/** * xmlSecKeyGenerate: * @dataId: the requested key klass (rsa, dsa, aes, ...). * @sizeBits: the new key size (in bits!). * @type: the new key type (session, permanent, ...). * * Generates new key of requested klass @dataId and @type. * * Returns: pointer to newly created key or NULL if an error occurs. */ xmlSecKeyPtr xmlSecKeyGenerate(xmlSecKeyDataId dataId, xmlSecSize sizeBits, xmlSecKeyDataType type) { xmlSecKeyPtr key; xmlSecKeyDataPtr data; int ret; xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, NULL); data = xmlSecKeyDataCreate(dataId); if(data == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)), "xmlSecKeyDataCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } ret = xmlSecKeyDataGenerate(data, sizeBits, type); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)), "xmlSecKeyDataGenerate", XMLSEC_ERRORS_R_XMLSEC_FAILED, "size=%d;type=%d", sizeBits, type); xmlSecKeyDataDestroy(data); return(NULL); } key = xmlSecKeyCreate(); if(key == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)), "xmlSecKeyCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecKeyDataDestroy(data); return(NULL); } ret = xmlSecKeySetValue(key, data); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)), "xmlSecKeySetValue", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecKeyDataDestroy(data); xmlSecKeyDestroy(key); return(NULL); } return(key); }
static xmlSecKeyPtr xmlSecMSCryptoKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyStorePtr* ss; xmlSecKeyPtr key = NULL; xmlSecKeyReqPtr keyReq = NULL; PCCERT_CONTEXT pCertContext = NULL; PCCERT_CONTEXT pCertContext2 = NULL; xmlSecKeyDataPtr data = NULL; xmlSecKeyDataPtr x509Data = NULL; xmlSecKeyPtr res = NULL; int ret; xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCryptoKeysStoreId), NULL); xmlSecAssert2(keyInfoCtx != NULL, NULL); ss = xmlSecMSCryptoKeysStoreGetSS(store); xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL); /* first try to find key in the simple keys store */ key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx); if (key != NULL) { return (key); } /* Next try to find the key in the MS Certificate store, and construct an xmlSecKey. * we must have a name to lookup keys in the certificate store. */ if (name == NULL) { goto done; } /* what type of key are we looking for? * WK: For now, we'll look only for public/private keys using the * name as a cert nickname. Then the name is regarded as the subject * dn of the certificate to be searched for. */ keyReq = &(keyInfoCtx->keyReq); if (keyReq->keyType & (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) { pCertContext = xmlSecMSCryptoKeysStoreFindCert(store, name, keyInfoCtx); if(pCertContext == NULL) { goto done; } /* set cert in x509 data */ x509Data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataX509Id); if(x509Data == NULL) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, NULL, "xmlSecKeyDataCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, "data=%s", xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); goto done; } pCertContext2 = CertDuplicateCertificateContext(pCertContext); if (NULL == pCertContext2) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, NULL, "CertDuplicateCertificateContext", XMLSEC_ERRORS_R_CRYPTO_FAILED, "data=%s", xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); goto done; } ret = xmlSecMSCryptoKeyDataX509AdoptCert(x509Data, pCertContext2); if (ret < 0) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, NULL, "xmlSecMSCryptoKeyDataX509AdoptCert", XMLSEC_ERRORS_R_XMLSEC_FAILED, "data=%s", xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); goto done; } pCertContext2 = NULL; pCertContext2 = CertDuplicateCertificateContext(pCertContext); if (NULL == pCertContext2) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, NULL, "CertDuplicateCertificateContext", XMLSEC_ERRORS_R_CRYPTO_FAILED, "data=%s", xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); goto done; } ret = xmlSecMSCryptoKeyDataX509AdoptKeyCert(x509Data, pCertContext2); if (ret < 0) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, NULL, "xmlSecMSCryptoKeyDataX509AdoptKeyCert", XMLSEC_ERRORS_R_XMLSEC_FAILED, "data=%s", xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); goto done; } pCertContext2 = NULL; /* set cert in key data */ data = xmlSecMSCryptoCertAdopt(pCertContext, keyReq->keyType); if(data == NULL) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, NULL, "xmlSecMSCryptoCertAdopt", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); goto done; } pCertContext = NULL; /* create key and add key data and x509 data to it */ key = xmlSecKeyCreate(); if (key == NULL) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, NULL, "xmlSecKeyCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); goto done; } ret = xmlSecKeySetValue(key, data); if (ret < 0) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, NULL, "xmlSecKeySetValue", XMLSEC_ERRORS_R_XMLSEC_FAILED, "data=%s", xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); goto done; } data = NULL; ret = xmlSecKeyAdoptData(key, x509Data); if (ret < 0) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, NULL, "xmlSecKeyAdoptData", XMLSEC_ERRORS_R_XMLSEC_FAILED, "data=%s", xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); goto done; } x509Data = NULL; /* Set the name of the key to the given name */ ret = xmlSecKeySetName(key, name); if (ret < 0) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), "xmlSecKeySetName", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); goto done; } /* now that we have a key, make sure it is valid and let the simple * store adopt it */ if (xmlSecKeyIsValid(key)) { res = key; key = NULL; } } done: if (NULL != pCertContext) { CertFreeCertificateContext(pCertContext); } if (NULL != pCertContext2) { CertFreeCertificateContext(pCertContext2); } if (data != NULL) { xmlSecKeyDataDestroy(data); } if (x509Data != NULL) { xmlSecKeyDataDestroy(x509Data); } if (key != NULL) { xmlSecKeyDestroy(key); } return (res); }
static xmlSecKeyPtr xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyStorePtr* ss; xmlSecKeyPtr key = NULL; xmlSecKeyPtr retval = NULL; xmlSecKeyReqPtr keyReq = NULL; CERTCertificate *cert = NULL; SECKEYPublicKey *pubkey = NULL; SECKEYPrivateKey *privkey = NULL; xmlSecKeyDataPtr data = NULL; xmlSecKeyDataPtr x509Data = NULL; int ret; xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL); xmlSecAssert2(keyInfoCtx != NULL, NULL); ss = xmlSecNssKeysStoreGetSS(store); xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL); key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx); if (key != NULL) { return (key); } /* Try to find the key in the NSS DB, and construct an xmlSecKey. * we must have a name to lookup keys in NSS DB. */ if (name == NULL) { goto done; } /* what type of key are we looking for? * TBD: For now, we'll look only for public/private keys using the * name as a cert nickname. Later on, we can attempt to find * symmetric keys using PK11_FindFixedKey */ keyReq = &(keyInfoCtx->keyReq); if (keyReq->keyType & (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) { cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name); if (cert == NULL) { goto done; } if (keyReq->keyType & xmlSecKeyDataTypePublic) { pubkey = CERT_ExtractPublicKey(cert); if (pubkey == NULL) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, NULL, "CERT_ExtractPublicKey", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); goto done; } } if (keyReq->keyType & xmlSecKeyDataTypePrivate) { privkey = PK11_FindKeyByAnyCert(cert, NULL); if (privkey == NULL) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, NULL, "PK11_FindKeyByAnyCert", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); goto done; } } data = xmlSecNssPKIAdoptKey(privkey, pubkey); if(data == NULL) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, NULL, "xmlSecNssPKIAdoptKey", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); goto done; } privkey = NULL; pubkey = NULL; key = xmlSecKeyCreate(); if (key == NULL) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, NULL, "xmlSecKeyCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return (NULL); } x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id); if(x509Data == NULL) { xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE, NULL, "xmlSecKeyDataCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, "transform=%s", xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id))); goto done; } ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert); if (ret < 0) { xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE, NULL, "xmlSecNssKeyDataX509AdoptKeyCert", XMLSEC_ERRORS_R_XMLSEC_FAILED, "data=%s", xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); goto done; } cert = CERT_DupCertificate(cert); if (cert == NULL) { xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE, NULL, "CERT_DupCertificate", XMLSEC_ERRORS_R_CRYPTO_FAILED, "data=%s", xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); goto done; } ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert); if (ret < 0) { xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE, NULL, "xmlSecNssKeyDataX509AdoptCert", XMLSEC_ERRORS_R_XMLSEC_FAILED, "data=%s", xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); goto done; } cert = NULL; ret = xmlSecKeySetValue(key, data); if (ret < 0) { xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE, NULL, "xmlSecKeySetValue", XMLSEC_ERRORS_R_XMLSEC_FAILED, "data=%s", xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); goto done; } data = NULL; ret = xmlSecKeyAdoptData(key, x509Data); if (ret < 0) { xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE, NULL, "xmlSecKeyAdoptData", XMLSEC_ERRORS_R_XMLSEC_FAILED, "data=%s", xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); goto done; } x509Data = NULL; retval = key; key = NULL; } done: if (cert != NULL) { CERT_DestroyCertificate(cert); } if (pubkey != NULL) { SECKEY_DestroyPublicKey(pubkey); } if (privkey != NULL) { SECKEY_DestroyPrivateKey(privkey); } if (data != NULL) { xmlSecKeyDataDestroy(data); } if (x509Data != NULL) { xmlSecKeyDataDestroy(x509Data); } if (key != NULL) { xmlSecKeyDestroy(key); } return (retval); }
/** * xmlSecOpenSSLAppKeyLoadBIO: * @bio: the key BIO. * @format: the key file format. * @pwd: the key file password. * @pwdCallback: the key password callback. * @pwdCallbackCtx: the user context for password callback. * * Reads key from the an OpenSSL BIO object. * * Returns: pointer to the key or NULL if an error occurs. */ xmlSecKeyPtr xmlSecOpenSSLAppKeyLoadBIO(BIO* bio, xmlSecKeyDataFormat format, const char *pwd, void* pwdCallback, void* pwdCallbackCtx) { xmlSecKeyPtr key = NULL; xmlSecKeyDataPtr data; EVP_PKEY* pKey = NULL; int ret; xmlSecAssert2(bio != NULL, NULL); xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL); switch(format) { case xmlSecKeyDataFormatPem: /* try to read private key first */ if(pwd != NULL) { pKey = PEM_read_bio_PrivateKey(bio, NULL, xmlSecOpenSSLDummyPasswordCallback, (void*)pwd); } else { pKey = PEM_read_bio_PrivateKey(bio, NULL, XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback), pwdCallbackCtx); } if(pKey == NULL) { /* go to start of the file and try to read public key */ (void)BIO_reset(bio); pKey = PEM_read_bio_PUBKEY(bio, NULL, XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback), pwdCallbackCtx); if(pKey == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "PEM_read_bio_PrivateKey and PEM_read_bio_PUBKEY", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } } break; case xmlSecKeyDataFormatDer: /* try to read private key first */ pKey = d2i_PrivateKey_bio(bio, NULL); if(pKey == NULL) { /* go to start of the file and try to read public key */ (void)BIO_reset(bio); pKey = d2i_PUBKEY_bio(bio, NULL); if(pKey == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "d2i_PrivateKey_bio and d2i_PUBKEY_bio", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } } break; case xmlSecKeyDataFormatPkcs8Pem: /* try to read private key first */ pKey = PEM_read_bio_PrivateKey(bio, NULL, XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback), pwdCallbackCtx); if(pKey == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "PEM_read_bio_PrivateKey", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } break; case xmlSecKeyDataFormatPkcs8Der: /* try to read private key first */ pKey = d2i_PKCS8PrivateKey_bio(bio, NULL, XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback), pwdCallbackCtx); if(pKey == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "d2i_PrivateKey_bio and d2i_PUBKEY_bio", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } break; #ifndef XMLSEC_NO_X509 case xmlSecKeyDataFormatPkcs12: key = xmlSecOpenSSLAppPkcs12LoadBIO(bio, pwd, pwdCallback, pwdCallbackCtx); if(key == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecOpenSSLAppPkcs12LoadBIO", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } return(key); case xmlSecKeyDataFormatCertPem: case xmlSecKeyDataFormatCertDer: key = xmlSecOpenSSLAppKeyFromCertLoadBIO(bio, format); if(key == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecOpenSSLAppKeyFromCertLoadBIO", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } return(key); #endif /* XMLSEC_NO_X509 */ default: xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_FORMAT, "format=%d", format); return(NULL); } data = xmlSecOpenSSLEvpKeyAdopt(pKey); if(data == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecOpenSSLEvpKeyAdopt", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); EVP_PKEY_free(pKey); return(NULL); } key = xmlSecKeyCreate(); if(key == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecKeyCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecKeyDataDestroy(data); return(NULL); } ret = xmlSecKeySetValue(key, data); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecKeySetValue", XMLSEC_ERRORS_R_XMLSEC_FAILED, "data=%s", xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); xmlSecKeyDestroy(key); xmlSecKeyDataDestroy(data); return(NULL); } return(key); }
int xmlSecNssAppliedKeysMngrPriKeyLoad( xmlSecKeysMngrPtr mngr , SECKEYPrivateKey* priKey ) { xmlSecKeyPtr key ; xmlSecKeyDataPtr data ; xmlSecKeyStorePtr keyStore ; xmlSecAssert2( mngr != NULL , -1 ) ; xmlSecAssert2( priKey != NULL , -1 ) ; keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; if( keyStore == NULL ) { xmlSecError( XMLSEC_ERRORS_HERE , NULL , "xmlSecKeysMngrGetKeysStore" , XMLSEC_ERRORS_R_XMLSEC_FAILED , XMLSEC_ERRORS_NO_MESSAGE ) ; return(-1) ; } xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; data = xmlSecNssPKIAdoptKey( priKey, NULL ) ; if( data == NULL ) { xmlSecError( XMLSEC_ERRORS_HERE , NULL , "xmlSecNssPKIAdoptKey" , XMLSEC_ERRORS_R_XMLSEC_FAILED , XMLSEC_ERRORS_NO_MESSAGE ) ; return(-1) ; } key = xmlSecKeyCreate() ; if( key == NULL ) { xmlSecError( XMLSEC_ERRORS_HERE , NULL , "xmlSecNssSymKeyDataKeyAdopt" , XMLSEC_ERRORS_R_XMLSEC_FAILED , XMLSEC_ERRORS_NO_MESSAGE ) ; xmlSecKeyDataDestroy( data ) ; return(-1) ; } if( xmlSecKeySetValue( key , data ) < 0 ) { xmlSecError( XMLSEC_ERRORS_HERE , NULL , "xmlSecNssSymKeyDataKeyAdopt" , XMLSEC_ERRORS_R_XMLSEC_FAILED , XMLSEC_ERRORS_NO_MESSAGE ) ; xmlSecKeyDataDestroy( data ) ; return(-1) ; } if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { xmlSecError( XMLSEC_ERRORS_HERE , NULL , "xmlSecNssSymKeyDataKeyAdopt" , XMLSEC_ERRORS_R_XMLSEC_FAILED , XMLSEC_ERRORS_NO_MESSAGE ) ; xmlSecKeyDestroy( key ) ; return(-1) ; } return(0) ; }
