static int
xmlSecBase64CtxDecodeIsFinished(xmlSecBase64CtxPtr ctx) {
xmlSecAssert2(ctx != NULL, -1);
return((ctx->inPos == 0) ? 1 : 0);
}
static int
xmlSecNssDigestInitialize(xmlSecTransformPtr transform) {
xmlSecNssDigestCtxPtr ctx;
xmlSecAssert2(xmlSecNssDigestCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssDigestSize), -1);
ctx = xmlSecNssDigestGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
/* initialize context */
memset(ctx, 0, sizeof(xmlSecNssDigestCtx));
#ifndef XMLSEC_NO_MD5
if(xmlSecTransformCheckId(transform, xmlSecNssTransformMd5Id)) {
ctx->digest = SECOID_FindOIDByTag(SEC_OID_MD5);
} else
#endif /* XMLSEC_NO_MD5 */
#ifndef XMLSEC_NO_SHA1
if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha1Id)) {
ctx->digest = SECOID_FindOIDByTag(SEC_OID_SHA1);
} else
#endif /* XMLSEC_NO_SHA1 */
#ifndef XMLSEC_NO_SHA256
if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha256Id)) {
ctx->digest = SECOID_FindOIDByTag(SEC_OID_SHA256);
} else
#endif /* XMLSEC_NO_SHA256 */
#ifndef XMLSEC_NO_SHA384
if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha384Id)) {
ctx->digest = SECOID_FindOIDByTag(SEC_OID_SHA384);
} else
#endif /* XMLSEC_NO_SHA384 */
#ifndef XMLSEC_NO_SHA512
if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha512Id)) {
ctx->digest = SECOID_FindOIDByTag(SEC_OID_SHA512);
} else
#endif /* XMLSEC_NO_SHA512 */
if(1) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_TRANSFORM,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
if(ctx->digest == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"SECOID_FindOIDByTag",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
"error code=%d", PORT_GetError());
return(-1);
}
ctx->digestCtx = PK11_CreateDigestContext(ctx->digest->offset);
if(ctx->digestCtx == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"PK11_CreateDigestContext",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
"error code=%d", PORT_GetError());
return(-1);
}
return(0);
}
/**
* xmlSecOpenSSLAppKeyLoadBIO:
* @bio: the key BIO.
* @format: the key file format.
* @pwd: the key file password.
* @pwdCallback: the key password callback.
* @pwdCallbackCtx: the user context for password callback.
*
* Reads key from the an OpenSSL BIO object.
*
* Returns: pointer to the key or NULL if an error occurs.
*/
xmlSecKeyPtr
xmlSecOpenSSLAppKeyLoadBIO(BIO* bio, xmlSecKeyDataFormat format,
const char *pwd, void* pwdCallback,
void* pwdCallbackCtx) {
xmlSecKeyPtr key = NULL;
xmlSecKeyDataPtr data;
EVP_PKEY* pKey = NULL;
int ret;
xmlSecAssert2(bio != NULL, NULL);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
switch(format) {
case xmlSecKeyDataFormatPem:
/* try to read private key first */
if(pwd != NULL) {
pKey = PEM_read_bio_PrivateKey(bio, NULL,
xmlSecOpenSSLDummyPasswordCallback,
(void*)pwd);
} else {
pKey = PEM_read_bio_PrivateKey(bio, NULL,
XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback),
pwdCallbackCtx);
}
if(pKey == NULL) {
/* go to start of the file and try to read public key */
(void)BIO_reset(bio);
pKey = PEM_read_bio_PUBKEY(bio, NULL,
XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback),
pwdCallbackCtx);
if(pKey == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"PEM_read_bio_PrivateKey and PEM_read_bio_PUBKEY",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
}
break;
case xmlSecKeyDataFormatDer:
/* try to read private key first */
pKey = d2i_PrivateKey_bio(bio, NULL);
if(pKey == NULL) {
/* go to start of the file and try to read public key */
(void)BIO_reset(bio);
pKey = d2i_PUBKEY_bio(bio, NULL);
if(pKey == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"d2i_PrivateKey_bio and d2i_PUBKEY_bio",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
}
break;
case xmlSecKeyDataFormatPkcs8Pem:
/* try to read private key first */
pKey = PEM_read_bio_PrivateKey(bio, NULL,
XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback),
pwdCallbackCtx);
if(pKey == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"PEM_read_bio_PrivateKey",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
break;
case xmlSecKeyDataFormatPkcs8Der:
/* try to read private key first */
pKey = d2i_PKCS8PrivateKey_bio(bio, NULL,
XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback),
pwdCallbackCtx);
if(pKey == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"d2i_PrivateKey_bio and d2i_PUBKEY_bio",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
break;
#ifndef XMLSEC_NO_X509
case xmlSecKeyDataFormatPkcs12:
key = xmlSecOpenSSLAppPkcs12LoadBIO(bio, pwd, pwdCallback, pwdCallbackCtx);
if(key == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecOpenSSLAppPkcs12LoadBIO",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
return(key);
case xmlSecKeyDataFormatCertPem:
case xmlSecKeyDataFormatCertDer:
key = xmlSecOpenSSLAppKeyFromCertLoadBIO(bio, format);
if(key == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecOpenSSLAppKeyFromCertLoadBIO",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
return(key);
#endif /* XMLSEC_NO_X509 */
default:
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_INVALID_FORMAT,
"format=%d", format);
return(NULL);
}
data = xmlSecOpenSSLEvpKeyAdopt(pKey);
if(data == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecOpenSSLEvpKeyAdopt",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
EVP_PKEY_free(pKey);
return(NULL);
}
key = xmlSecKeyCreate();
if(key == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDataDestroy(data);
return(NULL);
}
ret = xmlSecKeySetValue(key, data);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeySetValue",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
xmlSecKeyDestroy(key);
xmlSecKeyDataDestroy(data);
return(NULL);
}
return(key);
}
static int
xmlSecOpenSSLX509StoreInitialize(xmlSecKeyDataStorePtr store) {
const xmlChar* path;
X509_LOOKUP *lookup = NULL;
xmlSecOpenSSLX509StoreCtxPtr ctx;
xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecOpenSSLX509StoreId), -1);
ctx = xmlSecOpenSSLX509StoreGetCtx(store);
xmlSecAssert2(ctx != NULL, -1);
memset(ctx, 0, sizeof(xmlSecOpenSSLX509StoreCtx));
ctx->xst = X509_STORE_new();
if(ctx->xst == NULL) {
xmlSecOpenSSLError(xmlSecKeyDataStoreGetName(store),
"X509_STORE_new");
return(-1);
}
if(!X509_STORE_set_default_paths(ctx->xst)) {
xmlSecOpenSSLError(xmlSecKeyDataStoreGetName(store),
"X509_STORE_set_default_paths");
return(-1);
}
lookup = X509_STORE_add_lookup(ctx->xst, X509_LOOKUP_hash_dir());
if(lookup == NULL) {
xmlSecOpenSSLError(xmlSecKeyDataStoreGetName(store),
"X509_STORE_add_lookup");
return(-1);
}
path = xmlSecOpenSSLGetDefaultTrustedCertsFolder();
if(path != NULL) {
if(!X509_LOOKUP_add_dir(lookup, (char*)path, X509_FILETYPE_PEM)) {
xmlSecOpenSSLError(xmlSecKeyDataStoreGetName(store),
"X509_LOOKUP_add_dir");
return(-1);
}
} else {
if(!X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT)) {
xmlSecOpenSSLError(xmlSecKeyDataStoreGetName(store),
"X509_LOOKUP_add_dir");
return(-1);
}
}
ctx->untrusted = sk_X509_new_null();
if(ctx->untrusted == NULL) {
xmlSecOpenSSLError(xmlSecKeyDataStoreGetName(store),
"sk_X509_new_null");
return(-1);
}
ctx->crls = sk_X509_CRL_new_null();
if(ctx->crls == NULL) {
xmlSecOpenSSLError(xmlSecKeyDataStoreGetName(store),
"sk_X509_CRL_new_null");
return(-1);
}
ctx->vpm = X509_VERIFY_PARAM_new();
if(ctx->vpm == NULL) {
xmlSecOpenSSLError(xmlSecKeyDataStoreGetName(store),
"X509_VERIFY_PARAM_new");
return(-1);
}
X509_VERIFY_PARAM_set_depth(ctx->vpm, 9); /* the default cert verification path in openssl */
X509_STORE_set1_param(ctx->xst, ctx->vpm);
return(0);
}
static int
xmlSecGCryptKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize,
xmlSecByte * out, xmlSecSize outSize,
void * context) {
xmlSecGCryptKWAesCtxPtr ctx = (xmlSecGCryptKWAesCtxPtr)context;
gcry_cipher_hd_t cipherCtx;
