/**
* xmlSecOpenSSLInit:
*
* XMLSec library specific crypto engine initialization.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
xmlSecOpenSSLInit (void) {
/* Check loaded xmlsec library version */
if(xmlSecCheckVersionExact() != 1) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecCheckVersionExact",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
if(xmlSecOpenSSLErrorsInit() < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecOpenSSLErrorsInit",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
/* register our klasses */
if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_openssl()) < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
/**
* xmlSecNodeSetAddList:
* @nset: the pointer to currrent nodes set (or NULL).
* @newNSet: the pointer to new nodes set.
* @op: the operation type.
*
* Adds @newNSet to the @nset as child using operation @op.
*
* Returns the pointer to combined nodes set or NULL if an error
* occurs.
*/
EXPORT_C
xmlSecNodeSetPtr
xmlSecNodeSetAddList(xmlSecNodeSetPtr nset, xmlSecNodeSetPtr newNSet, xmlSecNodeSetOp op) {
xmlSecNodeSetPtr tmp1, tmp2;
xmlSecAssert2(newNSet != NULL, NULL);
tmp1 = xmlSecNodeSetCreate(newNSet->doc, NULL, xmlSecNodeSetList);
if(tmp1 == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecNodeSetCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
tmp1->children = newNSet;
tmp2 = xmlSecNodeSetAdd(nset, tmp1, op);
if(tmp2 == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecNodeSetAdd",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecNodeSetDestroy(tmp1);
return(NULL);
}
return(tmp2);
}
/**
* xmlSecOpenSSLAppPkcs12LoadMemory:
* @data: the PKCS12 binary data.
* @dataSize: the PKCS12 binary data size.
* @pwd: the PKCS12 file password.
* @pwdCallback: the password callback.
* @pwdCallbackCtx: the user context for password callback.
*
* Reads key and all associated certificates from the PKCS12 data in memory buffer.
* For uniformity, call xmlSecOpenSSLAppKeyLoad instead of this function. Pass
* in format=xmlSecKeyDataFormatPkcs12.
*
* Returns: pointer to the key or NULL if an error occurs.
*/
xmlSecKeyPtr
xmlSecOpenSSLAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
const char *pwd, void* pwdCallback,
void* pwdCallbackCtx) {
BIO* bio;
xmlSecKeyPtr key;
xmlSecAssert2(data != NULL, NULL);
/* this would be a read only BIO, cast from const is ok */
bio = BIO_new_mem_buf((void*)data, dataSize);
if(bio == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"BIO_new_mem_buf",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
"errno=%d",
errno);
return(NULL);
}
key = xmlSecOpenSSLAppPkcs12LoadBIO (bio, pwd, pwdCallback, pwdCallbackCtx);
if(key == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecOpenSSLAppPkcs12LoadBIO",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
BIO_free(bio);
return(NULL);
}
BIO_free(bio);
return(key);
}
/**
* xmlSecBase64CtxCreate:
* @encode: the encode/decode flag (1 - encode, 0 - decode)
* @columns: the max line length.
*
* Allocates and initializes new base64 context.
*
* Returns: a pointer to newly created #xmlSecBase64Ctx structure
* or NULL if an error occurs.
*/
xmlSecBase64CtxPtr
xmlSecBase64CtxCreate(int encode, int columns) {
xmlSecBase64CtxPtr ctx;
int ret;
/*
* Allocate a new xmlSecBase64CtxPtr and fill the fields.
*/
ctx = (xmlSecBase64CtxPtr) xmlMalloc(sizeof(xmlSecBase64Ctx));
if (ctx == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_MALLOC_FAILED,
"sizeof(xmlSecBase64Ctx)=%d",
(int)sizeof(xmlSecBase64Ctx));
return(NULL);
}
ret = xmlSecBase64CtxInitialize(ctx, encode, columns);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecBase64CtxInitialize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecBase64CtxDestroy(ctx);
return(NULL);
}
return(ctx);
}
/**
* xmlSecSoap11CheckEnvelope:
* @envNode: the pointer to <soap:Envelope> node.
*
* Validates <soap:Envelope> node structure.
*
* Returns: 1 if @envNode has a valid <soap:Envelope> element, 0 if it is
* not valid or a negative value if an error occurs.
