//Load public key from a certificate file into key manager
xmlSecKeysMngrPtr load_key_from_certfile(xmlSecKeysMngrPtr* keys_manager, const char* certfile) {
xmlSecKeysMngrPtr keys_mngr;
if((keys_manager != NULL) && (*keys_manager != NULL)) keys_mngr = *keys_manager;
else {
keys_mngr = xmlSecKeysMngrCreate();
//initialize keys manager
if (xmlSecCryptoAppDefaultKeysMngrInit(keys_mngr)<0) {
std::cerr<<"Can not initialize xmlSecKeysMngr object"<<std::endl;
xmlSecKeysMngrDestroy(keys_mngr); return NULL;
}
}
if(keys_mngr == NULL) { std::cerr<<"Can not create xmlSecKeysMngr object"<<std::endl; return NULL;}
std::string cert_str;
cert_str = get_cert_str(certfile);
xmlSecKeyPtr key = get_key_from_certstr(cert_str);
if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(keys_mngr, key) < 0) {
std::cerr<<"Failed to add key from "<<certfile<<" to keys manager"<<std::endl;
xmlSecKeyDestroy(key);
xmlSecKeysMngrDestroy(keys_mngr);
return NULL;
}
if(keys_manager != NULL) keys_manager = &keys_mngr;
return keys_mngr;
}
CAMLprim value xmlsecml_xmlSecCryptoAppDefaultKeysMngrInit(value camlKeyManager)
{
CAMLparam1(camlKeyManager);
int res;
xmlSecKeysMngrPtr keyManager = Keymngr_val(camlKeyManager);
res = xmlSecCryptoAppDefaultKeysMngrInit(keyManager);
CAMLreturn(Val_int(res));
}
/**
* load_des_keys:
* @files: the list of filenames.
* @files_size: the number of filenames in #files.
*
* Creates simple keys manager and load DES keys from #files in it.
* The caller is responsible for destroing returned keys manager using
* @xmlSecKeysMngrDestroy.
*
* Returns the pointer to newly created keys manager or NULL if an error
* occurs.
*/
xmlSecKeysMngrPtr
load_des_keys(char** files, int files_size) {
xmlSecKeysMngrPtr mngr;
xmlSecKeyPtr key;
int i;
assert(files);
assert(files_size > 0);
/* create and initialize keys manager, we use a simple list based
* keys manager, implement your own xmlSecKeysStore klass if you need
* something more sophisticated
*/
mngr = xmlSecKeysMngrCreate();
if(mngr == NULL) {
fprintf(stderr, "Error: failed to create keys manager.\n");
return(NULL);
}
if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
fprintf(stderr, "Error: failed to initialize keys manager.\n");
xmlSecKeysMngrDestroy(mngr);
return(NULL);
}
for(i = 0; i < files_size; ++i) {
assert(files[i]);
/* load DES key */
key = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, files[i]);
if(key == NULL) {
fprintf(stderr,"Error: failed to load des key from binary file \"%s\"\n", files[i]);
xmlSecKeysMngrDestroy(mngr);
return(NULL);
}
/* set key name to the file name, this is just an example! */
if(xmlSecKeySetName(key, BAD_CAST files[i]) < 0) {
fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", files[i]);
xmlSecKeyDestroy(key);
xmlSecKeysMngrDestroy(mngr);
return(NULL);
}
/* add key to keys manager, from now on keys manager is responsible
* for destroying key
*/
if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key) < 0) {
fprintf(stderr,"Error: failed to add key from \"%s\" to keys manager\n", files[i]);
xmlSecKeyDestroy(key);
xmlSecKeysMngrDestroy(mngr);
return(NULL);
}
}
return(mngr);
}
static xmlSecKeysMngrPtr getKeyManager(VALUE rb_hash) {
xmlSecKeysMngrPtr keyManager = xmlSecKeysMngrCreate();
if (keyManager == NULL) return NULL;
if (xmlSecCryptoAppDefaultKeysMngrInit(keyManager) < 0) {
rb_raise(rb_eKeystoreError, "could not initialize key manager");
xmlSecKeysMngrDestroy(keyManager);
return NULL;
}
rb_hash_foreach(rb_hash, addRubyKeyToManager, (VALUE)keyManager);
return keyManager;
}
/**Funkcja weryfikuje poprawność podpisu xades. Weryfikacja obejmuje obliczenia matematyczne
* oraz weryfikację poszczególnych pól formualarza i certyfikatu.