gcry_error_t err;
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(in != NULL, -1);
xmlSecAssert2(inSize >= ctx->blockSize, -1);
xmlSecAssert2(out != NULL, -1);
xmlSecAssert2(outSize >= ctx->blockSize, -1);
err = gcry_cipher_open(&cipherCtx, ctx->cipher, ctx->mode, ctx->flags);
if(err != GPG_ERR_NO_ERROR) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"gcry_cipher_open",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_GCRYPT_REPORT_ERROR(err));
return(-1);
}
err = gcry_cipher_setkey(cipherCtx,
xmlSecBufferGetData(&ctx->keyBuffer),
xmlSecBufferGetSize(&ctx->keyBuffer));
if(err != GPG_ERR_NO_ERROR) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"gcry_cipher_setkey",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_GCRYPT_REPORT_ERROR(err));
return(-1);
}
/* use zero IV and CBC mode to ensure we get result as-is */
err = gcry_cipher_setiv(cipherCtx, g_zero_iv, sizeof(g_zero_iv));
if(err != GPG_ERR_NO_ERROR) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"gcry_cipher_setiv",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_GCRYPT_REPORT_ERROR(err));
return(-1);
}
err = gcry_cipher_decrypt(cipherCtx, out, outSize, in, inSize);
if(err != GPG_ERR_NO_ERROR) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"gcry_cipher_decrypt",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_GCRYPT_REPORT_ERROR(err));
gcry_cipher_close(cipherCtx);
return(-1);
}
gcry_cipher_close(cipherCtx);
return(ctx->blockSize);
}
static int
xmlSecOpenSSLEvpDigestInitialize(xmlSecTransformPtr transform) {
xmlSecOpenSSLDigestCtxPtr ctx;
xmlSecAssert2(xmlSecOpenSSLEvpDigestCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpDigestSize), -1);
ctx = xmlSecOpenSSLEvpDigestGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
/* initialize context */
memset(ctx, 0, sizeof(xmlSecOpenSSLDigestCtx));
#ifndef XMLSEC_NO_MD5
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformMd5Id)) {
ctx->digest = EVP_md5();
} else
#endif /* XMLSEC_NO_MD5 */
#ifndef XMLSEC_NO_RIPEMD160
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRipemd160Id)) {
ctx->digest = EVP_ripemd160();
} else
#endif /* XMLSEC_NO_RIPEMD160 */
#ifndef XMLSEC_NO_SHA1
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformSha1Id)) {
ctx->digest = EVP_sha1();
} else
#endif /* XMLSEC_NO_SHA1 */
#ifndef XMLSEC_NO_SHA224
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformSha224Id)) {
ctx->digest = EVP_sha224();
} else
#endif /* XMLSEC_NO_SHA224 */
#ifndef XMLSEC_NO_SHA256
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformSha256Id)) {
ctx->digest = EVP_sha256();
} else
#endif /* XMLSEC_NO_SHA256 */
#ifndef XMLSEC_NO_SHA384
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformSha384Id)) {
ctx->digest = EVP_sha384();
} else
#endif /* XMLSEC_NO_SHA384 */
#ifndef XMLSEC_NO_SHA512
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformSha512Id)) {
ctx->digest = EVP_sha512();
} else
#endif /* XMLSEC_NO_SHA512 */
{
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_TRANSFORM,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
#ifndef XMLSEC_OPENSSL_096
EVP_MD_CTX_init(&(ctx->digestCtx));
#endif /* XMLSEC_OPENSSL_096 */
return(0);
}
static int
xmlSecMSCryptoKWAesInitialize(xmlSecTransformPtr transform) {
xmlSecMSCryptoKWAesCtxPtr ctx;
int ret;
xmlSecAssert2(xmlSecMSCryptoKWAesCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWAesSize), -1);
ctx = xmlSecMSCryptoKWAesGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
memset(ctx, 0, sizeof(xmlSecMSCryptoKWAesCtx));
if(transform->id == xmlSecMSCryptoTransformKWAes128Id) {
ctx->algorithmIdentifier = CALG_AES_128;
ctx->keyId = xmlSecMSCryptoKeyDataAesId;
ctx->providers = xmlSecMSCryptoProviderInfo_Aes;
ctx->keySize = XMLSEC_KW_AES128_KEY_SIZE;
} else if(transform->id == xmlSecMSCryptoTransformKWAes192Id) {
ctx->algorithmIdentifier = CALG_AES_192;
ctx->keyId = xmlSecMSCryptoKeyDataAesId;
ctx->providers = xmlSecMSCryptoProviderInfo_Aes;
ctx->keySize = XMLSEC_KW_AES192_KEY_SIZE;
} else if(transform->id == xmlSecMSCryptoTransformKWAes256Id) {
ctx->algorithmIdentifier = CALG_AES_256;
ctx->keyId = xmlSecMSCryptoKeyDataAesId;
ctx->providers = xmlSecMSCryptoProviderInfo_Aes;
ctx->keySize = XMLSEC_KW_AES256_KEY_SIZE;
} else {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_TRANSFORM,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
ret = xmlSecBufferInitialize(&ctx->keyBuffer, 0);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
/* find provider */
ctx->cryptProvider = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, TRUE);
if(ctx->cryptProvider == 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecMSCryptoFindProvider",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
/* Create dummy key to be able to import plain session keys */
if (!xmlSecMSCryptoCreatePrivateExponentOneKey(ctx->cryptProvider, &(ctx->pubPrivKey))) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecMSCryptoCreatePrivateExponentOneKey",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
static int
xmlSecTransformVisa3DHackInitialize(xmlSecTransformPtr transform) {
xmlSecAssert2(xmlSecTransformVisa3DHackCheckId(transform), -1);
return(0);
}
static xmlSecNodeSetPtr
xmlSecXPathDataExecute(xmlSecXPathDataPtr data, xmlDocPtr doc, xmlNodePtr hereNode) {
xmlXPathObjectPtr xpathObj = NULL;
xmlSecNodeSetPtr nodes;
xmlSecAssert2(data != NULL, NULL);
xmlSecAssert2(data->expr != NULL, NULL);
xmlSecAssert2(data->ctx != NULL, NULL);
xmlSecAssert2(doc != NULL, NULL);
xmlSecAssert2(hereNode != NULL, NULL);
/* do not forget to set the doc */
data->ctx->doc = doc;
/* here function works only on the same document */
if(hereNode->doc == doc) {
xmlXPathRegisterFunc(data->ctx, (xmlChar *)"here", xmlSecXPathHereFunction);
data->ctx->here = hereNode;
data->ctx->xptr = 1;
}
/* execute xpath or xpointer expression */
switch(data->type) {
case xmlSecXPathDataTypeXPath:
case xmlSecXPathDataTypeXPath2:
xpathObj = xmlXPathEvalExpression(data->expr, data->ctx);
if(xpathObj == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlXPathEvalExpression",
XMLSEC_ERRORS_R_XML_FAILED,
"expr=%s",
xmlSecErrorsSafeString(data->expr));
return(NULL);
}
break;
case xmlSecXPathDataTypeXPointer:
xpathObj = xmlXPtrEval(data->expr, data->ctx);
if(xpathObj == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlXPtrEval",
XMLSEC_ERRORS_R_XML_FAILED,
"expr=%s",
xmlSecErrorsSafeString(data->expr));
return(NULL);
}
break;
}
/* sometime LibXML2 returns an empty nodeset or just NULL, we want
to reserve NULL for our own purposes so we simply create an empty
node set here */
if(xpathObj->nodesetval == NULL) {
xpathObj->nodesetval = xmlXPathNodeSetCreate(NULL);
if(xpathObj->nodesetval == NULL) {
xmlXPathFreeObject(xpathObj);
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlXPathNodeSetCreate",
XMLSEC_ERRORS_R_XML_FAILED,
"expr=%s",
xmlSecErrorsSafeString(data->expr));
return(NULL);
}
}
nodes = xmlSecNodeSetCreate(doc, xpathObj->nodesetval, data->nodeSetType);
if(nodes == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecNodeSetCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"type=%d", data->nodeSetType);
xmlXPathFreeObject(xpathObj);
return(NULL);
}
xpathObj->nodesetval = NULL;
xmlXPathFreeObject(xpathObj);
return(nodes);
}
/**
* xmlSecSoap12AddFaultEntry:
* @envNode: the pointer to <soap:Envelope> node.
* @faultCode: the fault code.
* @faultReasonText: the human readable explanation of the fault.
* @faultReasonLang: the language (xml:lang) for @faultReason string.
* @faultNodeURI: the more preciese information about fault source
* (might be NULL).
* @faultRole: the role the node was operating in at the point
* the fault occurred (might be NULL).
*
* Adds <soap:Fault> entry to the @envNode. Note that only one <soap:Fault>
* entry is allowed.
