/**
* xmlSecSoap11GetBody:
* @envNode: the pointer to <soap:Envelope> node.
*
* Gets pointer to the <soap:Body> node.
*
* Returns pointer to <soap:Body> node or NULL if an error occurs.
*/
EXPORT_C
xmlNodePtr
xmlSecSoap11GetBody(xmlNodePtr envNode) {
xmlNodePtr cur;
xmlSecAssert2(envNode != NULL, NULL);
/* optional Header node first */
cur = xmlSecGetNextElementNode(envNode->children);
if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHeader, xmlSecSoap11Ns)) {
cur = xmlSecGetNextElementNode(cur->next);
}
/* Body node is next */
if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap11Ns)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
xmlSecErrorsSafeString(xmlSecNodeBody),
XMLSEC_ERRORS_R_NODE_NOT_FOUND,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
return(cur);
}
/**
* xmlSecSoap11CheckEnvelope:
* @envNode: the pointer to <soap:Envelope> node.
*
* Validates <soap:Envelope> node structure.
*
* Returns: 1 if @envNode has a valid <soap:Envelope> element, 0 if it is
* not valid or a negative value if an error occurs.
*/
int
xmlSecSoap11CheckEnvelope(xmlNodePtr envNode) {
xmlNodePtr cur;
xmlSecAssert2(envNode != NULL, -1);
/* verify envNode itself */
if(!xmlSecCheckNodeName(envNode, xmlSecNodeEnvelope, xmlSecSoap11Ns)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
xmlSecErrorsSafeString(xmlSecNodeEnvelope),
XMLSEC_ERRORS_R_NODE_NOT_FOUND,
XMLSEC_ERRORS_NO_MESSAGE);
return(0);
}
/* optional Header node first */
cur = xmlSecGetNextElementNode(envNode->children);
if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHeader, xmlSecSoap11Ns)) {
cur = xmlSecGetNextElementNode(cur->next);
}
/* required Body node is next */
if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap11Ns)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
xmlSecErrorsSafeString(xmlSecNodeBody),
XMLSEC_ERRORS_R_NODE_NOT_FOUND,
XMLSEC_ERRORS_NO_MESSAGE);
return(0);
}
return(1);
}
static int
xmlSecOpenSSLRsaOaepNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecOpenSSLRsaOaepCtxPtr ctx;
xmlNodePtr cur;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(xmlSecBufferGetSize(&(ctx->oaepParams)) == 0, -1);
cur = xmlSecGetNextElementNode(node->children);
while(cur != NULL) {
if(xmlSecCheckNodeName(cur, xmlSecNodeRsaOAEPparams, xmlSecEncNs)) {
ret = xmlSecBufferBase64NodeContentRead(&(ctx->oaepParams), cur);
if(ret < 0) {
xmlSecInternalError("xmlSecBufferBase64NodeContentRead",
xmlSecTransformGetName(transform));
return(-1);
}
} else if(xmlSecCheckNodeName(cur, xmlSecNodeDigestMethod, xmlSecDSigNs)) {
xmlChar* algorithm;
/* Algorithm attribute is required */
algorithm = xmlGetProp(cur, xmlSecAttrAlgorithm);
if(algorithm == NULL) {
xmlSecInvalidNodeAttributeError(cur, xmlSecAttrAlgorithm,
xmlSecTransformGetName(transform),
"empty");
return(-1);
}
/* for now we support only sha1 */
if(xmlStrcmp(algorithm, xmlSecHrefSha1) != 0) {
xmlSecInvalidTransfromError2(transform,
"digest algorithm=\"%s\" is not supported for rsa/oaep",
xmlSecErrorsSafeString(algorithm));
xmlFree(algorithm);
return(-1);
}
xmlFree(algorithm);
} else {
/* not found */
xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform));
return(-1);
}
/* next node */
cur = xmlSecGetNextElementNode(cur->next);
}
return(0);
}
static int
xmlSecEncCtxCipherDataNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) {
xmlNodePtr cur;
int ret;
xmlSecAssert2(encCtx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
cur = xmlSecGetNextElementNode(node->children);
/* we either have CipherValue or CipherReference node */
xmlSecAssert2(encCtx->cipherValueNode == NULL, -1);
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeCipherValue, xmlSecEncNs))) {
/* don't need data from CipherData node when we are encrypting */
if(encCtx->operation == xmlSecTransformOperationDecrypt) {
xmlSecTransformPtr base64Decode;
/* we need to add base64 decode transform */
base64Decode = xmlSecTransformCtxCreateAndPrepend(&(encCtx->transformCtx), xmlSecTransformBase64Id);
if(base64Decode == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecTransformCtxCreateAndPrepend",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
}
encCtx->cipherValueNode = cur;
cur = xmlSecGetNextElementNode(cur->next);
} else if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeCipherReference, xmlSecEncNs))) {
/* don't need data from CipherReference node when we are encrypting */
if(encCtx->operation == xmlSecTransformOperationDecrypt) {
ret = xmlSecEncCtxCipherReferenceNodeRead(encCtx, cur);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecEncCtxCipherReferenceNodeRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
return(-1);
}
}
cur = xmlSecGetNextElementNode(cur->next);
}
if(cur != NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_UNEXPECTED_NODE,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
/**
* xmlSecX509DataGetNodeContent:
* @node: the pointer to <dsig:X509Data/> node.
* @deleteChildren: the flag that indicates whether to remove node children after reading.
