static int xmlSecBase64CtxDecodeIsFinished(xmlSecBase64CtxPtr ctx) { xmlSecAssert2(ctx != NULL, -1); return((ctx->inPos == 0) ? 1 : 0); }
static int xmlSecNssDigestInitialize(xmlSecTransformPtr transform) { xmlSecNssDigestCtxPtr ctx; xmlSecAssert2(xmlSecNssDigestCheckId(transform), -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssDigestSize), -1); ctx = xmlSecNssDigestGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); /* initialize context */ memset(ctx, 0, sizeof(xmlSecNssDigestCtx)); #ifndef XMLSEC_NO_MD5 if(xmlSecTransformCheckId(transform, xmlSecNssTransformMd5Id)) { ctx->digest = SECOID_FindOIDByTag(SEC_OID_MD5); } else #endif /* XMLSEC_NO_MD5 */ #ifndef XMLSEC_NO_SHA1 if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha1Id)) { ctx->digest = SECOID_FindOIDByTag(SEC_OID_SHA1); } else #endif /* XMLSEC_NO_SHA1 */ #ifndef XMLSEC_NO_SHA256 if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha256Id)) { ctx->digest = SECOID_FindOIDByTag(SEC_OID_SHA256); } else #endif /* XMLSEC_NO_SHA256 */ #ifndef XMLSEC_NO_SHA384 if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha384Id)) { ctx->digest = SECOID_FindOIDByTag(SEC_OID_SHA384); } else #endif /* XMLSEC_NO_SHA384 */ #ifndef XMLSEC_NO_SHA512 if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha512Id)) { ctx->digest = SECOID_FindOIDByTag(SEC_OID_SHA512); } else #endif /* XMLSEC_NO_SHA512 */ if(1) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), NULL, XMLSEC_ERRORS_R_INVALID_TRANSFORM, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } if(ctx->digest == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "SECOID_FindOIDByTag", XMLSEC_ERRORS_R_CRYPTO_FAILED, "error code=%d", PORT_GetError()); return(-1); } ctx->digestCtx = PK11_CreateDigestContext(ctx->digest->offset); if(ctx->digestCtx == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_CreateDigestContext", XMLSEC_ERRORS_R_CRYPTO_FAILED, "error code=%d", PORT_GetError()); return(-1); } return(0); }
/** * xmlSecOpenSSLAppKeyLoadBIO: * @bio: the key BIO. * @format: the key file format. * @pwd: the key file password. * @pwdCallback: the key password callback. * @pwdCallbackCtx: the user context for password callback. * * Reads key from the an OpenSSL BIO object. * * Returns: pointer to the key or NULL if an error occurs. */ xmlSecKeyPtr xmlSecOpenSSLAppKeyLoadBIO(BIO* bio, xmlSecKeyDataFormat format, const char *pwd, void* pwdCallback, void* pwdCallbackCtx) { xmlSecKeyPtr key = NULL; xmlSecKeyDataPtr data; EVP_PKEY* pKey = NULL; int ret; xmlSecAssert2(bio != NULL, NULL); xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL); switch(format) { case xmlSecKeyDataFormatPem: /* try to read private key first */ if(pwd != NULL) { pKey = PEM_read_bio_PrivateKey(bio, NULL, xmlSecOpenSSLDummyPasswordCallback, (void*)pwd); } else { pKey = PEM_read_bio_PrivateKey(bio, NULL, XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback), pwdCallbackCtx); } if(pKey == NULL) { /* go to start of the file and try to read public key */ (void)BIO_reset(bio); pKey = PEM_read_bio_PUBKEY(bio, NULL, XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback), pwdCallbackCtx); if(pKey == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "PEM_read_bio_PrivateKey and PEM_read_bio_PUBKEY", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } } break; case xmlSecKeyDataFormatDer: /* try to read private key first */ pKey = d2i_PrivateKey_bio(bio, NULL); if(pKey == NULL) { /* go to start of the file and try to read public key */ (void)BIO_reset(bio); pKey = d2i_PUBKEY_bio(bio, NULL); if(pKey == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "d2i_PrivateKey_bio and d2i_PUBKEY_bio", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } } break; case xmlSecKeyDataFormatPkcs8Pem: /* try to read private key first */ pKey = PEM_read_bio_PrivateKey(bio, NULL, XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback), pwdCallbackCtx); if(pKey == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "PEM_read_bio_PrivateKey", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } break; case xmlSecKeyDataFormatPkcs8Der: /* try to read private key first */ pKey = d2i_PKCS8PrivateKey_bio(bio, NULL, XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback), pwdCallbackCtx); if(pKey == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "d2i_PrivateKey_bio and d2i_PUBKEY_bio", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } break; #ifndef XMLSEC_NO_X509 case xmlSecKeyDataFormatPkcs12: key = xmlSecOpenSSLAppPkcs12LoadBIO(bio, pwd, pwdCallback, pwdCallbackCtx); if(key == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecOpenSSLAppPkcs12LoadBIO", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } return(key); case xmlSecKeyDataFormatCertPem: case xmlSecKeyDataFormatCertDer: key = xmlSecOpenSSLAppKeyFromCertLoadBIO(bio, format); if(key == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecOpenSSLAppKeyFromCertLoadBIO", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } return(key); #endif /* XMLSEC_NO_X509 */ default: xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_FORMAT, "format=%d", format); return(NULL); } data = xmlSecOpenSSLEvpKeyAdopt(pKey); if(data == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecOpenSSLEvpKeyAdopt", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); EVP_PKEY_free(pKey); return(NULL); } key = xmlSecKeyCreate(); if(key == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecKeyCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecKeyDataDestroy(data); return(NULL); } ret = xmlSecKeySetValue(key, data); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecKeySetValue", XMLSEC_ERRORS_R_XMLSEC_FAILED, "data=%s", xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); xmlSecKeyDestroy(key); xmlSecKeyDataDestroy(data); return(NULL); } return(key); }
static int xmlSecOpenSSLX509StoreInitialize(xmlSecKeyDataStorePtr store) { const xmlChar* path; X509_LOOKUP *lookup = NULL; xmlSecOpenSSLX509StoreCtxPtr ctx; xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecOpenSSLX509StoreId), -1); ctx = xmlSecOpenSSLX509StoreGetCtx(store); xmlSecAssert2(ctx != NULL, -1); memset(ctx, 0, sizeof(xmlSecOpenSSLX509StoreCtx)); ctx->xst = X509_STORE_new(); if(ctx->xst == NULL) { xmlSecOpenSSLError(xmlSecKeyDataStoreGetName(store), "X509_STORE_new"); return(-1); } if(!X509_STORE_set_default_paths(ctx->xst)) { xmlSecOpenSSLError(xmlSecKeyDataStoreGetName(store), "X509_STORE_set_default_paths"); return(-1); } lookup = X509_STORE_add_lookup(ctx->xst, X509_LOOKUP_hash_dir()); if(lookup == NULL) { xmlSecOpenSSLError(xmlSecKeyDataStoreGetName(store), "X509_STORE_add_lookup"); return(-1); } path = xmlSecOpenSSLGetDefaultTrustedCertsFolder(); if(path != NULL) { if(!X509_LOOKUP_add_dir(lookup, (char*)path, X509_FILETYPE_PEM)) { xmlSecOpenSSLError(xmlSecKeyDataStoreGetName(store), "X509_LOOKUP_add_dir"); return(-1); } } else { if(!X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT)) { xmlSecOpenSSLError(xmlSecKeyDataStoreGetName(store), "X509_LOOKUP_add_dir"); return(-1); } } ctx->untrusted = sk_X509_new_null(); if(ctx->untrusted == NULL) { xmlSecOpenSSLError(xmlSecKeyDataStoreGetName(store), "sk_X509_new_null"); return(-1); } ctx->crls = sk_X509_CRL_new_null(); if(ctx->crls == NULL) { xmlSecOpenSSLError(xmlSecKeyDataStoreGetName(store), "sk_X509_CRL_new_null"); return(-1); } ctx->vpm = X509_VERIFY_PARAM_new(); if(ctx->vpm == NULL) { xmlSecOpenSSLError(xmlSecKeyDataStoreGetName(store), "X509_VERIFY_PARAM_new"); return(-1); } X509_VERIFY_PARAM_set_depth(ctx->vpm, 9); /* the default cert verification path in openssl */ X509_STORE_set1_param(ctx->xst, ctx->vpm); return(0); }
static int xmlSecGCryptKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize, xmlSecByte * out, xmlSecSize outSize, void * context) { xmlSecGCryptKWAesCtxPtr ctx = (xmlSecGCryptKWAesCtxPtr)context; gcry_cipher_hd_t cipherCtx; gcry_error_t err; xmlSecAssert2(ctx != NULL, -1); xmlSecAssert2(in != NULL, -1); xmlSecAssert2(inSize >= ctx->blockSize, -1); xmlSecAssert2(out != NULL, -1); xmlSecAssert2(outSize >= ctx->blockSize, -1); err = gcry_cipher_open(&cipherCtx, ctx->cipher, ctx->mode, ctx->flags); if(err != GPG_ERR_NO_ERROR) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "gcry_cipher_open", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_GCRYPT_REPORT_ERROR(err)); return(-1); } err = gcry_cipher_setkey(cipherCtx, xmlSecBufferGetData(&ctx->keyBuffer), xmlSecBufferGetSize(&ctx->keyBuffer)); if(err != GPG_ERR_NO_ERROR) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "gcry_cipher_setkey", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_GCRYPT_REPORT_ERROR(err)); return(-1); } /* use zero IV and CBC mode to ensure we get result as-is */ err = gcry_cipher_setiv(cipherCtx, g_zero_iv, sizeof(g_zero_iv)); if(err != GPG_ERR_NO_ERROR) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "gcry_cipher_setiv", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_GCRYPT_REPORT_ERROR(err)); return(-1); } err = gcry_cipher_decrypt(cipherCtx, out, outSize, in, inSize); if(err != GPG_ERR_NO_ERROR) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "gcry_cipher_decrypt", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_GCRYPT_REPORT_ERROR(err)); gcry_cipher_close(cipherCtx); return(-1); } gcry_cipher_close(cipherCtx); return(ctx->blockSize); }