*
* XML Schema (http://www.w3.org/2003/05/soap-envelope):
*
* <xs:element name="Fault" type="tns:Fault"/>
* <xs:complexType name="Fault" final="extension">
* <xs:sequence>
* <xs:element name="Code" type="tns:faultcode"/>
* <xs:element name="Reason" type="tns:faultreason"/>
* <xs:element name="Node" type="xs:anyURI" minOccurs="0"/>
* <xs:element name="Role" type="xs:anyURI" minOccurs="0"/>
* <xs:element name="Detail" type="tns:detail" minOccurs="0"/>
* </xs:sequence>
* </xs:complexType>
*
* <xs:complexType name="faultcode">
* <xs:sequence>
* <xs:element name="Value" type="tns:faultcodeEnum"/>
* <xs:element name="Subcode" type="tns:subcode" minOccurs="0"/>
* </xs:sequence>
* </xs:complexType>
*
* <xs:complexType name="faultreason">
* <xs:sequence>
* <xs:element name="Text" type="tns:reasontext"
* minOccurs="1" maxOccurs="unbounded"/>
* </xs:sequence>
* </xs:complexType>
*
* <xs:complexType name="reasontext">
* <xs:simpleContent>
* <xs:extension base="xs:string">
* <xs:attribute ref="xml:lang" use="required"/>
* </xs:extension>
* </xs:simpleContent>
* </xs:complexType>
*
* <xs:simpleType name="faultcodeEnum">
* <xs:restriction base="xs:QName">
* <xs:enumeration value="tns:DataEncodingUnknown"/>
* <xs:enumeration value="tns:MustUnderstand"/>
* <xs:enumeration value="tns:Receiver"/>
* <xs:enumeration value="tns:Sender"/>
* <xs:enumeration value="tns:VersionMismatch"/>
* </xs:restriction>
* </xs:simpleType>
*
* <xs:complexType name="subcode">
* <xs:sequence>
* <xs:element name="Value" type="xs:QName"/>
* <xs:element name="Subcode" type="tns:subcode" minOccurs="0"/>
* </xs:sequence>
* </xs:complexType>
*
* <xs:complexType name="detail">
* <xs:sequence>
* <xs:any namespace="##any" processContents="lax"
* minOccurs="0" maxOccurs="unbounded"/>
* </xs:sequence>
* <xs:anyAttribute namespace="##other" processContents="lax"/>
* </xs:complexType>
*
* Returns: pointer to the added entry or NULL if an error occurs.
*/
xmlNodePtr
xmlSecSoap12AddFaultEntry(xmlNodePtr envNode, xmlSecSoap12FaultCode faultCode,
const xmlChar* faultReasonText, const xmlChar* faultReasonLang,
const xmlChar* faultNodeURI, const xmlChar* faultRole) {
xmlNodePtr bodyNode;
xmlNodePtr faultNode;
xmlNodePtr cur;
int ret;
xmlSecAssert2(envNode != NULL, NULL);
xmlSecAssert2(faultCode != xmlSecSoap12FaultCodeUnknown, NULL);
xmlSecAssert2(faultReasonText != NULL, NULL);
xmlSecAssert2(faultReasonLang != NULL, NULL);
/* get Body node */
bodyNode = xmlSecSoap12GetBody(envNode);
if(bodyNode == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecSoap12GetBody",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
/* check that we don't have Fault node already */
faultNode = xmlSecFindChild(bodyNode, xmlSecNodeFault, xmlSecSoap12Ns);
if(faultNode != NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
xmlSecErrorsSafeString(xmlSecNodeBody),
XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
/* add Fault node */
faultNode = xmlSecAddChild(bodyNode, xmlSecNodeFault, xmlSecSoap12Ns);
if(faultNode == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecAddChild",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeFault));
return(NULL);
}
/* add Code node */
cur = xmlSecAddChild(faultNode, xmlSecNodeCode, xmlSecSoap12Ns);
if(cur == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecAddChild",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeCode));
xmlUnlinkNode(faultNode);
xmlFreeNode(faultNode);
return(NULL);
}
/* write the fault code in Value child */
ret = xmlSecQName2IntegerNodeWrite(gXmlSecSoap12FaultCodeInfo, cur,
xmlSecNodeValue, xmlSecSoap12Ns,
faultCode);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecQName2IntegerNodeWrite",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"faultCode=%d",
faultCode);
xmlUnlinkNode(faultNode);
xmlFreeNode(faultNode);
return(NULL);
}
/* add Reason node */
cur = xmlSecAddChild(faultNode, xmlSecNodeReason, xmlSecSoap12Ns);
if(cur == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecAddChild",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeReason));
xmlUnlinkNode(faultNode);
xmlFreeNode(faultNode);
return(NULL);
}
/* Add Reason/Text node */
if(xmlSecSoap12AddFaultReasonText(faultNode, faultReasonText, faultReasonLang) == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecSoap12AddFaultReasonText",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"text=%s",
xmlSecErrorsSafeString(faultReasonText));
xmlUnlinkNode(faultNode);
xmlFreeNode(faultNode);
return(NULL);
}
if(faultNodeURI != NULL) {
/* add Node node */
cur = xmlSecAddChild(faultNode, xmlSecNodeNode, xmlSecSoap12Ns);
if(cur == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecAddChild",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeNode));
xmlUnlinkNode(faultNode);
xmlFreeNode(faultNode);
return(NULL);
}
xmlNodeSetContent(cur, faultNodeURI);
}
if(faultRole != NULL) {
/* add Role node */
cur = xmlSecAddChild(faultNode, xmlSecNodeRole, xmlSecSoap12Ns);
if(cur == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecAddChild",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeRole));
xmlUnlinkNode(faultNode);
xmlFreeNode(faultNode);
return(NULL);
}
xmlNodeSetContent(cur, faultRole);
}
return(faultNode);
}
/**
* xmlSecSoap12AddFaultSubcode:
* @faultNode: the pointer to <Fault> node.
* @subCodeHref: the subcode href.
* @subCodeName: the subcode name.
*
* Adds a new <Subcode> node to the <Code> node or the last <Subcode> node.
*
* Returns: a pointer to the newly created <Subcode> node or NULL if an error
* occurs.
*/
xmlNodePtr
xmlSecSoap12AddFaultSubcode(xmlNodePtr faultNode, const xmlChar* subCodeHref, const xmlChar* subCodeName) {
xmlNodePtr cur, subcodeNode, valueNode;
xmlChar* qname;
xmlSecAssert2(faultNode != NULL, NULL);
xmlSecAssert2(subCodeHref != NULL, NULL);
xmlSecAssert2(subCodeName != NULL, NULL);
/* Code node is the first childern in Fault node */
cur = xmlSecGetNextElementNode(faultNode->children);
if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeCode, xmlSecSoap12Ns)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_INVALID_NODE,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeCode));
return(NULL);
}
/* find the Code or Subcode node that does not have Subcode child */
while(1) {
xmlNodePtr tmp;
tmp = xmlSecFindChild(cur, xmlSecNodeSubcode, xmlSecSoap12Ns);
if(tmp != NULL) {
cur = tmp;
} else {
break;
}
}
xmlSecAssert2(cur != NULL, NULL);
/* add Subcode node */
subcodeNode = xmlSecAddChild(cur, xmlSecNodeSubcode, xmlSecSoap12Ns);
if(subcodeNode == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecAddChild",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeSubcode));
return(NULL);
}
/* add Value node */
valueNode = xmlSecAddChild(subcodeNode, xmlSecNodeValue, xmlSecSoap12Ns);
if(valueNode == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecAddChild",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeValue));
xmlUnlinkNode(subcodeNode);
xmlFreeNode(subcodeNode);
return(NULL);
}
/* create qname for fault code */
qname = xmlSecGetQName(cur, subCodeHref, subCodeName);
if(qname == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecGetQName",
XMLSEC_ERRORS_R_XML_FAILED,
"node=%s",
xmlSecErrorsSafeString(cur->name));
xmlUnlinkNode(subcodeNode);
xmlFreeNode(subcodeNode);
return(NULL);
}
/* set result qname in Value node */
xmlNodeSetContent(cur, qname);
if(qname != subCodeName) {
xmlFree(qname);
}
return(subcodeNode);
}
/**
* xmlSecSoap11AddFaultEntry:
* @envNode: the pointer to <soap:Envelope> node.
* @faultCodeHref: the fault code QName href (must be known in th context of
* <soap:Body> node).
* @faultCodeLocalPart: the fault code QName LocalPart.
* @faultString: the human readable explanation of the fault.
* @faultActor: the information about who caused the fault (might be NULL).
*
* Adds <soap:Fault> entry to the @envNode. Note that only one <soap:Fault>
* entry is allowed.
*
* XML Schema (http://schemas.xmlsoap.org/soap/envelope/):
*
* <xs:element name="Fault" type="tns:Fault"/>
* <xs:complexType name="Fault" final="extension">
* <xs:sequence>
* <xs:element name="faultcode" type="xs:QName"/>
* <xs:element name="faultstring" type="xs:string"/>
* <xs:element name="faultactor" type="xs:anyURI" minOccurs="0"/>
* <xs:element name="detail" type="tns:detail" minOccurs="0"/>
* </xs:sequence>
* </xs:complexType>
* <xs:complexType name="detail">
* <xs:sequence>
* <xs:any namespace="##any" minOccurs="0" maxOccurs="unbounded"
* processContents="lax"/>
* </xs:sequence>
* <xs:anyAttribute namespace="##any" processContents="lax"/>
* </xs:complexType>
*
* Returns: pointer to the added entry or NULL if an error occurs.
