static int
xmlSecMSCryptoKeysStoreInitialize(xmlSecKeyStorePtr store) {
xmlSecKeyStorePtr *ss;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCryptoKeysStoreId), -1);
ss = xmlSecMSCryptoKeysStoreGetSS(store);
xmlSecAssert2((*ss == NULL), -1);
*ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
if(*ss == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecKeyStoreCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"xmlSecSimpleKeysStoreId");
return(-1);
}
return(0);
}
static int
xmlSecSimpleKeysStoreInitialize(xmlSecKeyStorePtr store) {
xmlSecPtrListPtr list;
int ret;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecSimpleKeysStoreId), -1);
list = xmlSecSimpleKeysStoreGetList(store);
xmlSecAssert2(list != NULL, -1);
ret = xmlSecPtrListInitialize(list, xmlSecKeyPtrListId);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecPtrListInitialize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"xmlSecKeyPtrListId");
return(-1);
}
return(0);
}
/**
* xmlSecSimpleKeysStoreAdoptKey:
* @store: the pointer to simple keys store.
* @key: the pointer to key.
*
* Adds @key to the @store.
*
* Returns 0 on success or a negative value if an error occurs.
*/
int
xmlSecSimpleKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) {
xmlSecPtrListPtr list;
int ret;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecSimpleKeysStoreId), -1);
xmlSecAssert2(key != NULL, -1);
list = xmlSecSimpleKeysStoreGetList(store);
xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1);
ret = xmlSecPtrListAdd(list, key);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecPtrListAdd",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
/**
* xmlSecSimpleKeysStoreSave:
* @store: the pointer to simple keys store.
* @filename: the filename.
* @type: the saved keys type (public, private, ...).
*
* Writes keys from @store to an XML file.
*
* Returns 0 on success or a negative value if an error occurs.
*/
int
xmlSecSimpleKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) {
xmlSecKeyInfoCtx keyInfoCtx;
xmlSecPtrListPtr list;
xmlSecKeyPtr key;
xmlSecSize i, keysSize;
xmlDocPtr doc;
xmlNodePtr cur;
xmlSecKeyDataPtr data;
xmlSecPtrListPtr idsList;
xmlSecKeyDataId dataId;
xmlSecSize idsSize, j;
int ret;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecSimpleKeysStoreId), -1);
xmlSecAssert2(filename != NULL, -1);
list = xmlSecSimpleKeysStoreGetList(store);
xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1);
/* create doc */
doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs);
if(doc == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecCreateTree",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
idsList = xmlSecKeyDataIdsGet();
xmlSecAssert2(idsList != NULL, -1);
keysSize = xmlSecPtrListGetSize(list);
idsSize = xmlSecPtrListGetSize(idsList);
for(i = 0; i < keysSize; ++i) {
key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i);
xmlSecAssert2(key != NULL, -1);
cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs);
if(cur == NULL) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecAddChild",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
xmlFreeDoc(doc);
return(-1);
}
/* special data key name */
if(xmlSecKeyGetName(key) != NULL) {
if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecAddChild",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeKeyName));
xmlFreeDoc(doc);
return(-1);
}
}
/* create nodes for other keys data */
for(j = 0; j < idsSize; ++j) {
dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j);
xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1);
if(dataId->dataNodeName == NULL) {
continue;
}
data = xmlSecKeyGetData(key, dataId);
if(data == NULL) {
continue;
}
if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecAddChild",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(dataId->dataNodeName));
xmlFreeDoc(doc);
return(-1);
}
}
ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecKeyInfoCtxInitialize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlFreeDoc(doc);
return(-1);
}
keyInfoCtx.mode = xmlSecKeyInfoModeWrite;
keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
keyInfoCtx.keyReq.keyType = type;
keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny;
/* finally write key in the node */
ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecKeyInfoNodeWrite",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
xmlFreeDoc(doc);
return(-1);
}
xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
}
/* now write result */
ret = xmlSaveFormatFile(filename, doc, 1);
if(ret < 0) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSaveFormatFile",
XMLSEC_ERRORS_R_XML_FAILED,
"filename=%s",
xmlSecErrorsSafeString(filename));
xmlFreeDoc(doc);
return(-1);
}
xmlFreeDoc(doc);
return(0);
}
/**
* xmlSecSimpleKeysStoreLoad:
* @store: the pointer to simple keys store.