* @keyInfoCtx: the pointer to <dsig:KeyInfo/> node processing context.
*
* Reads the contents of <dsig:X509Data/> node and returns it as
* a bits mask.
*
* Returns the bit mask representing the <dsig:X509Data/> node content
* or a negative value if an error occurs.
*/
EXPORT_C
int
xmlSecX509DataGetNodeContent (xmlNodePtr node, int deleteChildren,
xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlNodePtr cur, next;
int deleteCurNode;
int content = 0;
xmlSecAssert2(node != NULL, 0);
xmlSecAssert2(keyInfoCtx != NULL, -1);
/* determine the current node content */
cur = xmlSecGetNextElementNode(node->children);
while(cur != NULL) {
deleteCurNode = 0;
if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) {
if(xmlSecIsEmptyNode(cur) == 1) {
content |= XMLSEC_X509DATA_CERTIFICATE_NODE;
deleteCurNode = 1;
}
} else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) {
if(xmlSecIsEmptyNode(cur) == 1) {
content |= XMLSEC_X509DATA_SUBJECTNAME_NODE;
deleteCurNode = 1;
}
} else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) {
if(xmlSecIsEmptyNode(cur) == 1) {
content |= XMLSEC_X509DATA_ISSUERSERIAL_NODE;
deleteCurNode = 1;
}
} else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) {
if(xmlSecIsEmptyNode(cur) == 1) {
content |= XMLSEC_X509DATA_SKI_NODE;
deleteCurNode = 1;
}
} else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) {
if(xmlSecIsEmptyNode(cur) == 1) {
content |= XMLSEC_X509DATA_CRL_NODE;
deleteCurNode = 1;
}
} else {
}
next = xmlSecGetNextElementNode(cur->next);
if((deleteCurNode != 0) && (deleteChildren != 0)) {
/* remove "template" nodes */
xmlUnlinkNode(cur);
xmlFreeNode(cur);
}
cur = next;
}
return (content);
}
static int
xmlSecTransformXPointerNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecPtrListPtr dataList;
xmlSecXPathDataPtr data;
xmlNodePtr cur;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPointerId), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
dataList = xmlSecXPathTransformGetDataList(transform);
xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);
/* there is only one required node */
cur = xmlSecGetNextElementNode(node->children);
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPointer, xmlSecXPointerNs))) {
xmlSecInvalidNodeError(cur, xmlSecNodeXPointer,
xmlSecTransformGetName(transform));
return(-1);
}
/* read information from the node */
data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPointer);
if(data == NULL) {
xmlSecInternalError("xmlSecXPathDataCreate",
xmlSecTransformGetName(transform));
return(-1);
}
ret = xmlSecXPathDataNodeRead(data, cur);
if(ret < 0) {
xmlSecInternalError("xmlSecXPathDataNodeRead",
xmlSecTransformGetName(transform));
xmlSecXPathDataDestroy(data);
return(-1);
}
/* append it to the list */
ret = xmlSecPtrListAdd(dataList, data);
if(ret < 0) {
xmlSecInternalError("xmlSecPtrListAdd",
xmlSecTransformGetName(transform));
xmlSecXPathDataDestroy(data);
return(-1);
}
/* set correct node set type and operation */
data->nodeSetOp = xmlSecNodeSetIntersection;
data->nodeSetType = xmlSecNodeSetTree;
/* check that we have nothing else */
cur = xmlSecGetNextElementNode(cur->next);
if(cur != NULL) {
xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform));
return(-1);
}
return(0);
}
static lasso_error_t
lasso_saml20_server_load_metadata_child(LassoServer *server, LassoProviderRole role, xmlDoc *doc,
xmlNode *child, GList *blacklisted_entity_ids, GList **loaded_end,
xmlSecKeysMngr *keys_mngr, LassoServerLoadMetadataFlag flags)
{
if (xmlSecCheckNodeName(child,
BAD_CAST LASSO_SAML2_METADATA_ELEMENT_ENTITY_DESCRIPTOR,
BAD_CAST LASSO_SAML2_METADATA_HREF)) {
return lasso_saml20_server_load_metadata_entity(server, role, doc, child,
blacklisted_entity_ids, loaded_end, keys_mngr, flags);
} else if (xmlSecCheckNodeName(child,
BAD_CAST LASSO_SAML2_METADATA_ELEMENT_ENTITIES_DESCRIPTOR,
BAD_CAST LASSO_SAML2_METADATA_HREF)) {
return lasso_saml20_server_load_metadata_entities(server, role, doc, child,
blacklisted_entity_ids, loaded_end, keys_mngr, flags);
}
return LASSO_SERVER_ERROR_INVALID_XML;
}
static int
xmlSecEncCtxCipherReferenceNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) {
xmlNodePtr cur;
xmlChar* uri;
int ret;
xmlSecAssert2(encCtx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
/* first read the optional uri attr and check that we can process it */
uri = xmlGetProp(node, xmlSecAttrURI);
ret = xmlSecTransformCtxSetUri(&(encCtx->transformCtx), uri, node);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecTransformCtxSetUri",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"uri=%s",
xmlSecErrorsSafeString(uri));
xmlFree(uri);
return(-1);
}
xmlFree(uri);
cur = xmlSecGetNextElementNode(node->children);
/* the only one node is optional Transforms node */
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeTransforms, xmlSecEncNs))) {
ret = xmlSecTransformCtxNodesListRead(&(encCtx->transformCtx), cur,
xmlSecTransformUsageDSigTransform);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecTransformCtxNodesListRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeGetName(encCtx->encMethodNode)));
return(-1);
}
cur = xmlSecGetNextElementNode(cur->next);
}
/* if there is something left than it's an error */
if(cur != NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_UNEXPECTED_NODE,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
/**
* xmlSecX509DataGetNodeContent:
* @node: the pointer to <dsig:X509Data/> node.