static int xmlSecOpenSSLEvpDigestInitialize(xmlSecTransformPtr transform) { xmlSecOpenSSLDigestCtxPtr ctx; xmlSecAssert2(xmlSecOpenSSLEvpDigestCheckId(transform), -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpDigestSize), -1); ctx = xmlSecOpenSSLEvpDigestGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); /* initialize context */ memset(ctx, 0, sizeof(xmlSecOpenSSLDigestCtx)); #ifndef XMLSEC_NO_MD5 if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformMd5Id)) { ctx->digest = EVP_md5(); } else #endif /* XMLSEC_NO_MD5 */ #ifndef XMLSEC_NO_RIPEMD160 if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRipemd160Id)) { ctx->digest = EVP_ripemd160(); } else #endif /* XMLSEC_NO_RIPEMD160 */ #ifndef XMLSEC_NO_SHA1 if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformSha1Id)) { ctx->digest = EVP_sha1(); } else #endif /* XMLSEC_NO_SHA1 */ #ifndef XMLSEC_NO_SHA224 if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformSha224Id)) { ctx->digest = EVP_sha224(); } else #endif /* XMLSEC_NO_SHA224 */ #ifndef XMLSEC_NO_SHA256 if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformSha256Id)) { ctx->digest = EVP_sha256(); } else #endif /* XMLSEC_NO_SHA256 */ #ifndef XMLSEC_NO_SHA384 if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformSha384Id)) { ctx->digest = EVP_sha384(); } else #endif /* XMLSEC_NO_SHA384 */ #ifndef XMLSEC_NO_SHA512 if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformSha512Id)) { ctx->digest = EVP_sha512(); } else #endif /* XMLSEC_NO_SHA512 */ { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), NULL, XMLSEC_ERRORS_R_INVALID_TRANSFORM, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } #ifndef XMLSEC_OPENSSL_096 EVP_MD_CTX_init(&(ctx->digestCtx)); #endif /* XMLSEC_OPENSSL_096 */ return(0); }
static int xmlSecMSCryptoKWAesInitialize(xmlSecTransformPtr transform) { xmlSecMSCryptoKWAesCtxPtr ctx; int ret; xmlSecAssert2(xmlSecMSCryptoKWAesCheckId(transform), -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWAesSize), -1); ctx = xmlSecMSCryptoKWAesGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); memset(ctx, 0, sizeof(xmlSecMSCryptoKWAesCtx)); if(transform->id == xmlSecMSCryptoTransformKWAes128Id) { ctx->algorithmIdentifier = CALG_AES_128; ctx->keyId = xmlSecMSCryptoKeyDataAesId; ctx->providers = xmlSecMSCryptoProviderInfo_Aes; ctx->keySize = XMLSEC_KW_AES128_KEY_SIZE; } else if(transform->id == xmlSecMSCryptoTransformKWAes192Id) { ctx->algorithmIdentifier = CALG_AES_192; ctx->keyId = xmlSecMSCryptoKeyDataAesId; ctx->providers = xmlSecMSCryptoProviderInfo_Aes; ctx->keySize = XMLSEC_KW_AES192_KEY_SIZE; } else if(transform->id == xmlSecMSCryptoTransformKWAes256Id) { ctx->algorithmIdentifier = CALG_AES_256; ctx->keyId = xmlSecMSCryptoKeyDataAesId; ctx->providers = xmlSecMSCryptoProviderInfo_Aes; ctx->keySize = XMLSEC_KW_AES256_KEY_SIZE; } else { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), NULL, XMLSEC_ERRORS_R_INVALID_TRANSFORM, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } ret = xmlSecBufferInitialize(&ctx->keyBuffer, 0); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), NULL, XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } /* find provider */ ctx->cryptProvider = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, TRUE); if(ctx->cryptProvider == 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecMSCryptoFindProvider", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } /* Create dummy key to be able to import plain session keys */ if (!xmlSecMSCryptoCreatePrivateExponentOneKey(ctx->cryptProvider, &(ctx->pubPrivKey))) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecMSCryptoCreatePrivateExponentOneKey", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } return(0); }
static int xmlSecTransformVisa3DHackInitialize(xmlSecTransformPtr transform) { xmlSecAssert2(xmlSecTransformVisa3DHackCheckId(transform), -1); return(0); }
static xmlSecNodeSetPtr xmlSecXPathDataExecute(xmlSecXPathDataPtr data, xmlDocPtr doc, xmlNodePtr hereNode) { xmlXPathObjectPtr xpathObj = NULL; xmlSecNodeSetPtr nodes; xmlSecAssert2(data != NULL, NULL); xmlSecAssert2(data->expr != NULL, NULL); xmlSecAssert2(data->ctx != NULL, NULL); xmlSecAssert2(doc != NULL, NULL); xmlSecAssert2(hereNode != NULL, NULL); /* do not forget to set the doc */ data->ctx->doc = doc; /* here function works only on the same document */ if(hereNode->doc == doc) { xmlXPathRegisterFunc(data->ctx, (xmlChar *)"here", xmlSecXPathHereFunction); data->ctx->here = hereNode; data->ctx->xptr = 1; } /* execute xpath or xpointer expression */ switch(data->type) { case xmlSecXPathDataTypeXPath: case xmlSecXPathDataTypeXPath2: xpathObj = xmlXPathEvalExpression(data->expr, data->ctx); if(xpathObj == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlXPathEvalExpression", XMLSEC_ERRORS_R_XML_FAILED, "expr=%s", xmlSecErrorsSafeString(data->expr)); return(NULL); } break; case xmlSecXPathDataTypeXPointer: xpathObj = xmlXPtrEval(data->expr, data->ctx); if(xpathObj == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlXPtrEval", XMLSEC_ERRORS_R_XML_FAILED, "expr=%s", xmlSecErrorsSafeString(data->expr)); return(NULL); } break; } /* sometime LibXML2 returns an empty nodeset or just NULL, we want to reserve NULL for our own purposes so we simply create an empty node set here */ if(xpathObj->nodesetval == NULL) { xpathObj->nodesetval = xmlXPathNodeSetCreate(NULL); if(xpathObj->nodesetval == NULL) { xmlXPathFreeObject(xpathObj); xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlXPathNodeSetCreate", XMLSEC_ERRORS_R_XML_FAILED, "expr=%s", xmlSecErrorsSafeString(data->expr)); return(NULL); } } nodes = xmlSecNodeSetCreate(doc, xpathObj->nodesetval, data->nodeSetType); if(nodes == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecNodeSetCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, "type=%d", data->nodeSetType); xmlXPathFreeObject(xpathObj); return(NULL); } xpathObj->nodesetval = NULL; xmlXPathFreeObject(xpathObj); return(nodes); }
/** * xmlSecSoap12AddFaultEntry: * @envNode: the pointer to <soap:Envelope> node. * @faultCode: the fault code. * @faultReasonText: the human readable explanation of the fault. * @faultReasonLang: the language (xml:lang) for @faultReason string. * @faultNodeURI: the more preciese information about fault source * (might be NULL). * @faultRole: the role the node was operating in at the point * the fault occurred (might be NULL). * * Adds <soap:Fault> entry to the @envNode. Note that only one <soap:Fault> * entry is allowed. * * XML Schema (http://www.w3.org/2003/05/soap-envelope): * * <xs:element name="Fault" type="tns:Fault"/> * <xs:complexType name="Fault" final="extension"> * <xs:sequence> * <xs:element name="Code" type="tns:faultcode"/> * <xs:element name="Reason" type="tns:faultreason"/> * <xs:element name="Node" type="xs:anyURI" minOccurs="0"/> * <xs:element name="Role" type="xs:anyURI" minOccurs="0"/> * <xs:element name="Detail" type="tns:detail" minOccurs="0"/> * </xs:sequence> * </xs:complexType> * * <xs:complexType name="faultcode"> * <xs:sequence> * <xs:element name="Value" type="tns:faultcodeEnum"/> * <xs:element name="Subcode" type="tns:subcode" minOccurs="0"/> * </xs:sequence> * </xs:complexType> * * <xs:complexType name="faultreason"> * <xs:sequence> * <xs:element name="Text" type="tns:reasontext" * minOccurs="1" maxOccurs="unbounded"/> * </xs:sequence> * </xs:complexType> * * <xs:complexType name="reasontext"> * <xs:simpleContent> * <xs:extension base="xs:string"> * <xs:attribute ref="xml:lang" use="required"/> * </xs:extension> * </xs:simpleContent> * </xs:complexType> * * <xs:simpleType name="faultcodeEnum"> * <xs:restriction base="xs:QName"> * <xs:enumeration value="tns:DataEncodingUnknown"/> * <xs:enumeration value="tns:MustUnderstand"/> * <xs:enumeration value="tns:Receiver"/> * <xs:enumeration value="tns:Sender"/> * <xs:enumeration