static int xmlSecEncCtxCipherDataNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { xmlNodePtr cur; int ret; xmlSecAssert2(encCtx != NULL, -1); xmlSecAssert2(node != NULL, -1); cur = xmlSecGetNextElementNode(node->children); /* we either have CipherValue or CipherReference node */ xmlSecAssert2(encCtx->cipherValueNode == NULL, -1); if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeCipherValue, xmlSecEncNs))) { /* don't need data from CipherData node when we are encrypting */ if(encCtx->operation == xmlSecTransformOperationDecrypt) { xmlSecTransformPtr base64Decode; /* we need to add base64 decode transform */ base64Decode = xmlSecTransformCtxCreateAndPrepend(&(encCtx->transformCtx), xmlSecTransformBase64Id); if(base64Decode == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecTransformCtxCreateAndPrepend", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } } encCtx->cipherValueNode = cur; cur = xmlSecGetNextElementNode(cur->next); } else if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeCipherReference, xmlSecEncNs))) { /* don't need data from CipherReference node when we are encrypting */ if(encCtx->operation == xmlSecTransformOperationDecrypt) { ret = xmlSecEncCtxCipherReferenceNodeRead(encCtx, cur); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecEncCtxCipherReferenceNodeRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); return(-1); } } cur = xmlSecGetNextElementNode(cur->next); } if(cur != NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_UNEXPECTED_NODE, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } return(0); }
static int xmlSecEncCtxCipherReferenceNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { xmlNodePtr cur; xmlChar* uri; int ret; xmlSecAssert2(encCtx != NULL, -1); xmlSecAssert2(node != NULL, -1); /* first read the optional uri attr and check that we can process it */ uri = xmlGetProp(node, xmlSecAttrURI); ret = xmlSecTransformCtxSetUri(&(encCtx->transformCtx), uri, node); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecTransformCtxSetUri", XMLSEC_ERRORS_R_XMLSEC_FAILED, "uri=%s", xmlSecErrorsSafeString(uri)); xmlFree(uri); return(-1); } xmlFree(uri); cur = xmlSecGetNextElementNode(node->children); /* the only one node is optional Transforms node */ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeTransforms, xmlSecEncNs))) { ret = xmlSecTransformCtxNodesListRead(&(encCtx->transformCtx), cur, xmlSecTransformUsageDSigTransform); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecTransformCtxNodesListRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(encCtx->encMethodNode))); return(-1); } cur = xmlSecGetNextElementNode(cur->next); } /* if there is something left than it's an error */ if(cur != NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_UNEXPECTED_NODE, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } return(0); }
/** * xmlSecGCryptHmacNodeRead: * * HMAC (http://www.w3.org/TR/xmldsig-core/#sec-HMAC): * * The HMAC algorithm (RFC2104 [HMAC]) takes the truncation length in bits * as a parameter; if the parameter is not specified then all the bits of the * hash are output. An example of an HMAC SignatureMethod element: * <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"> * <HMACOutputLength>128</HMACOutputLength> * </SignatureMethod> * * Schema Definition: * * <simpleType name="HMACOutputLengthType"> * <restriction base="integer"/> * </simpleType> * * DTD: * * <!ELEMENT HMACOutputLength (#PCDATA)> */ static int xmlSecGCryptHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { xmlSecGCryptHmacCtxPtr ctx; xmlNodePtr cur; xmlSecAssert2(xmlSecGCryptHmacCheckId(transform), -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptHmacSize), -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); ctx = xmlSecGCryptHmacGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); cur = xmlSecGetNextElementNode(node->children); if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) { xmlChar *content; content = xmlNodeGetContent(cur); if(content != NULL) { ctx->dgstSize = atoi((char*)content); xmlFree(content); } /* Ensure that HMAC length is greater than min specified. Otherwise, an attacker can set this length to 0 or very small value */ if((int)ctx->dgstSize < xmlSecGCryptHmacGetMinOutputLength()) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, "HMAC output length is too small"); return(-1); } cur = xmlSecGetNextElementNode(cur->next); } if(cur != NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_INVALID_NODE, "no nodes expected"); return(-1); } return(0); }