* @uri: the filename.
* @keysMngr: the pointer to associated keys manager.
*
* Reads keys from an XML file.
*
* Returns 0 on success or a negative value if an error occurs.
*/
int
xmlSecSimpleKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
xmlSecKeysMngrPtr keysMngr) {
xmlDocPtr doc;
xmlNodePtr root;
xmlNodePtr cur;
xmlSecKeyPtr key;
xmlSecKeyInfoCtx keyInfoCtx;
int ret;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecSimpleKeysStoreId), -1);
xmlSecAssert2(uri != NULL, -1);
doc = xmlParseFile(uri);
if(doc == NULL) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlParseFile",
XMLSEC_ERRORS_R_XML_FAILED,
"uri=%s",
xmlSecErrorsSafeString(uri));
return(-1);
}
root = xmlDocGetRootElement(doc);
if(!xmlSecCheckNodeName(root, BAD_CAST "Keys", xmlSecNs)) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
xmlSecErrorsSafeString(xmlSecNodeGetName(root)),
XMLSEC_ERRORS_R_INVALID_NODE,
"expected-node=<xmlsec:Keys>");
xmlFreeDoc(doc);
return(-1);
}
cur = xmlSecGetNextElementNode(root->children);
while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs)) {
key = xmlSecKeyCreate();
if(key == NULL) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_INVALID_NODE,
"expected-node=%s",
xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
xmlFreeDoc(doc);
return(-1);
}
ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecKeyInfoCtxInitialize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDestroy(key);
xmlFreeDoc(doc);
return(-1);
}
keyInfoCtx.mode = xmlSecKeyInfoModeRead;
keyInfoCtx.keysMngr = keysMngr;
keyInfoCtx.flags = XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND |
XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
keyInfoCtx.keyReq.keyType = xmlSecKeyDataTypeAny;
keyInfoCtx.keyReq.keyUsage= xmlSecKeyDataUsageAny;
ret = xmlSecKeyInfoNodeRead(cur, key, &keyInfoCtx);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecKeyInfoNodeRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
xmlSecKeyDestroy(key);
xmlFreeDoc(doc);
return(-1);
}
xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
if(xmlSecKeyIsValid(key)) {
ret = xmlSecSimpleKeysStoreAdoptKey(store, key);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecSimpleKeysStoreAdoptKey",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDestroy(key);
xmlFreeDoc(doc);
return(-1);
}
} else {
/* we have an unknown key in our file, just ignore it */
xmlSecKeyDestroy(key);
}
cur = xmlSecGetNextElementNode(cur->next);
}
if(cur != NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_UNEXPECTED_NODE,
XMLSEC_ERRORS_NO_MESSAGE);
xmlFreeDoc(doc);
return(-1);
}
xmlFreeDoc(doc);
return(0);
}
static xmlSecKeyPtr
xmlSecMSCryptoKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyStorePtr* ss;
xmlSecKeyPtr key = NULL;
xmlSecKeyReqPtr keyReq = NULL;
PCCERT_CONTEXT pCertContext = NULL;
PCCERT_CONTEXT pCertContext2 = NULL;
xmlSecKeyDataPtr data = NULL;
xmlSecKeyDataPtr x509Data = NULL;
xmlSecKeyPtr res = NULL;
int ret;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCryptoKeysStoreId), NULL);
xmlSecAssert2(keyInfoCtx != NULL, NULL);
ss = xmlSecMSCryptoKeysStoreGetSS(store);
xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL);
/* first try to find key in the simple keys store */
key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx);
if (key != NULL) {
return (key);
}
/* Next try to find the key in the MS Certificate store, and construct an xmlSecKey.
* we must have a name to lookup keys in the certificate store.
*/
if (name == NULL) {
goto done;
}
/* what type of key are we looking for?
