int
xmlSecAppCryptoSimpleKeysMngrKeyGenerate(xmlSecKeysMngrPtr mngr, const char* keyKlassAndSize, const char* name) {
xmlSecKeyPtr key;
int ret;
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(keyKlassAndSize != NULL, -1);
key = xmlSecAppCryptoKeyGenerate(keyKlassAndSize, name, xmlSecKeyDataTypePermanent);
if(key == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecAppCryptoSimpleKeysMngrKeyGenerate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"name=%s",
xmlSecErrorsSafeString(name));
return(-1);
}
ret = xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecCryptoAppDefaultKeysMngrAdoptKey",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDestroy(key);
return(-1);
}
return(0);
}
//Load public key from a certificate file into key manager
xmlSecKeysMngrPtr load_key_from_certfile(xmlSecKeysMngrPtr* keys_manager, const char* certfile) {
xmlSecKeysMngrPtr keys_mngr;
if((keys_manager != NULL) && (*keys_manager != NULL)) keys_mngr = *keys_manager;
else {
keys_mngr = xmlSecKeysMngrCreate();
//initialize keys manager
if (xmlSecCryptoAppDefaultKeysMngrInit(keys_mngr)<0) {
std::cerr<<"Can not initialize xmlSecKeysMngr object"<<std::endl;
xmlSecKeysMngrDestroy(keys_mngr); return NULL;
}
}
if(keys_mngr == NULL) { std::cerr<<"Can not create xmlSecKeysMngr object"<<std::endl; return NULL;}
std::string cert_str;
cert_str = get_cert_str(certfile);
xmlSecKeyPtr key = get_key_from_certstr(cert_str);
if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(keys_mngr, key) < 0) {
std::cerr<<"Failed to add key from "<<certfile<<" to keys manager"<<std::endl;
xmlSecKeyDestroy(key);
xmlSecKeysMngrDestroy(keys_mngr);
return NULL;
}
if(keys_manager != NULL) keys_manager = &keys_mngr;
return keys_mngr;
}
int
xmlSecAppCryptoSimpleKeysMngrBinaryKeyLoad(xmlSecKeysMngrPtr mngr, const char* keyKlass, const char *filename, const char *name) {
xmlSecKeyPtr key;
xmlSecKeyDataId dataId;
int ret;
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(keyKlass != NULL, -1);
xmlSecAssert2(filename != NULL, -1);
/* find requested data */
dataId = xmlSecKeyDataIdListFindByName(xmlSecKeyDataIdsGet(), BAD_CAST keyKlass,
xmlSecKeyDataUsageAny);
if(dataId == xmlSecKeyDataIdUnknown) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyDataIdListFindByName",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"name=%s",
xmlSecErrorsSafeString(keyKlass));
return(-1);
}
key = xmlSecKeyReadBinaryFile(dataId, filename);
if(key == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyReadBinaryFile",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
ret = xmlSecKeySetName(key, BAD_CAST name);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeySetName",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"name=%s",
xmlSecErrorsSafeString(name));
xmlSecKeyDestroy(key);
return(-1);
}
/* finally add it to keys manager */
ret = xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecCryptoAppDefaultKeysMngrAdoptKey",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDestroy(key);
return(-1);
}
return(0);
}
CAMLprim value xmlsecml_xmlSecCryptoAppDefaultKeysMngrAdoptKey(value camlKeyManager, value camlKey)
{
CAMLparam2(camlKeyManager, camlKey);
int res;
xmlSecKeysMngrPtr keyManager = Keymngr_val(camlKeyManager);
xmlSecKeyPtr key = Key_val(camlKey);
res = xmlSecCryptoAppDefaultKeysMngrAdoptKey(keyManager, key);
CAMLreturn(Val_int(res));
}
/**
* load_des_keys:
* @files: the list of filenames.
* @files_size: the number of filenames in #files.
*
* Creates simple keys manager and load DES keys from #files in it.
* The caller is responsible for destroing returned keys manager using
* @xmlSecKeysMngrDestroy.
*
* Returns the pointer to newly created keys manager or NULL if an error
* occurs.