*/
xmlNodePtr
xmlSecSoap11AddFaultEntry(xmlNodePtr envNode, const xmlChar* faultCodeHref,
const xmlChar* faultCodeLocalPart,
const xmlChar* faultString, const xmlChar* faultActor) {
xmlNodePtr bodyNode;
xmlNodePtr faultNode;
xmlNodePtr cur;
xmlChar* qname;
xmlSecAssert2(envNode != NULL, NULL);
xmlSecAssert2(faultCodeLocalPart != NULL, NULL);
xmlSecAssert2(faultString != NULL, NULL);
/* get Body node */
bodyNode = xmlSecSoap11GetBody(envNode);
if(bodyNode == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecSoap11GetBody",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
/* check that we don't have Fault node already */
faultNode = xmlSecFindChild(bodyNode, xmlSecNodeFault, xmlSecSoap11Ns);
if(faultNode != NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
xmlSecErrorsSafeString(xmlSecNodeBody),
XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
/* add Fault node */
faultNode = xmlSecAddChild(bodyNode, xmlSecNodeFault, xmlSecSoap11Ns);
if(faultNode == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecAddChild",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeFault));
return(NULL);
}
/* add faultcode node */
cur = xmlSecAddChild(faultNode, xmlSecNodeFaultCode, xmlSecSoap11Ns);
if(cur == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecAddChild",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeFaultCode));
xmlUnlinkNode(faultNode);
xmlFreeNode(faultNode);
return(NULL);
}
/* create qname for fault code */
qname = xmlSecGetQName(cur, faultCodeHref, faultCodeLocalPart);
if(qname == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecGetQName",
XMLSEC_ERRORS_R_XML_FAILED,
"node=%s",
xmlSecErrorsSafeString(cur->name));
xmlUnlinkNode(faultNode);
xmlFreeNode(faultNode);
return(NULL);
}
/* set faultcode value */
xmlNodeSetContent(cur, qname);
xmlFree(qname);
/* add faultstring node */
cur = xmlSecAddChild(faultNode, xmlSecNodeFaultString, xmlSecSoap11Ns);
if(cur == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecAddChild",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeFaultString));
xmlUnlinkNode(faultNode);
xmlFreeNode(faultNode);
return(NULL);
}
/* set faultstring node */
xmlNodeSetContent(cur, faultString);
if(faultActor != NULL) {
/* add faultactor node */
cur = xmlSecAddChild(faultNode, xmlSecNodeFaultActor, xmlSecSoap11Ns);
if(cur == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecAddChild",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeFaultActor));
xmlUnlinkNode(faultNode);
xmlFreeNode(faultNode);
return(NULL);
}
/* set faultactor node */
xmlNodeSetContent(cur, faultActor);
}
return(faultNode);
}
static int
xmlSecBase64Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
xmlSecBase64CtxPtr ctx;
xmlSecBufferPtr in, out;
xmlSecSize inSize, outSize, outLen;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformBase64Id), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncode) || (transform->operation == xmlSecTransformOperationDecode), -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecBase64GetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
in = &(transform->inBuf);
out = &(transform->outBuf);
if(transform->status == xmlSecTransformStatusNone) {
ctx->encode = (transform->operation == xmlSecTransformOperationEncode) ? 1 : 0;
transform->status = xmlSecTransformStatusWorking;
}
switch(transform->status) {
case xmlSecTransformStatusWorking:
inSize = xmlSecBufferGetSize(in);
outSize = xmlSecBufferGetSize(out);
if(inSize > 0) {
if(ctx->encode != 0) {
outLen = 4 * inSize / 3 + 8;
if(ctx->columns > 0) {
outLen += inSize / ctx->columns + 4;
}
} else {
outLen = 3 * inSize / 4 + 8;
}
ret = xmlSecBufferSetMaxSize(out, outSize + outLen);
if(ret < 0) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecBufferSetMaxSize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"size=%d", outSize + outLen);
return(-1);
}
/* encode/decode the next chunk */
ret = xmlSecBase64CtxUpdate(ctx, xmlSecBufferGetData(in), inSize,
xmlSecBufferGetData(out) + outSize,
outLen);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecBase64CtxUpdate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
outLen = ret;
/* set correct size */
ret = xmlSecBufferSetSize(out, outSize + outLen);
if(ret < 0) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecBufferSetSize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"size=%d", outSize + outLen);
return(-1);
}
/* remove chunk from input */
ret = xmlSecBufferRemoveHead(in, inSize);
if(ret < 0) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecBufferRemoveHead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"size=%d", inSize);
return(-1);
}
}
if(last) {
outSize = xmlSecBufferGetSize(out);
ret = xmlSecBufferSetMaxSize(out, outSize + 16);
if(ret < 0) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecBufferSetMaxSize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"size=%d", outSize + 16);
return(-1);
}
/* add from ctx buffer */
ret = xmlSecBase64CtxFinal(ctx, xmlSecBufferGetData(out) + outSize, 16);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecBase64CtxFinal",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
outLen = ret;
/* set correct size */
ret = xmlSecBufferSetSize(out, outSize + outLen);
if(ret < 0) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecBufferSetSize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"size=%d", outSize + outLen);
return(-1);
}
transform->status = xmlSecTransformStatusFinished;
}
break;
case xmlSecTransformStatusFinished:
/* the only way we can get here is if there is no input */
xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
break;
default:
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_STATUS,
"status=%d", transform->status);
return(-1);
}
return(0);
}
/**
* xmlSecBase64Encode:
* @buf: the input buffer.
* @len: the input buffer size.
* @columns: the output max line length (if 0 then no line breaks
* would be inserted)
*
* Encodes the data from input buffer and allocates the string for the result.
* The caller is responsible for freeing returned buffer using
* xmlFree() function.
*
* Returns newly allocated string with base64 encoded data
* or NULL if an error occurs.
*/
xmlChar*
xmlSecBase64Encode(const xmlSecByte *buf, xmlSecSize len, int columns) {
xmlSecBase64Ctx ctx;
xmlChar *ptr;
xmlSecSize size;
int size_update, size_final;
int ret;
xmlSecAssert2(buf != NULL, NULL);
ret = xmlSecBase64CtxInitialize(&ctx, 1, columns);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecBase64CtxInitialize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(NULL);
}
/* create result buffer */
size = (4 * len) / 3 + 4;
if(columns > 0) {
size += (size / columns) + 4;
}
ptr = (xmlChar*) xmlMalloc(size);
if(ptr == NULL) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_MALLOC_FAILED,
"size=%d", size);
xmlSecBase64CtxFinalize(&ctx);
return(NULL);
}
ret = xmlSecBase64CtxUpdate(&ctx, buf, len, (xmlSecByte*)ptr, size);
if(ret < 0) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecBase64CtxUpdate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"len=%d", len);
xmlFree(ptr);
xmlSecBase64CtxFinalize(&ctx);
return(NULL);
}
size_update = ret;
ret = xmlSecBase64CtxFinal(&ctx, ((xmlSecByte*)ptr) + size_update, size - size_update);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecBase64CtxFinal",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlFree(ptr);
xmlSecBase64CtxFinalize(&ctx);
return(NULL);
}
size_final = ret;
ptr[size_update + size_final] = '\0';
xmlSecBase64CtxFinalize(&ctx);
return(ptr);
}
static xmlSecPtr
xmlSecStringListDuplicateItem(xmlSecPtr ptr) {
xmlSecAssert2(ptr != NULL, NULL);
return(xmlStrdup((xmlChar*)ptr));
}
static int
xmlSecTransformXPathNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecPtrListPtr dataList;
xmlSecXPathDataPtr data;
xmlNodePtr cur;
xmlChar* tmp;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPathId), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
dataList = xmlSecXPathTransformGetDataList(transform);
xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);
/* there is only one required node */
cur = xmlSecGetNextElementNode(node->children);
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPath, xmlSecDSigNs))) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_INVALID_NODE,
"expected=%s",
xmlSecErrorsSafeString(xmlSecNodeXPath));
return(-1);
}
/* read information from the node */
data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath);
if(data == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecXPathDataCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
ret = xmlSecXPathDataNodeRead(data, cur);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecXPathDataNodeRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecXPathDataDestroy(data);
return(-1);
}
/* append it to the list */
ret = xmlSecPtrListAdd(dataList, data);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecPtrListAdd",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecXPathDataDestroy(data);
return(-1);
}
/* create full XPath expression */
xmlSecAssert2(data->expr != NULL, -1);
tmp = (xmlChar*) xmlMalloc(sizeof(xmlChar) * (xmlStrlen(data->expr) +
strlen(xpathPattern) + 1));
