/**
* xmlSecKeyDataDuplicate:
* @data: the pointer to the key data.
*
* Creates a duplicate of the given @data. Caller is responsible for
* destroying returned object with #xmlSecKeyDataDestroy function.
*
* Returns: the pointer to newly allocated key data structure
* or NULL if an error occurs.
*/
xmlSecKeyDataPtr
xmlSecKeyDataDuplicate(xmlSecKeyDataPtr data) {
xmlSecKeyDataPtr newData;
int ret;
xmlSecAssert2(xmlSecKeyDataIsValid(data), NULL);
xmlSecAssert2(data->id->duplicate != NULL, NULL);
newData = xmlSecKeyDataCreate(data->id);
if(newData == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
"xmlSecKeyDataCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
ret = (data->id->duplicate)(newData, data);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
"id->duplicate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDataDestroy(newData);
return(NULL);
}
return(newData);
}
/**
* xmlSecMSCryptoAppKeyCertLoadMemory:
* @key: the pointer to key.
* @data: the binary certificate.
* @dataSize: size of certificate binary (data)
* @format: the certificate file format.
*
* Reads the certificate from $@data and adds it to key.
*
* Returns 0 on success or a negative value otherwise.
*/
int
xmlSecMSCryptoAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xmlSecSize dataSize,
xmlSecKeyDataFormat format) {
PCCERT_CONTEXT pCert;
xmlSecKeyDataPtr kdata;
int ret;
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(data != NULL, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
kdata = xmlSecKeyEnsureData(key, xmlSecMSCryptoKeyDataX509Id);
if(kdata == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyEnsureData",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"transform=%s",
xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecMSCryptoKeyDataX509Id)));
return(-1);
}
/* For now only DER certificates are supported */
/* adjust cert format */
switch(format) {
case xmlSecKeyDataFormatDer:
case xmlSecKeyDataFormatCertDer:
pCert = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, data, dataSize);
if (NULL == pCert) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"CertCreateCertificateContext",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"format=%d", format);
return(-1);
}
ret = xmlSecMSCryptoKeyDataX509AdoptCert(kdata, pCert);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecMSCryptoKeyDataX509AdoptCert",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(kdata)));
CertFreeCertificateContext(pCert);
return(-1);
}
break;
default:
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_INVALID_FORMAT,
"format=%d", (int)format);
return(-1);
}
return(0);
}
/**
* xmlSecKeyDataBinaryValueDuplicate:
* @dst: the pointer to destination binary key data.
* @src: the pointer to source binary key data.
*
* Copies binary key data from @src to @dst.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
xmlSecKeyDataBinaryValueDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
xmlSecBufferPtr buffer;
int ret;
xmlSecAssert2(xmlSecKeyDataIsValid(dst), -1);
xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecKeyDataBinarySize), -1);
xmlSecAssert2(xmlSecKeyDataIsValid(src), -1);
xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecKeyDataBinarySize), -1);
buffer = xmlSecKeyDataBinaryValueGetBuffer(src);
xmlSecAssert2(buffer != NULL, -1);
/* copy data */
ret = xmlSecKeyDataBinaryValueSetBuffer(dst,
xmlSecBufferGetData(buffer),
xmlSecBufferGetSize(buffer));
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
"xmlSecKeyDataBinaryValueSetBuffer",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
/**
* xmlSecOpenSSLAppKeyCertLoadBIO:
* @key: the pointer to key.
* @bio: the certificate bio.
* @format: the certificate file format.