*/
int
xmlSecSoap11CheckEnvelope(xmlNodePtr envNode) {
xmlNodePtr cur;
xmlSecAssert2(envNode != NULL, -1);
/* verify envNode itself */
if(!xmlSecCheckNodeName(envNode, xmlSecNodeEnvelope, xmlSecSoap11Ns)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
xmlSecErrorsSafeString(xmlSecNodeEnvelope),
XMLSEC_ERRORS_R_NODE_NOT_FOUND,
XMLSEC_ERRORS_NO_MESSAGE);
return(0);
}
/* optional Header node first */
cur = xmlSecGetNextElementNode(envNode->children);
if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHeader, xmlSecSoap11Ns)) {
cur = xmlSecGetNextElementNode(cur->next);
}
/* required Body node is next */
if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap11Ns)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
xmlSecErrorsSafeString(xmlSecNodeBody),
XMLSEC_ERRORS_R_NODE_NOT_FOUND,
XMLSEC_ERRORS_NO_MESSAGE);
return(0);
}
return(1);
}
/**
* xmlSecMSCryptoInit:
*
* XMLSec library specific crypto engine initialization.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
xmlSecMSCryptoInit (void) {
/* Check loaded xmlsec library version */
if(xmlSecCheckVersionExact() != 1) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecCheckVersionExact",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
/* set default errors callback for xmlsec to us */
xmlSecErrorsSetCallback(xmlSecMSCryptoErrorsDefaultCallback);
/* register our klasses */
if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_mscrypto()) < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
/**
* xmlSecEncCtxCreate:
* @keysMngr: the pointer to keys manager.
*
* Creates <enc:EncryptedData/> element processing context.
* The caller is responsible for destroying returned object by calling
* #xmlSecEncCtxDestroy function.
*
* Returns: pointer to newly allocated context object or NULL if an error
* occurs.
*/
xmlSecEncCtxPtr
xmlSecEncCtxCreate(xmlSecKeysMngrPtr keysMngr) {
xmlSecEncCtxPtr encCtx;
int ret;
encCtx = (xmlSecEncCtxPtr) xmlMalloc(sizeof(xmlSecEncCtx));
if(encCtx == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_MALLOC_FAILED,
"sizeof(xmlSecEncCtx)=%d",
sizeof(xmlSecEncCtx));
return(NULL);
}
ret = xmlSecEncCtxInitialize(encCtx, keysMngr);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecEncCtxInitialize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecEncCtxDestroy(encCtx);
return(NULL);
}
return(encCtx);
}
/**
* xmlSecKeyDuplicate:
* @key: the pointer to the #xmlSecKey structure.
*
* Creates a duplicate of the given @key.
*
* Returns: the pointer to newly allocated #xmlSecKey structure
* or NULL if an error occurs.
*/
xmlSecKeyPtr
xmlSecKeyDuplicate(xmlSecKeyPtr key) {
xmlSecKeyPtr newKey;
int ret;
xmlSecAssert2(key != NULL, NULL);
newKey = xmlSecKeyCreate();
if(newKey == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
ret = xmlSecKeyCopy(newKey, key);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyCopy",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDestroy(newKey);
return(NULL);
}
return(newKey);
}
static int
xmlSecXPathDataNodeRead(xmlSecXPathDataPtr data, xmlNodePtr node) {
int ret;
xmlSecAssert2(data != NULL, -1);
xmlSecAssert2(data->expr == NULL, -1);
xmlSecAssert2(data->ctx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
ret = xmlSecXPathDataRegisterNamespaces (data, node);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecXPathDataRegisterNamespaces",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
/* read node content and set expr */
data->expr = xmlNodeGetContent(node);
if(data->expr == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
/**
* xmlSecKeyUseWithDuplicate:
* @keyUseWith: the pointer to information about key application/user.
*
* Duplicates @keyUseWith object. The caller is responsible for destroying
* returned object with @xmlSecKeyUseWithDestroy function.
*
* Returns: pointer to newly created object or NULL if an error occurs.