if(tmp == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_MALLOC_FAILED,
"size=%d",
xmlStrlen(data->expr) + strlen(xpathPattern) + 1);
return(-1);
}
sprintf((char*)tmp, xpathPattern, (char*)data->expr);
xmlFree(data->expr);
data->expr = tmp;
/* set correct node set type and operation */
data->nodeSetOp = xmlSecNodeSetIntersection;
data->nodeSetType = xmlSecNodeSetNormal;
/* check that we have nothing else */
cur = xmlSecGetNextElementNode(cur->next);
if(cur != NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_UNEXPECTED_NODE,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
static int
xmlSecMSCngSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
xmlSecMSCngSignatureCtxPtr ctx;
xmlSecSize inSize;
xmlSecSize outSize;
NTSTATUS status;
DWORD cbData = 0;
DWORD cbHashObject = 0;
int ret;
xmlSecAssert2(xmlSecMSCngSignatureCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngSignatureSize), -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecMSCngSignatureGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->pszHashAlgId != NULL, -1);
inSize = xmlSecBufferGetSize(&transform->inBuf);
outSize = xmlSecBufferGetSize(&transform->outBuf);
if(transform->status == xmlSecTransformStatusNone) {
xmlSecAssert2(outSize == 0, -1);
/* open an algorithm handle */
status = BCryptOpenAlgorithmProvider(
&ctx->hHashAlg,
ctx->pszHashAlgId,
NULL,
0);
if(status != STATUS_SUCCESS) {
xmlSecMSCngNtError("BCryptOpenAlgorithmProvider",
xmlSecTransformGetName(transform), status);
return(-1);
}
/* calculate the size of the buffer to hold the hash object */
status = BCryptGetProperty(
ctx->hHashAlg,
BCRYPT_OBJECT_LENGTH,
(PBYTE)&cbHashObject,
sizeof(DWORD),
&cbData,
0);
if(status != STATUS_SUCCESS) {
xmlSecMSCngNtError("BCryptGetProperty",
xmlSecTransformGetName(transform), status);
return(-1);
}
/* allocate the hash object on the heap */
ctx->pbHashObject = (PBYTE)xmlMalloc(cbHashObject);
if(ctx->pbHashObject == NULL) {
xmlSecMallocError(cbHashObject, NULL);
return(-1);
}
/* calculate the length of the hash */
status = BCryptGetProperty(
ctx->hHashAlg,
BCRYPT_HASH_LENGTH,
(PBYTE)&ctx->cbHash,
sizeof(DWORD),
&cbData,
0);
if(status != STATUS_SUCCESS) {
xmlSecMSCngNtError("BCryptGetProperty",
xmlSecTransformGetName(transform), status);
return(-1);
}
/* allocate the hash buffer on the heap */
ctx->pbHash = (PBYTE)xmlMalloc(ctx->cbHash);
if(ctx->pbHash == NULL) {
xmlSecMallocError(ctx->cbHash, NULL);
return(-1);
}
/* create the hash */
status = BCryptCreateHash(
ctx->hHashAlg,
&ctx->hHash,
ctx->pbHashObject,
cbHashObject,
NULL,
0,
0);
if(status != STATUS_SUCCESS) {
xmlSecMSCngNtError("BCryptCreateHash",
xmlSecTransformGetName(transform), status);
return(-1);
}
transform->status = xmlSecTransformStatusWorking;
}
if((transform->status == xmlSecTransformStatusWorking)) {
if(inSize > 0) {
xmlSecAssert2(outSize == 0, -1);
/* hash some data */
status = BCryptHashData(
ctx->hHash,
(PBYTE)xmlSecBufferGetData(&transform->inBuf),
inSize,
0);
if(status != STATUS_SUCCESS) {
xmlSecMSCngNtError("BCryptHashData",
xmlSecTransformGetName(transform), status);
return(-1);
}
ret = xmlSecBufferRemoveHead(&transform->inBuf, inSize);
if(ret < 0) {
xmlSecInternalError("xmlSecBufferRemoveHead",
xmlSecTransformGetName(transform));
return(-1);
}
}
if(last != 0) {
/* close the hash */
status = BCryptFinishHash(
ctx->hHash,
ctx->pbHash,
ctx->cbHash,
0);
if(status != STATUS_SUCCESS) {
xmlSecMSCngNtError("BCryptFinishHash", xmlSecTransformGetName(transform), status);
return(-1);
}
xmlSecAssert2(ctx->cbHash > 0, -1);
if(transform->operation == xmlSecTransformOperationSign) {
xmlSecNotImplementedError(NULL);
return(-1);
}
transform->status = xmlSecTransformStatusFinished;
}
}
if((transform->status == xmlSecTransformStatusWorking) ||
(transform->status == xmlSecTransformStatusFinished)) {
xmlSecAssert2(xmlSecBufferGetSize(&transform->inBuf) == 0, -1);
} else {
xmlSecInvalidTransfromStatusError(transform);
return(-1);
}
return(0);
}
static int
xmlSecTransformXPath2NodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecPtrListPtr dataList;
xmlSecXPathDataPtr data;
xmlNodePtr cur;
xmlChar* op;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPath2Id), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
dataList = xmlSecXPathTransformGetDataList(transform);
xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);
/* There are only xpath nodes */
cur = xmlSecGetNextElementNode(node->children);
while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeXPath2, xmlSecXPath2Ns)) {
/* read information from the node */
data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath2);
if(data == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecXPathDataCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
ret = xmlSecXPathDataNodeRead(data, cur);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecXPathDataNodeRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecXPathDataDestroy(data);
return(-1);
}
/* append it to the list */
ret = xmlSecPtrListAdd(dataList, data);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecPtrListAdd",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecXPathDataDestroy(data);
return(-1);
}
/* set correct node set type and operation */
data->nodeSetType = xmlSecNodeSetTree;
op = xmlGetProp(cur, xmlSecAttrFilter);
if(op == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecAttrFilter),
XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
return(-1);
}
if(xmlStrEqual(op, xmlSecXPath2FilterIntersect)) {
data->nodeSetOp = xmlSecNodeSetIntersection;
} else if(xmlStrEqual(op, xmlSecXPath2FilterSubtract)) {
data->nodeSetOp = xmlSecNodeSetSubtraction;
} else if(xmlStrEqual(op, xmlSecXPath2FilterUnion)) {
data->nodeSetOp = xmlSecNodeSetUnion;
} else {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecAttrFilter),
XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
"filter=%s",
xmlSecErrorsSafeString(op));
xmlFree(op);
return(-1);
}
xmlFree(op);
cur = xmlSecGetNextElementNode(cur->next);
}
/* check that we have nothing else */
if(cur != NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_UNEXPECTED_NODE,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
static int
xmlSecOpenSSLEvpDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
xmlSecOpenSSLDigestCtxPtr ctx;
xmlSecBufferPtr in, out;
int ret;
xmlSecAssert2(xmlSecOpenSSLEvpDigestCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpDigestSize), -1);
xmlSecAssert2(transformCtx != NULL, -1);
in = &(transform->inBuf);
xmlSecAssert2(in != NULL, -1);
out = &(transform->outBuf);
xmlSecAssert2(out != NULL, -1);
ctx = xmlSecOpenSSLEvpDigestGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->digest != NULL, -1);
if(transform->status == xmlSecTransformStatusNone) {
#ifndef XMLSEC_OPENSSL_096
ret = EVP_DigestInit(&(ctx->digestCtx), ctx->digest);
if(ret != 1) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"EVP_DigestInit",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
#else /* XMLSEC_OPENSSL_096 */
EVP_DigestInit(&(ctx->digestCtx), ctx->digest);
#endif /* XMLSEC_OPENSSL_096 */
transform->status = xmlSecTransformStatusWorking;
}
if(transform->status == xmlSecTransformStatusWorking) {
xmlSecSize inSize;
inSize = xmlSecBufferGetSize(in);
if(inSize > 0) {
#ifndef XMLSEC_OPENSSL_096
ret = EVP_DigestUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize);
if(ret != 1) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"EVP_DigestUpdate",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
"size=%d", inSize);
return(-1);
}
#else /* XMLSEC_OPENSSL_096 */
EVP_DigestUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize);
#endif /* XMLSEC_OPENSSL_096 */
ret = xmlSecBufferRemoveHead(in, inSize);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecBufferRemoveHead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"size=%d", inSize);
return(-1);
}
}
if(last) {
xmlSecAssert2((xmlSecSize)EVP_MD_size(ctx->digest) <= sizeof(ctx->dgst), -1);
#ifndef XMLSEC_OPENSSL_096
ret = EVP_DigestFinal(&(ctx->digestCtx), ctx->dgst, &ctx->dgstSize);
if(ret != 1) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"EVP_DigestFinal",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
#else /* XMLSEC_OPENSSL_096 */
EVP_DigestFinal(&(ctx->digestCtx), ctx->dgst, &ctx->dgstSize);
#endif /* XMLSEC_OPENSSL_096 */
xmlSecAssert2(ctx->dgstSize > 0, -1);
/* copy result to output */
if(transform->operation == xmlSecTransformOperationSign) {
ret = xmlSecBufferAppend(out, ctx->dgst, ctx->dgstSize);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecBufferAppend",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"size=%d", ctx->dgstSize);
return(-1);
}
}
transform->status = xmlSecTransformStatusFinished;
}
} else if(transform->status == xmlSecTransformStatusFinished) {
/* the only way we can get here is if there is no input */
xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
} else {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_STATUS,
"status=%d", transform->status);
return(-1);
}
return(0);
}
/**
* xmlSecTransformXPointerSetExpr:
* @transform: the pointer to XPointer transform.
* @expr: the XPointer expression.
* @nodeSetType: the type of evaluated XPointer expression.
* @hereNode: the pointer to "here" node.