static int xmlSecXPathDataNodeRead(xmlSecXPathDataPtr data, xmlNodePtr node) { int ret; xmlSecAssert2(data != NULL, -1); xmlSecAssert2(data->expr == NULL, -1); xmlSecAssert2(data->ctx != NULL, -1); xmlSecAssert2(node != NULL, -1); ret = xmlSecXPathDataRegisterNamespaces (data, node); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecXPathDataRegisterNamespaces", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } /* read node content and set expr */ data->expr = xmlNodeGetContent(node); if(data->expr == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, xmlSecErrorsSafeString(xmlSecNodeGetName(node)), XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } return(0); }
static int xmlSecRelationshipReadNode(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { xmlSecRelationshipCtxPtr ctx; xmlNodePtr cur; int ret; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformRelationshipId), -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecRelationshipSize), -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); ctx = xmlSecRelationshipGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); cur = node->children; while(cur != NULL) { if(xmlSecCheckNodeName(cur, xmlSecNodeRelationshipReference, xmlSecRelationshipReferenceNs)) { xmlChar* sourceId; sourceId = xmlGetProp(cur, xmlSecRelationshipAttrSourceId); if(sourceId == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, "xmlGetProp", xmlSecErrorsSafeString(xmlSecRelationshipAttrSourceId), XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(node))); return(-1); } ret = xmlSecPtrListAdd(ctx->sourceIdList, sourceId); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecPtrListAdd", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlFree(sourceId); return(-1); } } cur = cur->next; } return(0); }
static int xmlSecOpenSSLHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { xmlSecOpenSSLHmacCtxPtr ctx; xmlNodePtr cur; xmlSecAssert2(xmlSecOpenSSLHmacCheckId(transform), -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1); xmlSecAssert2(node!= NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); ctx = xmlSecOpenSSLHmacGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); cur = xmlSecGetNextElementNode(node->children); if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) { xmlChar *content; content = xmlNodeGetContent(cur); if(content != NULL) { ctx->dgstSize = atoi((char*)content); xmlFree(content); } /* todo: error if dgstSize == 0 ?*/ cur = xmlSecGetNextElementNode(cur->next); } if(cur != NULL) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_UNEXPECTED_NODE, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } return(0); }
static int xmlSecTransformXPath2NodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { xmlSecPtrListPtr dataList; xmlSecXPathDataPtr data; xmlNodePtr cur; xmlChar* op; int ret; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPath2Id), -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); dataList = xmlSecXPathTransformGetDataList(transform); xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1); xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1); /* There are only xpath nodes */ cur = xmlSecGetNextElementNode(node->children); while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeXPath2, xmlSecXPath2Ns)) { /* read information from the node */ data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath2); if(data == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecXPathDataCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } ret = xmlSecXPathDataNodeRead(data, cur); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecXPathDataNodeRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecXPathDataDestroy(data); return(-1); } /* append it to the list */ ret = xmlSecPtrListAdd(dataList, data); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecPtrListAdd", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecXPathDataDestroy(data); return(-1); } /* set correct node set type and operation */ data->nodeSetType = xmlSecNodeSetTree; op = xmlGetProp(cur, xmlSecAttrFilter); if(op == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecAttrFilter), XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); return(-1); } if(xmlStrEqual(op, xmlSecXPath2FilterIntersect)) { data->nodeSetOp = xmlSecNodeSetIntersection; } else if(xmlStrEqual(op, xmlSecXPath2FilterSubtract)) { data->nodeSetOp = xmlSecNodeSetSubtraction; } else if(xmlStrEqual(op, xmlSecXPath2FilterUnion)) { data->nodeSetOp = xmlSecNodeSetUnion; } else { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecAttrFilter), XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, "filter=%s", xmlSecErrorsSafeString(op)); xmlFree(op); return(-1); } xmlFree(op); cur = xmlSecGetNextElementNode(cur->next); } /* check that we have nothing else */ if(cur != NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_UNEXPECTED_NODE, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } return(0); }