*
* Reads the certificate from memory buffer and adds it to key.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
xmlSecOpenSSLAppKeyCertLoadBIO(xmlSecKeyPtr key, BIO* bio, xmlSecKeyDataFormat format) {
xmlSecKeyDataFormat certFormat;
xmlSecKeyDataPtr data;
X509 *cert;
int ret;
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(bio != NULL, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
data = xmlSecKeyEnsureData(key, xmlSecOpenSSLKeyDataX509Id);
if(data == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyEnsureData",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"transform=%s",
xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecOpenSSLKeyDataX509Id)));
return(-1);
}
/* adjust cert format */
switch(format) {
case xmlSecKeyDataFormatPkcs8Pem:
certFormat = xmlSecKeyDataFormatPem;
break;
case xmlSecKeyDataFormatPkcs8Der:
certFormat = xmlSecKeyDataFormatDer;
break;
default:
certFormat = format;
}
cert = xmlSecOpenSSLAppCertLoadBIO(bio, certFormat);
if(cert == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecOpenSSLAppCertLoad",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
ret = xmlSecOpenSSLKeyDataX509AdoptCert(data, cert);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecOpenSSLKeyDataX509AdoptCert",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
X509_free(cert);
return(-1);
}
return(0);
}
PyObject *xmlsec_KeyDataGetName(PyObject *self, PyObject *args) {
PyObject *data_obj;
xmlSecKeyDataPtr data;
if (CheckArgs(args, "O:keyDataGetName")) {
if (!PyArg_ParseTuple(args, "O:keyDataGetName", &data_obj))
return NULL;
}
else return NULL;
data = xmlSecKeyDataPtr_get(data_obj);
return (wrap_xmlCharPtrConst(xmlSecKeyDataGetName(data)));
}
/**
* xmlSecKeyDataGenerate:
* @data: the pointer to key data.
* @sizeBits: the desired key data size (in bits).
* @type: the desired key data type.
*
* Generates new key data of given size and type.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
xmlSecKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits,
xmlSecKeyDataType type) {
int ret;
xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
xmlSecAssert2(data->id->generate != NULL, -1);
/* write data */
ret = data->id->generate(data, sizeBits, type);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
"id->generate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"size=%d", sizeBits);
return(-1);
}
return(0);
}
/**
* xmlSecKeyDataBinaryValueInitialize:
* @data: the pointer to binary key data.
*
* Initializes key data.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
xmlSecKeyDataBinaryValueInitialize(xmlSecKeyDataPtr data) {
xmlSecBufferPtr buffer;
int ret;
xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecKeyDataBinarySize), -1);
/* initialize buffer */
buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
xmlSecAssert2(buffer != NULL, -1);
ret = xmlSecBufferInitialize(buffer, 0);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
"xmlSecBufferInitialize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
static xmlSecKeyPtr
xmlSecMSCryptoKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyStorePtr* ss;
xmlSecKeyPtr key = NULL;
xmlSecKeyReqPtr keyReq = NULL;
PCCERT_CONTEXT pCertContext = NULL;
PCCERT_CONTEXT pCertContext2 = NULL;
xmlSecKeyDataPtr data = NULL;
xmlSecKeyDataPtr x509Data = NULL;
xmlSecKeyPtr res = NULL;
int ret;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCryptoKeysStoreId), NULL);
xmlSecAssert2(keyInfoCtx != NULL, NULL);
ss = xmlSecMSCryptoKeysStoreGetSS(store);
xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL);
/* first try to find key in the simple keys store */
key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx);
if (key != NULL) {
return (key);
}
/* Next try to find the key in the MS Certificate store, and construct an xmlSecKey.
* we must have a name to lookup keys in the certificate store.
*/
if (name == NULL) {
goto done;
}
/* what type of key are we looking for?
* WK: For now, we'll look only for public/private keys using the
* name as a cert nickname. Then the name is regarded as the subject
* dn of the certificate to be searched for.