*
* Sets the XPointer expression for an XPointer @transform.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
int
xmlSecTransformXPointerSetExpr(xmlSecTransformPtr transform, const xmlChar* expr,
xmlSecNodeSetType nodeSetType, xmlNodePtr hereNode) {
xmlSecPtrListPtr dataList;
xmlSecXPathDataPtr data;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPointerId), -1);
xmlSecAssert2(transform->hereNode == NULL, -1);
xmlSecAssert2(expr != NULL, -1);
xmlSecAssert2(hereNode != NULL, -1);
transform->hereNode = hereNode;
dataList = xmlSecXPathTransformGetDataList(transform);
xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);
data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPointer);
if(data == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecXPathDataCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
ret = xmlSecXPathDataRegisterNamespaces(data, hereNode);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecXPathDataRegisterNamespaces",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecXPathDataDestroy(data);
return(-1);
}
ret = xmlSecXPathDataSetExpr(data, expr);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecXPathDataSetExpr",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecXPathDataDestroy(data);
return(-1);
}
/* append it to the list */
ret = xmlSecPtrListAdd(dataList, data);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecPtrListAdd",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecXPathDataDestroy(data);
return(-1);
}
/* set correct node set type and operation */
data->nodeSetOp = xmlSecNodeSetIntersection;
data->nodeSetType = nodeSetType;
return(0);
}
/**
* xmlSecOpenSSLX509StoreVerify:
* @store: the pointer to X509 key data store klass.
* @certs: the untrusted certificates stack.
* @crls: the crls stack.
* @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
*
* Verifies @certs list.
*
* Returns: pointer to the first verified certificate from @certs.
*/
X509*
xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509* certs,
XMLSEC_STACK_OF_X509_CRL* crls, xmlSecKeyInfoCtx* keyInfoCtx) {
xmlSecOpenSSLX509StoreCtxPtr ctx;
STACK_OF(X509)* certs2 = NULL;
STACK_OF(X509_CRL)* crls2 = NULL;
X509 * res = NULL;
X509 * cert;
X509 * err_cert = NULL;
X509_STORE_CTX *xsc;
char buf[256];
int err = 0;
int i;
int ret;
xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecOpenSSLX509StoreId), NULL);
xmlSecAssert2(certs != NULL, NULL);
xmlSecAssert2(keyInfoCtx != NULL, NULL);
xsc = X509_STORE_CTX_new();
if(xsc == NULL) {
xmlSecOpenSSLError(xmlSecKeyDataStoreGetName(store), "X509_STORE_CTX_new");
goto done;
}
ctx = xmlSecOpenSSLX509StoreGetCtx(store);
xmlSecAssert2(ctx != NULL, NULL);
xmlSecAssert2(ctx->xst != NULL, NULL);
/* dup certs */
certs2 = sk_X509_dup(certs);
if(certs2 == NULL) {
xmlSecOpenSSLError(xmlSecKeyDataStoreGetName(store), "sk_X509_dup");
goto done;
}
/* add untrusted certs from the store */
if(ctx->untrusted != NULL) {
for(i = 0; i < sk_X509_num(ctx->untrusted); ++i) {
ret = sk_X509_push(certs2, sk_X509_value(ctx->untrusted, i));
if(ret < 1) {
xmlSecOpenSSLError(xmlSecKeyDataStoreGetName(store), "sk_X509_push");
goto done;
}
}
}
/* dup crls but remove all non-verified */
if(crls != NULL) {
crls2 = sk_X509_CRL_dup(crls);
if(crls2 == NULL) {
xmlSecOpenSSLError(xmlSecKeyDataStoreGetName(store), "sk_X509_CRL_dup");
goto done;
}
for(i = 0; i < sk_X509_CRL_num(crls2); ) {
ret = xmlSecOpenSSLX509VerifyCRL(ctx->xst, sk_X509_CRL_value(crls2, i));
if(ret == 1) {
++i;
} else if(ret == 0) {
(void)sk_X509_CRL_delete(crls2, i);
} else {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
"xmlSecOpenSSLX509VerifyCRL",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
}
}
/* remove all revoked certs */
for(i = 0; i < sk_X509_num(certs2);) {
cert = sk_X509_value(certs2, i);
if(crls2 != NULL) {
ret = xmlSecOpenSSLX509VerifyCertAgainstCrls(crls2, cert);
if(ret == 0) {
(void)sk_X509_delete(certs2, i);
continue;
} else if(ret != 1) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
"xmlSecOpenSSLX509VerifyCertAgainstCrls",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
}
if(ctx->crls != NULL) {
ret = xmlSecOpenSSLX509VerifyCertAgainstCrls(ctx->crls, cert);
if(ret == 0) {
(void)sk_X509_delete(certs2, i);
continue;
} else if(ret != 1) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
"xmlSecOpenSSLX509VerifyCertAgainstCrls",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
}
++i;
}
/* get one cert after another and try to verify */
for(i = 0; i < sk_X509_num(certs2); ++i) {
cert = sk_X509_value(certs2, i);
if(xmlSecOpenSSLX509FindNextChainCert(certs2, cert) == NULL) {
ret = X509_STORE_CTX_init(xsc, ctx->xst, cert, certs2);
if(ret != 1) {
xmlSecOpenSSLError(xmlSecKeyDataStoreGetName(store),
"X509_STORE_CTX_init");
goto done;
}
if(keyInfoCtx->certsVerificationTime > 0) {
X509_STORE_CTX_set_time(xsc, 0, keyInfoCtx->certsVerificationTime);
}
{
X509_VERIFY_PARAM * vpm = NULL;
unsigned long vpm_flags = 0;
vpm = X509_VERIFY_PARAM_new();
if(vpm == NULL) {
xmlSecOpenSSLError(xmlSecKeyDataStoreGetName(store),
"X509_VERIFY_PARAM_new");
goto done;
}
vpm_flags = X509_VERIFY_PARAM_get_flags(vpm);
vpm_flags &= (~X509_V_FLAG_CRL_CHECK);
if(keyInfoCtx->certsVerificationTime > 0) {
vpm_flags |= X509_V_FLAG_USE_CHECK_TIME;
X509_VERIFY_PARAM_set_time(vpm, keyInfoCtx->certsVerificationTime);
}
X509_VERIFY_PARAM_set_depth(vpm, keyInfoCtx->certsVerificationDepth);
X509_VERIFY_PARAM_set_flags(vpm, vpm_flags);
X509_STORE_CTX_set0_param(xsc, vpm);
}
ret = X509_verify_cert(xsc);
err_cert = X509_STORE_CTX_get_current_cert(xsc);
err = X509_STORE_CTX_get_error(xsc);
X509_STORE_CTX_cleanup (xsc);
if(ret == 1) {
res = cert;
goto done;
} else if(ret < 0) {
const char* err_msg;
buf[0] = '\0';
X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof buf);
err_msg = X509_verify_cert_error_string(err);
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
"X509_verify_cert",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
"subj=%s;err=%d;msg=%s",
xmlSecErrorsSafeString(buf),
err,
xmlSecErrorsSafeString(err_msg));
goto done;
} else if(ret == 0) {
const char* err_msg;
buf[0] = '\0';
X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof buf);
err_msg = X509_verify_cert_error_string(err);
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
"X509_verify_cert",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
"subj=%s;err=%d;msg=%s",
xmlSecErrorsSafeString(buf),
err,
xmlSecErrorsSafeString(err_msg));
}
}
}
/* if we came here then we found nothing. do we have any error? */
if((err != 0) && (err_cert != NULL)) {
const char* err_msg;
err_msg = X509_verify_cert_error_string(err);
switch (err) {
case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, sizeof buf);
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
NULL,
XMLSEC_ERRORS_R_CERT_ISSUER_FAILED,
"err=%d;msg=%s;issuer=%s",
err,
xmlSecErrorsSafeString(err_msg),
xmlSecErrorsSafeString(buf));
break;
case X509_V_ERR_CERT_NOT_YET_VALID:
case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
NULL,
XMLSEC_ERRORS_R_CERT_NOT_YET_VALID,
"err=%d;msg=%s", err,
xmlSecErrorsSafeString(err_msg));
break;
case X509_V_ERR_CERT_HAS_EXPIRED:
case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
NULL,
XMLSEC_ERRORS_R_CERT_HAS_EXPIRED,
"err=%d;msg=%s", err,
xmlSecErrorsSafeString(err_msg));
break;
default:
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
NULL,
XMLSEC_ERRORS_R_CERT_VERIFY_FAILED,
"err=%d;msg=%s", err,
xmlSecErrorsSafeString(err_msg));
}
}
done:
if(certs2 != NULL) {
sk_X509_free(certs2);
}
if(crls2 != NULL) {
sk_X509_CRL_free(crls2);
}
if(xsc != NULL) {
X509_STORE_CTX_free(xsc);
}
return(res);
}
static int
xmlSecTransformXPointerNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecPtrListPtr dataList;
xmlSecXPathDataPtr data;
xmlNodePtr cur;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPointerId), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
dataList = xmlSecXPathTransformGetDataList(transform);
xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);
/* there is only one required node */
cur = xmlSecGetNextElementNode(node->children);
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPointer, xmlSecXPointerNs))) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_INVALID_NODE,
"expected=%s",
xmlSecErrorsSafeString(xmlSecNodeXPath));
return(-1);
}
/* read information from the node */
data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPointer);
if(data == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecXPathDataCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
ret = xmlSecXPathDataNodeRead(data, cur);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecXPathDataNodeRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecXPathDataDestroy(data);
return(-1);
}
/* append it to the list */
ret = xmlSecPtrListAdd(dataList, data);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecPtrListAdd",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecXPathDataDestroy(data);
return(-1);
}
/* set correct node set type and operation */
data->nodeSetOp = xmlSecNodeSetIntersection;
data->nodeSetType = xmlSecNodeSetTree;
/* check that we have nothing else */
cur = xmlSecGetNextElementNode(cur->next);
if(cur != NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_UNEXPECTED_NODE,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
static int
xmlSecGCryptKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
xmlSecGCryptKWAesCtxPtr ctx;
xmlSecBufferPtr in, out;
xmlSecSize inSize, outSize, keySize;
int ret;