* @keyInfoCtx: the pointer to <dsig:KeyInfo/> node processing context.
*
* Reads the contents of <dsig:X509Data/> node and returns it as
* a bits mask.
*
* Returns: the bit mask representing the <dsig:X509Data/> node content
* or a negative value if an error occurs.
*/
int
xmlSecX509DataGetNodeContent (xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlNodePtr cur;
int content = 0;
xmlSecAssert2(node != NULL, 0);
xmlSecAssert2(keyInfoCtx != NULL, -1);
/* determine the current node content */
cur = xmlSecGetNextElementNode(node->children);
while(cur != NULL) {
if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) {
if(xmlSecIsEmptyNode(cur) == 1) {
content |= XMLSEC_X509DATA_CERTIFICATE_NODE;
}
} else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) {
if(xmlSecIsEmptyNode(cur) == 1) {
content |= XMLSEC_X509DATA_SUBJECTNAME_NODE;
}
} else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) {
if(xmlSecIsEmptyNode(cur) == 1) {
content |= XMLSEC_X509DATA_ISSUERSERIAL_NODE;
}
} else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) {
if(xmlSecIsEmptyNode(cur) == 1) {
content |= XMLSEC_X509DATA_SKI_NODE;
}
} else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) {
if(xmlSecIsEmptyNode(cur) == 1) {
content |= XMLSEC_X509DATA_CRL_NODE;
}
} else {
/* todo: fail on unknown child node? */
}
cur = xmlSecGetNextElementNode(cur->next);
}
return (content);
}
/**
* xmlSecSoap11GetHeader:
* @envNode: the pointer to <soap:Envelope> node.
*
* Gets pointer to the <soap:Header> node.
*
* Returns: pointer to <soap:Header> node or NULL if an error occurs.
*/
xmlNodePtr
xmlSecSoap11GetHeader(xmlNodePtr envNode) {
xmlNodePtr cur;
xmlSecAssert2(envNode != NULL, NULL);
/* optional Header node is first */
cur = xmlSecGetNextElementNode(envNode->children);
if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHeader, xmlSecSoap11Ns)) {
return(cur);
}
return(NULL);
}
/**
* xmlSecSoap12EnsureHeader:
* @envNode: the pointer to <soap:Envelope> node.
*
* Gets the pointer to <soap:Header> node (if necessary, the node
* is created).
*
* XML Schema (http://www.w3.org/2003/05/soap-envelope):
*
* <xs:element name="Header" type="tns:Header"/>
* <xs:complexType name="Header">
* <xs:sequence>
* <xs:any namespace="##any" processContents="lax"
* minOccurs="0" maxOccurs="unbounded"/>
* </xs:sequence>
* <xs:anyAttribute namespace="##other" processContents="lax"/>
* </xs:complexType>
*
* Returns pointer to <soap:Header> node or NULL if an error occurs.
*/
EXPORT_C
xmlNodePtr
xmlSecSoap12EnsureHeader(xmlNodePtr envNode) {
xmlNodePtr hdrNode;
xmlNodePtr cur;
xmlSecAssert2(envNode != NULL, NULL);
/* try to find Header node first */
cur = xmlSecGetNextElementNode(envNode->children);
if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHeader, xmlSecSoap12Ns)) {
return(cur);
}
/* if the first element child is not Header then it is Body */
if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap12Ns)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
xmlSecErrorsSafeString(xmlSecNodeBody),
XMLSEC_ERRORS_R_NODE_NOT_FOUND,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
/* finally add Header node before body */
hdrNode = xmlSecAddPrevSibling(cur, xmlSecNodeHeader, xmlSecSoap12Ns);
if(hdrNode == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecAddPrevSibling",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
return(hdrNode);
}
/**
* xmlSecGCryptHmacNodeRead:
*
* HMAC (http://www.w3.org/TR/xmldsig-core/#sec-HMAC):
*
* The HMAC algorithm (RFC2104 [HMAC]) takes the truncation length in bits
* as a parameter; if the parameter is not specified then all the bits of the
* hash are output. An example of an HMAC SignatureMethod element:
* <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1">
* <HMACOutputLength>128</HMACOutputLength>
* </SignatureMethod>
*
* Schema Definition:
*
* <simpleType name="HMACOutputLengthType">
* <restriction base="integer"/>
* </simpleType>
*
* DTD:
*
* <!ELEMENT HMACOutputLength (#PCDATA)>
*/
static int
xmlSecGCryptHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecGCryptHmacCtxPtr ctx;
xmlNodePtr cur;
xmlSecAssert2(xmlSecGCryptHmacCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptHmacSize), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecGCryptHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
cur = xmlSecGetNextElementNode(node->children);
if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) {
xmlChar *content;
content = xmlNodeGetContent(cur);
if(content != NULL) {
ctx->dgstSize = atoi((char*)content);
xmlFree(content);
}
/* Ensure that HMAC length is greater than min specified.
