static int xmlSecTransformXPointerNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { xmlSecPtrListPtr dataList; xmlSecXPathDataPtr data; xmlNodePtr cur; int ret; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPointerId), -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); dataList = xmlSecXPathTransformGetDataList(transform); xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1); xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1); /* there is only one required node */ cur = xmlSecGetNextElementNode(node->children); if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPointer, xmlSecXPointerNs))) { xmlSecInvalidNodeError(cur, xmlSecNodeXPointer, xmlSecTransformGetName(transform)); return(-1); } /* read information from the node */ data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPointer); if(data == NULL) { xmlSecInternalError("xmlSecXPathDataCreate", xmlSecTransformGetName(transform)); return(-1); } ret = xmlSecXPathDataNodeRead(data, cur); if(ret < 0) { xmlSecInternalError("xmlSecXPathDataNodeRead", xmlSecTransformGetName(transform)); xmlSecXPathDataDestroy(data); return(-1); } /* append it to the list */ ret = xmlSecPtrListAdd(dataList, data); if(ret < 0) { xmlSecInternalError("xmlSecPtrListAdd", xmlSecTransformGetName(transform)); xmlSecXPathDataDestroy(data); return(-1); } /* set correct node set type and operation */ data->nodeSetOp = xmlSecNodeSetIntersection; data->nodeSetType = xmlSecNodeSetTree; /* check that we have nothing else */ cur = xmlSecGetNextElementNode(cur->next); if(cur != NULL) { xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform)); return(-1); } return(0); }
/** * xmlSecTransformXPointerSetExpr: * @transform: the pointer to XPointer transform. * @expr: the XPointer expression. * @nodeSetType: the type of evaluated XPointer expression. * @hereNode: the pointer to "here" node. * * Sets the XPointer expression for an XPointer @transform. * * Returns: 0 on success or a negative value if an error occurs. */ int xmlSecTransformXPointerSetExpr(xmlSecTransformPtr transform, const xmlChar* expr, xmlSecNodeSetType nodeSetType, xmlNodePtr hereNode) { xmlSecPtrListPtr dataList; xmlSecXPathDataPtr data; int ret; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPointerId), -1); xmlSecAssert2(transform->hereNode == NULL, -1); xmlSecAssert2(expr != NULL, -1); xmlSecAssert2(hereNode != NULL, -1); transform->hereNode = hereNode; dataList = xmlSecXPathTransformGetDataList(transform); xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1); xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1); data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPointer); if(data == NULL) { xmlSecInternalError("xmlSecXPathDataCreate", xmlSecTransformGetName(transform)); return(-1); } ret = xmlSecXPathDataRegisterNamespaces(data, hereNode); if(ret < 0) { xmlSecInternalError("xmlSecXPathDataRegisterNamespaces", xmlSecTransformGetName(transform)); xmlSecXPathDataDestroy(data); return(-1); } ret = xmlSecXPathDataSetExpr(data, expr); if(ret < 0) { xmlSecInternalError("xmlSecXPathDataSetExpr", xmlSecTransformGetName(transform)); xmlSecXPathDataDestroy(data); return(-1); } /* append it to the list */ ret = xmlSecPtrListAdd(dataList, data); if(ret < 0) { xmlSecInternalError("xmlSecPtrListAdd", xmlSecTransformGetName(transform)); xmlSecXPathDataDestroy(data); return(-1); } /* set correct node set type and operation */ data->nodeSetOp = xmlSecNodeSetIntersection; data->nodeSetType = nodeSetType; return(0); }
PyObject *xmlsec_PtrListAdd(PyObject *self, PyObject *args) { PyObject *list_obj, *item_obj; xmlSecPtrListPtr list; int ret; if (CheckArgs(args, "OO:ptrListAdd")) { if (!PyArg_ParseTuple(args, "OO:ptrListAdd", &list_obj, &item_obj)) return NULL; } else return NULL; list = xmlSecPtrListPtr_get(list_obj); ret = xmlSecPtrListAdd(list, xmlSecPtr_get(item_obj)); return (wrap_int(ret)); }
static int xmlSecRelationshipReadNode(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { xmlSecRelationshipCtxPtr ctx; xmlNodePtr cur; int ret; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformRelationshipId), -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecRelationshipSize), -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); ctx = xmlSecRelationshipGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); cur = node->children; while(cur != NULL) { if(xmlSecCheckNodeName(cur, xmlSecNodeRelationshipReference, xmlSecRelationshipReferenceNs)) { xmlChar* sourceId; sourceId = xmlGetProp(cur, xmlSecRelationshipAttrSourceId); if(sourceId == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, "xmlGetProp", xmlSecErrorsSafeString(xmlSecRelationshipAttrSourceId), XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(node))); return(-1); } ret = xmlSecPtrListAdd(ctx->sourceIdList, sourceId); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecPtrListAdd", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlFree(sourceId); return(-1); } } cur = cur->next; } return(0); }