xmlSecAssert2(xmlSecGCryptKWAesCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptKWAesSize), -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecGCryptKWAesGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
keySize = xmlSecBufferGetSize(&(ctx->keyBuffer));
xmlSecAssert2(keySize == ctx->keyExpectedSize, -1);
in = &(transform->inBuf);
out = &(transform->outBuf);
inSize = xmlSecBufferGetSize(in);
outSize = xmlSecBufferGetSize(out);
xmlSecAssert2(outSize == 0, -1);
if(transform->status == xmlSecTransformStatusNone) {
transform->status = xmlSecTransformStatusWorking;
}
if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
/* just do nothing */
} else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
if((inSize % 8) != 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_SIZE,
"size=%d(not 8 bytes aligned)", inSize);
return(-1);
}
if(transform->operation == xmlSecTransformOperationEncrypt) {
/* the encoded key might be 8 bytes longer plus 8 bytes just in case */
outSize = inSize + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE +
XMLSEC_KW_AES_BLOCK_SIZE;
} else {
outSize = inSize + XMLSEC_KW_AES_BLOCK_SIZE;
}
ret = xmlSecBufferSetMaxSize(out, outSize);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecBufferSetMaxSize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"outSize=%d", outSize);
return(-1);
}
if(transform->operation == xmlSecTransformOperationEncrypt) {
ret = xmlSecKWAesEncode(&xmlSecGCryptKWAesKlass, ctx,
xmlSecBufferGetData(in), inSize,
xmlSecBufferGetData(out), outSize);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecKWAesEncode",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
outSize = ret;
} else {
ret = xmlSecKWAesDecode(&xmlSecGCryptKWAesKlass, ctx,
xmlSecBufferGetData(in), inSize,
xmlSecBufferGetData(out), outSize);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecKWAesEncode",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
outSize = ret;
}
ret = xmlSecBufferSetSize(out, outSize);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecBufferSetSize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"outSize=%d", outSize);
return(-1);
}
ret = xmlSecBufferRemoveHead(in, inSize);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecBufferRemoveHead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"inSize%d", inSize);
return(-1);
}
transform->status = xmlSecTransformStatusFinished;
} else if(transform->status == xmlSecTransformStatusFinished) {
/* the only way we can get here is if there is no input */
xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
} else {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_STATUS,
"status=%d", transform->status);
return(-1);
}
return(0);
}
static int
xmlSecNodeSetOneContains(xmlSecNodeSetPtr nset, xmlNodePtr node, xmlNodePtr parent) {
int in_nodes_set = 1;
xmlSecAssert2(nset != NULL, 0);
xmlSecAssert2(node != NULL, 0);
/* special cases: */
switch(nset->type) {
case xmlSecNodeSetTreeWithoutComments:
case xmlSecNodeSetTreeWithoutCommentsInvert:
if(node->type == XML_COMMENT_NODE) {
return(0);
}
break;
case xmlSecNodeSetList:
return(xmlSecNodeSetContains(nset->children, node, parent));
default:
break;
}
if(nset->nodes != NULL) {
if(node->type != XML_NAMESPACE_DECL) {
in_nodes_set = xmlXPathNodeSetContains(nset->nodes, node);
} else {
xmlNs ns;
memcpy(&ns, node, sizeof(ns));
if((parent != NULL) && (parent->type == XML_ATTRIBUTE_NODE)) {
ns.next = (xmlNsPtr)parent->parent;
} else {
ns.next = (xmlNsPtr)parent;
}
/*
* If the input is an XPath node-set, then the node-set must explicitly
* contain every node to be rendered to the canonical form.
*/
in_nodes_set = (xmlXPathNodeSetContains(nset->nodes, (xmlNodePtr)&ns));
}
}
switch(nset->type) {
case xmlSecNodeSetNormal:
return(in_nodes_set);
case xmlSecNodeSetInvert:
return(!in_nodes_set);
case xmlSecNodeSetTree:
case xmlSecNodeSetTreeWithoutComments:
if(in_nodes_set) {
return(1);
}
if((parent != NULL) && (parent->type == XML_ELEMENT_NODE)) {
return(xmlSecNodeSetOneContains(nset, parent, parent->parent));
}
return(0);
case xmlSecNodeSetTreeInvert:
case xmlSecNodeSetTreeWithoutCommentsInvert:
if(in_nodes_set) {
return(0);
}
if((parent != NULL) && (parent->type == XML_ELEMENT_NODE)) {
return(xmlSecNodeSetOneContains(nset, parent, parent->parent));
}
return(1);
default:
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_INVALID_TYPE,
"type=%d", nset->type);
}
return(0);
}
int
xmlSecNssAppliedKeysMngrPriKeyLoad(
xmlSecKeysMngrPtr mngr ,
SECKEYPrivateKey* priKey
) {
xmlSecKeyPtr key ;
xmlSecKeyDataPtr data ;
xmlSecKeyStorePtr keyStore ;
xmlSecAssert2( mngr != NULL , -1 ) ;
xmlSecAssert2( priKey != NULL , -1 ) ;
keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
if( keyStore == NULL ) {
xmlSecError( XMLSEC_ERRORS_HERE ,
NULL ,
"xmlSecKeysMngrGetKeysStore" ,
XMLSEC_ERRORS_R_XMLSEC_FAILED ,
XMLSEC_ERRORS_NO_MESSAGE ) ;
return(-1) ;
}
xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
if( data == NULL ) {
xmlSecError( XMLSEC_ERRORS_HERE ,
NULL ,
"xmlSecNssPKIAdoptKey" ,
XMLSEC_ERRORS_R_XMLSEC_FAILED ,
XMLSEC_ERRORS_NO_MESSAGE ) ;
return(-1) ;
}
key = xmlSecKeyCreate() ;
if( key == NULL ) {
xmlSecError( XMLSEC_ERRORS_HERE ,
NULL ,
"xmlSecNssSymKeyDataKeyAdopt" ,
XMLSEC_ERRORS_R_XMLSEC_FAILED ,
XMLSEC_ERRORS_NO_MESSAGE ) ;
xmlSecKeyDataDestroy( data ) ;
return(-1) ;
}
if( xmlSecKeySetValue( key , data ) < 0 ) {
xmlSecError( XMLSEC_ERRORS_HERE ,
NULL ,
"xmlSecNssSymKeyDataKeyAdopt" ,
XMLSEC_ERRORS_R_XMLSEC_FAILED ,
XMLSEC_ERRORS_NO_MESSAGE ) ;
xmlSecKeyDataDestroy( data ) ;
return(-1) ;
}
if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
xmlSecError( XMLSEC_ERRORS_HERE ,
NULL ,
"xmlSecNssSymKeyDataKeyAdopt" ,
XMLSEC_ERRORS_R_XMLSEC_FAILED ,
XMLSEC_ERRORS_NO_MESSAGE ) ;
xmlSecKeyDestroy( key ) ;
return(-1) ;
}
return(0) ;
}
static int
xmlSecNodeSetWalkRecursive(xmlSecNodeSetPtr nset, xmlSecNodeSetWalkCallback walkFunc,
void* data, xmlNodePtr cur, xmlNodePtr parent) {
int ret;
xmlSecAssert2(nset != NULL, -1);
xmlSecAssert2(cur != NULL, -1);
xmlSecAssert2(walkFunc != NULL, -1);
/* the node itself */
if(xmlSecNodeSetContains(nset, cur, parent)) {
ret = walkFunc(nset, cur, parent, data);
if(ret < 0) {
return(ret);
}
}
/* element node has attributes, namespaces */
if(cur->type == XML_ELEMENT_NODE) {
xmlAttrPtr attr;
xmlNodePtr node;
xmlNsPtr ns, tmp;
attr = (xmlAttrPtr)cur->properties;
while(attr != NULL) {
if(xmlSecNodeSetContains(nset, (xmlNodePtr)attr, cur)) {
ret = walkFunc(nset, (xmlNodePtr)attr, cur, data);
if(ret < 0) {
return(ret);
}
}
attr = attr->next;
}
node = cur;
while(node != NULL) {
ns = node->nsDef;
while(ns != NULL) {
tmp = xmlSearchNs(nset->doc, cur, ns->prefix);
if((tmp == ns) && xmlSecNodeSetContains(nset, (xmlNodePtr)ns, cur)) {
ret = walkFunc(nset, (xmlNodePtr)ns, cur, data);
if(ret < 0) {
return(ret);
}
}
ns = ns->next;
}
node = node->parent;
}
}
/* element and document nodes have children */
if((cur->type == XML_ELEMENT_NODE) || (cur->type == XML_DOCUMENT_NODE)) {
xmlNodePtr node;
node = cur->children;
while(node != NULL) {
ret = xmlSecNodeSetWalkRecursive(nset, walkFunc, data, node, cur);
if(ret < 0) {
return(ret);
}
node = node->next;
}
}
return(0);
}
static int
xmlSecNssDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
xmlSecNssDigestCtxPtr ctx;
xmlSecBufferPtr in, out;
SECStatus rv;
int ret;
xmlSecAssert2(xmlSecNssDigestCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(transformCtx != NULL, -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssDigestSize), -1);
ctx = xmlSecNssDigestGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->digestCtx != NULL, -1);
in = &(transform->inBuf);
out = &(transform->outBuf);
if(transform->status == xmlSecTransformStatusNone) {
rv = PK11_DigestBegin(ctx->digestCtx);
if(rv != SECSuccess) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"PK11_DigestBegin",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
"error code=%d", PORT_GetError());
return(-1);
}
transform->status = xmlSecTransformStatusWorking;
}
if(transform->status == xmlSecTransformStatusWorking) {
xmlSecSize inSize;
inSize = xmlSecBufferGetSize(in);
if(inSize > 0) {
rv = PK11_DigestOp(ctx->digestCtx, xmlSecBufferGetData(in), inSize);
if (rv != SECSuccess) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"PK11_DigestOp",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
"error code=%d", PORT_GetError());
return(-1);
}
ret = xmlSecBufferRemoveHead(in, inSize);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecBufferRemoveHead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"size=%d", inSize);
return(-1);
}
}
if(last) {
unsigned int dgstSize;
rv = PK11_DigestFinal(ctx->digestCtx, ctx->dgst, &dgstSize, sizeof(ctx->dgst));
if(rv != SECSuccess) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"PK11_DigestFinal",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
"error code=%d", PORT_GetError());
return(-1);
}
xmlSecAssert2(dgstSize > 0, -1);
ctx->dgstSize = XMLSEC_SIZE_BAD_CAST(dgstSize);
if(transform->operation == xmlSecTransformOperationSign) {
ret = xmlSecBufferAppend(out, ctx->dgst, ctx->dgstSize);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecBufferAppend",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"size=%d", ctx->dgstSize);
return(-1);
}
}
transform->status = xmlSecTransformStatusFinished;
}
} else if(transform->status == xmlSecTransformStatusFinished) {
/* the only way we can get here is if there is no input */
xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
} else {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_STATUS,
"status=%d", transform->status);
return(-1);
}
return(0);
}
/**
* xmlSecPtrListGetSize:
* @list: the pointer to list.
