static int
xmlSecEncCtxCipherDataNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) {
xmlNodePtr cur;
int ret;
xmlSecAssert2(encCtx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
cur = xmlSecGetNextElementNode(node->children);
/* we either have CipherValue or CipherReference node */
xmlSecAssert2(encCtx->cipherValueNode == NULL, -1);
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeCipherValue, xmlSecEncNs))) {
/* don't need data from CipherData node when we are encrypting */
if(encCtx->operation == xmlSecTransformOperationDecrypt) {
xmlSecTransformPtr base64Decode;
/* we need to add base64 decode transform */
base64Decode = xmlSecTransformCtxCreateAndPrepend(&(encCtx->transformCtx), xmlSecTransformBase64Id);
if(base64Decode == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecTransformCtxCreateAndPrepend",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
}
encCtx->cipherValueNode = cur;
cur = xmlSecGetNextElementNode(cur->next);
} else if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeCipherReference, xmlSecEncNs))) {
/* don't need data from CipherReference node when we are encrypting */
if(encCtx->operation == xmlSecTransformOperationDecrypt) {
ret = xmlSecEncCtxCipherReferenceNodeRead(encCtx, cur);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecEncCtxCipherReferenceNodeRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
return(-1);
}
}
cur = xmlSecGetNextElementNode(cur->next);
}
if(cur != NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_UNEXPECTED_NODE,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
static int
xmlSecEncCtxCipherReferenceNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) {
xmlNodePtr cur;
xmlChar* uri;
int ret;
xmlSecAssert2(encCtx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
/* first read the optional uri attr and check that we can process it */
uri = xmlGetProp(node, xmlSecAttrURI);
ret = xmlSecTransformCtxSetUri(&(encCtx->transformCtx), uri, node);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecTransformCtxSetUri",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"uri=%s",
xmlSecErrorsSafeString(uri));
xmlFree(uri);
return(-1);
}
xmlFree(uri);
cur = xmlSecGetNextElementNode(node->children);
/* the only one node is optional Transforms node */
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeTransforms, xmlSecEncNs))) {
ret = xmlSecTransformCtxNodesListRead(&(encCtx->transformCtx), cur,
xmlSecTransformUsageDSigTransform);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecTransformCtxNodesListRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeGetName(encCtx->encMethodNode)));
return(-1);
}
cur = xmlSecGetNextElementNode(cur->next);
}
/* if there is something left than it's an error */
if(cur != NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_UNEXPECTED_NODE,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
/**
* xmlSecGCryptHmacNodeRead:
*
* HMAC (http://www.w3.org/TR/xmldsig-core/#sec-HMAC):
*
* The HMAC algorithm (RFC2104 [HMAC]) takes the truncation length in bits
* as a parameter; if the parameter is not specified then all the bits of the
* hash are output. An example of an HMAC SignatureMethod element:
* <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1">
* <HMACOutputLength>128</HMACOutputLength>
* </SignatureMethod>
*
* Schema Definition:
*
* <simpleType name="HMACOutputLengthType">
* <restriction base="integer"/>
* </simpleType>
*
* DTD:
*
* <!ELEMENT HMACOutputLength (#PCDATA)>
*/
static int
xmlSecGCryptHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecGCryptHmacCtxPtr ctx;
xmlNodePtr cur;
xmlSecAssert2(xmlSecGCryptHmacCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptHmacSize), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecGCryptHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
cur = xmlSecGetNextElementNode(node->children);
if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) {
xmlChar *content;
content = xmlNodeGetContent(cur);
if(content != NULL) {
ctx->dgstSize = atoi((char*)content);
xmlFree(content);
}
/* Ensure that HMAC length is greater than min specified.