*/
xmlSecKeysMngrPtr
load_des_keys(char** files, int files_size) {
xmlSecKeysMngrPtr mngr;
xmlSecKeyPtr key;
int i;
assert(files);
assert(files_size > 0);
/* create and initialize keys manager, we use a simple list based
* keys manager, implement your own xmlSecKeysStore klass if you need
* something more sophisticated
*/
mngr = xmlSecKeysMngrCreate();
if(mngr == NULL) {
fprintf(stderr, "Error: failed to create keys manager.\n");
return(NULL);
}
if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
fprintf(stderr, "Error: failed to initialize keys manager.\n");
xmlSecKeysMngrDestroy(mngr);
return(NULL);
}
for(i = 0; i < files_size; ++i) {
assert(files[i]);
/* load DES key */
key = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, files[i]);
if(key == NULL) {
fprintf(stderr,"Error: failed to load des key from binary file \"%s\"\n", files[i]);
xmlSecKeysMngrDestroy(mngr);
return(NULL);
}
/* set key name to the file name, this is just an example! */
if(xmlSecKeySetName(key, BAD_CAST files[i]) < 0) {
fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", files[i]);
xmlSecKeyDestroy(key);
xmlSecKeysMngrDestroy(mngr);
return(NULL);
}
/* add key to keys manager, from now on keys manager is responsible
* for destroying key
*/
if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key) < 0) {
fprintf(stderr,"Error: failed to add key from \"%s\" to keys manager\n", files[i]);
xmlSecKeyDestroy(key);
xmlSecKeysMngrDestroy(mngr);
return(NULL);
}
}
return(mngr);
}
int
xmlSecAppCryptoSimpleKeysMngrPkcs12KeyLoad(xmlSecKeysMngrPtr mngr, const char *filename, const char* pwd, const char *name) {
xmlSecKeyPtr key;
int ret;
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(filename != NULL, -1);
#ifndef XMLSEC_NO_X509
key = xmlSecCryptoAppKeyLoad(filename, xmlSecKeyDataFormatPkcs12, pwd,
xmlSecCryptoAppGetDefaultPwdCallback(), (void*)filename);
if(key == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecCryptoAppKeyLoad",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"filename=%s",
xmlSecErrorsSafeString(filename));
return(-1);
}
if(name != NULL) {
ret = xmlSecKeySetName(key, BAD_CAST name);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeySetName",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"name=%s",
xmlSecErrorsSafeString(name));
xmlSecKeyDestroy(key);
return(-1);
}
}
ret = xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecCryptoAppDefaultKeysMngrAdoptKey",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDestroy(key);
return(-1);
}
return(0);
#else /* XMLSEC_NO_X509 */
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"x509",
XMLSEC_ERRORS_R_DISABLED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
#endif /* XMLSEC_NO_X509 */
}
static int addRubyKeyToManager(VALUE rb_key, VALUE rb_value, VALUE rb_manager) {
xmlSecKeysMngrPtr keyManager = (xmlSecKeysMngrPtr)rb_manager;
char *keyName, *keyData;
unsigned int keyDataLength;
xmlSecKeyPtr key;
Check_Type(rb_key, T_STRING);
Check_Type(rb_value, T_STRING);
keyName = RSTRING_PTR(rb_key);
keyData = RSTRING_PTR(rb_value);
keyDataLength = RSTRING_LEN(rb_value);
// load key
key = xmlSecCryptoAppKeyLoadMemory((xmlSecByte *)keyData,
keyDataLength,
xmlSecKeyDataFormatPem,
NULL, // password
NULL, NULL);
if (key == NULL) {
rb_warn("failed to load '%s' public or private pem key", keyName);
return ST_CONTINUE;
}
// set key name
if (xmlSecKeySetName(key, BAD_CAST keyName) < 0) {
rb_warn("failed to set key name for key '%s'", keyName);
return ST_CONTINUE;
}
// add key to key manager; from now on the manager is responsible for
// destroying the key
if (xmlSecCryptoAppDefaultKeysMngrAdoptKey(keyManager, key) < 0) {
rb_warn("failed to add key '%s' to key manager", keyName);
return ST_CONTINUE;
}
return ST_CONTINUE;
}
xmlSecKeysMngrPtr load_certificates_sign(opendcp_t *opendcp) {
xmlSecKeysMngrPtr key_manager;