/** * xmlSecKeysMngrAdoptDataStore: * @mngr: the pointer to keys manager. * @store: the pointer to data store. * * Adopts data store in the keys manager. * * Returns 0 on success or a negative value if an error occurs. */ int xmlSecKeysMngrAdoptDataStore(xmlSecKeysMngrPtr mngr, xmlSecKeyDataStorePtr store) { xmlSecKeyDataStorePtr tmp; xmlSecSize pos, size; xmlSecAssert2(mngr != NULL, -1); xmlSecAssert2(xmlSecKeyDataStoreIsValid(store), -1); size = xmlSecPtrListGetSize(&(mngr->storesList)); for(pos = 0; pos < size; ++pos) { tmp = (xmlSecKeyDataStorePtr)xmlSecPtrListGetItem(&(mngr->storesList), pos); if((tmp != NULL) && (tmp->id == store->id)) { return(xmlSecPtrListSet(&(mngr->storesList), store, pos)); } } return(xmlSecPtrListAdd(&(mngr->storesList), store)); }
/** * xmlSecKeyDataIdsRegister: * @id: the key data klass. * * Registers @id in the global list of key data klasses. * * Returns: 0 on success or a negative value if an error occurs. */ int xmlSecKeyDataIdsRegister(xmlSecKeyDataId id) { int ret; xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1); ret = xmlSecPtrListAdd(xmlSecKeyDataIdsGet(), (xmlSecPtr)id); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecPtrListAdd", XMLSEC_ERRORS_R_XMLSEC_FAILED, "dataId=%s", xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id))); return(-1); } return(0); }
/** * xmlSecCryptoDLGetLibraryFunctions: * @crypto: the desired crypto library name ("openssl", "nss", ...). * * Loads the xmlsec-<crypto> library and gets global crypto functions/transforms/keys data/keys store * table. This function is NOT thread safe, application MUST NOT call #xmlSecCryptoDLLoadLibrary, * #xmlSecCryptoDLGetLibraryFunctions, and #xmlSecCryptoDLUnloadLibrary functions from multiple threads. * * Returns the table or NULL if an error occurs. */ xmlSecCryptoDLFunctionsPtr xmlSecCryptoDLGetLibraryFunctions(const xmlChar* crypto) { xmlSecCryptoDLLibraryPtr lib; int pos; int ret; xmlSecAssert2(crypto != NULL, NULL); pos = xmlSecCryptoDLLibrariesListFindByName(&gXmlSecCryptoDLLibraries, crypto); if(pos >= 0) { lib = (xmlSecCryptoDLLibraryPtr)xmlSecPtrListGetItem(&gXmlSecCryptoDLLibraries, pos); xmlSecAssert2(lib != NULL, NULL); xmlSecAssert2(lib->functions != NULL, NULL); return(lib->functions); } lib = xmlSecCryptoDLLibraryCreate(crypto); if(lib == NULL) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, NULL, "xmlSecCryptoDLLibraryCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, "crypto=%s", xmlSecErrorsSafeString(crypto)); return(NULL); } ret = xmlSecPtrListAdd(&gXmlSecCryptoDLLibraries, lib); if(ret < 0) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, NULL, "xmlSecPtrListAdd", XMLSEC_ERRORS_R_XMLSEC_FAILED, "crypto=%s", xmlSecErrorsSafeString(crypto)); xmlSecCryptoDLLibraryDestroy(lib); return(NULL); } return(lib->functions); }
/** * xmlSecKeyAdoptData: * @key: the pointer to key. * @data: the pointer to key data. * * Adds @data to the @key. The @data object will be destroyed * by @key. * * Returns: 0 on success or a negative value otherwise. */ int xmlSecKeyAdoptData(xmlSecKeyPtr key, xmlSecKeyDataPtr data) { xmlSecKeyDataPtr tmp; xmlSecSize pos, size; xmlSecAssert2(key != NULL, -1); xmlSecAssert2(xmlSecKeyDataIsValid(data), -1); /* special cases */ if(data->id == xmlSecKeyDataValueId) { if(key->value != NULL) { xmlSecKeyDataDestroy(key->value); } key->value = data; return(0); } if(key->dataList == NULL) { key->dataList = xmlSecPtrListCreate(xmlSecKeyDataListId); if(key->dataList == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecPtrListCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } } size = xmlSecPtrListGetSize(key->dataList); for(pos = 0; pos < size; ++pos) { tmp = (xmlSecKeyDataPtr)xmlSecPtrListGetItem(key->dataList, pos); if((tmp != NULL) && (tmp->id == data->id)) { return(xmlSecPtrListSet(key->dataList, data, pos)); } } return(xmlSecPtrListAdd(key->dataList, data)); }