*/
keyReq = &(keyInfoCtx->keyReq);
if (keyReq->keyType & (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) {
pCertContext = xmlSecMSCryptoKeysStoreFindCert(store, name, keyInfoCtx);
if(pCertContext == NULL) {
goto done;
}
/* set cert in x509 data */
x509Data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataX509Id);
if(x509Data == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyDataCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
pCertContext2 = CertDuplicateCertificateContext(pCertContext);
if (NULL == pCertContext2) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"CertDuplicateCertificateContext",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
ret = xmlSecMSCryptoKeyDataX509AdoptCert(x509Data, pCertContext2);
if (ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecMSCryptoKeyDataX509AdoptCert",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
pCertContext2 = NULL;
pCertContext2 = CertDuplicateCertificateContext(pCertContext);
if (NULL == pCertContext2) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"CertDuplicateCertificateContext",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
ret = xmlSecMSCryptoKeyDataX509AdoptKeyCert(x509Data, pCertContext2);
if (ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecMSCryptoKeyDataX509AdoptKeyCert",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
pCertContext2 = NULL;
/* set cert in key data */
data = xmlSecMSCryptoCertAdopt(pCertContext, keyReq->keyType);
if(data == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecMSCryptoCertAdopt",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
pCertContext = NULL;
/* create key and add key data and x509 data to it */
key = xmlSecKeyCreate();
if (key == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
ret = xmlSecKeySetValue(key, data);
if (ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeySetValue",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
goto done;
}
data = NULL;
ret = xmlSecKeyAdoptData(key, x509Data);
if (ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyAdoptData",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
x509Data = NULL;
/* Set the name of the key to the given name */
ret = xmlSecKeySetName(key, name);
if (ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecKeySetName",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
/* now that we have a key, make sure it is valid and let the simple
* store adopt it */
if (xmlSecKeyIsValid(key)) {
res = key;
key = NULL;
}
}
done:
if (NULL != pCertContext) {
CertFreeCertificateContext(pCertContext);
}
if (NULL != pCertContext2) {
CertFreeCertificateContext(pCertContext2);
}
if (data != NULL) {
xmlSecKeyDataDestroy(data);
}
if (x509Data != NULL) {
xmlSecKeyDataDestroy(x509Data);
}
if (key != NULL) {
xmlSecKeyDestroy(key);
}
return (res);
}
static xmlSecKeyPtr
xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyStorePtr* ss;
xmlSecKeyPtr key = NULL;
xmlSecKeyPtr retval = NULL;
xmlSecKeyReqPtr keyReq = NULL;
CERTCertificate *cert = NULL;
SECKEYPublicKey *pubkey = NULL;
SECKEYPrivateKey *privkey = NULL;
xmlSecKeyDataPtr data = NULL;
xmlSecKeyDataPtr x509Data = NULL;
int ret;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL);
xmlSecAssert2(keyInfoCtx != NULL, NULL);
ss = xmlSecNssKeysStoreGetSS(store);
xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL);
key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx);
if (key != NULL) {
return (key);
}
/* Try to find the key in the NSS DB, and construct an xmlSecKey.
* we must have a name to lookup keys in NSS DB.
*/
if (name == NULL) {
goto done;
}
/* what type of key are we looking for?