/** * xmlSecMSCryptoAppKeyLoadMemory: * @data: the key binary data. * @dataSize: the key data size. * @format: the key format. * @pwd: the key password. * @pwdCallback: the key password callback. * @pwdCallbackCtx: the user context for password callback. * * Reads key from the a file. * * Returns pointer to the key or NULL if an error occurs. */ xmlSecKeyPtr xmlSecMSCryptoAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize, xmlSecKeyDataFormat format, const char *pwd, void* pwdCallback, void* pwdCallbackCtx) { PCCERT_CONTEXT pCert = NULL; PCCERT_CONTEXT tmpcert = NULL; xmlSecKeyDataPtr x509Data = NULL; xmlSecKeyDataPtr keyData = NULL; xmlSecKeyPtr key = NULL; xmlSecKeyPtr res = NULL; int ret; xmlSecAssert2(data != NULL, NULL); xmlSecAssert2(dataSize > 0, NULL); xmlSecAssert2(format == xmlSecKeyDataFormatCertDer, NULL); pCert = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, data, dataSize); if (NULL == pCert) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, NULL, "CertCreateCertificateContext", XMLSEC_ERRORS_R_IO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); goto done; } x509Data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataX509Id); if(x509Data == NULL) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, NULL, "xmlSecKeyDataCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, "transform=%s", xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecMSCryptoKeyDataX509Id))); goto done; } tmpcert = CertDuplicateCertificateContext(pCert); if(tmpcert == NULL) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, NULL, "CertDuplicateCertificateContext", XMLSEC_ERRORS_R_CRYPTO_FAILED, "data=%s", xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); goto done; } ret = xmlSecMSCryptoKeyDataX509AdoptKeyCert(x509Data, tmpcert); if(ret < 0) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, NULL, "xmlSecMSCryptoKeyDataX509AdoptKeyCert", XMLSEC_ERRORS_R_XMLSEC_FAILED, "data=%s", xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); CertFreeCertificateContext(tmpcert); goto done; } tmpcert = NULL; keyData = xmlSecMSCryptoCertAdopt(pCert, xmlSecKeyDataTypePublic); if(keyData == NULL) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, NULL, "xmlSecMSCryptoCertAdopt", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); goto done; } pCert = NULL; key = xmlSecKeyCreate(); if(key == NULL) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, NULL, "xmlSecKeyCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); goto done; } ret = xmlSecKeySetValue(key, keyData); if(ret < 0) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, NULL, "xmlSecKeySetValue", XMLSEC_ERRORS_R_XMLSEC_FAILED, "data=%s", xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); goto done; } keyData = NULL; ret = xmlSecKeyAdoptData(key, x509Data); if(ret < 0) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, NULL, "xmlSecKeyAdoptData", XMLSEC_ERRORS_R_XMLSEC_FAILED, "data=%s", xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); goto done; } x509Data = NULL; /* success */ res = key; key = NULL; done: if(pCert != NULL) { CertFreeCertificateContext(pCert); } if(tmpcert != NULL) { CertFreeCertificateContext(tmpcert); } if(x509Data != NULL) { xmlSecKeyDataDestroy(x509Data); } if(keyData != NULL) { xmlSecKeyDataDestroy(keyData); } if(key != NULL) { xmlSecKeyDestroy(key); } return(res); }
/** * xmlSecKeyDataBinaryValueBinRead: * @id: the data klass. * @key: the pointer to destination key. * @buf: the source binary buffer. * @bufSize: the source binary buffer size. * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context. * * Reads binary key data of the klass @id from @buf to the @key. * * Returns: 0 on success or a negative value otherwise. */ int xmlSecKeyDataBinaryValueBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, const xmlSecByte* buf, xmlSecSize bufSize, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyDataPtr data; int ret; xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1); xmlSecAssert2(key != NULL, -1); xmlSecAssert2(buf != NULL, -1); xmlSecAssert2(bufSize > 0, -1); xmlSecAssert2(keyInfoCtx != NULL, -1); /* check do we have a key already */ data = xmlSecKeyGetValue(key); if(data != NULL) { xmlSecBufferPtr buffer; if(!xmlSecKeyDataCheckId(data, id)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } buffer = xmlSecKeyDataBinaryValueGetBuffer(data); if((buffer != NULL) && ((xmlSecSize)xmlSecBufferGetSize(buffer) != bufSize)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST, "cur-data-size=%d;new-data-size=%d", xmlSecBufferGetSize(buffer), bufSize); return(-1); } if((buffer != NULL) && (bufSize > 0) && (memcmp(xmlSecBufferGetData(buffer), buf, bufSize) != 0)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST, "key already has a different value"); return(-1); } if(buffer != NULL) { /* we already have exactly the same key */ return(0); } /* we have binary key value with empty buffer */ } data = xmlSecKeyDataCreate(id); if(data == NULL ) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "xmlSecKeyDataCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } ret = xmlSecKeyDataBinaryValueSetBuffer(data, buf, bufSize); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "xmlSecKeyDataBinaryValueSetBuffer", XMLSEC_ERRORS_R_XMLSEC_FAILED, "size=%d", bufSize); xmlSecKeyDataDestroy(data); return(-1); } if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "xmlSecKeyReqMatchKeyValue", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecKeyDataDestroy(data); return(0); } ret = xmlSecKeySetValue(key, data); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "xmlSecKeySetValue", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecKeyDataDestroy(data); return(-1); } return(0); }
/** * xmlSecKeyDataBinaryValueXmlRead: * @id: the data klass. * @key: the pointer to destination key. * @node: the pointer to an XML node. * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context. * * Reads binary key data from @node to the key by base64 decoding the @node content. * * Returns: 0 on success or a negative value otherwise. */ int xmlSecKeyDataBinaryValueXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlChar* str; xmlSecSize len; xmlSecKeyDataPtr data; int ret; xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1); xmlSecAssert2(key != NULL, -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(keyInfoCtx != NULL, -1); str = xmlNodeGetContent(node); if(str == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), xmlSecErrorsSafeString(xmlSecNodeGetName(node)), XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } /* usual trick: decode into the same buffer */ ret = xmlSecBase64Decode(str, (xmlSecByte*)str, xmlStrlen(str)); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "xmlSecBase64Decode", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlFree(str); return(-1); } len = ret; /* check do we have a key already */ data = xmlSecKeyGetValue(key); if(data != NULL) { xmlSecBufferPtr buffer; if(!xmlSecKeyDataCheckId(data, id)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST, XMLSEC_ERRORS_NO_MESSAGE); xmlFree(str); return(-1); } buffer = xmlSecKeyDataBinaryValueGetBuffer(data); if((buffer != NULL) && ((xmlSecSize)xmlSecBufferGetSize(buffer) != len)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST, "cur-data-size=%d;new-data-size=%d", xmlSecBufferGetSize(buffer), len); xmlFree(str); return(-1); } if((buffer != NULL) && (len > 0) && (memcmp(xmlSecBufferGetData(buffer), str, len) != 0)) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST, "key already has a different value"); xmlFree(str); return(-1); } if(buffer != NULL) { /* we already have exactly the same key */ xmlFree(str); return(0); } /* we have binary key value with empty buffer */ } data = xmlSecKeyDataCreate(id); if(data == NULL ) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "xmlSecKeyDataCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlFree(str); return(-1); } ret = xmlSecKeyDataBinaryValueSetBuffer(data, (xmlSecByte*)str, len); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "xmlSecKeyDataBinaryValueSetBuffer", XMLSEC_ERRORS_R_XMLSEC_FAILED, "size=%d", len); xmlSecKeyDataDestroy(data); xmlFree(str); return(-1); } xmlFree(str); if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "xmlSecKeyReqMatchKeyValue", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecKeyDataDestroy(data); return(0); } ret = xmlSecKeySetValue(key, data); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), "xmlSecKeySetValue", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecKeyDataDestroy(data); return(-1); } return(0); }