Otherwise, an attacker can set this length to 0 or very
small value
*/
if((int)ctx->dgstSize < xmlSecGCryptHmacGetMinOutputLength()) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
"HMAC output length is too small");
return(-1);
}
cur = xmlSecGetNextElementNode(cur->next);
}
if(cur != NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_INVALID_NODE,
"no nodes expected");
return(-1);
}
return(0);
}
static int
xmlSecXPathDataNodeRead(xmlSecXPathDataPtr data, xmlNodePtr node) {
int ret;
xmlSecAssert2(data != NULL, -1);
xmlSecAssert2(data->expr == NULL, -1);
xmlSecAssert2(data->ctx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
ret = xmlSecXPathDataRegisterNamespaces (data, node);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecXPathDataRegisterNamespaces",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
/* read node content and set expr */
data->expr = xmlNodeGetContent(node);
if(data->expr == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
static int
xmlSecRelationshipReadNode(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecRelationshipCtxPtr ctx;
xmlNodePtr cur;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformRelationshipId), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecRelationshipSize), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecRelationshipGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
cur = node->children;
while(cur != NULL) {
if(xmlSecCheckNodeName(cur, xmlSecNodeRelationshipReference, xmlSecRelationshipReferenceNs)) {
xmlChar* sourceId;
sourceId = xmlGetProp(cur, xmlSecRelationshipAttrSourceId);
if(sourceId == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
"xmlGetProp",
xmlSecErrorsSafeString(xmlSecRelationshipAttrSourceId),
XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
return(-1);
}
ret = xmlSecPtrListAdd(ctx->sourceIdList, sourceId);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecPtrListAdd",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlFree(sourceId);
return(-1);
}
}
cur = cur->next;
}
return(0);
}
static int
xmlSecOpenSSLHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecOpenSSLHmacCtxPtr ctx;
xmlNodePtr cur;
xmlSecAssert2(xmlSecOpenSSLHmacCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1);
xmlSecAssert2(node!= NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecOpenSSLHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
cur = xmlSecGetNextElementNode(node->children);
if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) {
xmlChar *content;
content = xmlNodeGetContent(cur);
if(content != NULL) {
ctx->dgstSize = atoi((char*)content);
xmlFree(content);
}
/* todo: error if dgstSize == 0 ?*/
cur = xmlSecGetNextElementNode(cur->next);
}
if(cur != NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_UNEXPECTED_NODE,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
static int
xmlSecTransformXPath2NodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecPtrListPtr dataList;
xmlSecXPathDataPtr data;
xmlNodePtr cur;
xmlChar* op;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPath2Id), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
dataList = xmlSecXPathTransformGetDataList(transform);
xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);
/* There are only xpath nodes */
cur = xmlSecGetNextElementNode(node->children);
while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeXPath2, xmlSecXPath2Ns)) {
/* read information from the node */
data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath2);
if(data == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecXPathDataCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
ret = xmlSecXPathDataNodeRead(data, cur);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecXPathDataNodeRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecXPathDataDestroy(data);
return(-1);
}
/* append it to the list */
ret = xmlSecPtrListAdd(dataList, data);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecPtrListAdd",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecXPathDataDestroy(data);
return(-1);
}
/* set correct node set type and operation */
data->nodeSetType = xmlSecNodeSetTree;
op = xmlGetProp(cur, xmlSecAttrFilter);
if(op == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecAttrFilter),
XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
return(-1);
}
if(xmlStrEqual(op, xmlSecXPath2FilterIntersect)) {
data->nodeSetOp = xmlSecNodeSetIntersection;
} else if(xmlStrEqual(op, xmlSecXPath2FilterSubtract)) {
data->nodeSetOp = xmlSecNodeSetSubtraction;
} else if(xmlStrEqual(op, xmlSecXPath2FilterUnion)) {