* WK: For now, we'll look only for public/private keys using the
* name as a cert nickname. Then the name is regarded as the subject
* dn of the certificate to be searched for.
*/
keyReq = &(keyInfoCtx->keyReq);
if (keyReq->keyType & (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) {
pCertContext = xmlSecMSCryptoKeysStoreFindCert(store, name, keyInfoCtx);
if(pCertContext == NULL) {
goto done;
}
/* set cert in x509 data */
x509Data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataX509Id);
if(x509Data == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyDataCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
pCertContext2 = CertDuplicateCertificateContext(pCertContext);
if (NULL == pCertContext2) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"CertDuplicateCertificateContext",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
ret = xmlSecMSCryptoKeyDataX509AdoptCert(x509Data, pCertContext2);
if (ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecMSCryptoKeyDataX509AdoptCert",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
pCertContext2 = NULL;
pCertContext2 = CertDuplicateCertificateContext(pCertContext);
if (NULL == pCertContext2) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"CertDuplicateCertificateContext",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
ret = xmlSecMSCryptoKeyDataX509AdoptKeyCert(x509Data, pCertContext2);
if (ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecMSCryptoKeyDataX509AdoptKeyCert",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
pCertContext2 = NULL;
/* set cert in key data */
data = xmlSecMSCryptoCertAdopt(pCertContext, keyReq->keyType);
if(data == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecMSCryptoCertAdopt",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
pCertContext = NULL;
/* create key and add key data and x509 data to it */
key = xmlSecKeyCreate();
if (key == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
ret = xmlSecKeySetValue(key, data);
if (ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeySetValue",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
goto done;
}
data = NULL;
ret = xmlSecKeyAdoptData(key, x509Data);
if (ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyAdoptData",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
x509Data = NULL;
/* Set the name of the key to the given name */
ret = xmlSecKeySetName(key, name);
if (ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecKeySetName",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
/* now that we have a key, make sure it is valid and let the simple
* store adopt it */
if (xmlSecKeyIsValid(key)) {
res = key;
key = NULL;
}
}
done:
if (NULL != pCertContext) {
CertFreeCertificateContext(pCertContext);
}
if (NULL != pCertContext2) {
CertFreeCertificateContext(pCertContext2);
}
if (data != NULL) {
xmlSecKeyDataDestroy(data);
}
if (x509Data != NULL) {
xmlSecKeyDataDestroy(x509Data);
}
if (key != NULL) {
xmlSecKeyDestroy(key);
}
return (res);
}
static PCCERT_CONTEXT
xmlSecMSCryptoKeysStoreFindCert(xmlSecKeyStorePtr store, const xmlChar* name,
xmlSecKeyInfoCtxPtr keyInfoCtx) {
const char* storeName;
HCERTSTORE hStoreHandle = NULL;
PCCERT_CONTEXT pCertContext = NULL;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCryptoKeysStoreId), NULL);
xmlSecAssert2(name != NULL, NULL);
xmlSecAssert2(keyInfoCtx != NULL, NULL);
storeName = xmlSecMSCryptoAppGetCertStoreName();
if(storeName == NULL) {
storeName = XMLSEC_MSCRYPTO_APP_DEFAULT_CERT_STORE_NAME;
}
hStoreHandle = CertOpenSystemStore(0, storeName);