/** * xmlSecSimpleKeysStoreAdoptKey: * @store: the pointer to simple keys store. * @key: the pointer to key. * * Adds @key to the @store. * * Returns 0 on success or a negative value if an error occurs. */ int xmlSecSimpleKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) { xmlSecPtrListPtr list; int ret; xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecSimpleKeysStoreId), -1); xmlSecAssert2(key != NULL, -1); list = xmlSecSimpleKeysStoreGetList(store); xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1); ret = xmlSecPtrListAdd(list, key); if(ret < 0) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), "xmlSecPtrListAdd", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } return(0); }
static int xmlSecTransformXPointerNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { xmlSecPtrListPtr dataList; xmlSecXPathDataPtr data; xmlNodePtr cur; int ret; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPointerId), -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); dataList = xmlSecXPathTransformGetDataList(transform); xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1); xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1); /* there is only one required node */ cur = xmlSecGetNextElementNode(node->children); if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPointer, xmlSecXPointerNs))) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_INVALID_NODE, "expected=%s", xmlSecErrorsSafeString(xmlSecNodeXPath)); return(-1); } /* read information from the node */ data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPointer); if(data == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecXPathDataCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } ret = xmlSecXPathDataNodeRead(data, cur); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecXPathDataNodeRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecXPathDataDestroy(data); return(-1); } /* append it to the list */ ret = xmlSecPtrListAdd(dataList, data); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecPtrListAdd", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecXPathDataDestroy(data); return(-1); } /* set correct node set type and operation */ data->nodeSetOp = xmlSecNodeSetIntersection; data->nodeSetType = xmlSecNodeSetTree; /* check that we have nothing else */ cur = xmlSecGetNextElementNode(cur->next); if(cur != NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_UNEXPECTED_NODE, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } return(0); }
static int xmlSecTransformXPath2NodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { xmlSecPtrListPtr dataList; xmlSecXPathDataPtr data; xmlNodePtr cur; xmlChar* op; int ret; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPath2Id), -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); dataList = xmlSecXPathTransformGetDataList(transform); xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1); xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1); /* There are only xpath nodes */ cur = xmlSecGetNextElementNode(node->children); while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeXPath2, xmlSecXPath2Ns)) { /* read information from the node */ data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath2); if(data == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecXPathDataCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } ret = xmlSecXPathDataNodeRead(data, cur); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecXPathDataNodeRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecXPathDataDestroy(data); return(-1); } /* append it to the list */ ret = xmlSecPtrListAdd(dataList, data); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecPtrListAdd", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecXPathDataDestroy(data); return(-1); } /* set correct node set type and operation */ data->nodeSetType = xmlSecNodeSetTree; op = xmlGetProp(cur, xmlSecAttrFilter); if(op == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecAttrFilter), XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); return(-1); } if(xmlStrEqual(op, xmlSecXPath2FilterIntersect)) { data->nodeSetOp = xmlSecNodeSetIntersection; } else if(xmlStrEqual(op, xmlSecXPath2FilterSubtract)) { data->nodeSetOp = xmlSecNodeSetSubtraction; } else if(xmlStrEqual(op, xmlSecXPath2FilterUnion)) { data->nodeSetOp = xmlSecNodeSetUnion; } else { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecAttrFilter), XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, "filter=%s", xmlSecErrorsSafeString(op)); xmlFree(op); return(-1); } xmlFree(op); cur = xmlSecGetNextElementNode(cur->next); } /* check that we have nothing else */ if(cur != NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_UNEXPECTED_NODE, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } return(0); }