data->nodeSetOp = xmlSecNodeSetUnion;
} else {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecAttrFilter),
XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
"filter=%s",
xmlSecErrorsSafeString(op));
xmlFree(op);
return(-1);
}
xmlFree(op);
cur = xmlSecGetNextElementNode(cur->next);
}
/* check that we have nothing else */
if(cur != NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_UNEXPECTED_NODE,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
static int
xmlSecTransformXPathNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecPtrListPtr dataList;
xmlSecXPathDataPtr data;
xmlNodePtr cur;
xmlChar* tmp;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPathId), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
dataList = xmlSecXPathTransformGetDataList(transform);
xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);
/* there is only one required node */
cur = xmlSecGetNextElementNode(node->children);
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPath, xmlSecDSigNs))) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_INVALID_NODE,
"expected=%s",
xmlSecErrorsSafeString(xmlSecNodeXPath));
return(-1);
}
/* read information from the node */
data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath);
if(data == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecXPathDataCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
ret = xmlSecXPathDataNodeRead(data, cur);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecXPathDataNodeRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecXPathDataDestroy(data);
return(-1);
}
/* append it to the list */
ret = xmlSecPtrListAdd(dataList, data);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecPtrListAdd",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecXPathDataDestroy(data);
return(-1);
}
/* create full XPath expression */
xmlSecAssert2(data->expr != NULL, -1);
tmp = (xmlChar*) xmlMalloc(sizeof(xmlChar) * (xmlStrlen(data->expr) +
strlen(xpathPattern) + 1));
if(tmp == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_MALLOC_FAILED,
"size=%d",
(int)(xmlStrlen(data->expr) + strlen(xpathPattern) + 1));
return(-1);
}
sprintf((char*)tmp, xpathPattern, (char*)data->expr);
xmlFree(data->expr);
data->expr = tmp;
/* set correct node set type and operation */
data->nodeSetOp = xmlSecNodeSetIntersection;
data->nodeSetType = xmlSecNodeSetNormal;
/* check that we have nothing else */
cur = xmlSecGetNextElementNode(cur->next);
if(cur != NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_UNEXPECTED_NODE,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
static int
xmlSecEncCtxEncDataNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) {
xmlNodePtr cur;
int ret;
xmlSecAssert2(encCtx != NULL, -1);
xmlSecAssert2((encCtx->operation == xmlSecTransformOperationEncrypt) || (encCtx->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(node != NULL, -1);
switch(encCtx->mode) {
case xmlEncCtxModeEncryptedData:
if(!xmlSecCheckNodeName(node, xmlSecNodeEncryptedData, xmlSecEncNs)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
XMLSEC_ERRORS_R_INVALID_NODE,
"expected=%s",
xmlSecErrorsSafeString(xmlSecNodeEncryptedData));
return(-1);
}
break;
case xmlEncCtxModeEncryptedKey:
if(!xmlSecCheckNodeName(node, xmlSecNodeEncryptedKey, xmlSecEncNs)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
XMLSEC_ERRORS_R_INVALID_NODE,
"expected=%s",
xmlSecErrorsSafeString(xmlSecNodeEncryptedKey));
return(-1);
}
break;
}
/* first read node data */
xmlSecAssert2(encCtx->id == NULL, -1);
xmlSecAssert2(encCtx->type == NULL, -1);
xmlSecAssert2(encCtx->mimeType == NULL, -1);
xmlSecAssert2(encCtx->encoding == NULL, -1);
xmlSecAssert2(encCtx->recipient == NULL, -1);
xmlSecAssert2(encCtx->carriedKeyName == NULL, -1);
encCtx->id = xmlGetProp(node, xmlSecAttrId);
encCtx->type = xmlGetProp(node, xmlSecAttrType);
encCtx->mimeType = xmlGetProp(node, xmlSecAttrMimeType);
encCtx->encoding = xmlGetProp(node, xmlSecAttrEncoding);
if(encCtx->mode == xmlEncCtxModeEncryptedKey) {
encCtx->recipient = xmlGetProp(node, xmlSecAttrRecipient);
/* todo: check recipient? */
}
cur = xmlSecGetNextElementNode(node->children);
/* first node is optional EncryptionMethod, we'll read it later */
xmlSecAssert2(encCtx->encMethodNode == NULL, -1);
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeEncryptionMethod, xmlSecEncNs))) {
encCtx->encMethodNode = cur;
cur = xmlSecGetNextElementNode(cur->next);
}
/* next node is optional KeyInfo, we'll process it later */
xmlSecAssert2(encCtx->keyInfoNode == NULL, -1);
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs))) {
encCtx->keyInfoNode = cur;