* \retval -109 Certyfikat poza terminem ważności.
* */
long xades_verify(const char * buffer, const long buffer_len, GenBuf_t *timestamp)
{
xmlSecKeysMngrPtr mngr = NULL;
long ret = 0;
long status = 0;
if (buffer == NULL)
{
PRINT_DEBUG("Wrong argument 1!\n");
return ERR_arg+1;
}
if (timestamp == NULL)
{
PRINT_DEBUG("Wrong argument 3!\n");
return ERR_arg+3;
}
/* Init libxml and libxslt libraries */
xades_init();
/* create keys manager and load trusted certificates */
mngr = xmlSecKeysMngrCreate();
if(mngr == NULL) {
PRINT_DEBUG( "Error: failed to create keys manager.\n");
ret = -1;
}
if (mngr != NULL) {
status = xmlSecCryptoAppDefaultKeysMngrInit(mngr);
if(status < 0) {
PRINT_DEBUG( "Error: failed to initialize keys manager: %li\n",status);
ret = -2;
} else {
status = verify_memory(mngr,buffer, buffer_len);
if (status != 0) {
PRINT_ERROR("XAdES memory verification result: %li\n",status);
ret = -4;
}
status = verify_fields(buffer, buffer_len, timestamp);
if (status < 0)
{
PRINT_ERROR("XAdES tags verification result: %li\n", status);
ret = -100+status;
}
}
}
xmlSecKeysMngrDestroy(mngr);
xades_destroy();
return ret;
}
xmlSecKeysMngrPtr load_certificates_verify() {
xmlSecKeysMngrPtr key_manager;
/* create and initialize keys manager */
key_manager = xmlSecKeysMngrCreate();
if (key_manager == NULL) {
return(NULL);
}
if (xmlSecCryptoAppDefaultKeysMngrInit(key_manager) < 0) {
xmlSecKeysMngrDestroy(key_manager);
return(NULL);
}
return(key_manager);
}
// ---------------------------------------------------------------------------
// Second phase constructor
// ---------------------------------------------------------------------------
//
void CXmlSecKeyManager::ConstructL()
{
iKeyManager = xmlSecKeysMngrCreate();
if(!iKeyManager)
{
XmlEngOOMTestL();
XmlSecErrorFlagTestL();
User::Leave(KErrKeyManagerInit);
}
if(xmlSecCryptoAppDefaultKeysMngrInit(iKeyManager) < 0)
{
xmlSecKeysMngrDestroy(iKeyManager);
iKeyManager = NULL;
XmlEngOOMTestL();
XmlSecErrorFlagTestL();
User::Leave(KErrKeyManagerInit);
}
}
static xmlSecKeysMngrPtr getKeyManager(VALUE rb_certs) {
int i, numCerts = RARRAY_LEN(rb_certs);
xmlSecKeysMngrPtr keyManager = xmlSecKeysMngrCreate();
VALUE rb_cert;
char *cert;
unsigned int certLength;
int numSuccessful = 0;
if (keyManager == NULL) return NULL;
if (xmlSecCryptoAppDefaultKeysMngrInit(keyManager) < 0) {
rb_raise(rb_eKeystoreError, "could not initialize key manager");
xmlSecKeysMngrDestroy(keyManager);
return NULL;
}
for (i = 0; i < numCerts; i++) {
rb_cert = RARRAY_PTR(rb_certs)[i];
Check_Type(rb_cert, T_STRING);
cert = RSTRING_PTR(rb_cert);
certLength = RSTRING_LEN(rb_cert);
if(xmlSecCryptoAppKeysMngrCertLoadMemory(keyManager,
(xmlSecByte *)cert,
certLength,
xmlSecKeyDataFormatPem,
xmlSecKeyDataTypeTrusted) < 0) {
rb_warn("failed to load certificate at index %d", i);
} else {
numSuccessful++;
}
}
// note, numCerts could be zero, meaning that we should use system SSL certs
if (numSuccessful == 0 && numCerts != 0) {
rb_raise(rb_eKeystoreError, "Could not load any of the specified certificates for signature verification");
xmlSecKeysMngrDestroy(keyManager);