static int xmlSecTransformXPathNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { xmlSecPtrListPtr dataList; xmlSecXPathDataPtr data; xmlNodePtr cur; xmlChar* tmp; int ret; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPathId), -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); dataList = xmlSecXPathTransformGetDataList(transform); xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1); xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1); /* there is only one required node */ cur = xmlSecGetNextElementNode(node->children); if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPath, xmlSecDSigNs))) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_INVALID_NODE, "expected=%s", xmlSecErrorsSafeString(xmlSecNodeXPath)); return(-1); } /* read information from the node */ data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath); if(data == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecXPathDataCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } ret = xmlSecXPathDataNodeRead(data, cur); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecXPathDataNodeRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecXPathDataDestroy(data); return(-1); } /* append it to the list */ ret = xmlSecPtrListAdd(dataList, data); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecPtrListAdd", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecXPathDataDestroy(data); return(-1); } /* create full XPath expression */ xmlSecAssert2(data->expr != NULL, -1); tmp = (xmlChar*) xmlMalloc(sizeof(xmlChar) * (xmlStrlen(data->expr) + strlen(xpathPattern) + 1)); if(tmp == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "size=%d", (int)(xmlStrlen(data->expr) + strlen(xpathPattern) + 1)); return(-1); } sprintf((char*)tmp, xpathPattern, (char*)data->expr); xmlFree(data->expr); data->expr = tmp; /* set correct node set type and operation */ data->nodeSetOp = xmlSecNodeSetIntersection; data->nodeSetType = xmlSecNodeSetNormal; /* check that we have nothing else */ cur = xmlSecGetNextElementNode(cur->next); if(cur != NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_UNEXPECTED_NODE, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } return(0); }
/** * verify_file: * @mngr: the pointer to keys manager. * @xml_file: the signed XML file name. * * Verifies XML signature in #xml_file. * * Returns 0 on success or a negative value if an error occurs. */ int verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file) { xmlDocPtr doc = NULL; xmlNodePtr node = NULL; xmlSecDSigCtxPtr dsigCtx = NULL; int res = -1; assert(mngr); assert(xml_file); /* load file */ doc = xmlParseFile(xml_file); if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){ fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file); goto done; } /* find start node */ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs); if(node == NULL) { fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file); goto done; } /* create signature context */ dsigCtx = xmlSecDSigCtxCreate(mngr); if(dsigCtx == NULL) { fprintf(stderr,"Error: failed to create signature context\n"); goto done; } /* limit the Reference URI attributes to empty or NULL */ dsigCtx->enabledReferenceUris = xmlSecTransformUriTypeEmpty; /* limit allowed transforms for signature and reference processing */ if((xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformInclC14NId) < 0) || (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformExclC14NId) < 0) || (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformSha1Id) < 0) || (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformRsaSha1Id) < 0)) { fprintf(stderr,"Error: failed to limit allowed signature transforms\n"); goto done; } if((xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformInclC14NId) < 0) || (xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformExclC14NId) < 0) || (xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformSha1Id) < 0) || (xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformEnvelopedId) < 0)) { fprintf(stderr,"Error: failed to limit allowed reference transforms\n"); goto done; } /* in addition, limit possible key data to valid X509 certificates only */ if(xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecKeyDataX509Id) < 0) { fprintf(stderr,"Error: failed to limit allowed key data\n"); goto done; } /* Verify signature */ if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) { fprintf(stderr,"Error: signature verify\n"); goto done; } /* check that we have only one Reference */ if((dsigCtx->status == xmlSecDSigStatusSucceeded) && (xmlSecPtrListGetSize(&(dsigCtx->signedInfoReferences)) != 1)) { fprintf(stderr,"Error: only one reference is allowed\n"); goto done; } /* print verification result to stdout */ if(dsigCtx->status == xmlSecDSigStatusSucceeded) { fprintf(stdout, "Signature is OK\n"); } else { fprintf(stdout, "Signature is INVALID\n"); } /* success */ res = 0; done: /* cleanup */ if(dsigCtx != NULL) { xmlSecDSigCtxDestroy(dsigCtx); } if(doc != NULL) { xmlFreeDoc(doc); } return(res); }