Otherwise, an attacker can set this length to 0 or very
small value
*/
if((int)ctx->dgstSize < xmlSecGCryptHmacGetMinOutputLength()) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
"HMAC output length is too small");
return(-1);
}
cur = xmlSecGetNextElementNode(cur->next);
}
if(cur != NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_INVALID_NODE,
"no nodes expected");
return(-1);
}
return(0);
}
/**
* This is step 2, point 4: if the input sourceId list doesn't contain the Id attribute of the current node,
* then exclude it from the output, instead of processing it.
*/
static int
xmlSecTransformRelationshipProcessNode(xmlSecTransformPtr transform, xmlOutputBufferPtr buf, xmlNodePtr cur) {
int found = -1;
xmlSecRelationshipCtxPtr ctx;
xmlSecSize ii;
int ret;
xmlSecAssert2(transform != NULL, -1);
xmlSecAssert2(buf != NULL, -1);
xmlSecAssert2(cur != NULL, -1);
if(xmlSecCheckNodeName(cur, xmlSecNodeRelationship, xmlSecRelationshipsNs)) {
xmlChar* id = xmlGetProp(cur, xmlSecRelationshipAttrId);
if(id == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlGetProp(xmlSecRelationshipAttrId)",
XMLSEC_ERRORS_R_XML_FAILED,
"name=Id");
return(-1);
}
ctx = xmlSecRelationshipGetCtx(transform);
for(ii = 0; ii < xmlSecPtrListGetSize(ctx->sourceIdList); ++ii) {
if(xmlStrcmp(xmlSecPtrListGetItem(ctx->sourceIdList, ii), id) == 0) {
found = 1;
break;
}
}
xmlFree(id);
if(found < 0) {
return(0);
}
}
ret = xmlSecTransformRelationshipProcessElementNode(transform, buf, cur);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecTransformRelationshipProcessElementNode",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
static int
xmlSecRelationshipReadNode(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecRelationshipCtxPtr ctx;
xmlNodePtr cur;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformRelationshipId), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecRelationshipSize), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecRelationshipGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
cur = node->children;
while(cur != NULL) {
if(xmlSecCheckNodeName(cur, xmlSecNodeRelationshipReference, xmlSecRelationshipReferenceNs)) {
xmlChar* sourceId;
sourceId = xmlGetProp(cur, xmlSecRelationshipAttrSourceId);
if(sourceId == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
"xmlGetProp",
xmlSecErrorsSafeString(xmlSecRelationshipAttrSourceId),
XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
return(-1);
}
ret = xmlSecPtrListAdd(ctx->sourceIdList, sourceId);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecPtrListAdd",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlFree(sourceId);
return(-1);
}
}
cur = cur->next;
}
return(0);
}
static int
xmlSecOpenSSLHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecOpenSSLHmacCtxPtr ctx;
xmlNodePtr cur;
xmlSecAssert2(xmlSecOpenSSLHmacCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1);
xmlSecAssert2(node!= NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecOpenSSLHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
cur = xmlSecGetNextElementNode(node->children);
if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) {
xmlChar *content;
content = xmlNodeGetContent(cur);
if(content != NULL) {
ctx->dgstSize = atoi((char*)content);
xmlFree(content);
}
/* Ensure that HMAC length is greater than min specified.
Otherwise, an attacker can set this length to 0 or very
small value
*/
if((int)ctx->dgstSize < xmlSecOpenSSLHmacGetMinOutputLength()) {
xmlSecInvalidNodeContentError(cur, xmlSecTransformGetName(transform),
"HMAC output length is too small");
return(-1);
}
cur = xmlSecGetNextElementNode(cur->next);
}
if(cur != NULL) {
xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform));
return(-1);
}
return(0);
}
static int
xmlSecOpenSSLHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecOpenSSLHmacCtxPtr ctx;
xmlNodePtr cur;
xmlSecAssert2(xmlSecOpenSSLHmacCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1);
xmlSecAssert2(node!= NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecOpenSSLHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
cur = xmlSecGetNextElementNode(node->children);
if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) {
xmlChar *content;
content = xmlNodeGetContent(cur);
if(content != NULL) {
ctx->dgstSize = atoi((char*)content);
xmlFree(content);
}
/* todo: error if dgstSize == 0 ?*/
cur = xmlSecGetNextElementNode(cur->next);
}
if(cur != NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_UNEXPECTED_NODE,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
static int
xmlSecEncCtxEncDataNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) {
xmlNodePtr cur;
int ret;
xmlSecAssert2(encCtx != NULL, -1);
xmlSecAssert2((encCtx->operation == xmlSecTransformOperationEncrypt) || (encCtx->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(node != NULL, -1);
switch(encCtx->mode) {
case xmlEncCtxModeEncryptedData:
if(!xmlSecCheckNodeName(node, xmlSecNodeEncryptedData, xmlSecEncNs)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
XMLSEC_ERRORS_R_INVALID_NODE,
"expected=%s",
xmlSecErrorsSafeString(xmlSecNodeEncryptedData));
return(-1);
}
break;
case xmlEncCtxModeEncryptedKey:
if(!xmlSecCheckNodeName(node, xmlSecNodeEncryptedKey, xmlSecEncNs)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
XMLSEC_ERRORS_R_INVALID_NODE,
"expected=%s",
xmlSecErrorsSafeString(xmlSecNodeEncryptedKey));
return(-1);
}
break;
}
/* first read node data */
xmlSecAssert2(encCtx->id == NULL, -1);
xmlSecAssert2(encCtx->type == NULL, -1);
xmlSecAssert2(encCtx->mimeType == NULL, -1);
xmlSecAssert2(encCtx->encoding == NULL, -1);
xmlSecAssert2(encCtx->recipient == NULL, -1);
xmlSecAssert2(encCtx->carriedKeyName == NULL, -1);