return NULL;
}
return keyManager;
}
//Load trusted certificate from file
xmlSecKeysMngrPtr load_trusted_cert_file(xmlSecKeysMngrPtr* keys_manager, const char* cert_file) {
xmlSecKeysMngrPtr keys_mngr;
if((keys_manager != NULL) && (*keys_manager != NULL)) keys_mngr = *keys_manager;
else {
keys_mngr = xmlSecKeysMngrCreate();
//initialize keys manager
if (xmlSecCryptoAppDefaultKeysMngrInit(keys_mngr)<0) {
std::cerr<<"Can not initialize xmlSecKeysMngr object"<<std::endl;
xmlSecKeysMngrDestroy(keys_mngr); return NULL;
}
}
if(keys_mngr == NULL) { std::cerr<<"Can not create xmlSecKeysMngr object"<<std::endl; return NULL;}
//load cert from file
if(cert_file && (strlen(cert_file) != 0))
if(xmlSecCryptoAppKeysMngrCertLoad(keys_mngr, cert_file, xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
xmlSecKeysMngrDestroy(keys_mngr);
return NULL;
}
if(keys_manager != NULL) keys_manager = &keys_mngr;
return keys_mngr;
}
//Load trusted cetificates into key manager
xmlSecKeysMngrPtr load_trusted_certs(xmlSecKeysMngrPtr* keys_manager, const char* cafile, const char* capath) {
xmlSecKeysMngrPtr keys_mngr;
if((keys_manager != NULL) && (*keys_manager != NULL)) keys_mngr = *keys_manager;
else {
keys_mngr = xmlSecKeysMngrCreate();
//initialize keys manager
if (xmlSecCryptoAppDefaultKeysMngrInit(keys_mngr)<0) {
std::cerr<<"Can not initialize xmlSecKeysMngr object"<<std::endl;
xmlSecKeysMngrDestroy(keys_mngr); return NULL;
}
}
if(keys_mngr == NULL) { std::cerr<<"Can not create xmlSecKeysMngr object"<<std::endl; return NULL;}
//load ca certs into keys manager, the two method used here could not work in some old xmlsec verion,
//because of some bug about X509_FILETYPE_DEFAULT and X509_FILETYPE_PEM
//load a ca path
if(capath && (strlen(capath) != 0))
if(xmlSecOpenSSLAppKeysMngrAddCertsPath(keys_mngr, capath) < 0) {
xmlSecKeysMngrDestroy(keys_mngr);
return NULL;
}
#if 0
//load a ca file TODO: can only be used in some new version of xmlsec
if(cafile && (strlen(cafile) != 0))
if(xmlSecOpenSSLAppKeysMngrAddCertsFile(keys_mngr, cafile) < 0) {
xmlSecKeysMngrDestroy(keys_mngr);
return NULL;
}
#endif
if(cafile && (strlen(cafile) != 0))
if(xmlSecCryptoAppKeysMngrCertLoad(keys_mngr, cafile, xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
xmlSecKeysMngrDestroy(keys_mngr);
return NULL;
}
if(keys_manager != NULL) keys_manager = &keys_mngr;
return keys_mngr;
}
//Could be used for many trusted certificates in string
xmlSecKeysMngrPtr load_trusted_cert_str(xmlSecKeysMngrPtr* keys_manager, const std::string& cert_str) {
xmlSecKeysMngrPtr keys_mngr;
if((keys_manager != NULL) && (*keys_manager != NULL)) keys_mngr = *keys_manager;
else {
keys_mngr = xmlSecKeysMngrCreate();
//initialize keys manager
if (xmlSecCryptoAppDefaultKeysMngrInit(keys_mngr)<0) {
std::cerr<<"Can not initialize xmlSecKeysMngr object"<<std::endl;
xmlSecKeysMngrDestroy(keys_mngr); return NULL;
}
}
if(keys_mngr == NULL) { std::cerr<<"Can not create xmlSecKeysMngr object"<<std::endl; return NULL;}
//load cert from memory
if(!cert_str.empty())
if(xmlSecCryptoAppKeysMngrCertLoadMemory(keys_mngr, (const xmlSecByte*)(cert_str.c_str()),