static int xmlSecTransformXPathNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { xmlSecPtrListPtr dataList; xmlSecXPathDataPtr data; xmlNodePtr cur; xmlChar* tmp; int ret; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPathId), -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); dataList = xmlSecXPathTransformGetDataList(transform); xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1); xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1); /* there is only one required node */ cur = xmlSecGetNextElementNode(node->children); if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPath, xmlSecDSigNs))) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_INVALID_NODE, "expected=%s", xmlSecErrorsSafeString(xmlSecNodeXPath)); return(-1); } /* read information from the node */ data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath); if(data == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecXPathDataCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } ret = xmlSecXPathDataNodeRead(data, cur); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecXPathDataNodeRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecXPathDataDestroy(data); return(-1); } /* append it to the list */ ret = xmlSecPtrListAdd(dataList, data); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecPtrListAdd", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecXPathDataDestroy(data); return(-1); } /* create full XPath expression */ xmlSecAssert2(data->expr != NULL, -1); tmp = (xmlChar*) xmlMalloc(sizeof(xmlChar) * (xmlStrlen(data->expr) + strlen(xpathPattern) + 1)); if(tmp == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "size=%d", (int)(xmlStrlen(data->expr) + strlen(xpathPattern) + 1)); return(-1); } sprintf((char*)tmp, xpathPattern, (char*)data->expr); xmlFree(data->expr); data->expr = tmp; /* set correct node set type and operation */ data->nodeSetOp = xmlSecNodeSetIntersection; data->nodeSetType = xmlSecNodeSetNormal; /* check that we have nothing else */ cur = xmlSecGetNextElementNode(cur->next); if(cur != NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_UNEXPECTED_NODE, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } return(0); }
static int xmlSecEncCtxEncDataNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { xmlNodePtr cur; int ret; xmlSecAssert2(encCtx != NULL, -1); xmlSecAssert2((encCtx->operation == xmlSecTransformOperationEncrypt) || (encCtx->operation == xmlSecTransformOperationDecrypt), -1); xmlSecAssert2(node != NULL, -1); switch(encCtx->mode) { case xmlEncCtxModeEncryptedData: if(!xmlSecCheckNodeName(node, xmlSecNodeEncryptedData, xmlSecEncNs)) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, xmlSecErrorsSafeString(xmlSecNodeGetName(node)), XMLSEC_ERRORS_R_INVALID_NODE, "expected=%s", xmlSecErrorsSafeString(xmlSecNodeEncryptedData)); return(-1); } break; case xmlEncCtxModeEncryptedKey: if(!xmlSecCheckNodeName(node, xmlSecNodeEncryptedKey, xmlSecEncNs)) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, xmlSecErrorsSafeString(xmlSecNodeGetName(node)), XMLSEC_ERRORS_R_INVALID_NODE, "expected=%s", xmlSecErrorsSafeString(xmlSecNodeEncryptedKey)); return(-1); } break; } /* first read node data */ xmlSecAssert2(encCtx->id == NULL, -1); xmlSecAssert2(encCtx->type == NULL, -1); xmlSecAssert2(encCtx->mimeType == NULL, -1); xmlSecAssert2(encCtx->encoding == NULL, -1); xmlSecAssert2(encCtx->recipient == NULL, -1); xmlSecAssert2(encCtx->carriedKeyName == NULL, -1); encCtx->id = xmlGetProp(node, xmlSecAttrId); encCtx->type = xmlGetProp(node, xmlSecAttrType); encCtx->mimeType = xmlGetProp(node, xmlSecAttrMimeType); encCtx->encoding = xmlGetProp(node, xmlSecAttrEncoding); if(encCtx->mode == xmlEncCtxModeEncryptedKey) { encCtx->recipient = xmlGetProp(node, xmlSecAttrRecipient); /* todo: check recipient? */ } cur = xmlSecGetNextElementNode(node->children); /* first node is optional EncryptionMethod, we'll read it later */ xmlSecAssert2(encCtx->encMethodNode == NULL, -1); if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeEncryptionMethod, xmlSecEncNs))) { encCtx->encMethodNode = cur; cur = xmlSecGetNextElementNode(cur->next); } /* next node is optional KeyInfo, we'll process it later */ xmlSecAssert2(encCtx->keyInfoNode == NULL, -1); if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs))) { encCtx->keyInfoNode = cur; cur = xmlSecGetNextElementNode(cur->next); } /* next is required CipherData node */ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeCipherData, xmlSecEncNs))) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_INVALID_NODE, "node=%s", xmlSecErrorsSafeString(xmlSecNodeCipherData)); return(-1); } ret = xmlSecEncCtxCipherDataNodeRead(encCtx, cur); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecEncCtxCipherDataNodeRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } cur = xmlSecGetNextElementNode(cur->next); /* next is optional EncryptionProperties node (we simply ignore it) */ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeEncryptionProperties, xmlSecEncNs))) { cur = xmlSecGetNextElementNode(cur->next); } /* there are more possible nodes for the <EncryptedKey> node */ if(encCtx->mode == xmlEncCtxModeEncryptedKey) { /* next is optional ReferenceList node (we simply ignore it) */ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeReferenceList, xmlSecEncNs))) { cur = xmlSecGetNextElementNode(cur->next); } /* next is optional CarriedKeyName node (we simply ignore it) */ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeCarriedKeyName, xmlSecEncNs))) { encCtx->carriedKeyName = xmlNodeGetContent(cur); if(encCtx->carriedKeyName == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, "node=%s", xmlSecErrorsSafeString(xmlSecNodeCipherData)); return(-1); } /* TODO: decode the name? */ cur = xmlSecGetNextElementNode(cur->next); } } /* if there is something left than it's an error */ if(cur != NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_UNEXPECTED_NODE, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } /* now read the encryption method node */ xmlSecAssert2(encCtx->encMethod == NULL, -1); if(encCtx->encMethodNode != NULL) { encCtx->encMethod = xmlSecTransformCtxNodeRead(&(encCtx->transformCtx), encCtx->encMethodNode, xmlSecTransformUsageEncryptionMethod); if(encCtx->encMethod == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecTransformCtxNodeRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(encCtx->encMethodNode))); return(-1); } } else if(encCtx->defEncMethodId != xmlSecTransformIdUnknown) { encCtx->encMethod = xmlSecTransformCtxCreateAndAppend(&(encCtx->transformCtx), encCtx->defEncMethodId); if(encCtx->encMethod == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecTransformCtxAppend", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } } else { xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_DATA, "encryption method not specified"); return(-1); } encCtx->encMethod->operation = encCtx->operation; /* we have encryption method, find key */ ret = xmlSecTransformSetKeyReq(encCtx->encMethod, &(encCtx->keyInfoReadCtx.keyReq)); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecTransformSetKeyReq", XMLSEC_ERRORS_R_XMLSEC_FAILED, "transform=%s", xmlSecErrorsSafeString(xmlSecTransformGetName(encCtx->encMethod))); return(-1); } /* TODO: KeyInfo node != NULL and encKey != NULL */ if((encCtx->encKey == NULL) && (encCtx->keyInfoReadCtx.keysMngr != NULL) && (encCtx->keyInfoReadCtx.keysMngr->getKey != NULL)) { encCtx->encKey = (encCtx->keyInfoReadCtx.keysMngr->getKey)(encCtx->keyInfoNode, &(encCtx->keyInfoReadCtx)); } /* check that we have exactly what we want */ if((encCtx->encKey == NULL) || (!xmlSecKeyMatch(encCtx->encKey, NULL, &(encCtx->keyInfoReadCtx.keyReq)))) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_KEY_NOT_FOUND, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } /* set the key to the transform */ ret = xmlSecTransformSetKey(encCtx->encMethod, encCtx->encKey); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecTransformSetKey", XMLSEC_ERRORS_R_XMLSEC_FAILED, "transform=%s", xmlSecErrorsSafeString(xmlSecTransformGetName(encCtx->encMethod))); return(-1); } /* if we need to write result to xml node then we need base64 encode it */ if((encCtx->operation == xmlSecTransformOperationEncrypt) && (encCtx->cipherValueNode != NULL)) { xmlSecTransformPtr base64Encode; /* we need to add base64 encode transform */ base64Encode = xmlSecTransformCtxCreateAndAppend(&(encCtx->transformCtx), xmlSecTransformBase64Id); if(base64Encode == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecTransformCtxCreateAndAppend", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } base64Encode->operation = xmlSecTransformOperationEncode; encCtx->resultBase64Encoded = 1; } return(0); }