*/
xmlSecKeyUseWithPtr
xmlSecKeyUseWithDuplicate(xmlSecKeyUseWithPtr keyUseWith) {
int ret;
xmlSecKeyUseWithPtr newKeyUseWith;
xmlSecAssert2(keyUseWith != NULL, NULL);
newKeyUseWith = xmlSecKeyUseWithCreate(NULL, NULL);
if(newKeyUseWith == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyUseWithCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
ret = xmlSecKeyUseWithCopy(newKeyUseWith, keyUseWith);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyUseWithCopy",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyUseWithDestroy(keyUseWith);
return(NULL);
}
return(newKeyUseWith);
}
/**
* xmlSecKeyDataIdsInit:
*
* Initializes the key data klasses. This function is called from the
* #xmlSecInit function and the application should not call it directly.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
int
xmlSecKeyDataIdsInit(void) {
int ret;
ret = xmlSecPtrListInitialize(xmlSecKeyDataIdsGet(), xmlSecKeyDataIdListId);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecPtrListPtrInitialize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"xmlSecKeyDataIdListId");
return(-1);
}
ret = xmlSecKeyDataIdsRegisterDefault();
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyDataIdsRegisterDefault",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
/**
* xmlSecKeyDataDuplicate:
* @data: the pointer to the key data.
*
* Creates a duplicate of the given @data. Caller is responsible for
* destroying returned object with #xmlSecKeyDataDestroy function.
*
* Returns: the pointer to newly allocated key data structure
* or NULL if an error occurs.
*/
xmlSecKeyDataPtr
xmlSecKeyDataDuplicate(xmlSecKeyDataPtr data) {
xmlSecKeyDataPtr newData;
int ret;
xmlSecAssert2(xmlSecKeyDataIsValid(data), NULL);
xmlSecAssert2(data->id->duplicate != NULL, NULL);
newData = xmlSecKeyDataCreate(data->id);
if(newData == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
"xmlSecKeyDataCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
ret = (data->id->duplicate)(newData, data);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
"id->duplicate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDataDestroy(newData);
return(NULL);
}
return(newData);
}
/**
* xmlSecOpenSSLKeysMngrInit:
* @mngr: the pointer to keys manager.
*
* Adds OpenSSL specific key data stores in keys manager.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
xmlSecOpenSSLKeysMngrInit(xmlSecKeysMngrPtr mngr) {
int ret;
xmlSecAssert2(mngr != NULL, -1);
#ifndef XMLSEC_NO_X509
/* create x509 store if needed */
if(xmlSecKeysMngrGetDataStore(mngr, xmlSecOpenSSLX509StoreId) == NULL) {
xmlSecKeyDataStorePtr x509Store;
x509Store = xmlSecKeyDataStoreCreate(xmlSecOpenSSLX509StoreId);
if(x509Store == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyDataStoreCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"xmlSecOpenSSLX509StoreId");
return(-1);
}
ret = xmlSecKeysMngrAdoptDataStore(mngr, x509Store);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeysMngrAdoptDataStore",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDataStoreDestroy(x509Store);
return(-1);
}
}
#endif /* XMLSEC_NO_X509 */
return(0);
}
/**
* xmlSecOpenSSLAppInit:
* @config: the path to certs.
*
* General crypto engine initialization. This function is used
* by XMLSec command line utility and called before
* @xmlSecInit function.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
xmlSecOpenSSLAppInit(const char* config) {
ERR_load_crypto_strings();
#ifndef XMLSEC_OPENSSL_110
OPENSSL_config(NULL);
#endif
OpenSSL_add_all_algorithms();
if((RAND_status() != 1) && (xmlSecOpenSSLAppLoadRANDFile(NULL) != 1)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecOpenSSLAppLoadRANDFile",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
if((config != NULL) && (xmlSecOpenSSLSetDefaultTrustedCertsFolder(BAD_CAST config) < 0)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecOpenSSLSetDefaultTrustedCertsFolder",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
/**
* xmlSecOpenSSLX509StoreAddCertsFile:
* @store: the pointer to OpenSSL x509 store.
* @file: the certs file.