value="tns:VersionMismatch"/> * </xs:restriction> * </xs:simpleType> * * <xs:complexType name="subcode"> * <xs:sequence> * <xs:element name="Value" type="xs:QName"/> * <xs:element name="Subcode" type="tns:subcode" minOccurs="0"/> * </xs:sequence> * </xs:complexType> * * <xs:complexType name="detail"> * <xs:sequence> * <xs:any namespace="##any" processContents="lax" * minOccurs="0" maxOccurs="unbounded"/> * </xs:sequence> * <xs:anyAttribute namespace="##other" processContents="lax"/> * </xs:complexType> * * Returns: pointer to the added entry or NULL if an error occurs. */ xmlNodePtr xmlSecSoap12AddFaultEntry(xmlNodePtr envNode, xmlSecSoap12FaultCode faultCode, const xmlChar* faultReasonText, const xmlChar* faultReasonLang, const xmlChar* faultNodeURI, const xmlChar* faultRole) { xmlNodePtr bodyNode; xmlNodePtr faultNode; xmlNodePtr cur; int ret; xmlSecAssert2(envNode != NULL, NULL); xmlSecAssert2(faultCode != xmlSecSoap12FaultCodeUnknown, NULL); xmlSecAssert2(faultReasonText != NULL, NULL); xmlSecAssert2(faultReasonLang != NULL, NULL); /* get Body node */ bodyNode = xmlSecSoap12GetBody(envNode); if(bodyNode == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecSoap12GetBody", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } /* check that we don't have Fault node already */ faultNode = xmlSecFindChild(bodyNode, xmlSecNodeFault, xmlSecSoap12Ns); if(faultNode != NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, xmlSecErrorsSafeString(xmlSecNodeBody), XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } /* add Fault node */ faultNode = xmlSecAddChild(bodyNode, xmlSecNodeFault, xmlSecSoap12Ns); if(faultNode == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecAddChild", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeFault)); return(NULL); } /* add Code node */ cur = xmlSecAddChild(faultNode, xmlSecNodeCode, xmlSecSoap12Ns); if(cur == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecAddChild", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeCode)); xmlUnlinkNode(faultNode); xmlFreeNode(faultNode); return(NULL); } /* write the fault code in Value child */ ret = xmlSecQName2IntegerNodeWrite(gXmlSecSoap12FaultCodeInfo, cur, xmlSecNodeValue, xmlSecSoap12Ns, faultCode); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecQName2IntegerNodeWrite", XMLSEC_ERRORS_R_XMLSEC_FAILED, "faultCode=%d", faultCode); xmlUnlinkNode(faultNode); xmlFreeNode(faultNode); return(NULL); } /* add Reason node */ cur = xmlSecAddChild(faultNode, xmlSecNodeReason, xmlSecSoap12Ns); if(cur == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecAddChild", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeReason)); xmlUnlinkNode(faultNode); xmlFreeNode(faultNode); return(NULL); } /* Add Reason/Text node */ if(xmlSecSoap12AddFaultReasonText(faultNode, faultReasonText, faultReasonLang) == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecSoap12AddFaultReasonText", XMLSEC_ERRORS_R_XMLSEC_FAILED, "text=%s", xmlSecErrorsSafeString(faultReasonText)); xmlUnlinkNode(faultNode); xmlFreeNode(faultNode); return(NULL); } if(faultNodeURI != NULL) { /* add Node node */ cur = xmlSecAddChild(faultNode, xmlSecNodeNode, xmlSecSoap12Ns); if(cur == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecAddChild", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeNode)); xmlUnlinkNode(faultNode); xmlFreeNode(faultNode); return(NULL); } xmlNodeSetContent(cur, faultNodeURI); } if(faultRole != NULL) { /* add Role node */ cur = xmlSecAddChild(faultNode, xmlSecNodeRole, xmlSecSoap12Ns); if(cur == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecAddChild", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeRole)); xmlUnlinkNode(faultNode); xmlFreeNode(faultNode); return(NULL); } xmlNodeSetContent(cur, faultRole); } return(faultNode); }
/** * xmlSecSoap12AddFaultSubcode: * @faultNode: the pointer to <Fault> node. * @subCodeHref: the subcode href. * @subCodeName: the subcode name. * * Adds a new <Subcode> node to the <Code> node or the last <Subcode> node. * * Returns: a pointer to the newly created <Subcode> node or NULL if an error * occurs. */ xmlNodePtr xmlSecSoap12AddFaultSubcode(xmlNodePtr faultNode, const xmlChar* subCodeHref, const xmlChar* subCodeName) { xmlNodePtr cur, subcodeNode, valueNode; xmlChar* qname; xmlSecAssert2(faultNode != NULL, NULL); xmlSecAssert2(subCodeHref != NULL, NULL); xmlSecAssert2(subCodeName != NULL, NULL); /* Code node is the first childern in Fault node */ cur = xmlSecGetNextElementNode(faultNode->children); if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeCode, xmlSecSoap12Ns)) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_NODE, "node=%s", xmlSecErrorsSafeString(xmlSecNodeCode)); return(NULL); } /* find the Code or Subcode node that does not have Subcode child */ while(1) { xmlNodePtr tmp; tmp = xmlSecFindChild(cur, xmlSecNodeSubcode, xmlSecSoap12Ns); if(tmp != NULL) { cur = tmp; } else { break; } } xmlSecAssert2(cur != NULL, NULL); /* add Subcode node */ subcodeNode = xmlSecAddChild(cur, xmlSecNodeSubcode, xmlSecSoap12Ns); if(subcodeNode == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecAddChild", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeSubcode)); return(NULL); } /* add Value node */ valueNode = xmlSecAddChild(subcodeNode, xmlSecNodeValue, xmlSecSoap12Ns); if(valueNode == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecAddChild", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeValue)); xmlUnlinkNode(subcodeNode); xmlFreeNode(subcodeNode); return(NULL); } /* create qname for fault code */ qname = xmlSecGetQName(cur, subCodeHref, subCodeName); if(qname == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecGetQName", XMLSEC_ERRORS_R_XML_FAILED, "node=%s", xmlSecErrorsSafeString(cur->name)); xmlUnlinkNode(subcodeNode); xmlFreeNode(subcodeNode); return(NULL); } /* set result qname in Value node */ xmlNodeSetContent(cur, qname); if(qname != subCodeName) { xmlFree(qname); } return(subcodeNode); }
/** * xmlSecSoap11AddFaultEntry: * @envNode: the pointer to <soap:Envelope> node. * @faultCodeHref: the fault code QName href (must be known in th context of * <soap:Body> node). * @faultCodeLocalPart: the fault code QName LocalPart. * @faultString: the human readable explanation of the fault. * @faultActor: the information about who caused the fault (might be NULL). * * Adds <soap:Fault> entry to the @envNode. Note that only one <soap:Fault> * entry is allowed. * * XML Schema (http://schemas.xmlsoap.org/soap/envelope/): * * <xs:element name="Fault" type="tns:Fault"/> * <xs:complexType name="Fault" final="extension"> * <xs:sequence> * <xs:element name="faultcode" type="xs:QName"/> * <xs:element name="faultstring" type="xs:string"/> * <xs:element name="faultactor" type="xs:anyURI" minOccurs="0"/> * <xs:element name="detail" type="tns:detail" minOccurs="0"/> * </xs:sequence> * </xs:complexType> * <xs:complexType name="detail"> * <xs:sequence> * <xs:any namespace="##any" minOccurs="0" maxOccurs="unbounded" * processContents="lax"/> * </xs:sequence> * <xs:anyAttribute namespace="##any" processContents="lax"/> * </xs:complexType> * * Returns: pointer to the added entry or NULL if an error occurs. */ xmlNodePtr xmlSecSoap11AddFaultEntry(xmlNodePtr envNode, const xmlChar* faultCodeHref, const xmlChar* faultCodeLocalPart, const xmlChar* faultString, const xmlChar* faultActor) { xmlNodePtr bodyNode; xmlNodePtr faultNode; xmlNodePtr cur; xmlChar* qname; xmlSecAssert2(envNode != NULL, NULL); xmlSecAssert2(faultCodeLocalPart != NULL, NULL); xmlSecAssert2(faultString != NULL, NULL); /* get Body node */ bodyNode = xmlSecSoap11GetBody(envNode); if(bodyNode == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecSoap11GetBody", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } /* check that we don't have Fault node already */ faultNode = xmlSecFindChild(bodyNode, xmlSecNodeFault, xmlSecSoap11Ns); if(faultNode != NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, xmlSecErrorsSafeString(xmlSecNodeBody), XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } /* add Fault node */ faultNode = xmlSecAddChild(bodyNode, xmlSecNodeFault, xmlSecSoap11Ns); if(faultNode == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecAddChild", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeFault)); return(NULL); } /* add faultcode node */ cur = xmlSecAddChild(faultNode, xmlSecNodeFaultCode, xmlSecSoap11Ns); if(cur == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecAddChild", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeFaultCode)); xmlUnlinkNode(faultNode); xmlFreeNode(faultNode); return(NULL); } /* create qname for fault code */ qname = xmlSecGetQName(cur, faultCodeHref, faultCodeLocalPart); if(qname == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecGetQName", XMLSEC_ERRORS_R_XML_FAILED, "node=%s", xmlSecErrorsSafeString(cur->name)); xmlUnlinkNode(faultNode); xmlFreeNode(faultNode); return(NULL); } /* set faultcode value */ xmlNodeSetContent(cur, qname); xmlFree(qname); /* add faultstring node */ cur = xmlSecAddChild(faultNode, xmlSecNodeFaultString, xmlSecSoap11Ns); if(cur == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecAddChild", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeFaultString)); xmlUnlinkNode(faultNode); xmlFreeNode(faultNode); return(NULL); } /* set faultstring node */ xmlNodeSetContent(cur, faultString); if(faultActor != NULL) { /* add faultactor node */ cur = xmlSecAddChild(faultNode, xmlSecNodeFaultActor, xmlSecSoap11Ns); if(cur == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecAddChild", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeFaultActor)); xmlUnlinkNode(faultNode); xmlFreeNode(faultNode); return(NULL); } /* set faultactor node */ xmlNodeSetContent(cur, faultActor); } return(faultNode); }