/** * xmlSecEncCtxDecryptToBuffer: * @encCtx: the pointer to <enc:EncryptedData/> processing context. * @node: the pointer to <enc:EncryptedData/> node. * * Decrypts @node data to the @encCtx buffer. * * Returns: 0 on success or a negative value if an error occurs. */ xmlSecBufferPtr xmlSecEncCtxDecryptToBuffer(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { int ret; xmlSecAssert2(encCtx != NULL, NULL); xmlSecAssert2(encCtx->result == NULL, NULL); xmlSecAssert2(node != NULL, NULL); /* initialize context and add ID atributes to the list of known ids */ encCtx->operation = xmlSecTransformOperationDecrypt; xmlSecAddIDs(node->doc, node, xmlSecEncIds); ret = xmlSecEncCtxEncDataNodeRead(encCtx, node); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecEncCtxEncDataNodeRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } /* decrypt the data */ if(encCtx->cipherValueNode != NULL) { xmlChar* data = NULL; xmlSecSize dataSize = 0; data = xmlNodeGetContent(encCtx->cipherValueNode); if(data == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, xmlSecErrorsSafeString(xmlSecNodeGetName(encCtx->cipherValueNode)), XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } dataSize = xmlStrlen(data); ret = xmlSecTransformCtxBinaryExecute(&(encCtx->transformCtx), data, dataSize); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecTransformCtxBinaryExecute", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); if(data != NULL) { xmlFree(data); } return(NULL); } if(data != NULL) { xmlFree(data); } } else { ret = xmlSecTransformCtxExecute(&(encCtx->transformCtx), node->doc); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecTransformCtxBinaryExecute", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } } encCtx->result = encCtx->transformCtx.result; xmlSecAssert2(encCtx->result != NULL, NULL); return(encCtx->result); }
/** * xmlSecEncCtxDecrypt: * @encCtx: the pointer to <enc:EncryptedData/> processing context. * @node: the pointer to <enc:EncryptedData/> node. * * Decrypts @node and if necessary replaces @node with decrypted data. * * Returns: 0 on success or a negative value if an error occurs. */ int xmlSecEncCtxDecrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { xmlSecBufferPtr buffer; int ret; xmlSecAssert2(encCtx != NULL, -1); xmlSecAssert2(node != NULL, -1); /* decrypt */ buffer = xmlSecEncCtxDecryptToBuffer(encCtx, node); if(buffer == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecEncCtxDecryptToBuffer", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } /* replace original node if requested */ if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncElement)) { /* check if we need to return the replaced node */ if((encCtx->flags & XMLSEC_ENC_RETURN_REPLACED_NODE) != 0) { ret = xmlSecReplaceNodeBufferAndReturn(node, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer), &(encCtx->replacedNodeList)); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecReplaceNodeBufferAndReturn", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(node))); return(-1); } } else { ret = xmlSecReplaceNodeBuffer(node, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer)); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecReplaceNodeBuffer", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(node))); return(-1); } } encCtx->resultReplaced = 1; } else if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncContent)) { /* replace the node with the buffer */ /* check if we need to return the replaced node */ if((encCtx->flags & XMLSEC_ENC_RETURN_REPLACED_NODE) != 0) { ret = xmlSecReplaceNodeBufferAndReturn(node, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer), &(encCtx->replacedNodeList)); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecReplaceNodeBufferAndReturn", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(node))); return(-1); } } else { ret = xmlSecReplaceNodeBuffer(node, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer)); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecReplaceNodeBuffer", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(node))); return(-1); } } encCtx->resultReplaced = 1; } return(0); }
static int xmlSecOpenSSLRsaOaepNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { xmlSecOpenSSLRsaOaepCtxPtr ctx; xmlNodePtr cur; int ret; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); ctx = xmlSecOpenSSLRsaOaepGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); xmlSecAssert2(xmlSecBufferGetSize(&(ctx->oaepParams)) == 0, -1); cur = xmlSecGetNextElementNode(node->children); while(cur != NULL) { if(xmlSecCheckNodeName(cur, xmlSecNodeRsaOAEPparams, xmlSecEncNs)) { ret = xmlSecBufferBase64NodeContentRead(&(ctx->oaepParams), cur); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecBufferBase64NodeContentRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } } else if(xmlSecCheckNodeName(cur, xmlSecNodeDigestMethod, xmlSecDSigNs)) { xmlChar* algorithm; /* Algorithm attribute is required */ algorithm = xmlGetProp(cur, xmlSecAttrAlgorithm); if(algorithm == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecAttrAlgorithm), XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); return(-1); } /* for now we support only sha1 */ if(xmlStrcmp(algorithm, xmlSecHrefSha1) != 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(algorithm), XMLSEC_ERRORS_R_INVALID_TRANSFORM, "digest algorithm is not supported for rsa/oaep"); xmlFree(algorithm); return(-1); } xmlFree(algorithm); } else { /* not found */ xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_UNEXPECTED_NODE, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } /* next node */ cur = xmlSecGetNextElementNode(cur->next); } return(0); }