*
* Adds all certs in @file to the list of trusted certs
* in @store. It is possible for @file to contain multiple certs.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
xmlSecOpenSSLX509StoreAddCertsFile(xmlSecKeyDataStorePtr store, const char *file) {
xmlSecOpenSSLX509StoreCtxPtr ctx;
X509_LOOKUP *lookup = NULL;
xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecOpenSSLX509StoreId), -1);
xmlSecAssert2(file != NULL, -1);
ctx = xmlSecOpenSSLX509StoreGetCtx(store);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->xst != NULL, -1);
lookup = X509_STORE_add_lookup(ctx->xst, X509_LOOKUP_file());
if(lookup == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
"X509_STORE_add_lookup",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
if(!X509_LOOKUP_load_file(lookup, file, X509_FILETYPE_PEM)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
"X509_LOOKUP_load_file",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
"file='%s'",
xmlSecErrorsSafeString(file)
);
return(-1);
}
return(0);
}
static int
xmlSecTransformRelationshipWriteProp(xmlOutputBufferPtr buf, const xmlChar * name, const xmlChar * value) {
int ret;
xmlSecAssert2(buf != NULL, -1);
xmlSecAssert2(name != NULL, -1);
ret = xmlOutputBufferWriteString(buf, " ");
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlOutputBufferWriteString",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
ret = xmlOutputBufferWriteString(buf, (const char*) name);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlOutputBufferWriteString",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
if(value != NULL) {
ret = xmlOutputBufferWriteString(buf, "=\"");
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlOutputBufferWriteString",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
ret = xmlOutputBufferWriteString(buf, (const char*) value);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlOutputBufferWriteString",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
ret = xmlOutputBufferWriteString(buf, "\"");
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlOutputBufferWriteString",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
}
return (0);
}
/**
* xmlSecOpenSSLAppKeyCertLoadBIO:
* @key: the pointer to key.
* @bio: the certificate bio.
* @format: the certificate file format.
*
* Reads the certificate from memory buffer and adds it to key.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
xmlSecOpenSSLAppKeyCertLoadBIO(xmlSecKeyPtr key, BIO* bio, xmlSecKeyDataFormat format) {
xmlSecKeyDataFormat certFormat;
xmlSecKeyDataPtr data;
X509 *cert;
int ret;
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(bio != NULL, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
data = xmlSecKeyEnsureData(key, xmlSecOpenSSLKeyDataX509Id);
if(data == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyEnsureData",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"transform=%s",
xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecOpenSSLKeyDataX509Id)));
return(-1);
}
/* adjust cert format */
switch(format) {
case xmlSecKeyDataFormatPkcs8Pem:
certFormat = xmlSecKeyDataFormatPem;
break;
case xmlSecKeyDataFormatPkcs8Der:
certFormat = xmlSecKeyDataFormatDer;
break;
default:
certFormat = format;
}
cert = xmlSecOpenSSLAppCertLoadBIO(bio, certFormat);
if(cert == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecOpenSSLAppCertLoad",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
ret = xmlSecOpenSSLKeyDataX509AdoptCert(data, cert);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecOpenSSLKeyDataX509AdoptCert",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
X509_free(cert);
return(-1);
}
return(0);
}
/*********************************************************************
*
* DES KW implementation
*
*********************************************************************/
static int
xmlSecGCryptKWDes3Sha1(void * context,
const xmlSecByte * in, xmlSecSize inSize,
xmlSecByte * out, xmlSecSize outSize) {
xmlSecGCryptKWDes3CtxPtr ctx = (xmlSecGCryptKWDes3CtxPtr)context;
gcry_md_hd_t digestCtx;
unsigned char * res;
unsigned int len;
gcry_error_t err;
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(in != NULL, -1);