cur = xmlSecGetNextElementNode(cur->next);
}
/* next is required CipherData node */
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeCipherData, xmlSecEncNs))) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_INVALID_NODE,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeCipherData));
return(-1);
}
ret = xmlSecEncCtxCipherDataNodeRead(encCtx, cur);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecEncCtxCipherDataNodeRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
cur = xmlSecGetNextElementNode(cur->next);
/* next is optional EncryptionProperties node (we simply ignore it) */
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeEncryptionProperties, xmlSecEncNs))) {
cur = xmlSecGetNextElementNode(cur->next);
}
/* there are more possible nodes for the <EncryptedKey> node */
if(encCtx->mode == xmlEncCtxModeEncryptedKey) {
/* next is optional ReferenceList node (we simply ignore it) */
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeReferenceList, xmlSecEncNs))) {
cur = xmlSecGetNextElementNode(cur->next);
}
/* next is optional CarriedKeyName node (we simply ignore it) */
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeCarriedKeyName, xmlSecEncNs))) {
encCtx->carriedKeyName = xmlNodeGetContent(cur);
if(encCtx->carriedKeyName == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeCipherData));
return(-1);
}
/* TODO: decode the name? */
cur = xmlSecGetNextElementNode(cur->next);
}
}
/* if there is something left than it's an error */
if(cur != NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_UNEXPECTED_NODE,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
/* now read the encryption method node */
xmlSecAssert2(encCtx->encMethod == NULL, -1);
if(encCtx->encMethodNode != NULL) {
encCtx->encMethod = xmlSecTransformCtxNodeRead(&(encCtx->transformCtx), encCtx->encMethodNode,
xmlSecTransformUsageEncryptionMethod);
if(encCtx->encMethod == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecTransformCtxNodeRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeGetName(encCtx->encMethodNode)));
return(-1);
}
} else if(encCtx->defEncMethodId != xmlSecTransformIdUnknown) {
encCtx->encMethod = xmlSecTransformCtxCreateAndAppend(&(encCtx->transformCtx),
encCtx->defEncMethodId);
if(encCtx->encMethod == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecTransformCtxAppend",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
} else {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_INVALID_DATA,
"encryption method not specified");
return(-1);
}
encCtx->encMethod->operation = encCtx->operation;
/* we have encryption method, find key */
ret = xmlSecTransformSetKeyReq(encCtx->encMethod, &(encCtx->keyInfoReadCtx.keyReq));
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecTransformSetKeyReq",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"transform=%s",
xmlSecErrorsSafeString(xmlSecTransformGetName(encCtx->encMethod)));
return(-1);
}
/* TODO: KeyInfo node != NULL and encKey != NULL */
if((encCtx->encKey == NULL) && (encCtx->keyInfoReadCtx.keysMngr != NULL)
&& (encCtx->keyInfoReadCtx.keysMngr->getKey != NULL)) {
encCtx->encKey = (encCtx->keyInfoReadCtx.keysMngr->getKey)(encCtx->keyInfoNode,
&(encCtx->keyInfoReadCtx));
}
/* check that we have exactly what we want */
if((encCtx->encKey == NULL) ||
(!xmlSecKeyMatch(encCtx->encKey, NULL, &(encCtx->keyInfoReadCtx.keyReq)))) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_KEY_NOT_FOUND,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
/* set the key to the transform */
ret = xmlSecTransformSetKey(encCtx->encMethod, encCtx->encKey);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecTransformSetKey",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"transform=%s",
xmlSecErrorsSafeString(xmlSecTransformGetName(encCtx->encMethod)));
return(-1);
}
/* if we need to write result to xml node then we need base64 encode it */
if((encCtx->operation == xmlSecTransformOperationEncrypt) && (encCtx->cipherValueNode != NULL)) {
xmlSecTransformPtr base64Encode;
/* we need to add base64 encode transform */
base64Encode = xmlSecTransformCtxCreateAndAppend(&(encCtx->transformCtx), xmlSecTransformBase64Id);
if(base64Encode == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecTransformCtxCreateAndAppend",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
base64Encode->operation = xmlSecTransformOperationEncode;
encCtx->resultBase64Encoded = 1;
}
return(0);
}
/**
* xmlSecEncCtxDecryptToBuffer:
* @encCtx: the pointer to <enc:EncryptedData/> processing context.
* @node: the pointer to <enc:EncryptedData/> node.