if (NULL == hStoreHandle) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"CertOpenSystemStore",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
"storeName=%s",
xmlSecErrorsSafeString(storeName));
return(NULL);
}
/* first attempt: search by cert id == name */
if(pCertContext == NULL) {
size_t len = xmlStrlen(name) + 1;
wchar_t * lpCertID;
/* aleksey todo: shouldn't we call MultiByteToWideChar first to get the buffer size? */
lpCertID = (wchar_t *)xmlMalloc(sizeof(wchar_t) * len);
if(lpCertID == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
NULL,
XMLSEC_ERRORS_R_MALLOC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
CertCloseStore(hStoreHandle, 0);
return(NULL);
}
MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, name, -1, lpCertID, len);
pCertContext = CertFindCertificateInStore(
hStoreHandle,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
0,
CERT_FIND_SUBJECT_STR,
lpCertID,
NULL);
xmlFree(lpCertID);
}
/* We don't give up easily, now try to fetch the cert with a full blown
* subject dn
*/
if (NULL == pCertContext) {
BYTE* bdata;
DWORD len;
bdata = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
name,
CERT_OID_NAME_STR,
&len);
if(bdata != NULL) {
CERT_NAME_BLOB cnb;
cnb.cbData = len;
cnb.pbData = bdata;
pCertContext = CertFindCertificateInStore(hStoreHandle,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
0,
CERT_FIND_SUBJECT_NAME,
&cnb,
NULL);
xmlFree(bdata);
}
}
/* We don't give up easily, now try to fetch the cert with a full blown
* subject dn, and try with a reversed dn
*/
if (NULL == pCertContext) {
BYTE* bdata;
DWORD len;
bdata = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
name,
CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG,
&len);
if(bdata != NULL) {
CERT_NAME_BLOB cnb;
cnb.cbData = len;
cnb.pbData = bdata;
pCertContext = CertFindCertificateInStore(hStoreHandle,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
0,
CERT_FIND_SUBJECT_NAME,
&cnb,
NULL);
xmlFree(bdata);
}
}
/*
* Try ro find certificate with name="Friendly Name"
*/
if (NULL == pCertContext) {
DWORD dwPropSize;
PBYTE pbFriendlyName;
PCCERT_CONTEXT pCertCtxIter = NULL;
size_t len = xmlStrlen(name) + 1;
wchar_t * lpFName;
lpFName = (wchar_t *)xmlMalloc(sizeof(wchar_t) * len);
if(lpFName == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
NULL,
XMLSEC_ERRORS_R_MALLOC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
CertCloseStore(hStoreHandle, 0);
return(NULL);
}
MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, name, -1, lpFName, len);
while (pCertCtxIter = CertEnumCertificatesInStore(hStoreHandle, pCertCtxIter)) {
if (TRUE != CertGetCertificateContextProperty(pCertCtxIter,
CERT_FRIENDLY_NAME_PROP_ID,
NULL,
&dwPropSize)) {
continue;
}
pbFriendlyName = xmlMalloc(dwPropSize);
if(pbFriendlyName == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
NULL,
XMLSEC_ERRORS_R_MALLOC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlFree(lpFName);
CertCloseStore(hStoreHandle, 0);
return(NULL);
}
if (TRUE != CertGetCertificateContextProperty(pCertCtxIter,
CERT_FRIENDLY_NAME_PROP_ID,
pbFriendlyName,
&dwPropSize)) {
xmlFree(pbFriendlyName);
continue;
}
/* Compare FriendlyName to name */
if (!wcscmp(lpFName, (const wchar_t *)pbFriendlyName)) {
pCertContext = pCertCtxIter;
xmlFree(pbFriendlyName);
break;
}
xmlFree(pbFriendlyName);
}
xmlFree(lpFName);
}
/* We could do the following here:
* It would be nice if we could locate the cert with issuer name and
* serial number, the given keyname can be something like this:
* 'serial=1234567;issuer=CN=ikke, C=NL'
* to be implemented by the first person who reads this, and thinks it's