xmlSecAssert2(inSize > 0, -1);
xmlSecAssert2(out != NULL, -1);
xmlSecAssert2(outSize > 0, -1);
len = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
xmlSecAssert2(outSize >= len, -1);
err = gcry_md_open(&digestCtx, GCRY_MD_SHA1, GCRY_MD_FLAG_SECURE); /* we are paranoid */
if(err != GPG_ERR_NO_ERROR) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"gcry_md_open(GCRY_MD_SHA1)",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_GCRYPT_REPORT_ERROR(err));
return(-1);
}
gcry_md_write(digestCtx, in, inSize);
err = gcry_md_final(digestCtx);
if(err != GPG_ERR_NO_ERROR) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"gcry_md_final",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_GCRYPT_REPORT_ERROR(err));
gcry_md_close(digestCtx);
return(-1);
}
res = gcry_md_read(digestCtx, GCRY_MD_SHA1);
if(res == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"gcry_md_read(GCRY_MD_SHA1)",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
gcry_md_close(digestCtx);
return(-1);
}
/* done */
xmlSecAssert2(outSize >= len, -1);
memcpy(out, res, len);
gcry_md_close(digestCtx);
return(len);
}
static xmlSecNodeSetPtr
xmlSecXPathDataListExecute(xmlSecPtrListPtr dataList, xmlDocPtr doc,
xmlNodePtr hereNode, xmlSecNodeSetPtr nodes) {
xmlSecXPathDataPtr data;
xmlSecNodeSetPtr res, tmp, tmp2;
xmlSecSize pos;
xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), NULL);
xmlSecAssert2(xmlSecPtrListGetSize(dataList) > 0, NULL);
xmlSecAssert2(doc != NULL, NULL);
xmlSecAssert2(hereNode != NULL, NULL);
res = nodes;
for(pos = 0; pos < xmlSecPtrListGetSize(dataList); ++pos) {
data = (xmlSecXPathDataPtr)xmlSecPtrListGetItem(dataList, pos);
if(data == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecPtrListGetItem",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"pos=%d", pos);
if((res != NULL) && (res != nodes)) {
xmlSecNodeSetDestroy(res);
}
return(NULL);
}
tmp = xmlSecXPathDataExecute(data, doc, hereNode);
if(tmp == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecXPathDataExecute",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
if((res != NULL) && (res != nodes)) {
xmlSecNodeSetDestroy(res);
}
return(NULL);
}
tmp2 = xmlSecNodeSetAdd(res, tmp, data->nodeSetOp);
if(tmp2 == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecNodeSetAdd",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"xmlSecNodeSetIntersection");
if((res != NULL) && (res != nodes)) {
xmlSecNodeSetDestroy(res);
}
xmlSecNodeSetDestroy(tmp);
return(NULL);
}
res = tmp2;
}
return(res);
}
static int
xmlSecNssAppReadSECItem(SECItem *contents, const char *fn) {
PRFileInfo info;
PRFileDesc *file = NULL;
PRInt32 numBytes;
PRStatus prStatus;
int ret = -1;
xmlSecAssert2(contents != NULL, -1);
xmlSecAssert2(fn != NULL, -1);
file = PR_Open(fn, PR_RDONLY, 00660);
if (file == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"PR_Open",
XMLSEC_ERRORS_R_IO_FAILED,
"filename=%s",
xmlSecErrorsSafeString(fn));
goto done;
}
prStatus = PR_GetOpenFileInfo(file, &info);
if (prStatus != PR_SUCCESS) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"PR_GetOpenFileInfo",
XMLSEC_ERRORS_R_IO_FAILED,
"filename=%s",
xmlSecErrorsSafeString(fn));
goto done;
}
contents->data = 0;
if (!SECITEM_AllocItem(NULL, contents, info.size)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"SECITEM_AllocItem",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
numBytes = PR_Read(file, contents->data, info.size);
if (numBytes != info.size) {
SECITEM_FreeItem(contents, PR_FALSE);
goto done;
}
ret = 0;
done:
if (file) {
PR_Close(file);
}
return (ret);
}
static int
xmlSecEncCtxCipherDataNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) {
xmlNodePtr cur;
int ret;
xmlSecAssert2(encCtx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
cur = xmlSecGetNextElementNode(node->children);
/* we either have CipherValue or CipherReference node */
xmlSecAssert2(encCtx->cipherValueNode == NULL, -1);
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeCipherValue, xmlSecEncNs))) {
/* don't need data from CipherData node when we are encrypting */
if(encCtx->operation == xmlSecTransformOperationDecrypt) {
xmlSecTransformPtr base64Decode;