(xmlSecSize)(cert_str.size()), xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
xmlSecKeysMngrDestroy(keys_mngr);
return NULL;
}
if(keys_manager != NULL) keys_manager = &keys_mngr;
return keys_mngr;
}
/**
* load_trusted_certs:
* @files: the list of filenames.
* @files_size: the number of filenames in #files.
*
* Creates simple keys manager and load trusted certificates from PEM #files.
* The caller is responsible for destroing returned keys manager using
* @xmlSecKeysMngrDestroy.
*
* Returns the pointer to newly created keys manager or NULL if an error
* occurs.
*/
xmlSecKeysMngrPtr
load_trusted_certs(char** files, int files_size) {
xmlSecKeysMngrPtr mngr;
int i;
assert(files);
assert(files_size > 0);
/* create and initialize keys manager, we use a simple list based
* keys manager, implement your own xmlSecKeysStore klass if you need
* something more sophisticated
*/
mngr = xmlSecKeysMngrCreate();
if(mngr == NULL) {
fprintf(stderr, "Error: failed to create keys manager.\n");
return(NULL);
}
if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
fprintf(stderr, "Error: failed to initialize keys manager.\n");
xmlSecKeysMngrDestroy(mngr);
return(NULL);
}
for(i = 0; i < files_size; ++i) {
assert(files[i]);
/* load trusted cert */
if(xmlSecCryptoAppKeysMngrCertLoad(mngr, files[i], xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
fprintf(stderr,"Error: failed to load pem certificate from \"%s\"\n", files[i]);
xmlSecKeysMngrDestroy(mngr);
return(NULL);
}
}
return(mngr);
}
xmlSecKeysMngrPtr load_certificates_sign(opendcp_t *opendcp) {
xmlSecKeysMngrPtr key_manager;
xmlSecKeyPtr key;
/* create and initialize keys manager */
key_manager = xmlSecKeysMngrCreate();
if (key_manager == NULL) {
fprintf(stderr, "Error: failed to create keys manager.\n");
return(NULL);
}
if (xmlSecCryptoAppDefaultKeysMngrInit(key_manager) < 0) {
fprintf(stderr, "Error: failed to initialize keys manager.\n");
xmlSecKeysMngrDestroy(key_manager);
return(NULL);
}
/* read key file */
if (opendcp->xml_signature.private_key) {
key = xmlSecCryptoAppKeyLoad(opendcp->xml_signature.private_key, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
} else {
key = xmlSecCryptoAppKeyLoadMemory(opendcp_private_key, strlen((char *)opendcp_private_key),xmlSecKeyDataFormatPem, NULL, NULL, NULL);
}
if (xmlSecCryptoAppDefaultKeysMngrAdoptKey(key_manager, key) < 0) {
fprintf(stderr, "Error: failed to initialize keys manager.\n");
xmlSecKeysMngrDestroy(key_manager);
return(NULL);
}
/* load root certificate */
if (opendcp->xml_signature.root) {
if (xmlSecCryptoAppKeysMngrCertLoad(key_manager, opendcp->xml_signature.root, xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
fprintf(stderr,"Error: failed to load pem certificate \"%s\"\n", opendcp->xml_signature.root);
xmlSecKeysMngrDestroy(key_manager);
return(NULL);
}
} else {
if (xmlSecCryptoAppKeysMngrCertLoadMemory(key_manager, opendcp_root_cert, strlen((char* )opendcp_root_cert), xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
fprintf(stderr,"Error: failed to load pem certificate from memory\n");
xmlSecKeysMngrDestroy(key_manager);
return(NULL);