* TBD: For now, we'll look only for public/private keys using the
* name as a cert nickname. Later on, we can attempt to find
* symmetric keys using PK11_FindFixedKey
*/
keyReq = &(keyInfoCtx->keyReq);
if (keyReq->keyType &
(xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) {
cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name);
if (cert == NULL) {
goto done;
}
if (keyReq->keyType & xmlSecKeyDataTypePublic) {
pubkey = CERT_ExtractPublicKey(cert);
if (pubkey == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"CERT_ExtractPublicKey",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
}
if (keyReq->keyType & xmlSecKeyDataTypePrivate) {
privkey = PK11_FindKeyByAnyCert(cert, NULL);
if (privkey == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"PK11_FindKeyByAnyCert",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
}
data = xmlSecNssPKIAdoptKey(privkey, pubkey);
if(data == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecNssPKIAdoptKey",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
privkey = NULL;
pubkey = NULL;
key = xmlSecKeyCreate();
if (key == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return (NULL);
}
x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id);
if(x509Data == NULL) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyDataCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"transform=%s",
xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id)));
goto done;
}
ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert);
if (ret < 0) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecNssKeyDataX509AdoptKeyCert",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
cert = CERT_DupCertificate(cert);
if (cert == NULL) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
NULL,
"CERT_DupCertificate",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert);
if (ret < 0) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecNssKeyDataX509AdoptCert",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
cert = NULL;
ret = xmlSecKeySetValue(key, data);
if (ret < 0) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeySetValue",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
goto done;
}
data = NULL;
ret = xmlSecKeyAdoptData(key, x509Data);
if (ret < 0) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyAdoptData",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
x509Data = NULL;
retval = key;
key = NULL;
}
done:
if (cert != NULL) {
CERT_DestroyCertificate(cert);
}
if (pubkey != NULL) {
SECKEY_DestroyPublicKey(pubkey);
}
if (privkey != NULL) {
SECKEY_DestroyPrivateKey(privkey);
}
if (data != NULL) {
xmlSecKeyDataDestroy(data);
}
if (x509Data != NULL) {
xmlSecKeyDataDestroy(x509Data);
}
if (key != NULL) {
xmlSecKeyDestroy(key);
}
return (retval);
}
/**
* xmlSecOpenSSLAppKeyLoadBIO:
* @bio: the key BIO.
* @format: the key file format.
* @pwd: the key file password.
* @pwdCallback: the key password callback.
* @pwdCallbackCtx: the user context for password callback.
*
* Reads key from the an OpenSSL BIO object.
*
* Returns: pointer to the key or NULL if an error occurs.
*/
xmlSecKeyPtr
xmlSecOpenSSLAppKeyLoadBIO(BIO* bio, xmlSecKeyDataFormat format,
const char *pwd, void* pwdCallback,
void* pwdCallbackCtx) {
xmlSecKeyPtr key = NULL;
xmlSecKeyDataPtr data;
EVP_PKEY* pKey = NULL;
int ret;
xmlSecAssert2(bio != NULL, NULL);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
switch(format) {
case xmlSecKeyDataFormatPem:
/* try to read private key first */
if(pwd != NULL) {
pKey = PEM_read_bio_PrivateKey(bio, NULL,
xmlSecOpenSSLDummyPasswordCallback,
(void*)pwd);
} else {
pKey = PEM_read_bio_PrivateKey(bio, NULL,
XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback),
pwdCallbackCtx);
}
if(pKey == NULL) {
/* go to start of the file and try to read public key */
(void)BIO_reset(bio);
pKey = PEM_read_bio_PUBKEY(bio, NULL,
XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback),
pwdCallbackCtx);
if(pKey == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"PEM_read_bio_PrivateKey and PEM_read_bio_PUBKEY",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
}
break;
case xmlSecKeyDataFormatDer:
/* try to read private key first */
pKey = d2i_PrivateKey_bio(bio, NULL);
if(pKey == NULL) {
/* go to start of the file and try to read public key */
(void)BIO_reset(bio);
pKey = d2i_PUBKEY_bio(bio, NULL);
if(pKey == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"d2i_PrivateKey_bio and d2i_PUBKEY_bio",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
}
break;
case xmlSecKeyDataFormatPkcs8Pem:
/* try to read private key first */
pKey = PEM_read_bio_PrivateKey(bio, NULL,
XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback),
pwdCallbackCtx);
if(pKey == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"PEM_read_bio_PrivateKey",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
break;
case xmlSecKeyDataFormatPkcs8Der:
/* try to read private key first */
pKey = d2i_PKCS8PrivateKey_bio(bio, NULL,
XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback),
pwdCallbackCtx);
if(pKey == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"d2i_PrivateKey_bio and d2i_PUBKEY_bio",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
break;
#ifndef XMLSEC_NO_X509
case xmlSecKeyDataFormatPkcs12:
key = xmlSecOpenSSLAppPkcs12LoadBIO(bio, pwd, pwdCallback, pwdCallbackCtx);
if(key == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecOpenSSLAppPkcs12LoadBIO",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
return(key);
case xmlSecKeyDataFormatCertPem:
case xmlSecKeyDataFormatCertDer:
key = xmlSecOpenSSLAppKeyFromCertLoadBIO(bio, format);
if(key == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecOpenSSLAppKeyFromCertLoadBIO",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
return(key);
#endif /* XMLSEC_NO_X509 */
default:
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_INVALID_FORMAT,
"format=%d", format);
return(NULL);
}
data = xmlSecOpenSSLEvpKeyAdopt(pKey);
if(data == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecOpenSSLEvpKeyAdopt",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
EVP_PKEY_free(pKey);
return(NULL);
}
key = xmlSecKeyCreate();
if(key == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDataDestroy(data);
return(NULL);
}
ret = xmlSecKeySetValue(key, data);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeySetValue",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
xmlSecKeyDestroy(key);
xmlSecKeyDataDestroy(data);
return(NULL);
}
return(key);
}
/**
* xmlSecMSCryptoAppKeyLoadMemory:
* @data: the key binary data.