xmlSecKeyPtr key;
/* create and initialize keys manager */
key_manager = xmlSecKeysMngrCreate();
if (key_manager == NULL) {
fprintf(stderr, "Error: failed to create keys manager.\n");
return(NULL);
}
if (xmlSecCryptoAppDefaultKeysMngrInit(key_manager) < 0) {
fprintf(stderr, "Error: failed to initialize keys manager.\n");
xmlSecKeysMngrDestroy(key_manager);
return(NULL);
}
/* read key file */
if (opendcp->xml_signature.private_key) {
key = xmlSecCryptoAppKeyLoad(opendcp->xml_signature.private_key, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
} else {
key = xmlSecCryptoAppKeyLoadMemory(opendcp_private_key, strlen((char *)opendcp_private_key),xmlSecKeyDataFormatPem, NULL, NULL, NULL);
}
if (xmlSecCryptoAppDefaultKeysMngrAdoptKey(key_manager, key) < 0) {
fprintf(stderr, "Error: failed to initialize keys manager.\n");
xmlSecKeysMngrDestroy(key_manager);
return(NULL);
}
/* load root certificate */
if (opendcp->xml_signature.root) {
if (xmlSecCryptoAppKeysMngrCertLoad(key_manager, opendcp->xml_signature.root, xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
fprintf(stderr,"Error: failed to load pem certificate \"%s\"\n", opendcp->xml_signature.root);
xmlSecKeysMngrDestroy(key_manager);
return(NULL);
}
} else {
if (xmlSecCryptoAppKeysMngrCertLoadMemory(key_manager, opendcp_root_cert, strlen((char* )opendcp_root_cert), xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
fprintf(stderr,"Error: failed to load pem certificate from memory\n");
xmlSecKeysMngrDestroy(key_manager);
return(NULL);
}
}
/* load ca (intermediate) certificate */
if (opendcp->xml_signature.ca) {
if (xmlSecCryptoAppKeysMngrCertLoad(key_manager, opendcp->xml_signature.ca, xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
fprintf(stderr,"Error: failed to load pem certificate \"%s\"\n", opendcp->xml_signature.ca);
xmlSecKeysMngrDestroy(key_manager);
return(NULL);
}
} else {
if (xmlSecCryptoAppKeysMngrCertLoadMemory(key_manager, opendcp_ca_cert, strlen((char *)opendcp_ca_cert), xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
fprintf(stderr,"Error: failed to load pem certificate from memory\n");
xmlSecKeysMngrDestroy(key_manager);
return(NULL);
}
}
return(key_manager);
}
int
xmlSecAppCryptoSimpleKeysMngrKeyAndCertsLoad(xmlSecKeysMngrPtr mngr,
const char* files, const char* pwd,
const char* name,
xmlSecKeyDataFormat format) {
xmlSecKeyPtr key;
int ret;
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(files != NULL, -1);
/* first is the key file */
key = xmlSecCryptoAppKeyLoad(files, format, pwd,
xmlSecCryptoAppGetDefaultPwdCallback(), (void*)files);
if(key == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecCryptoAppKeyLoad",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"uri=%s",
xmlSecErrorsSafeString(files));
return(-1);
}
if(name != NULL) {
ret = xmlSecKeySetName(key, BAD_CAST name);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeySetName",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"name=%s",
xmlSecErrorsSafeString(name));
xmlSecKeyDestroy(key);
return(-1);
}
}
#ifndef XMLSEC_NO_X509
for(files += strlen(files) + 1; (files[0] != '\0'); files += strlen(files) + 1) {
ret = xmlSecCryptoAppKeyCertLoad(key, files, format);
if(ret < 0){
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecCryptoAppKeyCertLoad",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"uri=%s",
xmlSecErrorsSafeString(files));
xmlSecKeyDestroy(key);
return(-1);
}
}
#else /* XMLSEC_NO_X509 */
files += strlen(files) + 1;
if(files[0] != '\0') {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"x509",
XMLSEC_ERRORS_R_DISABLED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
#endif /* XMLSEC_NO_X509 */
ret = xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecCryptoAppDefaultKeysMngrAdoptKey",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDestroy(key);
return(-1);
}
return(0);
}