encCtx->id = xmlGetProp(node, xmlSecAttrId);
encCtx->type = xmlGetProp(node, xmlSecAttrType);
encCtx->mimeType = xmlGetProp(node, xmlSecAttrMimeType);
encCtx->encoding = xmlGetProp(node, xmlSecAttrEncoding);
if(encCtx->mode == xmlEncCtxModeEncryptedKey) {
encCtx->recipient = xmlGetProp(node, xmlSecAttrRecipient);
/* todo: check recipient? */
}
cur = xmlSecGetNextElementNode(node->children);
/* first node is optional EncryptionMethod, we'll read it later */
xmlSecAssert2(encCtx->encMethodNode == NULL, -1);
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeEncryptionMethod, xmlSecEncNs))) {
encCtx->encMethodNode = cur;
cur = xmlSecGetNextElementNode(cur->next);
}
/* next node is optional KeyInfo, we'll process it later */
xmlSecAssert2(encCtx->keyInfoNode == NULL, -1);
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs))) {
encCtx->keyInfoNode = cur;
cur = xmlSecGetNextElementNode(cur->next);
}
/* next is required CipherData node */
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeCipherData, xmlSecEncNs))) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_INVALID_NODE,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeCipherData));
return(-1);
}
ret = xmlSecEncCtxCipherDataNodeRead(encCtx, cur);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecEncCtxCipherDataNodeRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
cur = xmlSecGetNextElementNode(cur->next);
/* next is optional EncryptionProperties node (we simply ignore it) */
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeEncryptionProperties, xmlSecEncNs))) {
cur = xmlSecGetNextElementNode(cur->next);
}
/* there are more possible nodes for the <EncryptedKey> node */
if(encCtx->mode == xmlEncCtxModeEncryptedKey) {
/* next is optional ReferenceList node (we simply ignore it) */
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeReferenceList, xmlSecEncNs))) {
cur = xmlSecGetNextElementNode(cur->next);
}
/* next is optional CarriedKeyName node (we simply ignore it) */
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeCarriedKeyName, xmlSecEncNs))) {
encCtx->carriedKeyName = xmlNodeGetContent(cur);
if(encCtx->carriedKeyName == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeCipherData));
return(-1);
}
/* TODO: decode the name? */
cur = xmlSecGetNextElementNode(cur->next);
}
}
/* if there is something left than it's an error */
if(cur != NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_UNEXPECTED_NODE,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
/* now read the encryption method node */
xmlSecAssert2(encCtx->encMethod == NULL, -1);
if(encCtx->encMethodNode != NULL) {
encCtx->encMethod = xmlSecTransformCtxNodeRead(&(encCtx->transformCtx), encCtx->encMethodNode,
xmlSecTransformUsageEncryptionMethod);
if(encCtx->encMethod == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecTransformCtxNodeRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeGetName(encCtx->encMethodNode)));
return(-1);
}
} else if(encCtx->defEncMethodId != xmlSecTransformIdUnknown) {
encCtx->encMethod = xmlSecTransformCtxCreateAndAppend(&(encCtx->transformCtx),
encCtx->defEncMethodId);
if(encCtx->encMethod == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecTransformCtxAppend",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
} else {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_INVALID_DATA,
"encryption method not specified");
return(-1);
}
encCtx->encMethod->operation = encCtx->operation;
/* we have encryption method, find key */
ret = xmlSecTransformSetKeyReq(encCtx->encMethod, &(encCtx->keyInfoReadCtx.keyReq));
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecTransformSetKeyReq",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"transform=%s",
xmlSecErrorsSafeString(xmlSecTransformGetName(encCtx->encMethod)));
return(-1);
}
/* TODO: KeyInfo node != NULL and encKey != NULL */
if((encCtx->encKey == NULL) && (encCtx->keyInfoReadCtx.keysMngr != NULL)
&& (encCtx->keyInfoReadCtx.keysMngr->getKey != NULL)) {
encCtx->encKey = (encCtx->keyInfoReadCtx.keysMngr->getKey)(encCtx->keyInfoNode,
&(encCtx->keyInfoReadCtx));
}
/* check that we have exactly what we want */
if((encCtx->encKey == NULL) ||
(!xmlSecKeyMatch(encCtx->encKey, NULL, &(encCtx->keyInfoReadCtx.keyReq)))) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_KEY_NOT_FOUND,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
/* set the key to the transform */
ret = xmlSecTransformSetKey(encCtx->encMethod, encCtx->encKey);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecTransformSetKey",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"transform=%s",
xmlSecErrorsSafeString(xmlSecTransformGetName(encCtx->encMethod)));
return(-1);
}
/* if we need to write result to xml node then we need base64 encode it */
if((encCtx->operation == xmlSecTransformOperationEncrypt) && (encCtx->cipherValueNode != NULL)) {
xmlSecTransformPtr base64Encode;
/* we need to add base64 encode transform */
base64Encode = xmlSecTransformCtxCreateAndAppend(&(encCtx->transformCtx), xmlSecTransformBase64Id);
if(base64Encode == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecTransformCtxCreateAndAppend",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
base64Encode->operation = xmlSecTransformOperationEncode;
encCtx->resultBase64Encoded = 1;
}
return(0);
}
static int
xmlSecOpenSSLRsaOaepNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecOpenSSLRsaOaepCtxPtr ctx;
xmlNodePtr cur;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(xmlSecBufferGetSize(&(ctx->oaepParams)) == 0, -1);
cur = xmlSecGetNextElementNode(node->children);
while(cur != NULL) {
if(xmlSecCheckNodeName(cur, xmlSecNodeRsaOAEPparams, xmlSecEncNs)) {