* @dataSize: the key data size.
* @format: the key format.
* @pwd: the key password.
* @pwdCallback: the key password callback.
* @pwdCallbackCtx: the user context for password callback.
*
* Reads key from the a file.
*
* Returns pointer to the key or NULL if an error occurs.
*/
xmlSecKeyPtr
xmlSecMSCryptoAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize, xmlSecKeyDataFormat format,
const char *pwd, void* pwdCallback, void* pwdCallbackCtx) {
PCCERT_CONTEXT pCert = NULL;
PCCERT_CONTEXT tmpcert = NULL;
xmlSecKeyDataPtr x509Data = NULL;
xmlSecKeyDataPtr keyData = NULL;
xmlSecKeyPtr key = NULL;
xmlSecKeyPtr res = NULL;
int ret;
xmlSecAssert2(data != NULL, NULL);
xmlSecAssert2(dataSize > 0, NULL);
xmlSecAssert2(format == xmlSecKeyDataFormatCertDer, NULL);
pCert = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, data, dataSize);
if (NULL == pCert) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"CertCreateCertificateContext",
XMLSEC_ERRORS_R_IO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
x509Data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataX509Id);
if(x509Data == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyDataCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"transform=%s",
xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecMSCryptoKeyDataX509Id)));
goto done;
}
tmpcert = CertDuplicateCertificateContext(pCert);
if(tmpcert == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"CertDuplicateCertificateContext",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
ret = xmlSecMSCryptoKeyDataX509AdoptKeyCert(x509Data, tmpcert);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecMSCryptoKeyDataX509AdoptKeyCert",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
CertFreeCertificateContext(tmpcert);
goto done;
}
tmpcert = NULL;
keyData = xmlSecMSCryptoCertAdopt(pCert, xmlSecKeyDataTypePublic);
if(keyData == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecMSCryptoCertAdopt",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
pCert = NULL;
key = xmlSecKeyCreate();
if(key == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
ret = xmlSecKeySetValue(key, keyData);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeySetValue",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
keyData = NULL;
ret = xmlSecKeyAdoptData(key, x509Data);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyAdoptData",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
x509Data = NULL;
/* success */
res = key;
key = NULL;
done:
if(pCert != NULL) {
CertFreeCertificateContext(pCert);
}
if(tmpcert != NULL) {
CertFreeCertificateContext(tmpcert);
}
if(x509Data != NULL) {
xmlSecKeyDataDestroy(x509Data);
}
if(keyData != NULL) {
xmlSecKeyDataDestroy(keyData);
}
if(key != NULL) {
xmlSecKeyDestroy(key);
}
return(res);
}
/**
* xmlSecKeyDataBinaryValueBinRead:
* @id: the data klass.
* @key: the pointer to destination key.
* @buf: the source binary buffer.
* @bufSize: the source binary buffer size.