}
}
/* load ca (intermediate) certificate */
if (opendcp->xml_signature.ca) {
if (xmlSecCryptoAppKeysMngrCertLoad(key_manager, opendcp->xml_signature.ca, xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
fprintf(stderr,"Error: failed to load pem certificate \"%s\"\n", opendcp->xml_signature.ca);
xmlSecKeysMngrDestroy(key_manager);
return(NULL);
}
} else {
if (xmlSecCryptoAppKeysMngrCertLoadMemory(key_manager, opendcp_ca_cert, strlen((char *)opendcp_ca_cert), xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
fprintf(stderr,"Error: failed to load pem certificate from memory\n");
xmlSecKeysMngrDestroy(key_manager);
return(NULL);
}
}
return(key_manager);
}
VALUE xmlsec_is_valid_by_x509_file(VALUE self, xmlDocPtr doc, VALUE x509_file ) {
xmlSecKeysMngrPtr mngr;
VALUE v;
xmlNodePtr node = NULL;
xmlSecDSigCtxPtr dsigCtx = NULL;
long i;
mngr = xmlSecKeysMngrCreate();
if(mngr == NULL) {
if(doc != NULL) xmlFreeDoc(doc);
rb_raise(rb_eRuntimeError, "Error: failed to create keys manager.\n");
return Qnil;
}
if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
if(doc != NULL) xmlFreeDoc(doc);
if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
rb_raise(rb_eRuntimeError, "Error: failed to initialize keys manager.\n");
return Qnil;
}
if (TYPE(x509_file) == T_STRING){
/* load trusted cert */
if(xmlSecCryptoAppKeysMngrCertLoad(mngr, StringValuePtr(x509_file), xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
if(doc != NULL) xmlFreeDoc(doc);
if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
rb_raise(rb_eRuntimeError, "Error: failed to load pem certificate from \"%s\"\n", StringValuePtr(x509_file));
return Qnil;
}
}
if (TYPE(x509_file) == T_ARRAY) {
for (i =0; i < RARRAY_LEN(x509_file); i++) {
v = rb_ary_entry(x509_file, i);
StringValue(v);
if(xmlSecCryptoAppKeysMngrCertLoad(mngr, RSTRING_PTR(v), xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
if(doc != NULL) xmlFreeDoc(doc);
if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
rb_raise(rb_eRuntimeError, "Error: failed to load pem certificate from \"%s\"\n", RSTRING_PTR(v));
return Qnil;
}
}
//rb_ary_entry
}
/* find start node */
node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
if(node == NULL) {
if(doc != NULL) xmlFreeDoc(doc);
rb_raise(rb_eRuntimeError, "Error: start node not found\n");
return Qnil;
}
/* create signature context*/
dsigCtx = xmlSecDSigCtxCreate(mngr);
if(dsigCtx == NULL) {
if(doc != NULL) xmlFreeDoc(doc);
if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
rb_raise(rb_eRuntimeError, "Error: failed to create signature context\n");
return Qnil;
}
/* limit the Reference URI attributes to empty or NULL */
dsigCtx->enabledReferenceUris = xmlSecTransformUriTypeEmpty;
/* Verify signature */
if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
if(doc != NULL) xmlFreeDoc(doc);
if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
rb_raise(rb_eRuntimeError, "Error: signature verify \"%s\"\n");
return Qnil;
}
/* verification result*/
if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
if(doc != NULL) xmlFreeDoc(doc);
if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
