/**
* xmlSecKeyMatch:
* @key: the pointer to key.
* @name: the pointer to key name (may be NULL).
* @keyReq: the pointer to key requirements.
*
* Checks whether the @key matches the given criteria.
*
* Returns: 1 if the key satisfies the given criteria or 0 otherwise.
*/
int
xmlSecKeyMatch(xmlSecKeyPtr key, const xmlChar *name, xmlSecKeyReqPtr keyReq) {
xmlSecAssert2(xmlSecKeyIsValid(key), -1);
xmlSecAssert2(keyReq != NULL, -1);
if((name != NULL) && (!xmlStrEqual(xmlSecKeyGetName(key), name))) {
return(0);
}
return(xmlSecKeyReqMatchKey(keyReq, key));
}
/**
* xmlSecKeyReqMatchKey:
* @keyReq: the pointer to key requirements object.
* @key: the pointer to key.
*
* Checks whether @key matches key requirements @keyReq.
*
* Returns: 1 if key matches requirements, 0 if not and a negative value
* if an error occurs.
*/
int
xmlSecKeyReqMatchKey(xmlSecKeyReqPtr keyReq, xmlSecKeyPtr key) {
xmlSecAssert2(keyReq != NULL, -1);
xmlSecAssert2(xmlSecKeyIsValid(key), -1);
if((keyReq->keyType != xmlSecKeyDataTypeUnknown) && ((xmlSecKeyGetType(key) & keyReq->keyType) == 0)) {
return(0);
}
if((keyReq->keyUsage != xmlSecKeyDataUsageUnknown) && ((keyReq->keyUsage & key->usage) == 0)) {
return(0);
}
return(xmlSecKeyReqMatchKeyValue(keyReq, xmlSecKeyGetValue(key)));
}
/**
* xmlSecKeyDebugXmlDump:
* @key: the pointer to key.
* @output: the pointer to output FILE.
*
* Prints the information about the @key to the @output in XML format.
*/
void
xmlSecKeyDebugXmlDump(xmlSecKeyPtr key, FILE *output) {
xmlSecAssert(xmlSecKeyIsValid(key));
xmlSecAssert(output != NULL);
fprintf(output, "<KeyInfo>\n");
fprintf(output, "<KeyMethod>");
xmlSecPrintXmlString(output, key->value->id->dataNodeName);
fprintf(output, "</KeyMethod>\n");
fprintf(output, "<KeyType>");
if((xmlSecKeyGetType(key) & xmlSecKeyDataTypeSymmetric) != 0) {
fprintf(output, "Symmetric\n");
} else if((xmlSecKeyGetType(key) & xmlSecKeyDataTypePrivate) != 0) {
fprintf(output, "Private\n");
} else if((xmlSecKeyGetType(key) & xmlSecKeyDataTypePublic) != 0) {
fprintf(output, "Public\n");
} else {
fprintf(output, "Unknown\n");
}
fprintf(output, "</KeyType>\n");
fprintf(output, "<KeyName>");
xmlSecPrintXmlString(output, key->name);
fprintf(output, "</KeyName>\n");
if(key->notValidBefore < key->notValidAfter) {
fprintf(output, "<KeyValidity notValidBefore=\"%ld\" notValidAfter=\"%ld\"/>\n",
(unsigned long)key->notValidBefore,
(unsigned long)key->notValidAfter);
}
if(key->value != NULL) {
xmlSecKeyDataDebugXmlDump(key->value, output);
}
if(key->dataList != NULL) {
xmlSecPtrListDebugXmlDump(key->dataList, output);
}
fprintf(output, "</KeyInfo>\n");
}
/**
* xmlSecKeyDebugDump:
* @key: the pointer to key.
* @output: the pointer to output FILE.
*
* Prints the information about the @key to the @output.