* @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
*
* Reads binary key data of the klass @id from @buf to the @key.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
xmlSecKeyDataBinaryValueBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
const xmlSecByte* buf, xmlSecSize bufSize,
xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataPtr data;
int ret;
xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(buf != NULL, -1);
xmlSecAssert2(bufSize > 0, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
/* check do we have a key already */
data = xmlSecKeyGetValue(key);
if(data != NULL) {
xmlSecBufferPtr buffer;
if(!xmlSecKeyDataCheckId(data, id)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
if((buffer != NULL) && ((xmlSecSize)xmlSecBufferGetSize(buffer) != bufSize)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
"cur-data-size=%d;new-data-size=%d",
xmlSecBufferGetSize(buffer), bufSize);
return(-1);
}
if((buffer != NULL) && (bufSize > 0) && (memcmp(xmlSecBufferGetData(buffer), buf, bufSize) != 0)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
"key already has a different value");
return(-1);
}
if(buffer != NULL) {
/* we already have exactly the same key */
return(0);
}
/* we have binary key value with empty buffer */
}
data = xmlSecKeyDataCreate(id);
if(data == NULL ) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"xmlSecKeyDataCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
ret = xmlSecKeyDataBinaryValueSetBuffer(data, buf, bufSize);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"xmlSecKeyDataBinaryValueSetBuffer",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"size=%d", bufSize);
xmlSecKeyDataDestroy(data);
return(-1);
}
if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"xmlSecKeyReqMatchKeyValue",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDataDestroy(data);
return(0);
}
ret = xmlSecKeySetValue(key, data);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"xmlSecKeySetValue",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDataDestroy(data);
return(-1);
}
return(0);
}
/**
* xmlSecKeyDataBinaryValueXmlRead:
* @id: the data klass.
* @key: the pointer to destination key.
* @node: the pointer to an XML node.
* @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
*
* Reads binary key data from @node to the key by base64 decoding the @node content.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
xmlSecKeyDataBinaryValueXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlChar* str;
xmlSecSize len;
xmlSecKeyDataPtr data;
int ret;
xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
str = xmlNodeGetContent(node);
if(str == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
/* usual trick: decode into the same buffer */
ret = xmlSecBase64Decode(str, (xmlSecByte*)str, xmlStrlen(str));
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"xmlSecBase64Decode",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlFree(str);
return(-1);
}
len = ret;
/* check do we have a key already */
data = xmlSecKeyGetValue(key);
if(data != NULL) {
xmlSecBufferPtr buffer;
if(!xmlSecKeyDataCheckId(data, id)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
XMLSEC_ERRORS_NO_MESSAGE);
xmlFree(str);
return(-1);
}
buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
if((buffer != NULL) && ((xmlSecSize)xmlSecBufferGetSize(buffer) != len)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
"cur-data-size=%d;new-data-size=%d",
xmlSecBufferGetSize(buffer), len);
xmlFree(str);
return(-1);
}
if((buffer != NULL) && (len > 0) && (memcmp(xmlSecBufferGetData(buffer), str, len) != 0)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
"key already has a different value");
xmlFree(str);
return(-1);
}
if(buffer != NULL) {
/* we already have exactly the same key */
xmlFree(str);
return(0);
}
/* we have binary key value with empty buffer */
}
data = xmlSecKeyDataCreate(id);
if(data == NULL ) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"xmlSecKeyDataCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlFree(str);
return(-1);
}
ret = xmlSecKeyDataBinaryValueSetBuffer(data, (xmlSecByte*)str, len);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"xmlSecKeyDataBinaryValueSetBuffer",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"size=%d", len);
xmlSecKeyDataDestroy(data);
xmlFree(str);
return(-1);
}
xmlFree(str);
if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"xmlSecKeyReqMatchKeyValue",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDataDestroy(data);
return(0);
}
ret = xmlSecKeySetValue(key, data);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
"xmlSecKeySetValue",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDataDestroy(data);
return(-1);
}
return(0);
}