*
* Gets list size.
*
* Returns the number of itmes in @list.
*/
xmlSecSize
xmlSecPtrListGetSize(xmlSecPtrListPtr list) {
xmlSecAssert2(xmlSecPtrListIsValid(list), 0);
return(list->use);
}
/**
* xmlSecEncCtxXmlEncrypt:
* @encCtx: the pointer to <enc:EncryptedData/> processing context.
* @tmpl: the pointer to <enc:EncryptedData/> template node.
* @node: the pointer to node for encryption.
*
* Encrypts @node according to template @tmpl. If requested, @node is replaced
* with result <enc:EncryptedData/> node.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
int
xmlSecEncCtxXmlEncrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr tmpl, xmlNodePtr node) {
xmlOutputBufferPtr output;
int ret;
xmlSecAssert2(encCtx != NULL, -1);
xmlSecAssert2(encCtx->result == NULL, -1);
xmlSecAssert2(tmpl != NULL, -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(node->doc != NULL, -1);
/* initialize context and add ID atributes to the list of known ids */
encCtx->operation = xmlSecTransformOperationEncrypt;
xmlSecAddIDs(tmpl->doc, tmpl, xmlSecEncIds);
/* read the template and set encryption method, key, etc. */
ret = xmlSecEncCtxEncDataNodeRead(encCtx, tmpl);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecEncCtxEncDataNodeRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
ret = xmlSecTransformCtxPrepare(&(encCtx->transformCtx), xmlSecTransformDataTypeBin);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecTransformCtxPrepare",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"type=bin");
return(-1);
}
xmlSecAssert2(encCtx->transformCtx.first != NULL, -1);
output = xmlSecTransformCreateOutputBuffer(encCtx->transformCtx.first,
&(encCtx->transformCtx));
if(output == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(encCtx->transformCtx.first)),
"xmlSecTransformCreateOutputBuffer",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
/* push data thru */
if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncElement)) {
/* get the content of the node */
xmlNodeDumpOutput(output, node->doc, node, 0, 0, NULL);
} else if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncContent)) {
xmlNodePtr cur;
/* get the content of the nodes childs */
for(cur = node->children; cur != NULL; cur = cur->next) {
xmlNodeDumpOutput(output, node->doc, cur, 0, 0, NULL);
}
} else {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_INVALID_TYPE,
"type=%s",
xmlSecErrorsSafeString(encCtx->type));
xmlOutputBufferClose(output);
return(-1);
}
/* close the buffer and flush everything */
ret = xmlOutputBufferClose(output);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlOutputBufferClose",
XMLSEC_ERRORS_R_XML_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
encCtx->result = encCtx->transformCtx.result;
xmlSecAssert2(encCtx->result != NULL, -1);
ret = xmlSecEncCtxEncDataNodeWrite(encCtx);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecEncCtxEncDataNodeWrite",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
/* now we need to update our original document */
if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncElement)) {
/* check if we need to return the replaced node */
if((encCtx->flags & XMLSEC_ENC_RETURN_REPLACED_NODE) != 0) {
ret = xmlSecReplaceNodeAndReturn(node, tmpl, &(encCtx->replacedNodeList));
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecReplaceNode",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
return(-1);
}
} else {
ret = xmlSecReplaceNode(node, tmpl);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecReplaceNode",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
return(-1);
}
}
encCtx->resultReplaced = 1;
} else if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncContent)) {
/* check if we need to return the replaced node */
if((encCtx->flags & XMLSEC_ENC_RETURN_REPLACED_NODE) != 0) {
ret = xmlSecReplaceContentAndReturn(node, tmpl, &(encCtx->replacedNodeList));
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecReplaceContentAndReturn",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
return(-1);
}
} else {
ret = xmlSecReplaceContent(node, tmpl);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecReplaceContent",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
return(-1);
}
}
encCtx->resultReplaced = 1;
} else {
/* we should've catached this error before */
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_INVALID_TYPE,
"type=%s",
xmlSecErrorsSafeString(encCtx->type));
return(-1);
}
return(0);
}
static xmlSecBase64Status
xmlSecBase64CtxDecodeByte(xmlSecBase64CtxPtr ctx, xmlSecByte inByte, xmlSecByte* outByte) {
xmlSecAssert2(ctx != NULL, xmlSecBase64StatusFailed);
xmlSecAssert2(outByte != NULL, xmlSecBase64StatusFailed);
if((ctx->finished != 0) && (ctx->inPos == 0)) {
return(xmlSecBase64StatusDone);
} if(inByte == '=') {
ctx->finished = 1;
if(ctx->inPos < 2) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_INVALID_DATA,
"ctx->inPos=%d", ctx->inPos);
return(xmlSecBase64StatusFailed);
} else if(ctx->inPos == 2) {
++ctx->inPos;
return(xmlSecBase64StatusNext);
} else if(ctx->inPos == 3) {
ctx->inPos = 0;
return(xmlSecBase64StatusNext);
} else {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_INVALID_DATA,
"ctx->inPos=%d", ctx->inPos);
return(xmlSecBase64StatusFailed);
}
} else if(xmlSecIsBase64Space(inByte)) {
return(xmlSecBase64StatusNext);
} else if(!xmlSecIsBase64Char(inByte) || (ctx->finished != 0)) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_INVALID_DATA,
"inByte=0x%02x", inByte);
return(xmlSecBase64StatusFailed);
}
/* convert from character to position in base64 array */
if((inByte >= 'A') && (inByte <= 'Z')) {
inByte = (inByte - 'A');
} else if((inByte >= 'a') && (inByte <= 'z')) {
inByte = 26 + (inByte - 'a');
} else if((inByte >= '0') && (inByte <= '9')) {
inByte = 52 + (inByte - '0');
} else if(inByte == '+') {
inByte = 62;
} else if(inByte == '/') {
inByte = 63;
}
if(ctx->inPos == 0) {
ctx->inByte = inByte;
++ctx->inPos;
return(xmlSecBase64StatusNext);
} else if(ctx->inPos == 1) {
(*outByte) = xmlSecBase64Decode1(ctx->inByte, inByte);
ctx->inByte = inByte;
++ctx->inPos;
return(xmlSecBase64StatusConsumeAndNext);
} else if(ctx->inPos == 2) {
(*outByte) = xmlSecBase64Decode2(ctx->inByte, inByte);
ctx->inByte = inByte;
++ctx->inPos;
return(xmlSecBase64StatusConsumeAndNext);
} else if(ctx->inPos == 3) {
(*outByte) = xmlSecBase64Decode3(ctx->inByte, inByte);
ctx->inByte = 0;
ctx->inPos = 0;
return(xmlSecBase64StatusConsumeAndNext);
}
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_INVALID_DATA,
"ctx->inPos=%d", ctx->inPos);
return(xmlSecBase64StatusFailed);
}
