < 0) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), "xmlSecSimpleKeysStoreAdoptKey", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecKeyDestroy(key); xmlFreeDoc(doc); return(-1); } } else { /* we have an unknown key in our file, just ignore it */ xmlSecKeyDestroy(key); } cur = xmlSecGetNextElementNode(cur->next); } if(cur != NULL) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_UNEXPECTED_NODE, XMLSEC_ERRORS_NO_MESSAGE); xmlFreeDoc(doc); return(-1); } xmlFreeDoc(doc); return(0); }
static int xmlSecTransformXPath2NodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { xmlSecPtrListPtr dataList; xmlSecXPathDataPtr data; xmlNodePtr cur; xmlChar* op; int ret; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPath2Id), -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); dataList = xmlSecXPathTransformGetDataList(transform); xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1); xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1); /* There are only xpath nodes */ cur = xmlSecGetNextElementNode(node->children); while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeXPath2, xmlSecXPath2Ns)) { /* read information from the node */ data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath2); if(data == NULL) { xmlSecInternalError("xmlSecXPathDataCreate", xmlSecTransformGetName(transform)); return(-1); } ret = xmlSecXPathDataNodeRead(data, cur); if(ret < 0) { xmlSecInternalError("xmlSecXPathDataNodeRead", xmlSecTransformGetName(transform)); xmlSecXPathDataDestroy(data); return(-1); } /* append it to the list */ ret = xmlSecPtrListAdd(dataList, data); if(ret < 0) { xmlSecInternalError("xmlSecPtrListAdd", xmlSecTransformGetName(transform)); xmlSecXPathDataDestroy(data); return(-1); } /* set correct node set type and operation */ data->nodeSetType = xmlSecNodeSetTree; op = xmlGetProp(cur, xmlSecAttrFilter); if(op == NULL) { xmlSecInvalidNodeAttributeError(cur, xmlSecAttrFilter, xmlSecTransformGetName(transform), "empty"); return(-1); } if(xmlStrEqual(op, xmlSecXPath2FilterIntersect)) { data->nodeSetOp = xmlSecNodeSetIntersection; } else if(xmlStrEqual(op, xmlSecXPath2FilterSubtract)) { data->nodeSetOp = xmlSecNodeSetSubtraction; } else if(xmlStrEqual(op, xmlSecXPath2FilterUnion)) { data->nodeSetOp = xmlSecNodeSetUnion; } else { xmlSecInvalidNodeAttributeError(cur, xmlSecAttrFilter, xmlSecTransformGetName(transform), "unknown"); xmlFree(op); return(-1); } xmlFree(op); cur = xmlSecGetNextElementNode(cur->next); } /* check that we have nothing else */ if(cur != NULL) { xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform)); return(-1); } return(0); }