* a good idea :) WK
*/
/* OK, I give up, I'm gone :( */
/* aleksey todo: is it a right idea to close store if we have a handle to
* a cert in this store? */
CertCloseStore(hStoreHandle, 0);
return(pCertContext);
}
static PCCERT_CONTEXT
xmlSecMSCryptoKeysStoreFindCert(xmlSecKeyStorePtr store, const xmlChar* name,
xmlSecKeyInfoCtxPtr keyInfoCtx) {
LPCTSTR storeName;
HCERTSTORE hStoreHandle = NULL;
PCCERT_CONTEXT pCertContext = NULL;
LPTSTR wcName = NULL;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCryptoKeysStoreId), NULL);
xmlSecAssert2(name != NULL, NULL);
xmlSecAssert2(keyInfoCtx != NULL, NULL);
storeName = xmlSecMSCryptoAppGetCertStoreName();
if(storeName == NULL) {
storeName = XMLSEC_MSCRYPTO_APP_DEFAULT_CERT_STORE_NAME;
}
hStoreHandle = CertOpenSystemStore(0, storeName);
if (NULL == hStoreHandle) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"CertOpenSystemStore",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
"storeName=%s",
xmlSecErrorsSafeString(storeName));
return(NULL);
}
/* convert name to unicode */
wcName = xmlSecMSCryptoConvertUtf8ToTstr(name);
if(wcName == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecMSCryptoConvertUtf8ToUnicode",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"wcName");
CertCloseStore(hStoreHandle, 0);
return(NULL);
}
/* first attempt: try to find the cert with a full blown subject dn */
if(NULL == pCertContext) {
pCertContext = xmlSecMSCryptoX509FindCertBySubject(
hStoreHandle,
wcName,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING);
}
/*
* Try ro find certificate with name="Friendly Name"
*/
if (NULL == pCertContext) {
DWORD dwPropSize;
PBYTE pbFriendlyName;
PCCERT_CONTEXT pCertCtxIter = NULL;
while (pCertCtxIter = CertEnumCertificatesInStore(hStoreHandle, pCertCtxIter)) {
if (TRUE != CertGetCertificateContextProperty(pCertCtxIter,
CERT_FRIENDLY_NAME_PROP_ID,
NULL,
&dwPropSize)) {
continue;
}
pbFriendlyName = xmlMalloc(dwPropSize);
if(pbFriendlyName == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
NULL,
XMLSEC_ERRORS_R_MALLOC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlFree(wcName);
CertCloseStore(hStoreHandle, 0);
return(NULL);
}
if (TRUE != CertGetCertificateContextProperty(pCertCtxIter,
CERT_FRIENDLY_NAME_PROP_ID,
pbFriendlyName,
&dwPropSize)) {
xmlFree(pbFriendlyName);
continue;
}
/* Compare FriendlyName to name */
if (!lstrcmp(wcName, (LPCTSTR)pbFriendlyName)) {
pCertContext = pCertCtxIter;
xmlFree(pbFriendlyName);
break;
}
xmlFree(pbFriendlyName);
}
}
/* We don't give up easily, now try to find cert with part of the name
*/
if (NULL == pCertContext) {
pCertContext = CertFindCertificateInStore(
hStoreHandle,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
0,
CERT_FIND_SUBJECT_STR,
wcName,
NULL);
}
/* We could do the following here:
* It would be nice if we could locate the cert with issuer name and
* serial number, the given keyname can be something like this:
* 'serial=1234567;issuer=CN=ikke, C=NL'
* to be implemented by the first person who reads this, and thinks it's
* a good idea :) WK
*/
/* OK, I give up, I'm gone :( */
/* aleksey todo: is it a right idea to close store if we have a handle to
* a cert in this store? */
xmlFree(wcName);
CertCloseStore(hStoreHandle, 0);
return(pCertContext);
}
/**
* xmlSecNssAppliedKeysMngrCreate:
* @slot: array of pointers to NSS PKCS#11 slot information.
* @cSlots: number of slots in the array
* @handler: the pointer to NSS certificate database.
*
* Create and load NSS crypto slot and certificate database into keys manager
*
* Returns keys manager pointer on success or NULL otherwise.