ret = xmlSecBufferBase64NodeContentRead(&(ctx->oaepParams), cur);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecBufferBase64NodeContentRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
} else if(xmlSecCheckNodeName(cur, xmlSecNodeDigestMethod, xmlSecDSigNs)) {
xmlChar* algorithm;
/* Algorithm attribute is required */
algorithm = xmlGetProp(cur, xmlSecAttrAlgorithm);
if(algorithm == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
return(-1);
}
/* for now we support only sha1 */
if(xmlStrcmp(algorithm, xmlSecHrefSha1) != 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(algorithm),
XMLSEC_ERRORS_R_INVALID_TRANSFORM,
"digest algorithm is not supported for rsa/oaep");
xmlFree(algorithm);
return(-1);
}
xmlFree(algorithm);
} else {
/* not found */
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_UNEXPECTED_NODE,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
/* next node */
cur = xmlSecGetNextElementNode(cur->next);
}
return(0);
}
static int
xmlSecTransformXPathNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecPtrListPtr dataList;
xmlSecXPathDataPtr data;
xmlNodePtr cur;
xmlChar* tmp;
int tmpSize;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPathId), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
dataList = xmlSecXPathTransformGetDataList(transform);
xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);
/* there is only one required node */
cur = xmlSecGetNextElementNode(node->children);
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPath, xmlSecDSigNs))) {
xmlSecInvalidNodeError(cur, xmlSecNodeXPath,
xmlSecTransformGetName(transform));
return(-1);
}
/* read information from the node */
data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath);
if(data == NULL) {
xmlSecInternalError("xmlSecXPathDataCreate",
xmlSecTransformGetName(transform));
return(-1);
}
ret = xmlSecXPathDataNodeRead(data, cur);
if(ret < 0) {
xmlSecInternalError("xmlSecXPathDataNodeRead",
xmlSecTransformGetName(transform));
xmlSecXPathDataDestroy(data);
return(-1);
}
/* append it to the list */
ret = xmlSecPtrListAdd(dataList, data);
if(ret < 0) {
xmlSecInternalError("xmlSecPtrListAdd",
xmlSecTransformGetName(transform));
xmlSecXPathDataDestroy(data);
return(-1);
}
/* create full XPath expression */
xmlSecAssert2(data->expr != NULL, -1);
tmpSize = xmlStrlen(data->expr) + strlen(xpathPattern) + 1;
tmp = (xmlChar*) xmlMalloc(sizeof(xmlChar) * tmpSize);
if(tmp == NULL) {
xmlSecMallocError(sizeof(xmlChar) * tmpSize,
xmlSecTransformGetName(transform));
return(-1);
}
ret = xmlStrPrintf(tmp, tmpSize, xpathPattern, (char*)data->expr);
if(ret < 0) {
xmlSecXmlError("xmlStrPrintf", xmlSecTransformGetName(transform));
xmlFree(tmp);
return(-1);
}
xmlFree(data->expr);
data->expr = tmp;
/* set correct node set type and operation */
data->nodeSetOp = xmlSecNodeSetIntersection;
data->nodeSetType = xmlSecNodeSetNormal;
/* check that we have nothing else */
cur = xmlSecGetNextElementNode(cur->next);
if(cur != NULL) {
xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform));
return(-1);
}
return(0);
}
static int
xmlSecTransformXPointerNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecPtrListPtr dataList;
xmlSecXPathDataPtr data;
xmlNodePtr cur;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPointerId), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
dataList = xmlSecXPathTransformGetDataList(transform);
xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);
/* there is only one required node */
cur = xmlSecGetNextElementNode(node->children);
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPointer, xmlSecXPointerNs))) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_INVALID_NODE,
"expected=%s",
xmlSecErrorsSafeString(xmlSecNodeXPath));
return(-1);
}
/* read information from the node */
data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPointer);
if(data == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecXPathDataCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
ret = xmlSecXPathDataNodeRead(data, cur);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecXPathDataNodeRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecXPathDataDestroy(data);
return(-1);
}
/* append it to the list */
ret = xmlSecPtrListAdd(dataList, data);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecPtrListAdd",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecXPathDataDestroy(data);
return(-1);
}
/* set correct node set type and operation */
data->nodeSetOp = xmlSecNodeSetIntersection;
data->nodeSetType = xmlSecNodeSetTree;
/* check that we have nothing else */
cur = xmlSecGetNextElementNode(cur->next);
if(cur != NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_UNEXPECTED_NODE,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
static int
xmlSecTransformXPathNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecPtrListPtr dataList;
xmlSecXPathDataPtr data;
xmlNodePtr cur;
xmlChar* tmp;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPathId), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
dataList = xmlSecXPathTransformGetDataList(transform);
xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);
/* there is only one required node */
cur = xmlSecGetNextElementNode(node->children);
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPath, xmlSecDSigNs))) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_INVALID_NODE,
"expected=%s",
xmlSecErrorsSafeString(xmlSecNodeXPath));
return(-1);
}
/* read information from the node */
data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath);
if(data == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecXPathDataCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