/* we need to add base64 decode transform */
base64Decode = xmlSecTransformCtxCreateAndPrepend(&(encCtx->transformCtx), xmlSecTransformBase64Id);
if(base64Decode == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecTransformCtxCreateAndPrepend",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
}
encCtx->cipherValueNode = cur;
cur = xmlSecGetNextElementNode(cur->next);
} else if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeCipherReference, xmlSecEncNs))) {
/* don't need data from CipherReference node when we are encrypting */
if(encCtx->operation == xmlSecTransformOperationDecrypt) {
ret = xmlSecEncCtxCipherReferenceNodeRead(encCtx, cur);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecEncCtxCipherReferenceNodeRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
return(-1);
}
}
cur = xmlSecGetNextElementNode(cur->next);
}
if(cur != NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_UNEXPECTED_NODE,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
static int
xmlSecMSCryptoKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize,
xmlSecByte * out, xmlSecSize outSize,
void * context) {
xmlSecMSCryptoKWAesCtxPtr ctx = (xmlSecMSCryptoKWAesCtxPtr)context;
HCRYPTKEY cryptKey = 0;
DWORD dwCLen;
xmlSecAssert2(in != NULL, -1);
xmlSecAssert2(inSize >= XMLSEC_KW_AES_BLOCK_SIZE, -1);
xmlSecAssert2(out != NULL, -1);
xmlSecAssert2(outSize >= inSize, -1);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->pubPrivKey != 0, -1);
xmlSecAssert2(xmlSecBufferGetSize(&ctx->keyBuffer) == ctx->keySize, -1);
/* Import this key and get an HCRYPTKEY handle, we do it again and again
to ensure we don't go into CBC mode */
if (!xmlSecMSCryptoImportPlainSessionBlob(ctx->cryptProvider,
ctx->pubPrivKey,
ctx->algorithmIdentifier,
xmlSecBufferGetData(&ctx->keyBuffer),
xmlSecBufferGetSize(&ctx->keyBuffer),
TRUE,
&cryptKey)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecMSCryptoImportPlainSessionBlob",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
xmlSecAssert2(cryptKey != 0, -1);
/* Set process last block to false, since we handle padding ourselves, and MSCrypto padding
* can be skipped. I hope this will work .... */
if(out != in) {
memcpy(out, in, inSize);
}
dwCLen = inSize;
if(!CryptDecrypt(cryptKey, 0, FALSE, 0, out, &dwCLen)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"CryptEncrypt",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
CryptDestroyKey(cryptKey);
return(-1);
}
/* cleanup */
CryptDestroyKey(cryptKey);
return(dwCLen);
}
/**
* xmlSecKeyGenerate:
* @dataId: the requested key klass (rsa, dsa, aes, ...).
* @sizeBits: the new key size (in bits!).
* @type: the new key type (session, permanent, ...).
*
* Generates new key of requested klass @dataId and @type.
*
* Returns: pointer to newly created key or NULL if an error occurs.
*/
xmlSecKeyPtr
xmlSecKeyGenerate(xmlSecKeyDataId dataId, xmlSecSize sizeBits, xmlSecKeyDataType type) {
xmlSecKeyPtr key;
xmlSecKeyDataPtr data;
int ret;
xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, NULL);
data = xmlSecKeyDataCreate(dataId);
if(data == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
"xmlSecKeyDataCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
ret = xmlSecKeyDataGenerate(data, sizeBits, type);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
"xmlSecKeyDataGenerate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"size=%d;type=%d", sizeBits, type);
xmlSecKeyDataDestroy(data);
return(NULL);
}
key = xmlSecKeyCreate();
if(key == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
"xmlSecKeyCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDataDestroy(data);
return(NULL);
}
ret = xmlSecKeySetValue(key, data);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
"xmlSecKeySetValue",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDataDestroy(data);
xmlSecKeyDestroy(key);
return(NULL);
}
return(key);
}
static int
xmlSecTransformVisa3DHackExecute(xmlSecTransformPtr transform, int last,
xmlSecTransformCtxPtr transformCtx) {
xmlChar** idPtr;
xmlDocPtr doc;
xmlAttrPtr attr;
xmlNodeSetPtr nodeSet;
xmlSecAssert2(xmlSecTransformVisa3DHackCheckId(transform), -1);