*/
xmlSecKeysMngrPtr
xmlSecNssAppliedKeysMngrCreate(
PK11SlotInfo** slots,
int cSlots,
CERTCertDBHandle* handler
) {
xmlSecKeyDataStorePtr certStore = NULL ;
xmlSecKeysMngrPtr keyMngr = NULL ;
xmlSecKeyStorePtr keyStore = NULL ;
int islot = 0;
keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ;
if( keyStore == NULL ) {
xmlSecError( XMLSEC_ERRORS_HERE ,
NULL ,
"xmlSecKeyStoreCreate" ,
XMLSEC_ERRORS_R_XMLSEC_FAILED ,
XMLSEC_ERRORS_NO_MESSAGE ) ;
return NULL ;
}
for (islot = 0; islot < cSlots; islot++)
{
xmlSecNssKeySlotPtr keySlot ;
/* Create a key slot */
keySlot = xmlSecNssKeySlotCreate() ;
if( keySlot == NULL ) {
xmlSecError( XMLSEC_ERRORS_HERE ,
xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
"xmlSecNssKeySlotCreate" ,
XMLSEC_ERRORS_R_XMLSEC_FAILED ,
XMLSEC_ERRORS_NO_MESSAGE ) ;
xmlSecKeyStoreDestroy( keyStore ) ;
return NULL ;
}
/* Set slot */
if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) {
xmlSecError( XMLSEC_ERRORS_HERE ,
xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
"xmlSecNssKeySlotSetSlot" ,
XMLSEC_ERRORS_R_XMLSEC_FAILED ,
XMLSEC_ERRORS_NO_MESSAGE ) ;
xmlSecKeyStoreDestroy( keyStore ) ;
xmlSecNssKeySlotDestroy( keySlot ) ;
return NULL ;
}
/* Adopt keySlot */
if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) {
xmlSecError( XMLSEC_ERRORS_HERE ,
xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
"xmlSecNssKeysStoreAdoptKeySlot" ,
XMLSEC_ERRORS_R_XMLSEC_FAILED ,
XMLSEC_ERRORS_NO_MESSAGE ) ;
xmlSecKeyStoreDestroy( keyStore ) ;
xmlSecNssKeySlotDestroy( keySlot ) ;
return NULL ;
}
}
keyMngr = xmlSecKeysMngrCreate() ;
if( keyMngr == NULL ) {
xmlSecError( XMLSEC_ERRORS_HERE ,
NULL ,
"xmlSecKeysMngrCreate" ,
XMLSEC_ERRORS_R_XMLSEC_FAILED ,
XMLSEC_ERRORS_NO_MESSAGE ) ;
xmlSecKeyStoreDestroy( keyStore ) ;
return NULL ;
}
/*-
* Add key store to manager, from now on keys manager destroys the store if
* needed
*/
if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
xmlSecError( XMLSEC_ERRORS_HERE ,
xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
"xmlSecKeysMngrAdoptKeyStore" ,
XMLSEC_ERRORS_R_XMLSEC_FAILED ,
XMLSEC_ERRORS_NO_MESSAGE ) ;
xmlSecKeyStoreDestroy( keyStore ) ;
xmlSecKeysMngrDestroy( keyMngr ) ;
return NULL ;
}
/*-
* Initialize crypto library specific data in keys manager
*/
if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) {
xmlSecError( XMLSEC_ERRORS_HERE ,
NULL ,
"xmlSecKeysMngrCreate" ,
XMLSEC_ERRORS_R_XMLSEC_FAILED ,
XMLSEC_ERRORS_NO_MESSAGE ) ;
xmlSecKeysMngrDestroy( keyMngr ) ;
return NULL ;
}
/*-
* Set certificate databse to X509 key data store
*/
/**
* Because Tej's implementation of certDB use the default DB, so I ignore
* the certDB handler at present. I'll modify the cert store sources to
* accept particular certDB instead of default ones.
certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ;
if( certStore == NULL ) {
xmlSecError( XMLSEC_ERRORS_HERE ,
xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
"xmlSecKeysMngrGetDataStore" ,
XMLSEC_ERRORS_R_XMLSEC_FAILED ,
XMLSEC_ERRORS_NO_MESSAGE ) ;
xmlSecKeysMngrDestroy( keyMngr ) ;
return NULL ;
}
if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) {
xmlSecError( XMLSEC_ERRORS_HERE ,
xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
"xmlSecNssKeyDataStoreX509SetCertDb" ,
XMLSEC_ERRORS_R_XMLSEC_FAILED ,
XMLSEC_ERRORS_NO_MESSAGE ) ;
xmlSecKeysMngrDestroy( keyMngr ) ;
return NULL ;
}
*/
/*-
* Set the getKey callback
*/
keyMngr->getKey = xmlSecKeysMngrGetKey ;
return keyMngr ;
}