*
* Decrypts @node data to the @encCtx buffer.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
xmlSecBufferPtr
xmlSecEncCtxDecryptToBuffer(xmlSecEncCtxPtr encCtx, xmlNodePtr node) {
int ret;
xmlSecAssert2(encCtx != NULL, NULL);
xmlSecAssert2(encCtx->result == NULL, NULL);
xmlSecAssert2(node != NULL, NULL);
/* initialize context and add ID atributes to the list of known ids */
encCtx->operation = xmlSecTransformOperationDecrypt;
xmlSecAddIDs(node->doc, node, xmlSecEncIds);
ret = xmlSecEncCtxEncDataNodeRead(encCtx, node);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecEncCtxEncDataNodeRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
/* decrypt the data */
if(encCtx->cipherValueNode != NULL) {
xmlChar* data = NULL;
xmlSecSize dataSize = 0;
data = xmlNodeGetContent(encCtx->cipherValueNode);
if(data == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
xmlSecErrorsSafeString(xmlSecNodeGetName(encCtx->cipherValueNode)),
XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
dataSize = xmlStrlen(data);
ret = xmlSecTransformCtxBinaryExecute(&(encCtx->transformCtx), data, dataSize);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecTransformCtxBinaryExecute",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
if(data != NULL) {
xmlFree(data);
}
return(NULL);
}
if(data != NULL) {
xmlFree(data);
}
} else {
ret = xmlSecTransformCtxExecute(&(encCtx->transformCtx), node->doc);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecTransformCtxBinaryExecute",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
}
encCtx->result = encCtx->transformCtx.result;
xmlSecAssert2(encCtx->result != NULL, NULL);
return(encCtx->result);
}
/**
* xmlSecEncCtxDecrypt:
* @encCtx: the pointer to <enc:EncryptedData/> processing context.
* @node: the pointer to <enc:EncryptedData/> node.
*
* Decrypts @node and if necessary replaces @node with decrypted data.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
int
xmlSecEncCtxDecrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr node) {
xmlSecBufferPtr buffer;
int ret;
xmlSecAssert2(encCtx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
/* decrypt */
buffer = xmlSecEncCtxDecryptToBuffer(encCtx, node);
if(buffer == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecEncCtxDecryptToBuffer",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
/* replace original node if requested */
if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncElement)) {
/* check if we need to return the replaced node */
if((encCtx->flags & XMLSEC_ENC_RETURN_REPLACED_NODE) != 0) {
ret = xmlSecReplaceNodeBufferAndReturn(node, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer), &(encCtx->replacedNodeList));
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecReplaceNodeBufferAndReturn",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
return(-1);
}
} else {
ret = xmlSecReplaceNodeBuffer(node, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer));
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecReplaceNodeBuffer",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
return(-1);
}
}
encCtx->resultReplaced = 1;
} else if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncContent)) {
/* replace the node with the buffer */
/* check if we need to return the replaced node */
if((encCtx->flags & XMLSEC_ENC_RETURN_REPLACED_NODE) != 0) {
ret = xmlSecReplaceNodeBufferAndReturn(node, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer), &(encCtx->replacedNodeList));
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecReplaceNodeBufferAndReturn",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
return(-1);
}
} else {
ret = xmlSecReplaceNodeBuffer(node, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer));
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecReplaceNodeBuffer",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
return(-1);
}
}
encCtx->resultReplaced = 1;
}
return(0);
}
static int
xmlSecOpenSSLRsaOaepNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecOpenSSLRsaOaepCtxPtr ctx;
xmlNodePtr cur;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(xmlSecBufferGetSize(&(ctx->oaepParams)) == 0, -1);
cur = xmlSecGetNextElementNode(node->children);
while(cur != NULL) {
if(xmlSecCheckNodeName(cur, xmlSecNodeRsaOAEPparams, xmlSecEncNs)) {
ret = xmlSecBufferBase64NodeContentRead(&(ctx->oaepParams), cur);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecBufferBase64NodeContentRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
} else if(xmlSecCheckNodeName(cur, xmlSecNodeDigestMethod, xmlSecDSigNs)) {
xmlChar* algorithm;
/* Algorithm attribute is required */
algorithm = xmlGetProp(cur, xmlSecAttrAlgorithm);
if(algorithm == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
return(-1);
}
/* for now we support only sha1 */
if(xmlStrcmp(algorithm, xmlSecHrefSha1) != 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(algorithm),
XMLSEC_ERRORS_R_INVALID_TRANSFORM,
"digest algorithm is not supported for rsa/oaep");
xmlFree(algorithm);
return(-1);
}
xmlFree(algorithm);
} else {
/* not found */
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_UNEXPECTED_NODE,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
/* next node */
cur = xmlSecGetNextElementNode(cur->next);
}
return(0);
}
/**
* xmlSecKeysMngrGetKey:
* @keyInfoNode: the pointer to <dsig:KeyInfo/> node.
