static xmlSecKeyPtr
xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyStorePtr* ss;
xmlSecKeyPtr key = NULL;
xmlSecKeyPtr retval = NULL;
xmlSecKeyReqPtr keyReq = NULL;
CERTCertificate *cert = NULL;
SECKEYPublicKey *pubkey = NULL;
SECKEYPrivateKey *privkey = NULL;
xmlSecKeyDataPtr data = NULL;
xmlSecKeyDataPtr x509Data = NULL;
int ret;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL);
xmlSecAssert2(keyInfoCtx != NULL, NULL);
ss = xmlSecNssKeysStoreGetSS(store);
xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL);
key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx);
if (key != NULL) {
return (key);
}
/* Try to find the key in the NSS DB, and construct an xmlSecKey.
* we must have a name to lookup keys in NSS DB.
*/
if (name == NULL) {
goto done;
}
/* what type of key are we looking for?
* TBD: For now, we'll look only for public/private keys using the
* name as a cert nickname. Later on, we can attempt to find
* symmetric keys using PK11_FindFixedKey
*/
keyReq = &(keyInfoCtx->keyReq);
if (keyReq->keyType &
(xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) {
cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name);
if (cert == NULL) {
goto done;
}
if (keyReq->keyType & xmlSecKeyDataTypePublic) {
pubkey = CERT_ExtractPublicKey(cert);
if (pubkey == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"CERT_ExtractPublicKey",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
}
if (keyReq->keyType & xmlSecKeyDataTypePrivate) {
privkey = PK11_FindKeyByAnyCert(cert, NULL);
if (privkey == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"PK11_FindKeyByAnyCert",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
}
data = xmlSecNssPKIAdoptKey(privkey, pubkey);
if(data == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecNssPKIAdoptKey",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
privkey = NULL;
pubkey = NULL;
key = xmlSecKeyCreate();
if (key == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return (NULL);
}
x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id);
if(x509Data == NULL) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyDataCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"transform=%s",
xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id)));
goto done;
}
ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert);
if (ret < 0) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecNssKeyDataX509AdoptKeyCert",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
cert = CERT_DupCertificate(cert);
if (cert == NULL) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
NULL,
"CERT_DupCertificate",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert);
if (ret < 0) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecNssKeyDataX509AdoptCert",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
cert = NULL;
ret = xmlSecKeySetValue(key, data);
if (ret < 0) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeySetValue",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
goto done;
}
data = NULL;
ret = xmlSecKeyAdoptData(key, x509Data);
if (ret < 0) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyAdoptData",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
x509Data = NULL;
retval = key;
key = NULL;
}
done:
if (cert != NULL) {
CERT_DestroyCertificate(cert);
}
if (pubkey != NULL) {
SECKEY_DestroyPublicKey(pubkey);
}
if (privkey != NULL) {
SECKEY_DestroyPrivateKey(privkey);
}
if (data != NULL) {
xmlSecKeyDataDestroy(data);
}
if (x509Data != NULL) {
xmlSecKeyDataDestroy(x509Data);
}
if (key != NULL) {
xmlSecKeyDestroy(key);
}
return (retval);
}
int
xmlSecNssAppliedKeysMngrPriKeyLoad(
xmlSecKeysMngrPtr mngr ,
SECKEYPrivateKey* priKey
) {
xmlSecKeyPtr key ;
xmlSecKeyDataPtr data ;
xmlSecKeyStorePtr keyStore ;
xmlSecAssert2( mngr != NULL , -1 ) ;
xmlSecAssert2( priKey != NULL , -1 ) ;
keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
if( keyStore == NULL ) {
xmlSecError( XMLSEC_ERRORS_HERE ,
NULL ,
"xmlSecKeysMngrGetKeysStore" ,
XMLSEC_ERRORS_R_XMLSEC_FAILED ,
XMLSEC_ERRORS_NO_MESSAGE ) ;
return(-1) ;
}
xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
if( data == NULL ) {
xmlSecError( XMLSEC_ERRORS_HERE ,
NULL ,
"xmlSecNssPKIAdoptKey" ,
XMLSEC_ERRORS_R_XMLSEC_FAILED ,
XMLSEC_ERRORS_NO_MESSAGE ) ;
return(-1) ;
}
key = xmlSecKeyCreate() ;
if( key == NULL ) {
xmlSecError( XMLSEC_ERRORS_HERE ,
NULL ,
"xmlSecNssSymKeyDataKeyAdopt" ,
XMLSEC_ERRORS_R_XMLSEC_FAILED ,
XMLSEC_ERRORS_NO_MESSAGE ) ;
xmlSecKeyDataDestroy( data ) ;
return(-1) ;
}
if( xmlSecKeySetValue( key , data ) < 0 ) {
xmlSecError( XMLSEC_ERRORS_HERE ,
NULL ,
"xmlSecNssSymKeyDataKeyAdopt" ,
XMLSEC_ERRORS_R_XMLSEC_FAILED ,
XMLSEC_ERRORS_NO_MESSAGE ) ;
xmlSecKeyDataDestroy( data ) ;
return(-1) ;
}
if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
xmlSecError( XMLSEC_ERRORS_HERE ,
NULL ,
"xmlSecNssSymKeyDataKeyAdopt" ,
XMLSEC_ERRORS_R_XMLSEC_FAILED ,
XMLSEC_ERRORS_NO_MESSAGE ) ;
xmlSecKeyDestroy( key ) ;
return(-1) ;
}
return(0) ;
}