static int xmlSecBase64Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { xmlSecBase64CtxPtr ctx; xmlSecBufferPtr in, out; xmlSecSize inSize, outSize, outLen; int ret; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformBase64Id), -1); xmlSecAssert2((transform->operation == xmlSecTransformOperationEncode) || (transform->operation == xmlSecTransformOperationDecode), -1); xmlSecAssert2(transformCtx != NULL, -1); ctx = xmlSecBase64GetCtx(transform); xmlSecAssert2(ctx != NULL, -1); in = &(transform->inBuf); out = &(transform->outBuf); if(transform->status == xmlSecTransformStatusNone) { ctx->encode = (transform->operation == xmlSecTransformOperationEncode) ? 1 : 0; transform->status = xmlSecTransformStatusWorking; } switch(transform->status) { case xmlSecTransformStatusWorking: inSize = xmlSecBufferGetSize(in); outSize = xmlSecBufferGetSize(out); if(inSize > 0) { if(ctx->encode != 0) { outLen = 4 * inSize / 3 + 8; if(ctx->columns > 0) { outLen += inSize / ctx->columns + 4; } } else { outLen = 3 * inSize / 4 + 8; } ret = xmlSecBufferSetMaxSize(out, outSize + outLen); if(ret < 0) { xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecBufferSetMaxSize", XMLSEC_ERRORS_R_XMLSEC_FAILED, "size=%d", outSize + outLen); return(-1); } /* encode/decode the next chunk */ ret = xmlSecBase64CtxUpdate(ctx, xmlSecBufferGetData(in), inSize, xmlSecBufferGetData(out) + outSize, outLen); if(ret < 0) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecBase64CtxUpdate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } outLen = ret; /* set correct size */ ret = xmlSecBufferSetSize(out, outSize + outLen); if(ret < 0) { xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecBufferSetSize", XMLSEC_ERRORS_R_XMLSEC_FAILED, "size=%d", outSize + outLen); return(-1); } /* remove chunk from input */ ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecBufferRemoveHead", XMLSEC_ERRORS_R_XMLSEC_FAILED, "size=%d", inSize); return(-1); } } if(last) { outSize = xmlSecBufferGetSize(out); ret = xmlSecBufferSetMaxSize(out, outSize + 16); if(ret < 0) { xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecBufferSetMaxSize", XMLSEC_ERRORS_R_XMLSEC_FAILED, "size=%d", outSize + 16); return(-1); } /* add from ctx buffer */ ret = xmlSecBase64CtxFinal(ctx, xmlSecBufferGetData(out) + outSize, 16); if(ret < 0) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecBase64CtxFinal", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } outLen = ret; /* set correct size */ ret = xmlSecBufferSetSize(out, outSize + outLen); if(ret < 0) { xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecBufferSetSize", XMLSEC_ERRORS_R_XMLSEC_FAILED, "size=%d", outSize + outLen); return(-1); } transform->status = xmlSecTransformStatusFinished; } break; case xmlSecTransformStatusFinished: /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1); break; default: xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), NULL, XMLSEC_ERRORS_R_INVALID_STATUS, "status=%d", transform->status); return(-1); } return(0); }
/** * xmlSecBase64Encode: * @buf: the input buffer. * @len: the input buffer size. * @columns: the output max line length (if 0 then no line breaks * would be inserted) * * Encodes the data from input buffer and allocates the string for the result. * The caller is responsible for freeing returned buffer using * xmlFree() function. * * Returns newly allocated string with base64 encoded data * or NULL if an error occurs. */ xmlChar* xmlSecBase64Encode(const xmlSecByte *buf, xmlSecSize len, int columns) { xmlSecBase64Ctx ctx; xmlChar *ptr; xmlSecSize size; int size_update, size_final; int ret; xmlSecAssert2(buf != NULL, NULL); ret = xmlSecBase64CtxInitialize(&ctx, 1, columns); if(ret < 0) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, NULL, "xmlSecBase64CtxInitialize", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(NULL); } /* create result buffer */ size = (4 * len) / 3 + 4; if(columns > 0) { size += (size / columns) + 4; } ptr = (xmlChar*) xmlMalloc(size); if(ptr == NULL) { xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "size=%d", size); xmlSecBase64CtxFinalize(&ctx); return(NULL); } ret = xmlSecBase64CtxUpdate(&ctx, buf, len, (xmlSecByte*)ptr, size); if(ret < 0) { xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE, NULL, "xmlSecBase64CtxUpdate", XMLSEC_ERRORS_R_XMLSEC_FAILED, "len=%d", len); xmlFree(ptr); xmlSecBase64CtxFinalize(&ctx); return(NULL); } size_update = ret; ret = xmlSecBase64CtxFinal(&ctx, ((xmlSecByte*)ptr) + size_update, size - size_update); if(ret < 0) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, NULL, "xmlSecBase64CtxFinal", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlFree(ptr); xmlSecBase64CtxFinalize(&ctx); return(NULL); } size_final = ret; ptr[size_update + size_final] = '\0'; xmlSecBase64CtxFinalize(&ctx); return(ptr); }
static xmlSecPtr xmlSecStringListDuplicateItem(xmlSecPtr ptr) { xmlSecAssert2(ptr != NULL, NULL); return(xmlStrdup((xmlChar*)ptr)); }
static int xmlSecTransformXPathNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { xmlSecPtrListPtr dataList; xmlSecXPathDataPtr data; xmlNodePtr cur; xmlChar* tmp; int ret; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPathId), -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); dataList = xmlSecXPathTransformGetDataList(transform); xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1); xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1); /* there is only one required node */ cur = xmlSecGetNextElementNode(node->children); if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPath, xmlSecDSigNs))) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_INVALID_NODE, "expected=%s", xmlSecErrorsSafeString(xmlSecNodeXPath)); return(-1); } /* read information from the node */ data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath); if(data == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecXPathDataCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } ret = xmlSecXPathDataNodeRead(data, cur); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecXPathDataNodeRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecXPathDataDestroy(data); return(-1); } /* append it to the list */ ret = xmlSecPtrListAdd(dataList, data); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecPtrListAdd", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecXPathDataDestroy(data); return(-1); } /* create full XPath expression */ xmlSecAssert2(data->expr != NULL, -1); tmp = (xmlChar*) xmlMalloc(sizeof(xmlChar) * (xmlStrlen(data->expr) + strlen(xpathPattern) + 1)); if(tmp == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), NULL, XMLSEC_ERRORS_R_MALLOC_FAILED, "size=%d", xmlStrlen(data->expr) + strlen(xpathPattern) + 1); return(-1); } sprintf((char*)tmp, xpathPattern, (char*)data->expr); xmlFree(data->expr); data->expr = tmp; /* set correct node set type and operation */ data->nodeSetOp = xmlSecNodeSetIntersection; data->nodeSetType = xmlSecNodeSetNormal; /* check that we have nothing else */ cur = xmlSecGetNextElementNode(cur->next); if(cur != NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_UNEXPECTED_NODE, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } return(0); }