return Qtrue;
} else {
if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
if(doc != NULL) xmlFreeDoc(doc);
if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
return Qfalse;
}
}
int
main(int argc, char **argv) {
xmlSecKeysMngrPtr mngr;
#ifndef XMLSEC_NO_XSLT
xsltSecurityPrefsPtr xsltSecPrefs = NULL;
#endif /* XMLSEC_NO_XSLT */
/* start response */
fprintf(stdout, "Content-type: text/plain\n");
fprintf(stdout, "\n");
/* Init libxml and libxslt libraries */
xmlInitParser();
LIBXML_TEST_VERSION
xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
xmlSubstituteEntitiesDefault(1);
#ifndef XMLSEC_NO_XSLT
xmlIndentTreeOutput = 1;
#endif /* XMLSEC_NO_XSLT */
/* make sure that we print out everything to stdout */
xmlGenericErrorContext = stdout;
/* Init libxslt */
#ifndef XMLSEC_NO_XSLT
/* disable everything */
xsltSecPrefs = xsltNewSecurityPrefs();
xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
xsltSetDefaultSecurityPrefs(xsltSecPrefs);
#endif /* XMLSEC_NO_XSLT */
/* Init xmlsec library */
if(xmlSecInit() < 0) {
fprintf(stdout, "Error: xmlsec initialization failed.\n");
return(-1);
}
/* Check loaded library version */
if(xmlSecCheckVersion() != 1) {
fprintf(stdout, "Error: loaded xmlsec library version is not compatible.\n");
return(-1);
}
/* Load default crypto engine if we are supporting dynamic
* loading for xmlsec-crypto libraries. Use the crypto library
* name ("openssl", "nss", etc.) to load corresponding
* xmlsec-crypto library.
*/
#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
if(xmlSecCryptoDLLoadLibrary(NULL) < 0) {
fprintf(stdout, "Error: unable to load default xmlsec-crypto library. Make sure\n"
"that you have it installed and check shared libraries path\n"
"(LD_LIBRARY_PATH) envornment variable.\n");
return(-1);
}
#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
/* Init crypto library */
if(xmlSecCryptoAppInit(XMLDSIGVERIFY_DEFAULT_TRUSTED_CERTS_FOLDER) < 0) {
fprintf(stdout, "Error: crypto initialization failed.\n");
return(-1);
}
/* Init xmlsec-crypto library */
if(xmlSecCryptoInit() < 0) {
fprintf(stdout, "Error: xmlsec-crypto initialization failed.\n");
return(-1);
}
/* create keys manager */
mngr = xmlSecKeysMngrCreate();
if(mngr == NULL) {
fprintf(stdout, "Error: failed to create keys manager.\n");
return(-1);
}
if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
fprintf(stdout, "Error: failed to initialize keys manager.\n");
return(-1);
}
if(load_keys(mngr, XMLDSIGVERIFY_KEY_AND_CERTS_FOLDER, 0) < 0) {
xmlSecKeysMngrDestroy(mngr);
return(-1);
}
if(load_trusted_certs(mngr, XMLDSIGVERIFY_KEY_AND_CERTS_FOLDER, 0) < 0) {
xmlSecKeysMngrDestroy(mngr);
return(-1);
}
if(verify_request(mngr) < 0) {
xmlSecKeysMngrDestroy(mngr);
return(-1);
}
/* Destroy keys manager */
xmlSecKeysMngrDestroy(mngr);
/* Shutdown xmlsec-crypto library */
xmlSecCryptoShutdown();
/* Shutdown crypto library */
xmlSecCryptoAppShutdown();
/* Shutdown xmlsec library */
xmlSecShutdown();
/* Shutdown libxslt/libxml */
#ifndef XMLSEC_NO_XSLT
xsltFreeSecurityPrefs(xsltSecPrefs);
xsltCleanupGlobals();
#endif /* XMLSEC_NO_XSLT */
xmlCleanupParser();