/** * xmlSecKeysMngrGetKey: * @keyInfoNode: the pointer to <dsig:KeyInfo/> node. * @keyInfoCtx: the pointer to <dsig:KeyInfo/> node processing context. * * Reads the <dsig:KeyInfo/> node @keyInfoNode and extracts the key. * * Returns: the pointer to key or NULL if the key is not found or * an error occurs. */ xmlSecKeyPtr xmlSecKeysMngrGetKey(xmlNodePtr keyInfoNode, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyPtr key; int ret; xmlSecAssert2(keyInfoCtx != NULL, NULL); /* first try to read data from <dsig:KeyInfo/> node */ key = xmlSecKeyCreate(); if(key == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecKeyCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } if(keyInfoNode != NULL) { ret = xmlSecKeyInfoNodeRead(keyInfoNode, key, keyInfoCtx); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecKeyInfoNodeRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(keyInfoNode))); xmlSecKeyDestroy(key); return(NULL); } if((xmlSecKeyGetValue(key) != NULL) && (xmlSecKeyMatch(key, NULL, &(keyInfoCtx->keyReq)) != 0)) { return(key); } } xmlSecKeyDestroy(key); /* if we have keys manager, try it */ if(keyInfoCtx->keysMngr != NULL) { key = xmlSecKeysMngrFindKey(keyInfoCtx->keysMngr, NULL, keyInfoCtx); if(key == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecKeysMngrFindKey", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } if(xmlSecKeyGetValue(key) != NULL) { return(key); } xmlSecKeyDestroy(key); } xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_KEY_NOT_FOUND, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); }
/** * xmlSecKeyDataBinaryValueXmlRead: * @id: the data klass. * @key: the pointer to destination key. * @node: the pointer to an XML node. * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context. * * Reads binary key data from @node to the key by base64 decoding the @node content. * * Returns: 0 on success or a negative value otherwise. */ int xmlSecKeyDataBinaryValueXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlChar* str; xmlSecSize len; xmlSecKeyDataPtr data; int ret; xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1); xmlSecAssert2(key != NULL, -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(keyInfoCtx != NULL, -1); str = xmlNodeGetContent(node); if(str == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), xmlSecErrorsSafeString(xmlSecNodeGetName(node)), XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } /* usual trick: decode into the same buffer */ ret = xmlSecBase64Decode(str, (xmlSecByte*)str, xmlStrlen(str)); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "xmlSecBase64Decode", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlFree(str); return(-1); } len = ret; /* check do we have a key already */ data = xmlSecKeyGetValue(key); if(data != NULL) { xmlSecBufferPtr buffer; if(!xmlSecKeyDataCheckId(data, id)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST, XMLSEC_ERRORS_NO_MESSAGE); xmlFree(str); return(-1); } buffer = xmlSecKeyDataBinaryValueGetBuffer(data); if((buffer != NULL) && ((xmlSecSize)xmlSecBufferGetSize(buffer) != len)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST, "cur-data-size=%d;new-data-size=%d", xmlSecBufferGetSize(buffer), len); xmlFree(str); return(-1); } if((buffer != NULL) && (len > 0) && (memcmp(xmlSecBufferGetData(buffer), str, len) != 0)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST, "key already has a different value"); xmlFree(str); return(-1); } if(buffer != NULL) { /* we already have exactly the same key */ xmlFree(str); return(0); } /* we have binary key value with empty buffer */ } data = xmlSecKeyDataCreate(id); if(data == NULL ) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "xmlSecKeyDataCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlFree(str); return(-1); } ret = xmlSecKeyDataBinaryValueSetBuffer(data, (xmlSecByte*)str, len); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "xmlSecKeyDataBinaryValueSetBuffer", XMLSEC_ERRORS_R_XMLSEC_FAILED, "size=%d", len); xmlSecKeyDataDestroy(data); xmlFree(str); return(-1); } xmlFree(str); if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "xmlSecKeyReqMatchKeyValue", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecKeyDataDestroy(data); return(0); } ret = xmlSecKeySetValue(key, data); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "xmlSecKeySetValue", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecKeyDataDestroy(data); return(-1); } return(0); }
static int xmlSecTransformXPointerNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { xmlSecPtrListPtr dataList; xmlSecXPathDataPtr data; xmlNodePtr cur; int ret; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPointerId), -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); dataList = xmlSecXPathTransformGetDataList(transform); xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1); xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1); /* there is only one required node */ cur = xmlSecGetNextElementNode(node->children); if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPointer, xmlSecXPointerNs))) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_INVALID_NODE, "expected=%s", xmlSecErrorsSafeString(xmlSecNodeXPath)); return(-1); } /* read information from the node */ data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPointer); if(data == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecXPathDataCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } ret = xmlSecXPathDataNodeRead(data, cur); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecXPathDataNodeRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecXPathDataDestroy(data); return(-1); } /* append it to the list */ ret = xmlSecPtrListAdd(dataList, data); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecPtrListAdd", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecXPathDataDestroy(data); return(-1); } /* set correct node set type and operation */ data->nodeSetOp = xmlSecNodeSetIntersection; data->nodeSetType = xmlSecNodeSetTree; /* check that we have nothing else */ cur = xmlSecGetNextElementNode(cur->next); if(cur != NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_UNEXPECTED_NODE, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } return(0); }
/** * xmlSecSimpleKeysStoreLoad: * @store: the pointer to simple keys store. * @uri: the filename. * @keysMngr: the pointer to associated keys manager. * * Reads keys from an XML file. * * Returns 0 on success or a negative value if an error occurs. */ int xmlSecSimpleKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, xmlSecKeysMngrPtr keysMngr) { xmlDocPtr doc; xmlNodePtr root; xmlNodePtr cur; xmlSecKeyPtr key; xmlSecKeyInfoCtx keyInfoCtx; int ret; xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecSimpleKeysStoreId), -1); xmlSecAssert2(uri != NULL, -1); doc = xmlParseFile(uri); if(doc == NULL) { xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), "xmlParseFile", XMLSEC_ERRORS_R_XML_FAILED, "uri=%s", xmlSecErrorsSafeString(uri)); return(-1); } root = xmlDocGetRootElement(doc); if(!xmlSecCheckNodeName(root, BAD_CAST "Keys", xmlSecNs)) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), xmlSecErrorsSafeString(xmlSecNodeGetName(root)), XMLSEC_ERRORS_R_INVALID_NODE, "expected-node=<xmlsec:Keys>"); xmlFreeDoc(doc); return(-1); } cur = xmlSecGetNextElementNode(root->children); while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs)) { key = xmlSecKeyCreate(); if(key == NULL) { xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_INVALID_NODE, "expected-node=%s", xmlSecErrorsSafeString(xmlSecNodeKeyInfo)); xmlFreeDoc(doc); return(-1); } ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL); if(ret < 0) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), "xmlSecKeyInfoCtxInitialize", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecKeyDestroy(key); xmlFreeDoc(doc); return(-1); } keyInfoCtx.mode = xmlSecKeyInfoModeRead; keyInfoCtx.keysMngr = keysMngr; keyInfoCtx.flags = XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND | XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS; keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown; keyInfoCtx.keyReq.keyType = xmlSecKeyDataTypeAny; keyInfoCtx.keyReq.keyUsage= xmlSecKeyDataUsageAny; ret = xmlSecKeyInfoNodeRead(cur, key, &keyInfoCtx); if(ret < 0) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), "xmlSecKeyInfoNodeRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecKeyInfoCtxFinalize(&keyInfoCtx); xmlSecKeyDestroy(key); xmlFreeDoc(doc); return(-1); } xmlSecKeyInfoCtxFinalize(&keyInfoCtx); if(xmlSecKeyIsValid(key)) { ret = xmlSecSimpleKeysStoreAdoptKey(store, key); if(ret < 0) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), "xmlSecSimpleKeysStoreAdoptKey", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecKeyDestroy(key); xmlFreeDoc(doc); return(-1); } } else { /* we have an unknown key in our file, just ignore it */ xmlSecKeyDestroy(key); } cur = xmlSecGetNextElementNode(cur->next); } if(cur != NULL) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_UNEXPECTED_NODE, XMLSEC_ERRORS_NO_MESSAGE); xmlFreeDoc(doc); return(-1); } xmlFreeDoc(doc); return(0); }