static int xmlSecMSCngSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { xmlSecMSCngSignatureCtxPtr ctx; xmlSecSize inSize; xmlSecSize outSize; NTSTATUS status; DWORD cbData = 0; DWORD cbHashObject = 0; int ret; xmlSecAssert2(xmlSecMSCngSignatureCheckId(transform), -1); xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngSignatureSize), -1); xmlSecAssert2(transformCtx != NULL, -1); ctx = xmlSecMSCngSignatureGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); xmlSecAssert2(ctx->pszHashAlgId != NULL, -1); inSize = xmlSecBufferGetSize(&transform->inBuf); outSize = xmlSecBufferGetSize(&transform->outBuf); if(transform->status == xmlSecTransformStatusNone) { xmlSecAssert2(outSize == 0, -1); /* open an algorithm handle */ status = BCryptOpenAlgorithmProvider( &ctx->hHashAlg, ctx->pszHashAlgId, NULL, 0); if(status != STATUS_SUCCESS) { xmlSecMSCngNtError("BCryptOpenAlgorithmProvider", xmlSecTransformGetName(transform), status); return(-1); } /* calculate the size of the buffer to hold the hash object */ status = BCryptGetProperty( ctx->hHashAlg, BCRYPT_OBJECT_LENGTH, (PBYTE)&cbHashObject, sizeof(DWORD), &cbData, 0); if(status != STATUS_SUCCESS) { xmlSecMSCngNtError("BCryptGetProperty", xmlSecTransformGetName(transform), status); return(-1); } /* allocate the hash object on the heap */ ctx->pbHashObject = (PBYTE)xmlMalloc(cbHashObject); if(ctx->pbHashObject == NULL) { xmlSecMallocError(cbHashObject, NULL); return(-1); } /* calculate the length of the hash */ status = BCryptGetProperty( ctx->hHashAlg, BCRYPT_HASH_LENGTH, (PBYTE)&ctx->cbHash, sizeof(DWORD), &cbData, 0); if(status != STATUS_SUCCESS) { xmlSecMSCngNtError("BCryptGetProperty", xmlSecTransformGetName(transform), status); return(-1); } /* allocate the hash buffer on the heap */ ctx->pbHash = (PBYTE)xmlMalloc(ctx->cbHash); if(ctx->pbHash == NULL) { xmlSecMallocError(ctx->cbHash, NULL); return(-1); } /* create the hash */ status = BCryptCreateHash( ctx->hHashAlg, &ctx->hHash, ctx->pbHashObject, cbHashObject, NULL, 0, 0); if(status != STATUS_SUCCESS) { xmlSecMSCngNtError("BCryptCreateHash", xmlSecTransformGetName(transform), status); return(-1); } transform->status = xmlSecTransformStatusWorking; } if((transform->status == xmlSecTransformStatusWorking)) { if(inSize > 0) { xmlSecAssert2(outSize == 0, -1); /* hash some data */ status = BCryptHashData( ctx->hHash, (PBYTE)xmlSecBufferGetData(&transform->inBuf), inSize, 0); if(status != STATUS_SUCCESS) { xmlSecMSCngNtError("BCryptHashData", xmlSecTransformGetName(transform), status); return(-1); } ret = xmlSecBufferRemoveHead(&transform->inBuf, inSize); if(ret < 0) { xmlSecInternalError("xmlSecBufferRemoveHead", xmlSecTransformGetName(transform)); return(-1); } } if(last != 0) { /* close the hash */ status = BCryptFinishHash( ctx->hHash, ctx->pbHash, ctx->cbHash, 0); if(status != STATUS_SUCCESS) { xmlSecMSCngNtError("BCryptFinishHash", xmlSecTransformGetName(transform), status); return(-1); } xmlSecAssert2(ctx->cbHash > 0, -1); if(transform->operation == xmlSecTransformOperationSign) { xmlSecNotImplementedError(NULL); return(-1); } transform->status = xmlSecTransformStatusFinished; } } if((transform->status == xmlSecTransformStatusWorking) || (transform->status == xmlSecTransformStatusFinished)) { xmlSecAssert2(xmlSecBufferGetSize(&transform->inBuf) == 0, -1); } else { xmlSecInvalidTransfromStatusError(transform); return(-1); } return(0); }
static int xmlSecTransformXPath2NodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { xmlSecPtrListPtr dataList; xmlSecXPathDataPtr data; xmlNodePtr cur; xmlChar* op; int ret; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPath2Id), -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); dataList = xmlSecXPathTransformGetDataList(transform); xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1); xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1); /* There are only xpath nodes */ cur = xmlSecGetNextElementNode(node->children); while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeXPath2, xmlSecXPath2Ns)) { /* read information from the node */ data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath2); if(data == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecXPathDataCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } ret = xmlSecXPathDataNodeRead(data, cur); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecXPathDataNodeRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecXPathDataDestroy(data); return(-1); } /* append it to the list */ ret = xmlSecPtrListAdd(dataList, data); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecPtrListAdd", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecXPathDataDestroy(data); return(-1); } /* set correct node set type and operation */ data->nodeSetType = xmlSecNodeSetTree; op = xmlGetProp(cur, xmlSecAttrFilter); if(op == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecAttrFilter), XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); return(-1); } if(xmlStrEqual(op, xmlSecXPath2FilterIntersect)) { data->nodeSetOp = xmlSecNodeSetIntersection; } else if(xmlStrEqual(op, xmlSecXPath2FilterSubtract)) { data->nodeSetOp = xmlSecNodeSetSubtraction; } else if(xmlStrEqual(op, xmlSecXPath2FilterUnion)) { data->nodeSetOp = xmlSecNodeSetUnion; } else { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecAttrFilter), XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, "filter=%s", xmlSecErrorsSafeString(op)); xmlFree(op); return(-1); } xmlFree(op); cur = xmlSecGetNextElementNode(cur->next); } /* check that we have nothing else */ if(cur != NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_UNEXPECTED_NODE, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } return(0); }
static int xmlSecOpenSSLEvpDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { xmlSecOpenSSLDigestCtxPtr ctx; xmlSecBufferPtr in, out; int ret; xmlSecAssert2(xmlSecOpenSSLEvpDigestCheckId(transform), -1); xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpDigestSize), -1); xmlSecAssert2(transformCtx != NULL, -1); in = &(transform->inBuf); xmlSecAssert2(in != NULL, -1); out = &(transform->outBuf); xmlSecAssert2(out != NULL, -1); ctx = xmlSecOpenSSLEvpDigestGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); xmlSecAssert2(ctx->digest != NULL, -1); if(transform->status == xmlSecTransformStatusNone) { #ifndef XMLSEC_OPENSSL_096 ret = EVP_DigestInit(&(ctx->digestCtx), ctx->digest); if(ret != 1) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "EVP_DigestInit", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } #else /* XMLSEC_OPENSSL_096 */ EVP_DigestInit(&(ctx->digestCtx), ctx->digest); #endif /* XMLSEC_OPENSSL_096 */ transform->status = xmlSecTransformStatusWorking; } if(transform->status == xmlSecTransformStatusWorking) { xmlSecSize inSize; inSize = xmlSecBufferGetSize(in); if(inSize > 0) { #ifndef XMLSEC_OPENSSL_096 ret = EVP_DigestUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize); if(ret != 1) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "EVP_DigestUpdate", XMLSEC_ERRORS_R_CRYPTO_FAILED, "size=%d", inSize); return(-1); } #else /* XMLSEC_OPENSSL_096 */ EVP_DigestUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize); #endif /* XMLSEC_OPENSSL_096 */ ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecBufferRemoveHead", XMLSEC_ERRORS_R_XMLSEC_FAILED, "size=%d", inSize); return(-1); } } if(last) { xmlSecAssert2((xmlSecSize)EVP_MD_size(ctx->digest) <= sizeof(ctx->dgst), -1); #ifndef XMLSEC_OPENSSL_096 ret = EVP_DigestFinal(&(ctx->digestCtx), ctx->dgst, &ctx->dgstSize); if(ret != 1) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "EVP_DigestFinal", XMLSEC_ERRORS_R_CRYPTO_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } #else /* XMLSEC_OPENSSL_096 */ EVP_DigestFinal(&(ctx->digestCtx), ctx->dgst, &ctx->dgstSize); #endif /* XMLSEC_OPENSSL_096 */ xmlSecAssert2(ctx->dgstSize > 0, -1); /* copy result to output */ if(transform->operation == xmlSecTransformOperationSign) { ret = xmlSecBufferAppend(out, ctx->dgst, ctx->dgstSize); if(ret < 0) { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecBufferAppend", XMLSEC_ERRORS_R_XMLSEC_FAILED, "size=%d", ctx->dgstSize); return(-1); } } transform->status = xmlSecTransformStatusFinished; } } else if(transform->status == xmlSecTransformStatusFinished) { /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1); } else { xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), NULL, XMLSEC_ERRORS_R_INVALID_STATUS, "status=%d", transform->status); return(-1); } return(0); }