* @keyInfoCtx: the pointer to <dsig:KeyInfo/> node processing context.
*
* Reads the <dsig:KeyInfo/> node @keyInfoNode and extracts the key.
*
* Returns: the pointer to key or NULL if the key is not found or
* an error occurs.
*/
xmlSecKeyPtr
xmlSecKeysMngrGetKey(xmlNodePtr keyInfoNode, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyPtr key;
int ret;
xmlSecAssert2(keyInfoCtx != NULL, NULL);
/* first try to read data from <dsig:KeyInfo/> node */
key = xmlSecKeyCreate();
if(key == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
if(keyInfoNode != NULL) {
ret = xmlSecKeyInfoNodeRead(keyInfoNode, key, keyInfoCtx);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyInfoNodeRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeGetName(keyInfoNode)));
xmlSecKeyDestroy(key);
return(NULL);
}
if((xmlSecKeyGetValue(key) != NULL) &&
(xmlSecKeyMatch(key, NULL, &(keyInfoCtx->keyReq)) != 0)) {
return(key);
}
}
xmlSecKeyDestroy(key);
/* if we have keys manager, try it */
if(keyInfoCtx->keysMngr != NULL) {
key = xmlSecKeysMngrFindKey(keyInfoCtx->keysMngr, NULL, keyInfoCtx);
if(key == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeysMngrFindKey",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
if(xmlSecKeyGetValue(key) != NULL) {
return(key);
}
xmlSecKeyDestroy(key);
}
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_KEY_NOT_FOUND,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
/**
* xmlSecKeyDataBinaryValueXmlRead:
* @id: the data klass.
* @key: the pointer to destination key.
* @node: the pointer to an XML node.
* @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
*
* Reads binary key data from @node to the key by base64 decoding the @node content.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
xmlSecKeyDataBinaryValueXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlChar* str;
xmlSecSize len;
xmlSecKeyDataPtr data;
int ret;
xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
str = xmlNodeGetContent(node);
if(str == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
/* usual trick: decode into the same buffer */
ret = xmlSecBase64Decode(str, (xmlSecByte*)str, xmlStrlen(str));
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"xmlSecBase64Decode",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlFree(str);
return(-1);
}
len = ret;
/* check do we have a key already */
data = xmlSecKeyGetValue(key);
if(data != NULL) {
xmlSecBufferPtr buffer;
if(!xmlSecKeyDataCheckId(data, id)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
XMLSEC_ERRORS_NO_MESSAGE);
xmlFree(str);
return(-1);
}
buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
if((buffer != NULL) && ((xmlSecSize)xmlSecBufferGetSize(buffer) != len)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
"cur-data-size=%d;new-data-size=%d",
xmlSecBufferGetSize(buffer), len);
xmlFree(str);
return(-1);
}
if((buffer != NULL) && (len > 0) && (memcmp(xmlSecBufferGetData(buffer), str, len) != 0)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
"key already has a different value");
xmlFree(str);
return(-1);
}
if(buffer != NULL) {
/* we already have exactly the same key */
xmlFree(str);
return(0);
}
/* we have binary key value with empty buffer */
}
data = xmlSecKeyDataCreate(id);
if(data == NULL ) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"xmlSecKeyDataCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlFree(str);
return(-1);
}
ret = xmlSecKeyDataBinaryValueSetBuffer(data, (xmlSecByte*)str, len);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"xmlSecKeyDataBinaryValueSetBuffer",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"size=%d", len);
xmlSecKeyDataDestroy(data);
xmlFree(str);
return(-1);
}
xmlFree(str);
if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"xmlSecKeyReqMatchKeyValue",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDataDestroy(data);
return(0);
}
ret = xmlSecKeySetValue(key, data);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"xmlSecKeySetValue",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDataDestroy(data);
return(-1);
}
return(0);
}
static int
xmlSecTransformXPointerNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecPtrListPtr dataList;
xmlSecXPathDataPtr data;
xmlNodePtr cur;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPointerId), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