xmlSecAssert2(transform->outNodes == NULL, -1);
xmlSecAssert2(last != 0, -1);
xmlSecAssert2(transformCtx != NULL, -1);
idPtr = xmlSecVisa3DHackTransformGetIDPtr(transform);
xmlSecAssert2(idPtr != NULL, -1);
xmlSecAssert2((*idPtr) != NULL, -1);
doc = (transform->inNodes != NULL) ? transform->inNodes->doc : transform->hereNode->doc;
xmlSecAssert2(doc != NULL, -1);
attr = xmlGetID(doc, (*idPtr));
if((attr == NULL) || (attr->parent == NULL)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlGetID",
XMLSEC_ERRORS_R_XML_FAILED,
"id=\"%s\"",
xmlSecErrorsSafeString((*idPtr)));
return(-1);
}
nodeSet = xmlXPathNodeSetCreate(attr->parent);
if(nodeSet == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlXPathNodeSetCreate",
XMLSEC_ERRORS_R_XML_FAILED,
"id=\"%s\"",
xmlSecErrorsSafeString((*idPtr)));
return(-1);
}
transform->outNodes = xmlSecNodeSetCreate(doc, nodeSet, xmlSecNodeSetTreeWithoutComments);
if(transform->outNodes == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecNodeSetCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlXPathFreeNodeSet(nodeSet);
return(-1);
}
return(0);
}
static int
xmlSecEncCtxCipherReferenceNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) {
xmlNodePtr cur;
xmlChar* uri;
int ret;
xmlSecAssert2(encCtx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
/* first read the optional uri attr and check that we can process it */
uri = xmlGetProp(node, xmlSecAttrURI);
ret = xmlSecTransformCtxSetUri(&(encCtx->transformCtx), uri, node);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecTransformCtxSetUri",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"uri=%s",
xmlSecErrorsSafeString(uri));
xmlFree(uri);
return(-1);
}
xmlFree(uri);
cur = xmlSecGetNextElementNode(node->children);
/* the only one node is optional Transforms node */
if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeTransforms, xmlSecEncNs))) {
ret = xmlSecTransformCtxNodesListRead(&(encCtx->transformCtx), cur,
xmlSecTransformUsageDSigTransform);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecTransformCtxNodesListRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeGetName(encCtx->encMethodNode)));
return(-1);
}
cur = xmlSecGetNextElementNode(cur->next);
}
/* if there is something left than it's an error */
if(cur != NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_UNEXPECTED_NODE,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
/**
* xmlSecGnuTLSAppPkcs12Load:
* @filename: the PKCS12 key filename.
* @pwd: the PKCS12 file password.
* @pwdCallback: the password callback.
* @pwdCallbackCtx: the user context for password callback.
*
* Reads key and all associated certificates from the PKCS12 file.
* For uniformity, call xmlSecGnuTLSAppKeyLoad instead of this function. Pass
* in format=xmlSecKeyDataFormatPkcs12.
*
* Returns: pointer to the key or NULL if an error occurs.
*/
xmlSecKeyPtr
xmlSecGnuTLSAppPkcs12Load(const char *filename,
const char *pwd,
void* pwdCallback,
void* pwdCallbackCtx) {
xmlSecKeyPtr key;
xmlSecBuffer buffer;
int ret;
xmlSecAssert2(filename != NULL, NULL);
ret = xmlSecBufferInitialize(&buffer, 4*1024);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecBufferInitialize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
ret = xmlSecBufferReadFile(&buffer, filename);
if((ret < 0) || (xmlSecBufferGetData(&buffer) == NULL) || (xmlSecBufferGetSize(&buffer) <= 0)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecBufferReadFile",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"filename=%s",
xmlSecErrorsSafeString(filename));
xmlSecBufferFinalize(&buffer);
return(NULL);
}
key = xmlSecGnuTLSAppPkcs12LoadMemory(xmlSecBufferGetData(&buffer),
xmlSecBufferGetSize(&buffer),
pwd, pwdCallback, pwdCallbackCtx);
if(key == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecGnuTLSAppPkcs12LoadMemory",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"filename=%s",
xmlSecErrorsSafeString(filename));
xmlSecBufferFinalize(&buffer);
return(NULL);
}
/* cleanup */
xmlSecBufferFinalize(&buffer);
return(key);
}
/**
* xmlSecGnuTLSAppKeyCertLoad:
* @key: the pointer to key.
* @filename: the certificate filename.
* @format: the certificate file format.