ret = xmlSecXPathDataNodeRead(data, cur);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecXPathDataNodeRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecXPathDataDestroy(data);
return(-1);
}
/* append it to the list */
ret = xmlSecPtrListAdd(dataList, data);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecPtrListAdd",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecXPathDataDestroy(data);
return(-1);
}
/* create full XPath expression */
xmlSecAssert2(data->expr != NULL, -1);
tmp = (xmlChar*) xmlMalloc(sizeof(xmlChar) * (xmlStrlen(data->expr) +
strlen(xpathPattern) + 1));
if(tmp == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_MALLOC_FAILED,
"size=%d",
(int)(xmlStrlen(data->expr) + strlen(xpathPattern) + 1));
return(-1);
}
sprintf((char*)tmp, xpathPattern, (char*)data->expr);
xmlFree(data->expr);
data->expr = tmp;
/* set correct node set type and operation */
data->nodeSetOp = xmlSecNodeSetIntersection;
data->nodeSetType = xmlSecNodeSetNormal;
/* check that we have nothing else */
cur = xmlSecGetNextElementNode(cur->next);
if(cur != NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_UNEXPECTED_NODE,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
static int
xmlSecTransformXPath2NodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecPtrListPtr dataList;
xmlSecXPathDataPtr data;
xmlNodePtr cur;
xmlChar* op;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPath2Id), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
dataList = xmlSecXPathTransformGetDataList(transform);
xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);
/* There are only xpath nodes */
cur = xmlSecGetNextElementNode(node->children);
while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeXPath2, xmlSecXPath2Ns)) {
/* read information from the node */
data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath2);
if(data == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecXPathDataCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
ret = xmlSecXPathDataNodeRead(data, cur);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecXPathDataNodeRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecXPathDataDestroy(data);
return(-1);
}
/* append it to the list */
ret = xmlSecPtrListAdd(dataList, data);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecPtrListAdd",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecXPathDataDestroy(data);
return(-1);
}
/* set correct node set type and operation */
data->nodeSetType = xmlSecNodeSetTree;
op = xmlGetProp(cur, xmlSecAttrFilter);
if(op == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecAttrFilter),
XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
return(-1);
}
if(xmlStrEqual(op, xmlSecXPath2FilterIntersect)) {
data->nodeSetOp = xmlSecNodeSetIntersection;
} else if(xmlStrEqual(op, xmlSecXPath2FilterSubtract)) {
data->nodeSetOp = xmlSecNodeSetSubtraction;
} else if(xmlStrEqual(op, xmlSecXPath2FilterUnion)) {
data->nodeSetOp = xmlSecNodeSetUnion;
} else {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecAttrFilter),
XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
"filter=%s",
xmlSecErrorsSafeString(op));
xmlFree(op);
return(-1);
}
xmlFree(op);
cur = xmlSecGetNextElementNode(cur->next);
}
/* check that we have nothing else */
if(cur != NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_UNEXPECTED_NODE,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
/**
* xmlSecSoap12AddFaultSubcode:
* @faultNode: the pointer to <Fault> node.
* @subCodeHref: the subcode href.
* @subCodeName: the subcode name.
*
* Adds a new <Subcode> node to the <Code> node or the last <Subcode> node.
*
* Returns: a pointer to the newly created <Subcode> node or NULL if an error
* occurs.
*/
xmlNodePtr
xmlSecSoap12AddFaultSubcode(xmlNodePtr faultNode, const xmlChar* subCodeHref, const xmlChar* subCodeName) {
xmlNodePtr cur, subcodeNode, valueNode;
xmlChar* qname;
xmlSecAssert2(faultNode != NULL, NULL);
xmlSecAssert2(subCodeHref != NULL, NULL);
xmlSecAssert2(subCodeName != NULL, NULL);
/* Code node is the first childern in Fault node */
cur = xmlSecGetNextElementNode(faultNode->children);
if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeCode, xmlSecSoap12Ns)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_INVALID_NODE,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeCode));
return(NULL);
}
/* find the Code or Subcode node that does not have Subcode child */
while(1) {
xmlNodePtr tmp;
tmp = xmlSecFindChild(cur, xmlSecNodeSubcode, xmlSecSoap12Ns);
if(tmp != NULL) {
cur = tmp;
} else {
break;
}
}
xmlSecAssert2(cur != NULL, NULL);
/* add Subcode node */
subcodeNode = xmlSecAddChild(cur, xmlSecNodeSubcode, xmlSecSoap12Ns);
if(subcodeNode == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecAddChild",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeSubcode));
return(NULL);
}
/* add Value node */
valueNode = xmlSecAddChild(subcodeNode, xmlSecNodeValue, xmlSecSoap12Ns);
if(valueNode == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecAddChild",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeValue));
xmlUnlinkNode(subcodeNode);
xmlFreeNode(subcodeNode);
return(NULL);
}
/* create qname for fault code */
qname = xmlSecGetQName(cur, subCodeHref, subCodeName);
if(qname == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecGetQName",
XMLSEC_ERRORS_R_XML_FAILED,
"node=%s",
xmlSecErrorsSafeString(cur->name));
xmlUnlinkNode(subcodeNode);
xmlFreeNode(subcodeNode);
return(NULL);
}
/* set result qname in Value node */
xmlNodeSetContent(cur, qname);
if(qname != subCodeName) {
xmlFree(qname);
}
return(subcodeNode);
}
/**
* xmlSecSimpleKeysStoreLoad:
* @store: the pointer to simple keys store.