dataList = xmlSecXPathTransformGetDataList(transform);
xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);
/* there is only one required node */
cur = xmlSecGetNextElementNode(node->children);
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPointer, xmlSecXPointerNs))) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_INVALID_NODE,
"expected=%s",
xmlSecErrorsSafeString(xmlSecNodeXPath));
return(-1);
}
/* read information from the node */
data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPointer);
if(data == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecXPathDataCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
ret = xmlSecXPathDataNodeRead(data, cur);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecXPathDataNodeRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecXPathDataDestroy(data);
return(-1);
}
/* append it to the list */
ret = xmlSecPtrListAdd(dataList, data);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecPtrListAdd",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecXPathDataDestroy(data);
return(-1);
}
/* set correct node set type and operation */
data->nodeSetOp = xmlSecNodeSetIntersection;
data->nodeSetType = xmlSecNodeSetTree;
/* check that we have nothing else */
cur = xmlSecGetNextElementNode(cur->next);
if(cur != NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_UNEXPECTED_NODE,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
/**
* xmlSecSimpleKeysStoreLoad:
* @store: the pointer to simple keys store.
* @uri: the filename.
* @keysMngr: the pointer to associated keys manager.
*
* Reads keys from an XML file.
*
* Returns 0 on success or a negative value if an error occurs.
*/
int
xmlSecSimpleKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
xmlSecKeysMngrPtr keysMngr) {
xmlDocPtr doc;
xmlNodePtr root;
xmlNodePtr cur;
xmlSecKeyPtr key;
xmlSecKeyInfoCtx keyInfoCtx;
int ret;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecSimpleKeysStoreId), -1);
xmlSecAssert2(uri != NULL, -1);
doc = xmlParseFile(uri);
if(doc == NULL) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlParseFile",
XMLSEC_ERRORS_R_XML_FAILED,
"uri=%s",
xmlSecErrorsSafeString(uri));
return(-1);
}
root = xmlDocGetRootElement(doc);
if(!xmlSecCheckNodeName(root, BAD_CAST "Keys", xmlSecNs)) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
xmlSecErrorsSafeString(xmlSecNodeGetName(root)),
XMLSEC_ERRORS_R_INVALID_NODE,
"expected-node=<xmlsec:Keys>");
xmlFreeDoc(doc);
return(-1);
}
cur = xmlSecGetNextElementNode(root->children);
while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs)) {
key = xmlSecKeyCreate();
if(key == NULL) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_INVALID_NODE,
"expected-node=%s",
xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
xmlFreeDoc(doc);
return(-1);
}
ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecKeyInfoCtxInitialize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDestroy(key);
xmlFreeDoc(doc);
return(-1);
}
keyInfoCtx.mode = xmlSecKeyInfoModeRead;
keyInfoCtx.keysMngr = keysMngr;
keyInfoCtx.flags = XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND |
XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
keyInfoCtx.keyReq.keyType = xmlSecKeyDataTypeAny;
keyInfoCtx.keyReq.keyUsage= xmlSecKeyDataUsageAny;
ret = xmlSecKeyInfoNodeRead(cur, key, &keyInfoCtx);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecKeyInfoNodeRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
xmlSecKeyDestroy(key);
xmlFreeDoc(doc);
return(-1);
}
xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
if(xmlSecKeyIsValid(key)) {
ret = xmlSecSimpleKeysStoreAdoptKey(store, key);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecSimpleKeysStoreAdoptKey",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDestroy(key);
xmlFreeDoc(doc);
return(-1);
}
} else {
/* we have an unknown key in our file, just ignore it */
xmlSecKeyDestroy(key);
}
cur = xmlSecGetNextElementNode(cur->next);
}
if(cur != NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_UNEXPECTED_NODE,
XMLSEC_ERRORS_NO_MESSAGE);
xmlFreeDoc(doc);
return(-1);
}
xmlFreeDoc(doc);
return(0);
}
/**
* xmlSecEncCtxXmlEncrypt:
* @encCtx: the pointer to <enc:EncryptedData/> processing context.