/** * xmlSecTransformXPointerSetExpr: * @transform: the pointer to XPointer transform. * @expr: the XPointer expression. * @nodeSetType: the type of evaluated XPointer expression. * @hereNode: the pointer to "here" node. * * Sets the XPointer expression for an XPointer @transform. * * Returns: 0 on success or a negative value if an error occurs. */ int xmlSecTransformXPointerSetExpr(xmlSecTransformPtr transform, const xmlChar* expr, xmlSecNodeSetType nodeSetType, xmlNodePtr hereNode) { xmlSecPtrListPtr dataList; xmlSecXPathDataPtr data; int ret; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPointerId), -1); xmlSecAssert2(transform->hereNode == NULL, -1); xmlSecAssert2(expr != NULL, -1); xmlSecAssert2(hereNode != NULL, -1); transform->hereNode = hereNode; dataList = xmlSecXPathTransformGetDataList(transform); xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1); xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1); data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPointer); if(data == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecXPathDataCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } ret = xmlSecXPathDataRegisterNamespaces(data, hereNode); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecXPathDataRegisterNamespaces", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecXPathDataDestroy(data); return(-1); } ret = xmlSecXPathDataSetExpr(data, expr); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecXPathDataSetExpr", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecXPathDataDestroy(data); return(-1); } /* append it to the list */ ret = xmlSecPtrListAdd(dataList, data); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecPtrListAdd", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecXPathDataDestroy(data); return(-1); } /* set correct node set type and operation */ data->nodeSetOp = xmlSecNodeSetIntersection; data->nodeSetType = nodeSetType; return(0); }
/** * xmlSecOpenSSLX509StoreVerify: * @store: the pointer to X509 key data store klass. * @certs: the untrusted certificates stack. * @crls: the crls stack. * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context. * * Verifies @certs list. * * Returns: pointer to the first verified certificate from @certs. */ X509* xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509* certs, XMLSEC_STACK_OF_X509_CRL* crls, xmlSecKeyInfoCtx* keyInfoCtx) { xmlSecOpenSSLX509StoreCtxPtr ctx; STACK_OF(X509)* certs2 = NULL; STACK_OF(X509_CRL)* crls2 = NULL; X509 * res = NULL; X509 * cert; X509 * err_cert = NULL; X509_STORE_CTX *xsc; char buf[256]; int err = 0; int i; int ret; xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecOpenSSLX509StoreId), NULL); xmlSecAssert2(certs != NULL, NULL); xmlSecAssert2(keyInfoCtx != NULL, NULL); xsc = X509_STORE_CTX_new(); if(xsc == NULL) { xmlSecOpenSSLError(xmlSecKeyDataStoreGetName(store), "X509_STORE_CTX_new"); goto done; } ctx = xmlSecOpenSSLX509StoreGetCtx(store); xmlSecAssert2(ctx != NULL, NULL); xmlSecAssert2(ctx->xst != NULL, NULL); /* dup certs */ certs2 = sk_X509_dup(certs); if(certs2 == NULL) { xmlSecOpenSSLError(xmlSecKeyDataStoreGetName(store), "sk_X509_dup"); goto done; } /* add untrusted certs from the store */ if(ctx->untrusted != NULL) { for(i = 0; i < sk_X509_num(ctx->untrusted); ++i) { ret = sk_X509_push(certs2, sk_X509_value(ctx->untrusted, i)); if(ret < 1) { xmlSecOpenSSLError(xmlSecKeyDataStoreGetName(store), "sk_X509_push"); goto done; } } } /* dup crls but remove all non-verified */ if(crls != NULL) { crls2 = sk_X509_CRL_dup(crls); if(crls2 == NULL) { xmlSecOpenSSLError(xmlSecKeyDataStoreGetName(store), "sk_X509_CRL_dup"); goto done; } for(i = 0; i < sk_X509_CRL_num(crls2); ) { ret = xmlSecOpenSSLX509VerifyCRL(ctx->xst, sk_X509_CRL_value(crls2, i)); if(ret == 1) { ++i; } else if(ret == 0) { (void)sk_X509_CRL_delete(crls2, i); } else { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), "xmlSecOpenSSLX509VerifyCRL", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); goto done; } } } /* remove all revoked certs */ for(i = 0; i < sk_X509_num(certs2);) { cert = sk_X509_value(certs2, i); if(crls2 != NULL) { ret = xmlSecOpenSSLX509VerifyCertAgainstCrls(crls2, cert); if(ret == 0) { (void)sk_X509_delete(certs2, i); continue; } else if(ret != 1) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), "xmlSecOpenSSLX509VerifyCertAgainstCrls", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); goto done; } } if(ctx->crls != NULL) { ret = xmlSecOpenSSLX509VerifyCertAgainstCrls(ctx->crls, cert); if(ret == 0) { (void)sk_X509_delete(certs2, i); continue; } else if(ret != 1) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), "xmlSecOpenSSLX509VerifyCertAgainstCrls", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); goto done; } } ++i; } /* get one cert after another and try to verify */ for(i = 0; i < sk_X509_num(certs2); ++i) { cert = sk_X509_value(certs2, i); if(xmlSecOpenSSLX509FindNextChainCert(certs2, cert) == NULL) { ret = X509_STORE_CTX_init(xsc, ctx->xst, cert, certs2); if(ret != 1) { xmlSecOpenSSLError(xmlSecKeyDataStoreGetName(store), "X509_STORE_CTX_init"); goto done; } if(keyInfoCtx->certsVerificationTime > 0) { X509_STORE_CTX_set_time(xsc, 0, keyInfoCtx->certsVerificationTime); } { X509_VERIFY_PARAM * vpm = NULL; unsigned long vpm_flags = 0; vpm = X509_VERIFY_PARAM_new(); if(vpm == NULL) { xmlSecOpenSSLError(xmlSecKeyDataStoreGetName(store), "X509_VERIFY_PARAM_new"); goto done; } vpm_flags = X509_VERIFY_PARAM_get_flags(vpm); vpm_flags &= (~X509_V_FLAG_CRL_CHECK); if(keyInfoCtx->certsVerificationTime > 0) { vpm_flags |= X509_V_FLAG_USE_CHECK_TIME; X509_VERIFY_PARAM_set_time(vpm, keyInfoCtx->certsVerificationTime); } X509_VERIFY_PARAM_set_depth(vpm, keyInfoCtx->certsVerificationDepth); X509_VERIFY_PARAM_set_flags(vpm, vpm_flags); X509_STORE_CTX_set0_param(xsc, vpm); } ret = X509_verify_cert(xsc); err_cert = X509_STORE_CTX_get_current_cert(xsc); err = X509_STORE_CTX_get_error(xsc); X509_STORE_CTX_cleanup (xsc); if(ret == 1) { res = cert; goto done; } else if(ret < 0) { const char* err_msg; buf[0] = '\0'; X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof buf); err_msg = X509_verify_cert_error_string(err); xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), "X509_verify_cert", XMLSEC_ERRORS_R_CRYPTO_FAILED, "subj=%s;err=%d;msg=%s", xmlSecErrorsSafeString(buf), err, xmlSecErrorsSafeString(err_msg)); goto done; } else if(ret == 0) { const char* err_msg; buf[0] = '\0'; X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof buf); err_msg = X509_verify_cert_error_string(err); xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), "X509_verify_cert", XMLSEC_ERRORS_R_CRYPTO_FAILED, "subj=%s;err=%d;msg=%s", xmlSecErrorsSafeString(buf), err, xmlSecErrorsSafeString(err_msg)); } } } /* if we came here then we found nothing. do we have any error? */ if((err != 0) && (err_cert != NULL)) { const char* err_msg; err_msg = X509_verify_cert_error_string(err); switch (err) { case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, sizeof buf); xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), NULL, XMLSEC_ERRORS_R_CERT_ISSUER_FAILED, "err=%d;msg=%s;issuer=%s", err, xmlSecErrorsSafeString(err_msg), xmlSecErrorsSafeString(buf)); break; case X509_V_ERR_CERT_NOT_YET_VALID: case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), NULL, XMLSEC_ERRORS_R_CERT_NOT_YET_VALID, "err=%d;msg=%s", err, xmlSecErrorsSafeString(err_msg)); break; case X509_V_ERR_CERT_HAS_EXPIRED: case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), NULL, XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, "err=%d;msg=%s", err, xmlSecErrorsSafeString(err_msg)); break; default: xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), NULL, XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, "err=%d;msg=%s", err, xmlSecErrorsSafeString(err_msg)); } } done: if(certs2 != NULL) { sk_X509_free(certs2); } if(crls2 != NULL) { sk_X509_CRL_free(crls2); } if(xsc != NULL) { X509_STORE_CTX_free(xsc); } return(res); }
static int xmlSecTransformXPointerNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { xmlSecPtrListPtr dataList; xmlSecXPathDataPtr data; xmlNodePtr cur; int ret; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPointerId), -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); dataList = xmlSecXPathTransformGetDataList(transform); xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1); xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1); /* there is only one required node */ cur = xmlSecGetNextElementNode(node->children); if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPointer, xmlSecXPointerNs))) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_INVALID_NODE, "expected=%s", xmlSecErrorsSafeString(xmlSecNodeXPath)); return(-1); } /* read information from the node */ data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPointer); if(data == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecXPathDataCreate", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } ret = xmlSecXPathDataNodeRead(data, cur); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecXPathDataNodeRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecXPathDataDestroy(data); return(-1); } /* append it to the list */ ret = xmlSecPtrListAdd(dataList, data); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecPtrListAdd", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); xmlSecXPathDataDestroy(data); return(-1); } /* set correct node set type and operation */ data->nodeSetOp = xmlSecNodeSetIntersection; data->nodeSetType = xmlSecNodeSetTree; /* check that we have nothing else */ cur = xmlSecGetNextElementNode(cur->next); if(cur != NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), XMLSEC_ERRORS_R_UNEXPECTED_NODE, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } return(0); }
static int xmlSecGCryptKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { xmlSecGCryptKWAesCtxPtr ctx; xmlSecBufferPtr in, out; xmlSecSize inSize, outSize, keySize; int ret; xmlSecAssert2(xmlSecGCryptKWAesCheckId(transform), -1); xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptKWAesSize), -1); xmlSecAssert2(transformCtx != NULL, -1); ctx = xmlSecGCryptKWAesGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); keySize = xmlSecBufferGetSize(&(ctx->keyBuffer)); xmlSecAssert2(keySize == ctx->keyExpectedSize, -1); in = &(transform->inBuf); out = &(transform->outBuf); inSize = xmlSecBufferGetSize(in); outSize = xmlSecBufferGetSize(out); xmlSecAssert2(outSize == 0, -1); if(transform->status == xmlSecTransformStatusNone) { transform->status = xmlSecTransformStatusWorking; } if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) { /* just do nothing */ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) { if((inSize % 8) != 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), NULL, XMLSEC_ERRORS_R_INVALID_SIZE, "size=%d(not 8 bytes aligned)", inSize); return(-1); } if(transform->operation == xmlSecTransformOperationEncrypt) { /* the encoded key might be 8 bytes longer plus 8 bytes just in case */ outSize = inSize + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE + XMLSEC_KW_AES_BLOCK_SIZE; } else { outSize = inSize + XMLSEC_KW_AES_BLOCK_SIZE; } ret = xmlSecBufferSetMaxSize(out, outSize); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecBufferSetMaxSize", XMLSEC_ERRORS_R_XMLSEC_FAILED, "outSize=%d", outSize); return(-1); } if(transform->operation == xmlSecTransformOperationEncrypt) { ret = xmlSecKWAesEncode(&xmlSecGCryptKWAesKlass, ctx, xmlSecBufferGetData(in), inSize, xmlSecBufferGetData(out), outSize); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecKWAesEncode", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } outSize = ret; } else { ret = xmlSecKWAesDecode(&xmlSecGCryptKWAesKlass, ctx, xmlSecBufferGetData(in), inSize, xmlSecBufferGetData(out), outSize); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecKWAesEncode", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } outSize = ret; } ret = xmlSecBufferSetSize(out, outSize); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecBufferSetSize", XMLSEC_ERRORS_R_XMLSEC_FAILED, "outSize=%d", outSize); return(-1); } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecBufferRemoveHead", XMLSEC_ERRORS_R_XMLSEC_FAILED, "inSize%d", inSize); return(-1); } transform->status = xmlSecTransformStatusFinished; } else if(transform->status == xmlSecTransformStatusFinished) { /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), NULL, XMLSEC_ERRORS_R_INVALID_STATUS, "status=%d", transform->status); return(-1); } return(0); }
static int xmlSecNodeSetOneContains(xmlSecNodeSetPtr nset, xmlNodePtr node, xmlNodePtr parent) { int in_nodes_set = 1; xmlSecAssert2(nset != NULL, 0); xmlSecAssert2(node != NULL, 0); /* special cases: */ switch(nset->type) { case xmlSecNodeSetTreeWithoutComments: case xmlSecNodeSetTreeWithoutCommentsInvert: if(node->type == XML_COMMENT_NODE) { return(0); } break; case xmlSecNodeSetList: return(xmlSecNodeSetContains(nset->children, node, parent)); default: break; } if(nset->nodes != NULL) { if(node->type != XML_NAMESPACE_DECL) { in_nodes_set = xmlXPathNodeSetContains(nset->nodes, node); } else { xmlNs ns; memcpy(&ns, node, sizeof(ns)); if((parent != NULL) && (parent->type == XML_ATTRIBUTE_NODE)) { ns.next = (xmlNsPtr)parent->parent; } else { ns.next = (xmlNsPtr)parent; } /* * If the input is an XPath node-set, then the node-set must explicitly * contain every node to be rendered to the canonical form. */ in_nodes_set = (xmlXPathNodeSetContains(nset->nodes, (xmlNodePtr)&ns)); } } switch(nset->type) { case xmlSecNodeSetNormal: return(in_nodes_set); case xmlSecNodeSetInvert: return(!in_nodes_set); case xmlSecNodeSetTree: case xmlSecNodeSetTreeWithoutComments: if(in_nodes_set) { return(1); } if((parent != NULL) && (parent->type == XML_ELEMENT_NODE)) { return(xmlSecNodeSetOneContains(nset, parent, parent->parent)); } return(0); case xmlSecNodeSetTreeInvert: case xmlSecNodeSetTreeWithoutCommentsInvert: if(in_nodes_set) { return(0); } if((parent != NULL) && (parent->type == XML_ELEMENT_NODE)) { return(xmlSecNodeSetOneContains(nset, parent, parent->parent)); } return(1); default: xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_TYPE, "type=%d", nset->type); } return(0); }
int xmlSecNssAppliedKeysMngrPriKeyLoad( xmlSecKeysMngrPtr mngr , SECKEYPrivateKey* priKey ) { xmlSecKeyPtr key ; xmlSecKeyDataPtr data ; xmlSecKeyStorePtr keyStore ; xmlSecAssert2( mngr != NULL , -1 ) ; xmlSecAssert2( priKey != NULL , -1 ) ; keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; if( keyStore == NULL ) { xmlSecError( XMLSEC_ERRORS_HERE , NULL , "xmlSecKeysMngrGetKeysStore" , XMLSEC_ERRORS_R_XMLSEC_FAILED , XMLSEC_ERRORS_NO_MESSAGE ) ; return(-1) ; } xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; data = xmlSecNssPKIAdoptKey( priKey, NULL ) ; if( data == NULL ) { xmlSecError( XMLSEC_ERRORS_HERE , NULL , "xmlSecNssPKIAdoptKey" , XMLSEC_ERRORS_R_XMLSEC_FAILED , XMLSEC_ERRORS_NO_MESSAGE ) ; return(-1) ; } key = xmlSecKeyCreate() ; if( key == NULL ) { xmlSecError( XMLSEC_ERRORS_HERE , NULL , "xmlSecNssSymKeyDataKeyAdopt" , XMLSEC_ERRORS_R_XMLSEC_FAILED , XMLSEC_ERRORS_NO_MESSAGE ) ; xmlSecKeyDataDestroy( data ) ; return(-1) ; } if( xmlSecKeySetValue( key , data ) < 0 ) { xmlSecError( XMLSEC_ERRORS_HERE , NULL , "xmlSecNssSymKeyDataKeyAdopt" , XMLSEC_ERRORS_R_XMLSEC_FAILED , XMLSEC_ERRORS_NO_MESSAGE ) ; xmlSecKeyDataDestroy( data ) ; return(-1) ; } if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { xmlSecError( XMLSEC_ERRORS_HERE , NULL , "xmlSecNssSymKeyDataKeyAdopt" , XMLSEC_ERRORS_R_XMLSEC_FAILED , XMLSEC_ERRORS_NO_MESSAGE ) ; xmlSecKeyDestroy( key ) ; return(-1) ; } return(0) ; }
static int xmlSecNodeSetWalkRecursive(xmlSecNodeSetPtr nset, xmlSecNodeSetWalkCallback walkFunc, void* data, xmlNodePtr cur, xmlNodePtr parent) { int ret; xmlSecAssert2(nset != NULL, -1); xmlSecAssert2(cur != NULL, -1); xmlSecAssert2(walkFunc != NULL, -1); /* the node itself */ if(xmlSecNodeSetContains(nset, cur, parent)) { ret = walkFunc(nset, cur, parent, data); if(ret < 0) { return(ret); } } /* element node has attributes, namespaces */ if(cur->type == XML_ELEMENT_NODE) { xmlAttrPtr attr; xmlNodePtr node; xmlNsPtr ns, tmp; attr = (xmlAttrPtr)cur->properties; while(attr != NULL) { if(xmlSecNodeSetContains(nset, (xmlNodePtr)attr, cur)) { ret = walkFunc(nset, (xmlNodePtr)attr, cur, data); if(ret < 0) { return(ret); } } attr = attr->next; } node = cur; while(node != NULL) { ns = node->nsDef; while(ns != NULL) { tmp = xmlSearchNs(nset->doc, cur, ns->prefix); if((tmp == ns) && xmlSecNodeSetContains(nset, (xmlNodePtr)ns, cur)) { ret = walkFunc(nset, (xmlNodePtr)ns, cur, data); if(ret < 0) { return(ret); } } ns = ns->next; } node = node->parent; } } /* element and document nodes have children */ if((cur->type == XML_ELEMENT_NODE) || (cur->type == XML_DOCUMENT_NODE)) { xmlNodePtr node; node = cur->children; while(node != NULL) { ret = xmlSecNodeSetWalkRecursive(nset, walkFunc, data, node, cur); if(ret < 0) { return(ret); } node = node->next; } } return(0); }