* @uri: the filename.
* @keysMngr: the pointer to associated keys manager.
*
* Reads keys from an XML file.
*
* Returns 0 on success or a negative value if an error occurs.
*/
int
xmlSecSimpleKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
xmlSecKeysMngrPtr keysMngr) {
xmlDocPtr doc;
xmlNodePtr root;
xmlNodePtr cur;
xmlSecKeyPtr key;
xmlSecKeyInfoCtx keyInfoCtx;
int ret;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecSimpleKeysStoreId), -1);
xmlSecAssert2(uri != NULL, -1);
doc = xmlParseFile(uri);
if(doc == NULL) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlParseFile",
XMLSEC_ERRORS_R_XML_FAILED,
"uri=%s",
xmlSecErrorsSafeString(uri));
return(-1);
}
root = xmlDocGetRootElement(doc);
if(!xmlSecCheckNodeName(root, BAD_CAST "Keys", xmlSecNs)) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
xmlSecErrorsSafeString(xmlSecNodeGetName(root)),
XMLSEC_ERRORS_R_INVALID_NODE,
"expected-node=<xmlsec:Keys>");
xmlFreeDoc(doc);
return(-1);
}
cur = xmlSecGetNextElementNode(root->children);
while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs)) {
key = xmlSecKeyCreate();
if(key == NULL) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_INVALID_NODE,
"expected-node=%s",
xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
xmlFreeDoc(doc);
return(-1);
}
ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecKeyInfoCtxInitialize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDestroy(key);
xmlFreeDoc(doc);
return(-1);
}
keyInfoCtx.mode = xmlSecKeyInfoModeRead;
keyInfoCtx.keysMngr = keysMngr;
keyInfoCtx.flags = XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND |
XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
keyInfoCtx.keyReq.keyType = xmlSecKeyDataTypeAny;
keyInfoCtx.keyReq.keyUsage= xmlSecKeyDataUsageAny;
ret = xmlSecKeyInfoNodeRead(cur, key, &keyInfoCtx);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecKeyInfoNodeRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
xmlSecKeyDestroy(key);
xmlFreeDoc(doc);
return(-1);
}
xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
if(xmlSecKeyIsValid(key)) {
ret = xmlSecSimpleKeysStoreAdoptKey(store, key);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecSimpleKeysStoreAdoptKey",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDestroy(key);
xmlFreeDoc(doc);
return(-1);
}
} else {
/* we have an unknown key in our file, just ignore it */
xmlSecKeyDestroy(key);
}
cur = xmlSecGetNextElementNode(cur->next);
}
if(cur != NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_UNEXPECTED_NODE,
XMLSEC_ERRORS_NO_MESSAGE);
xmlFreeDoc(doc);
return(-1);
}
xmlFreeDoc(doc);
return(0);
}
static int
xmlSecTransformXPath2NodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecPtrListPtr dataList;
xmlSecXPathDataPtr data;
xmlNodePtr cur;
xmlChar* op;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPath2Id), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
dataList = xmlSecXPathTransformGetDataList(transform);
xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);
/* There are only xpath nodes */
cur = xmlSecGetNextElementNode(node->children);
while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeXPath2, xmlSecXPath2Ns)) {
/* read information from the node */
data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath2);
if(data == NULL) {
xmlSecInternalError("xmlSecXPathDataCreate",
xmlSecTransformGetName(transform));
return(-1);
}
ret = xmlSecXPathDataNodeRead(data, cur);
if(ret < 0) {
xmlSecInternalError("xmlSecXPathDataNodeRead",
xmlSecTransformGetName(transform));
xmlSecXPathDataDestroy(data);
return(-1);
}
/* append it to the list */
ret = xmlSecPtrListAdd(dataList, data);
if(ret < 0) {
xmlSecInternalError("xmlSecPtrListAdd",
xmlSecTransformGetName(transform));
xmlSecXPathDataDestroy(data);
return(-1);
}
/* set correct node set type and operation */
data->nodeSetType = xmlSecNodeSetTree;
op = xmlGetProp(cur, xmlSecAttrFilter);
if(op == NULL) {
xmlSecInvalidNodeAttributeError(cur, xmlSecAttrFilter,
xmlSecTransformGetName(transform),
"empty");
return(-1);
}
if(xmlStrEqual(op, xmlSecXPath2FilterIntersect)) {
data->nodeSetOp = xmlSecNodeSetIntersection;
} else if(xmlStrEqual(op, xmlSecXPath2FilterSubtract)) {
data->nodeSetOp = xmlSecNodeSetSubtraction;
} else if(xmlStrEqual(op, xmlSecXPath2FilterUnion)) {
data->nodeSetOp = xmlSecNodeSetUnion;
} else {
xmlSecInvalidNodeAttributeError(cur, xmlSecAttrFilter,
xmlSecTransformGetName(transform),
"unknown");
xmlFree(op);
return(-1);
}
xmlFree(op);
cur = xmlSecGetNextElementNode(cur->next);
}
/* check that we have nothing else */
if(cur != NULL) {
xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform));
return(-1);
}
return(0);
}