return(0);
}
xmlSecKeysMngrPtr
load_trusted_certs(const char** files) {
const char **f;
xmlSecKeysMngrPtr mngr, mngr_test;
char valid_cert;
FILE *file;
char *pi, *pf, *data;
size_t size;
char **a, *all_files[10000];
struct stat stat_struct;
DIR *dir;
struct dirent *dir_file;
char name[10000];
assert(files);
/* Create keys manager */
mngr = xmlSecKeysMngrCreate();
if(mngr == NULL) {
fprintf(stderr, "XmlSecError: failed to create keys manager.\n");
return(NULL);
}
if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
fprintf(stderr, "XmlSecError: failed to initialize keys manager.\n");
xmlSecKeysMngrDestroy(mngr);
return(NULL);
}
/* Create a list of files scanning directories */
for (f = files, a = all_files; *f; f++) {
if (stat(*f, &stat_struct))
perror(*f);
else if (S_ISDIR(stat_struct.st_mode)) {
dir = opendir(*f);
while ((dir_file = readdir(dir))) {
sprintf(name, "%s/%s", *f, dir_file->d_name);
if (stat(name, &stat_struct))
perror(name);
else if (!(S_ISDIR(stat_struct.st_mode)))
*(a++) = strdup(name);
}
closedir(dir);
}
else
*(a++) = strdup(*f);
}
*a = NULL;
/* Open each file, read data and add the certificates to keys manager, because
* when load from file directly, just add the first certificate, then we need
* read data and add each certificate in it. Other problem is when I have a invalid
* certificate, the manager brokes, then I test with a other manager.
*/
for (a = all_files; *a; a++) {
/* Open a file and read content data */
file = fopen(*a, "r");
if (file == NULL){
perror(*a);
free(*a);
continue;
}
fseek(file, 0, SEEK_END);
size = ftell(file);
fseek(file, 0, SEEK_SET);
data = (char*)malloc(size + 1);
fread(data, size, 1, file);
fclose(file);
data[size] = '\0';
/* Set pi to start of certificate and pf to end */
pf = pi = data;
pf = strstr(pi, "-----END CERTIFICATE-----");
if (!pf) pf = pi + size;
while (pf) {
/* Test manager for test the certificate */
mngr_test = xmlSecKeysMngrCreate();
valid_cert = 1;
if(mngr_test == NULL) {
fprintf(stderr, "XmlSecError: failed to create keys manager.\n");
valid_cert = 0;
}
else if(xmlSecCryptoAppDefaultKeysMngrInit(mngr_test) < 0) {
fprintf(stderr, "XmlSecError: failed to initialize keys manager.\n");
valid_cert = 0;
}
else if (xmlSecCryptoAppKeysMngrCertLoadMemory(mngr_test, (xmlSecByte*)pi, pf - pi + 25, xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
fprintf(stderr,"XmlSecError: failed to load pem certificate from \"%s\" at %i.\n", *a, pi - data + 1);
valid_cert = 0;
}
xmlSecKeysMngrDestroy(mngr_test);
/* If certificate is valid, add this to keys manager for future use */
if (valid_cert && xmlSecCryptoAppKeysMngrCertLoadMemory(
mngr, (xmlSecByte*)pi, pf - pi + 25, xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0)
fprintf(stderr,"XmlSecError: maybe duplicate pem certificate from \"%s\" at %i.\n",
*a, pi - data + 1);
pi = pf + 25;
pf = strstr(pi, "-----END CERTIFICATE-----");
}
/* Free allocated memory */
free(*a);
free(data);
}
return(mngr);
}
int
xmlSecAppCryptoSimpleKeysMngrInit(xmlSecKeysMngrPtr mngr) {
xmlSecAssert2(mngr != NULL, -1);
return(xmlSecCryptoAppDefaultKeysMngrInit(mngr));
}