static int xmlSecTransformXPath2NodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { xmlSecPtrListPtr dataList; xmlSecXPathDataPtr data; xmlNodePtr cur; xmlChar* op; int ret; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPath2Id), -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); dataList = xmlSecXPathTransformGetDataList(transform); xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1); xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1); /* There are only xpath nodes */ cur = xmlSecGetNextElementNode(node->children); while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeXPath2, xmlSecXPath2Ns)) { /* read information from the node */ data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath2); if(data == NULL) { xmlSecInternalError("xmlSecXPathDataCreate", xmlSecTransformGetName(transform)); return(-1); } ret = xmlSecXPathDataNodeRead(data, cur); if(ret < 0) { xmlSecInternalError("xmlSecXPathDataNodeRead", xmlSecTransformGetName(transform)); xmlSecXPathDataDestroy(data); return(-1); } /* append it to the list */ ret = xmlSecPtrListAdd(dataList, data); if(ret < 0) { xmlSecInternalError("xmlSecPtrListAdd", xmlSecTransformGetName(transform)); xmlSecXPathDataDestroy(data); return(-1); } /* set correct node set type and operation */ data->nodeSetType = xmlSecNodeSetTree; op = xmlGetProp(cur, xmlSecAttrFilter); if(op == NULL) { xmlSecInvalidNodeAttributeError(cur, xmlSecAttrFilter, xmlSecTransformGetName(transform), "empty"); return(-1); } if(xmlStrEqual(op, xmlSecXPath2FilterIntersect)) { data->nodeSetOp = xmlSecNodeSetIntersection; } else if(xmlStrEqual(op, xmlSecXPath2FilterSubtract)) { data->nodeSetOp = xmlSecNodeSetSubtraction; } else if(xmlStrEqual(op, xmlSecXPath2FilterUnion)) { data->nodeSetOp = xmlSecNodeSetUnion; } else { xmlSecInvalidNodeAttributeError(cur, xmlSecAttrFilter, xmlSecTransformGetName(transform), "unknown"); xmlFree(op); return(-1); } xmlFree(op); cur = xmlSecGetNextElementNode(cur->next); } /* check that we have nothing else */ if(cur != NULL) { xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform)); return(-1); } return(0); }
static int xmlSecTransformXPathNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { xmlSecPtrListPtr dataList; xmlSecXPathDataPtr data; xmlNodePtr cur; xmlChar* tmp; int tmpSize; int ret; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPathId), -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); dataList = xmlSecXPathTransformGetDataList(transform); xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1); xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1); /* there is only one required node */ cur = xmlSecGetNextElementNode(node->children); if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPath, xmlSecDSigNs))) { xmlSecInvalidNodeError(cur, xmlSecNodeXPath, xmlSecTransformGetName(transform)); return(-1); } /* read information from the node */ data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath); if(data == NULL) { xmlSecInternalError("xmlSecXPathDataCreate", xmlSecTransformGetName(transform)); return(-1); } ret = xmlSecXPathDataNodeRead(data, cur); if(ret < 0) { xmlSecInternalError("xmlSecXPathDataNodeRead", xmlSecTransformGetName(transform)); xmlSecXPathDataDestroy(data); return(-1); } /* append it to the list */ ret = xmlSecPtrListAdd(dataList, data); if(ret < 0) { xmlSecInternalError("xmlSecPtrListAdd", xmlSecTransformGetName(transform)); xmlSecXPathDataDestroy(data); return(-1); } /* create full XPath expression */ xmlSecAssert2(data->expr != NULL, -1); tmpSize = xmlStrlen(data->expr) + strlen(xpathPattern) + 1; tmp = (xmlChar*) xmlMalloc(sizeof(xmlChar) * tmpSize); if(tmp == NULL) { xmlSecMallocError(sizeof(xmlChar) * tmpSize, xmlSecTransformGetName(transform)); return(-1); } ret = xmlStrPrintf(tmp, tmpSize, xpathPattern, (char*)data->expr); if(ret < 0) { xmlSecXmlError("xmlStrPrintf", xmlSecTransformGetName(transform)); xmlFree(tmp); return(-1); } xmlFree(data->expr); data->expr = tmp; /* set correct node set type and operation */ data->nodeSetOp = xmlSecNodeSetIntersection; data->nodeSetType = xmlSecNodeSetNormal; /* check that we have nothing else */ cur = xmlSecGetNextElementNode(cur->next); if(cur != NULL) { xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform)); return(-1); } return(0); }