*
* Reads the certificate from $@filename and adds it to key.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
xmlSecGnuTLSAppKeyCertLoad(xmlSecKeyPtr key, const char* filename,
xmlSecKeyDataFormat format) {
xmlSecBuffer buffer;
int ret;
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(filename != NULL, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
ret = xmlSecBufferInitialize(&buffer, 4*1024);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecBufferInitialize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
ret = xmlSecBufferReadFile(&buffer, filename);
if((ret < 0) || (xmlSecBufferGetData(&buffer) == NULL) || (xmlSecBufferGetSize(&buffer) <= 0)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecBufferReadFile",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"filename=%s",
xmlSecErrorsSafeString(filename));
xmlSecBufferFinalize(&buffer);
return(-1);
}
ret = xmlSecGnuTLSAppKeyCertLoadMemory(key,
xmlSecBufferGetData(&buffer),
xmlSecBufferGetSize(&buffer),
format);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecGnuTLSAppKeyCertLoadMemory",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"filename=%s",
xmlSecErrorsSafeString(filename));
xmlSecBufferFinalize(&buffer);
return(-1);
}
/* cleanup */
xmlSecBufferFinalize(&buffer);
return(0);
}
static xmlSecXPathDataPtr
xmlSecXPathDataCreate(xmlSecXPathDataType type) {
xmlSecXPathDataPtr data;
data = (xmlSecXPathDataPtr) xmlMalloc(sizeof(xmlSecXPathData));
if(data == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_MALLOC_FAILED,
"sizeof(xmlSecXPathData)=%d",
(int)sizeof(xmlSecXPathData));
return(NULL);
}
memset(data, 0, sizeof(xmlSecXPathData));
data->type = type;
data->nodeSetType = xmlSecNodeSetTree;
/* create xpath or xpointer context */
switch(data->type) {
case xmlSecXPathDataTypeXPath:
case xmlSecXPathDataTypeXPath2:
data->ctx = xmlXPathNewContext(NULL); /* we'll set doc in the context later */
if(data->ctx == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlXPathNewContext",
XMLSEC_ERRORS_R_XML_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecXPathDataDestroy(data);
return(NULL);
}
break;
case xmlSecXPathDataTypeXPointer:
data->ctx = xmlXPtrNewContext(NULL, NULL, NULL); /* we'll set doc in the context later */
if(data->ctx == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlXPtrNewContext",
XMLSEC_ERRORS_R_XML_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecXPathDataDestroy(data);
return(NULL);
}
break;
}
return(data);
}
/**
* xmlSecKeyCopy:
* @keyDst: the destination key.
* @keySrc: the source key.
*
* Copies key data from @keySrc to @keyDst.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
int
xmlSecKeyCopy(xmlSecKeyPtr keyDst, xmlSecKeyPtr keySrc) {
xmlSecAssert2(keyDst != NULL, -1);
xmlSecAssert2(keySrc != NULL, -1);
/* empty destination */
xmlSecKeyEmpty(keyDst);
/* copy everything */
if(keySrc->name != NULL) {
keyDst->name = xmlStrdup(keySrc->name);
if(keyDst->name == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_STRDUP_FAILED,
"len=%d", xmlStrlen(keySrc->name));
return(-1);
}
}
if(keySrc->value != NULL) {
keyDst->value = xmlSecKeyDataDuplicate(keySrc->value);
if(keyDst->value == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyDataDuplicate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
}
if(keySrc->dataList != NULL) {
keyDst->dataList = xmlSecPtrListDuplicate(keySrc->dataList);
if(keyDst->dataList == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecPtrListDuplicate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
}
keyDst->usage = keySrc->usage;
keyDst->notValidBefore = keySrc->notValidBefore;
keyDst->notValidAfter = keySrc->notValidAfter;
return(0);
}
/**
* xmlSecEncCtxBinaryEncrypt:
* @encCtx: the pointer to <enc:EncryptedData/> processing context.
* @tmpl: the pointer to <enc:EncryptedData/> template node.
* @data: the pointer for binary buffer.
* @dataSize: the @data buffer size.
*
* Encrypts @data according to template @tmpl.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
int
xmlSecEncCtxBinaryEncrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr tmpl,
const xmlSecByte* data, xmlSecSize dataSize) {
int ret;
xmlSecAssert2(encCtx != NULL, -1);
xmlSecAssert2(encCtx->result == NULL, -1);
xmlSecAssert2(tmpl != NULL, -1);
xmlSecAssert2(data != NULL, -1);
/* initialize context and add ID atributes to the list of known ids */
encCtx->operation = xmlSecTransformOperationEncrypt;
xmlSecAddIDs(tmpl->doc, tmpl, xmlSecEncIds);
/* read the template and set encryption method, key, etc. */
ret = xmlSecEncCtxEncDataNodeRead(encCtx, tmpl);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecEncCtxEncDataNodeRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
ret = xmlSecTransformCtxBinaryExecute(&(encCtx->transformCtx), data, dataSize);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecTransformCtxBinaryExecute",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"dataSize=%d",
dataSize);
return(-1);
}
encCtx->result = encCtx->transformCtx.result;
xmlSecAssert2(encCtx->result != NULL, -1);
ret = xmlSecEncCtxEncDataNodeWrite(encCtx);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecEncCtxEncDataNodeWrite",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}