/** * xmlSecEncCtxXmlEncrypt: * @encCtx: the pointer to <enc:EncryptedData/> processing context. * @tmpl: the pointer to <enc:EncryptedData/> template node. * @node: the pointer to node for encryption. * * Encrypts @node according to template @tmpl. If requested, @node is replaced * with result <enc:EncryptedData/> node. * * Returns: 0 on success or a negative value if an error occurs. */ int xmlSecEncCtxXmlEncrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr tmpl, xmlNodePtr node) { xmlOutputBufferPtr output; int ret; xmlSecAssert2(encCtx != NULL, -1); xmlSecAssert2(encCtx->result == NULL, -1); xmlSecAssert2(tmpl != NULL, -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(node->doc != NULL, -1); /* initialize context and add ID atributes to the list of known ids */ encCtx->operation = xmlSecTransformOperationEncrypt; xmlSecAddIDs(tmpl->doc, tmpl, xmlSecEncIds); /* read the template and set encryption method, key, etc. */ ret = xmlSecEncCtxEncDataNodeRead(encCtx, tmpl); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecEncCtxEncDataNodeRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } ret = xmlSecTransformCtxPrepare(&(encCtx->transformCtx), xmlSecTransformDataTypeBin); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecTransformCtxPrepare", XMLSEC_ERRORS_R_XMLSEC_FAILED, "type=bin"); return(-1); } xmlSecAssert2(encCtx->transformCtx.first != NULL, -1); output = xmlSecTransformCreateOutputBuffer(encCtx->transformCtx.first, &(encCtx->transformCtx)); if(output == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(encCtx->transformCtx.first)), "xmlSecTransformCreateOutputBuffer", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } /* push data thru */ if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncElement)) { /* get the content of the node */ xmlNodeDumpOutput(output, node->doc, node, 0, 0, NULL); } else if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncContent)) { xmlNodePtr cur; /* get the content of the nodes childs */ for(cur = node->children; cur != NULL; cur = cur->next) { xmlNodeDumpOutput(output, node->doc, cur, 0, 0, NULL); } } else { xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_TYPE, "type=%s", xmlSecErrorsSafeString(encCtx->type)); xmlOutputBufferClose(output); return(-1); } /* close the buffer and flush everything */ ret = xmlOutputBufferClose(output); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlOutputBufferClose", XMLSEC_ERRORS_R_XML_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } encCtx->result = encCtx->transformCtx.result; xmlSecAssert2(encCtx->result != NULL, -1); ret = xmlSecEncCtxEncDataNodeWrite(encCtx); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecEncCtxEncDataNodeWrite", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } /* now we need to update our original document */ if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncElement)) { /* check if we need to return the replaced node */ if((encCtx->flags & XMLSEC_ENC_RETURN_REPLACED_NODE) != 0) { ret = xmlSecReplaceNodeAndReturn(node, tmpl, &(encCtx->replacedNodeList)); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecReplaceNode", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(node))); return(-1); } } else { ret = xmlSecReplaceNode(node, tmpl); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecReplaceNode", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(node))); return(-1); } } encCtx->resultReplaced = 1; } else if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncContent)) { /* check if we need to return the replaced node */ if((encCtx->flags & XMLSEC_ENC_RETURN_REPLACED_NODE) != 0) { ret = xmlSecReplaceContentAndReturn(node, tmpl, &(encCtx->replacedNodeList)); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecReplaceContentAndReturn", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(node))); return(-1); } } else { ret = xmlSecReplaceContent(node, tmpl); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecReplaceContent", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(node))); return(-1); } } encCtx->resultReplaced = 1; } else { /* we should've catached this error before */ xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_TYPE, "type=%s", xmlSecErrorsSafeString(encCtx->type)); return(-1); } return(0); }