static int xmlSecNssDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { xmlSecNssDigestCtxPtr ctx; xmlSecBufferPtr in, out; SECStatus rv; int ret; xmlSecAssert2(xmlSecNssDigestCheckId(transform), -1); xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1); xmlSecAssert2(transformCtx != NULL, -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssDigestSize), -1); ctx = xmlSecNssDigestGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); xmlSecAssert2(ctx->digestCtx != NULL, -1); in = &(transform->inBuf); out = &(transform->outBuf); if(transform->status == xmlSecTransformStatusNone) { rv = PK11_DigestBegin(ctx->digestCtx); if(rv != SECSuccess) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestBegin", XMLSEC_ERRORS_R_CRYPTO_FAILED, "error code=%d", PORT_GetError()); return(-1); } transform->status = xmlSecTransformStatusWorking; } if(transform->status == xmlSecTransformStatusWorking) { xmlSecSize inSize; inSize = xmlSecBufferGetSize(in); if(inSize > 0) { rv = PK11_DigestOp(ctx->digestCtx, xmlSecBufferGetData(in), inSize); if (rv != SECSuccess) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestOp", XMLSEC_ERRORS_R_CRYPTO_FAILED, "error code=%d", PORT_GetError()); return(-1); } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecBufferRemoveHead", XMLSEC_ERRORS_R_XMLSEC_FAILED, "size=%d", inSize); return(-1); } } if(last) { unsigned int dgstSize; rv = PK11_DigestFinal(ctx->digestCtx, ctx->dgst, &dgstSize, sizeof(ctx->dgst)); if(rv != SECSuccess) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "PK11_DigestFinal", XMLSEC_ERRORS_R_CRYPTO_FAILED, "error code=%d", PORT_GetError()); return(-1); } xmlSecAssert2(dgstSize > 0, -1); ctx->dgstSize = XMLSEC_SIZE_BAD_CAST(dgstSize); if(transform->operation == xmlSecTransformOperationSign) { ret = xmlSecBufferAppend(out, ctx->dgst, ctx->dgstSize); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), "xmlSecBufferAppend", XMLSEC_ERRORS_R_XMLSEC_FAILED, "size=%d", ctx->dgstSize); return(-1); } } transform->status = xmlSecTransformStatusFinished; } } else if(transform->status == xmlSecTransformStatusFinished) { /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), NULL, XMLSEC_ERRORS_R_INVALID_STATUS, "status=%d", transform->status); return(-1); } return(0); }
/** * xmlSecPtrListGetSize: * @list: the pointer to list. * * Gets list size. * * Returns the number of itmes in @list. */ xmlSecSize xmlSecPtrListGetSize(xmlSecPtrListPtr list) { xmlSecAssert2(xmlSecPtrListIsValid(list), 0); return(list->use); }
/** * xmlSecEncCtxXmlEncrypt: * @encCtx: the pointer to <enc:EncryptedData/> processing context. * @tmpl: the pointer to <enc:EncryptedData/> template node. * @node: the pointer to node for encryption. * * Encrypts @node according to template @tmpl. If requested, @node is replaced * with result <enc:EncryptedData/> node. * * Returns: 0 on success or a negative value if an error occurs. */ int xmlSecEncCtxXmlEncrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr tmpl, xmlNodePtr node) { xmlOutputBufferPtr output; int ret; xmlSecAssert2(encCtx != NULL, -1); xmlSecAssert2(encCtx->result == NULL, -1); xmlSecAssert2(tmpl != NULL, -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(node->doc != NULL, -1); /* initialize context and add ID atributes to the list of known ids */ encCtx->operation = xmlSecTransformOperationEncrypt; xmlSecAddIDs(tmpl->doc, tmpl, xmlSecEncIds); /* read the template and set encryption method, key, etc. */ ret = xmlSecEncCtxEncDataNodeRead(encCtx, tmpl); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecEncCtxEncDataNodeRead", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } ret = xmlSecTransformCtxPrepare(&(encCtx->transformCtx), xmlSecTransformDataTypeBin); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecTransformCtxPrepare", XMLSEC_ERRORS_R_XMLSEC_FAILED, "type=bin"); return(-1); } xmlSecAssert2(encCtx->transformCtx.first != NULL, -1); output = xmlSecTransformCreateOutputBuffer(encCtx->transformCtx.first, &(encCtx->transformCtx)); if(output == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, xmlSecErrorsSafeString(xmlSecTransformGetName(encCtx->transformCtx.first)), "xmlSecTransformCreateOutputBuffer", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } /* push data thru */ if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncElement)) { /* get the content of the node */ xmlNodeDumpOutput(output, node->doc, node, 0, 0, NULL); } else if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncContent)) { xmlNodePtr cur; /* get the content of the nodes childs */ for(cur = node->children; cur != NULL; cur = cur->next) { xmlNodeDumpOutput(output, node->doc, cur, 0, 0, NULL); } } else { xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_TYPE, "type=%s", xmlSecErrorsSafeString(encCtx->type)); xmlOutputBufferClose(output); return(-1); } /* close the buffer and flush everything */ ret = xmlOutputBufferClose(output); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlOutputBufferClose", XMLSEC_ERRORS_R_XML_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } encCtx->result = encCtx->transformCtx.result; xmlSecAssert2(encCtx->result != NULL, -1); ret = xmlSecEncCtxEncDataNodeWrite(encCtx); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecEncCtxEncDataNodeWrite", XMLSEC_ERRORS_R_XMLSEC_FAILED, XMLSEC_ERRORS_NO_MESSAGE); return(-1); } /* now we need to update our original document */ if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncElement)) { /* check if we need to return the replaced node */ if((encCtx->flags & XMLSEC_ENC_RETURN_REPLACED_NODE) != 0) { ret = xmlSecReplaceNodeAndReturn(node, tmpl, &(encCtx->replacedNodeList)); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecReplaceNode", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(node))); return(-1); } } else { ret = xmlSecReplaceNode(node, tmpl); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecReplaceNode", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(node))); return(-1); } } encCtx->resultReplaced = 1; } else if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncContent)) { /* check if we need to return the replaced node */ if((encCtx->flags & XMLSEC_ENC_RETURN_REPLACED_NODE) != 0) { ret = xmlSecReplaceContentAndReturn(node, tmpl, &(encCtx->replacedNodeList)); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecReplaceContentAndReturn", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(node))); return(-1); } } else { ret = xmlSecReplaceContent(node, tmpl); if(ret < 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, "xmlSecReplaceContent", XMLSEC_ERRORS_R_XMLSEC_FAILED, "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(node))); return(-1); } } encCtx->resultReplaced = 1; } else { /* we should've catached this error before */ xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_TYPE, "type=%s", xmlSecErrorsSafeString(encCtx->type)); return(-1); } return(0); }
static xmlSecBase64Status xmlSecBase64CtxDecodeByte(xmlSecBase64CtxPtr ctx, xmlSecByte inByte, xmlSecByte* outByte) { xmlSecAssert2(ctx != NULL, xmlSecBase64StatusFailed); xmlSecAssert2(outByte != NULL, xmlSecBase64StatusFailed); if((ctx->finished != 0) && (ctx->inPos == 0)) { return(xmlSecBase64StatusDone); } if(inByte == '=') { ctx->finished = 1; if(ctx->inPos < 2) { xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_DATA, "ctx->inPos=%d", ctx->inPos); return(xmlSecBase64StatusFailed); } else if(ctx->inPos == 2) { ++ctx->inPos; return(xmlSecBase64StatusNext); } else if(ctx->inPos == 3) { ctx->inPos = 0; return(xmlSecBase64StatusNext); } else { xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_DATA, "ctx->inPos=%d", ctx->inPos); return(xmlSecBase64StatusFailed); } } else if(xmlSecIsBase64Space(inByte)) { return(xmlSecBase64StatusNext); } else if(!xmlSecIsBase64Char(inByte) || (ctx->finished != 0)) { xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_DATA, "inByte=0x%02x", inByte); return(xmlSecBase64StatusFailed); } /* convert from character to position in base64 array */ if((inByte >= 'A') && (inByte <= 'Z')) { inByte = (inByte - 'A'); } else if((inByte >= 'a') && (inByte <= 'z')) { inByte = 26 + (inByte - 'a'); } else if((inByte >= '0') && (inByte <= '9')) { inByte = 52 + (inByte - '0'); } else if(inByte == '+') { inByte = 62; } else if(inByte == '/') { inByte = 63; } if(ctx->inPos == 0) { ctx->inByte = inByte; ++ctx->inPos; return(xmlSecBase64StatusNext); } else if(ctx->inPos == 1) { (*outByte) = xmlSecBase64Decode1(ctx->inByte, inByte); ctx->inByte = inByte; ++ctx->inPos; return(xmlSecBase64StatusConsumeAndNext); } else if(ctx->inPos == 2) { (*outByte) = xmlSecBase64Decode2(ctx->inByte, inByte); ctx->inByte = inByte; ++ctx->inPos; return(xmlSecBase64StatusConsumeAndNext); } else if(ctx->inPos == 3) { (*outByte) = xmlSecBase64Decode3(ctx->inByte, inByte); ctx->inByte = 0; ctx->inPos = 0; return(xmlSecBase64StatusConsumeAndNext); } xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_R_INVALID_DATA, "ctx->inPos=%d", ctx->inPos); return(xmlSecBase64StatusFailed); }