* @tmpl: the pointer to <enc:EncryptedData/> template node.
* @node: the pointer to node for encryption.
*
* Encrypts @node according to template @tmpl. If requested, @node is replaced
* with result <enc:EncryptedData/> node.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
int
xmlSecEncCtxXmlEncrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr tmpl, xmlNodePtr node) {
xmlOutputBufferPtr output;
int ret;
xmlSecAssert2(encCtx != NULL, -1);
xmlSecAssert2(encCtx->result == NULL, -1);
xmlSecAssert2(tmpl != NULL, -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(node->doc != NULL, -1);
/* initialize context and add ID atributes to the list of known ids */
encCtx->operation = xmlSecTransformOperationEncrypt;
xmlSecAddIDs(tmpl->doc, tmpl, xmlSecEncIds);
/* read the template and set encryption method, key, etc. */
ret = xmlSecEncCtxEncDataNodeRead(encCtx, tmpl);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecEncCtxEncDataNodeRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
ret = xmlSecTransformCtxPrepare(&(encCtx->transformCtx), xmlSecTransformDataTypeBin);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecTransformCtxPrepare",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"type=bin");
return(-1);
}
xmlSecAssert2(encCtx->transformCtx.first != NULL, -1);
output = xmlSecTransformCreateOutputBuffer(encCtx->transformCtx.first,
&(encCtx->transformCtx));
if(output == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(encCtx->transformCtx.first)),
"xmlSecTransformCreateOutputBuffer",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
/* push data thru */
if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncElement)) {
/* get the content of the node */
xmlNodeDumpOutput(output, node->doc, node, 0, 0, NULL);
} else if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncContent)) {
xmlNodePtr cur;
/* get the content of the nodes childs */
for(cur = node->children; cur != NULL; cur = cur->next) {
xmlNodeDumpOutput(output, node->doc, cur, 0, 0, NULL);
}
} else {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_INVALID_TYPE,
"type=%s",
xmlSecErrorsSafeString(encCtx->type));
xmlOutputBufferClose(output);
return(-1);
}
/* close the buffer and flush everything */
ret = xmlOutputBufferClose(output);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlOutputBufferClose",
XMLSEC_ERRORS_R_XML_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
encCtx->result = encCtx->transformCtx.result;
xmlSecAssert2(encCtx->result != NULL, -1);
ret = xmlSecEncCtxEncDataNodeWrite(encCtx);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecEncCtxEncDataNodeWrite",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
/* now we need to update our original document */
if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncElement)) {
/* check if we need to return the replaced node */
if((encCtx->flags & XMLSEC_ENC_RETURN_REPLACED_NODE) != 0) {
ret = xmlSecReplaceNodeAndReturn(node, tmpl, &(encCtx->replacedNodeList));
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecReplaceNode",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
return(-1);
}
} else {
ret = xmlSecReplaceNode(node, tmpl);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecReplaceNode",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
return(-1);
}
}
encCtx->resultReplaced = 1;
} else if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncContent)) {
/* check if we need to return the replaced node */
if((encCtx->flags & XMLSEC_ENC_RETURN_REPLACED_NODE) != 0) {
ret = xmlSecReplaceContentAndReturn(node, tmpl, &(encCtx->replacedNodeList));
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecReplaceContentAndReturn",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
return(-1);
}
} else {
ret = xmlSecReplaceContent(node, tmpl);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecReplaceContent",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
return(-1);
}
}
encCtx->resultReplaced = 1;
} else {
/* we should've catached this error before */
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_INVALID_TYPE,
"type=%s",
xmlSecErrorsSafeString(encCtx->type));
return(-1);
}
return(0);
}