*/
void
xmlSecKeyDebugDump(xmlSecKeyPtr key, FILE *output) {
xmlSecAssert(xmlSecKeyIsValid(key));
xmlSecAssert(output != NULL);
fprintf(output, "== KEY\n");
fprintf(output, "=== method: %s\n",
(key->value->id->dataNodeName != NULL) ?
(char*)(key->value->id->dataNodeName) : "NULL");
fprintf(output, "=== key type: ");
if((xmlSecKeyGetType(key) & xmlSecKeyDataTypeSymmetric) != 0) {
fprintf(output, "Symmetric\n");
} else if((xmlSecKeyGetType(key) & xmlSecKeyDataTypePrivate) != 0) {
fprintf(output, "Private\n");
} else if((xmlSecKeyGetType(key) & xmlSecKeyDataTypePublic) != 0) {
fprintf(output, "Public\n");
} else {
fprintf(output, "Unknown\n");
}
if(key->name != NULL) {
fprintf(output, "=== key name: %s\n", key->name);
}
fprintf(output, "=== key usage: %d\n", key->usage);
if(key->notValidBefore < key->notValidAfter) {
fprintf(output, "=== key not valid before: %ld\n", (unsigned long)key->notValidBefore);
fprintf(output, "=== key not valid after: %ld\n", (unsigned long)key->notValidAfter);
}
if(key->value != NULL) {
xmlSecKeyDataDebugDump(key->value, output);
}
if(key->dataList != NULL) {
xmlSecPtrListDebugDump(key->dataList, output);
}
}
/**
* xmlSecSimpleKeysStoreLoad:
* @store: the pointer to simple keys store.
* @uri: the filename.
* @keysMngr: the pointer to associated keys manager.
*
* Reads keys from an XML file.
*
* Returns 0 on success or a negative value if an error occurs.
*/
int
xmlSecSimpleKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
xmlSecKeysMngrPtr keysMngr) {
xmlDocPtr doc;
xmlNodePtr root;
xmlNodePtr cur;
xmlSecKeyPtr key;
xmlSecKeyInfoCtx keyInfoCtx;
int ret;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecSimpleKeysStoreId), -1);
xmlSecAssert2(uri != NULL, -1);
doc = xmlParseFile(uri);
if(doc == NULL) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlParseFile",
XMLSEC_ERRORS_R_XML_FAILED,
"uri=%s",
xmlSecErrorsSafeString(uri));
return(-1);
}
root = xmlDocGetRootElement(doc);
if(!xmlSecCheckNodeName(root, BAD_CAST "Keys", xmlSecNs)) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
xmlSecErrorsSafeString(xmlSecNodeGetName(root)),
XMLSEC_ERRORS_R_INVALID_NODE,
"expected-node=<xmlsec:Keys>");
xmlFreeDoc(doc);
return(-1);
}
cur = xmlSecGetNextElementNode(root->children);
while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs)) {
key = xmlSecKeyCreate();
if(key == NULL) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_INVALID_NODE,
"expected-node=%s",
xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
xmlFreeDoc(doc);
return(-1);
}
ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecKeyInfoCtxInitialize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDestroy(key);
xmlFreeDoc(doc);
return(-1);
}
keyInfoCtx.mode = xmlSecKeyInfoModeRead;
keyInfoCtx.keysMngr = keysMngr;
keyInfoCtx.flags = XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND |
XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
keyInfoCtx.keyReq.keyType = xmlSecKeyDataTypeAny;
keyInfoCtx.keyReq.keyUsage= xmlSecKeyDataUsageAny;
ret = xmlSecKeyInfoNodeRead(cur, key, &keyInfoCtx);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecKeyInfoNodeRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
xmlSecKeyDestroy(key);
xmlFreeDoc(doc);
return(-1);
}
xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
if(xmlSecKeyIsValid(key)) {
ret = xmlSecSimpleKeysStoreAdoptKey(store, key);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecSimpleKeysStoreAdoptKey",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDestroy(key);
xmlFreeDoc(doc);
return(-1);
}
} else {
/* we have an unknown key in our file, just ignore it */
xmlSecKeyDestroy(key);
}
cur = xmlSecGetNextElementNode(cur->next);
}
if(cur != NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_UNEXPECTED_NODE,
XMLSEC_ERRORS_NO_MESSAGE);
xmlFreeDoc(doc);
return(-1);
}
xmlFreeDoc(doc);
return(0);
}
static xmlSecKeyPtr
xmlSecMSCryptoKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyStorePtr* ss;
xmlSecKeyPtr key = NULL;
xmlSecKeyReqPtr keyReq = NULL;
PCCERT_CONTEXT pCertContext = NULL;
PCCERT_CONTEXT pCertContext2 = NULL;
xmlSecKeyDataPtr data = NULL;
xmlSecKeyDataPtr x509Data = NULL;
xmlSecKeyPtr res = NULL;
int ret;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCryptoKeysStoreId), NULL);
xmlSecAssert2(keyInfoCtx != NULL, NULL);
ss = xmlSecMSCryptoKeysStoreGetSS(store);
xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL);
/* first try to find key in the simple keys store */
key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx);
if (key != NULL) {
return (key);
}
/* Next try to find the key in the MS Certificate store, and construct an xmlSecKey.
* we must have a name to lookup keys in the certificate store.
*/
if (name == NULL) {
goto done;
}
/* what type of key are we looking for?
* WK: For now, we'll look only for public/private keys using the
* name as a cert nickname. Then the name is regarded as the subject
* dn of the certificate to be searched for.
*/
keyReq = &(keyInfoCtx->keyReq);
if (keyReq->keyType & (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) {
pCertContext = xmlSecMSCryptoKeysStoreFindCert(store, name, keyInfoCtx);
if(pCertContext == NULL) {
goto done;
}
/* set cert in x509 data */
x509Data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataX509Id);
if(x509Data == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyDataCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
pCertContext2 = CertDuplicateCertificateContext(pCertContext);
if (NULL == pCertContext2) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"CertDuplicateCertificateContext",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
ret = xmlSecMSCryptoKeyDataX509AdoptCert(x509Data, pCertContext2);
if (ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecMSCryptoKeyDataX509AdoptCert",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
pCertContext2 = NULL;
pCertContext2 = CertDuplicateCertificateContext(pCertContext);
if (NULL == pCertContext2) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"CertDuplicateCertificateContext",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
ret = xmlSecMSCryptoKeyDataX509AdoptKeyCert(x509Data, pCertContext2);
if (ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecMSCryptoKeyDataX509AdoptKeyCert",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
pCertContext2 = NULL;
/* set cert in key data */
data = xmlSecMSCryptoCertAdopt(pCertContext, keyReq->keyType);
if(data == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecMSCryptoCertAdopt",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
pCertContext = NULL;
/* create key and add key data and x509 data to it */
key = xmlSecKeyCreate();
if (key == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
ret = xmlSecKeySetValue(key, data);
if (ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeySetValue",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
goto done;
}
data = NULL;
ret = xmlSecKeyAdoptData(key, x509Data);
if (ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyAdoptData",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
x509Data = NULL;
/* Set the name of the key to the given name */
ret = xmlSecKeySetName(key, name);
if (ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecKeySetName",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
/* now that we have a key, make sure it is valid and let the simple
* store adopt it */
if (xmlSecKeyIsValid(key)) {
res = key;
key = NULL;
}
}
done:
if (NULL != pCertContext) {
CertFreeCertificateContext(pCertContext);
}
if (NULL != pCertContext2) {
CertFreeCertificateContext(pCertContext2);
}
if (data != NULL) {
xmlSecKeyDataDestroy(data);
}
if (x509Data != NULL) {
xmlSecKeyDataDestroy(x509Data);
}
if (key != NULL) {
xmlSecKeyDestroy(key);
}
return (res);
}
