static xmlSecKeyPtr xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyStorePtr* ss; xmlSecKeyPtr key = NULL; xmlSecKeyPtr retval = NULL; xmlSecKeyReqPtr keyReq = NULL; CERTCertificate *cert = NULL; SECKEYPublicKey *pubkey = NULL; SECKEYPrivateKey *privkey = NULL; xmlSecKeyDataPtr data = NULL; xmlSecKeyDataPtr x509Data = NULL; int ret; xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL); xmlSecAssert2(keyInfoCtx != NULL, NULL); ss = xmlSecNssKeysStoreGetSS(store); xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL); key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx); if (key != NULL) { return (key); } /* Try to find the key in the NSS DB, and construct an xmlSecKey. * we must have a name to lookup keys in NSS DB. */ if (name == NULL) { goto done; } /* what type of key are we looking for? * TBD: For now, we'll look only for public/private keys using the * name as a cert nickname. Later on, we can attempt to find * symmetric keys using PK11_FindFixedKey */ keyReq = &(keyInfoCtx->keyReq); if (keyReq->keyType & (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) { cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name); if (cert == NULL) { goto done; } if (keyReq->keyType & xmlSecKeyDataTypePublic) { pubkey = CERT_ExtractPublicKey(cert); if (pubkey == NULL) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, NULL, "CERT_ExtractPublicKey", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); goto done; } } if (keyReq->keyType & xmlSecKeyDataTypePrivate) { privkey = PK11_FindKeyByAnyCert(cert, NULL); if (privkey == NULL) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, NULL, "PK11_FindKeyByAnyCert", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); goto done; } } data = xmlSecNssPKIAdoptKey(privkey, pubkey); if(data == NULL) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, NULL, "xmlSecNssPKIAdoptKey", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); goto done; } privkey = NULL; pubkey = NULL; key = xmlSecKeyCreate(); if (key == NULL) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, NULL, "xmlSecKeyCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return (NULL); } x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id); if(x509Data == NULL) { xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE, NULL, "xmlSecKeyDataCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, "transform=%s", xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id))); goto done; } ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert); if (ret < 0) { xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE, NULL, "xmlSecNssKeyDataX509AdoptKeyCert", XMLSEC_ERRORS_R_XMLSEC_FAILED, "data=%s", xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); goto done; } cert = CERT_DupCertificate(cert); if (cert == NULL) { xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE, NULL, "CERT_DupCertificate", XMLSEC_ERRORS_R_CRYPTO_FAILED, "data=%s", xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); goto done; } ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert); if (ret < 0) { xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE, NULL, "xmlSecNssKeyDataX509AdoptCert", XMLSEC_ERRORS_R_XMLSEC_FAILED, "data=%s", xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); goto done; } cert = NULL; ret = xmlSecKeySetValue(key, data); if (ret < 0) { xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE, NULL, "xmlSecKeySetValue", XMLSEC_ERRORS_R_XMLSEC_FAILED, "data=%s", xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); goto done; } data = NULL; ret = xmlSecKeyAdoptData(key, x509Data); if (ret < 0) { xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE, NULL, "xmlSecKeyAdoptData", XMLSEC_ERRORS_R_XMLSEC_FAILED, "data=%s", xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); goto done; } x509Data = NULL; retval = key; key = NULL; } done: if (cert != NULL) { CERT_DestroyCertificate(cert); } if (pubkey != NULL) { SECKEY_DestroyPublicKey(pubkey); } if (privkey != NULL) { SECKEY_DestroyPrivateKey(privkey); } if (data != NULL) { xmlSecKeyDataDestroy(data); } if (x509Data != NULL) { xmlSecKeyDataDestroy(x509Data); } if (key != NULL) { xmlSecKeyDestroy(key); } return (retval); }
int xmlSecNssAppliedKeysMngrPriKeyLoad( xmlSecKeysMngrPtr mngr , SECKEYPrivateKey* priKey ) { xmlSecKeyPtr key ; xmlSecKeyDataPtr data ; xmlSecKeyStorePtr keyStore ; xmlSecAssert2( mngr != NULL , -1 ) ; xmlSecAssert2( priKey != NULL , -1 ) ; keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; if( keyStore == NULL ) { xmlSecError( XMLSEC_ERRORS_HERE , NULL , "xmlSecKeysMngrGetKeysStore" , XMLSEC_ERRORS_R_XMLSEC_FAILED , XMLSEC_ERRORS_NO_MESSAGE ) ; return(-1) ; } xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; data = xmlSecNssPKIAdoptKey( priKey, NULL ) ; if( data == NULL ) { xmlSecError( XMLSEC_ERRORS_HERE , NULL , "xmlSecNssPKIAdoptKey" , XMLSEC_ERRORS_R_XMLSEC_FAILED , XMLSEC_ERRORS_NO_MESSAGE ) ; return(-1) ; } key = xmlSecKeyCreate() ; if( key == NULL ) { xmlSecError( XMLSEC_ERRORS_HERE , NULL , "xmlSecNssSymKeyDataKeyAdopt" , XMLSEC_ERRORS_R_XMLSEC_FAILED , XMLSEC_ERRORS_NO_MESSAGE ) ; xmlSecKeyDataDestroy( data ) ; return(-1) ; } if( xmlSecKeySetValue( key , data ) < 0 ) { xmlSecError( XMLSEC_ERRORS_HERE , NULL , "xmlSecNssSymKeyDataKeyAdopt" , XMLSEC_ERRORS_R_XMLSEC_FAILED , XMLSEC_ERRORS_NO_MESSAGE ) ; xmlSecKeyDataDestroy( data ) ; return(-1) ; } if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { xmlSecError( XMLSEC_ERRORS_HERE , NULL , "xmlSecNssSymKeyDataKeyAdopt" , XMLSEC_ERRORS_R_XMLSEC_FAILED , XMLSEC_ERRORS_NO_MESSAGE ) ; xmlSecKeyDestroy( key ) ; return(-1) ; } return(0) ; }