/**
* xmlSecMSCryptoKeysStoreSave:
* @store: the pointer to MSCrypto keys store.
* @filename: the filename.
* @type: the saved keys type (public, private, ...).
*
* Writes keys from @store to an XML file.
*
* Returns 0 on success or a negative value if an error occurs.
*/
int
xmlSecMSCryptoKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) {
xmlSecKeyStorePtr *ss;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCryptoKeysStoreId), -1);
xmlSecAssert2((filename != NULL), -1);
ss = xmlSecMSCryptoKeysStoreGetSS(store);
xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
(xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
return (xmlSecSimpleKeysStoreSave(*ss, filename, type));
}
/**
* xmlSecMSCryptoKeysStoreAdoptKey:
* @store: the pointer to MSCrypto keys store.
* @key: the pointer to key.
*
* Adds @key to the @store.
*
* Returns 0 on success or a negative value if an error occurs.
*/
int
xmlSecMSCryptoKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) {
xmlSecKeyStorePtr *ss;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCryptoKeysStoreId), -1);
xmlSecAssert2((key != NULL), -1);
ss = xmlSecMSCryptoKeysStoreGetSS(store);
xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
(xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
return (xmlSecSimpleKeysStoreAdoptKey(*ss, key));
}
static void
xmlSecSimpleKeysStoreFinalize(xmlSecKeyStorePtr store) {
xmlSecPtrListPtr list;
xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecSimpleKeysStoreId));
list = xmlSecSimpleKeysStoreGetList(store);
xmlSecAssert(list != NULL);
xmlSecPtrListFinalize(list);
}
/**
* xmlSecSimpleKeysStoreGetKeys:
* @store: the pointer to simple keys store.
*
* Returns pointer to the list of keys stored in the keys store or NULL
* if an error occurs.
*/
xmlSecPtrListPtr
xmlSecSimpleKeysStoreGetKeys(xmlSecKeyStorePtr store) {
xmlSecPtrListPtr list;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecSimpleKeysStoreId), NULL);
list = xmlSecSimpleKeysStoreGetList(store);
xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), NULL);
return list;
}
static void
xmlSecMSCryptoKeysStoreFinalize(xmlSecKeyStorePtr store) {
xmlSecKeyStorePtr *ss;
xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecMSCryptoKeysStoreId));
ss = xmlSecMSCryptoKeysStoreGetSS(store);
xmlSecAssert((ss != NULL) && (*ss != NULL));
xmlSecKeyStoreDestroy(*ss);
}
static int
xmlSecMSCryptoKeysStoreInitialize(xmlSecKeyStorePtr store) {
xmlSecKeyStorePtr *ss;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCryptoKeysStoreId), -1);
ss = xmlSecMSCryptoKeysStoreGetSS(store);
xmlSecAssert2((*ss == NULL), -1);
*ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
if(*ss == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecKeyStoreCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"xmlSecSimpleKeysStoreId");
return(-1);
}
return(0);
}
static xmlSecKeyPtr
xmlSecSimpleKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecPtrListPtr list;
xmlSecKeyPtr key;
xmlSecSize pos, size;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecSimpleKeysStoreId), NULL);
xmlSecAssert2(keyInfoCtx != NULL, NULL);
list = xmlSecSimpleKeysStoreGetList(store);
xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), NULL);
size = xmlSecPtrListGetSize(list);
for(pos = 0; pos < size; ++pos) {
key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, pos);
if((key != NULL) && (xmlSecKeyMatch(key, name, &(keyInfoCtx->keyReq)) == 1)) {
return(xmlSecKeyDuplicate(key));
}
}
return(NULL);
}
static int
xmlSecSimpleKeysStoreInitialize(xmlSecKeyStorePtr store) {
xmlSecPtrListPtr list;
int ret;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecSimpleKeysStoreId), -1);
list = xmlSecSimpleKeysStoreGetList(store);
xmlSecAssert2(list != NULL, -1);
ret = xmlSecPtrListInitialize(list, xmlSecKeyPtrListId);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecPtrListInitialize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"xmlSecKeyPtrListId");
return(-1);
}
return(0);
}
/**
* xmlSecSimpleKeysStoreAdoptKey:
* @store: the pointer to simple keys store.
* @key: the pointer to key.
*
* Adds @key to the @store.
*
* Returns 0 on success or a negative value if an error occurs.
*/
int
xmlSecSimpleKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) {
xmlSecPtrListPtr list;
int ret;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecSimpleKeysStoreId), -1);
xmlSecAssert2(key != NULL, -1);
list = xmlSecSimpleKeysStoreGetList(store);
xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1);
ret = xmlSecPtrListAdd(list, key);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecPtrListAdd",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
/**
* xmlSecSimpleKeysStoreSave:
* @store: the pointer to simple keys store.
* @filename: the filename.
* @type: the saved keys type (public, private, ...).
*
* Writes keys from @store to an XML file.
*
* Returns 0 on success or a negative value if an error occurs.
*/
int
xmlSecSimpleKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) {
xmlSecKeyInfoCtx keyInfoCtx;
xmlSecPtrListPtr list;
xmlSecKeyPtr key;
xmlSecSize i, keysSize;
xmlDocPtr doc;
xmlNodePtr cur;
xmlSecKeyDataPtr data;
xmlSecPtrListPtr idsList;
xmlSecKeyDataId dataId;
xmlSecSize idsSize, j;
int ret;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecSimpleKeysStoreId), -1);
xmlSecAssert2(filename != NULL, -1);
list = xmlSecSimpleKeysStoreGetList(store);
xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1);
/* create doc */
doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs);
if(doc == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecCreateTree",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
idsList = xmlSecKeyDataIdsGet();
xmlSecAssert2(idsList != NULL, -1);
keysSize = xmlSecPtrListGetSize(list);
idsSize = xmlSecPtrListGetSize(idsList);
for(i = 0; i < keysSize; ++i) {
key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i);
xmlSecAssert2(key != NULL, -1);
cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs);
if(cur == NULL) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecAddChild",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
xmlFreeDoc(doc);
return(-1);
}
/* special data key name */
if(xmlSecKeyGetName(key) != NULL) {
if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecAddChild",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeKeyName));
xmlFreeDoc(doc);
return(-1);
}
}
/* create nodes for other keys data */
for(j = 0; j < idsSize; ++j) {
dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j);
xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1);
if(dataId->dataNodeName == NULL) {
continue;
}
data = xmlSecKeyGetData(key, dataId);
if(data == NULL) {
continue;
}
if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecAddChild",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"node=%s",
xmlSecErrorsSafeString(dataId->dataNodeName));
xmlFreeDoc(doc);
return(-1);
}
}
ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecKeyInfoCtxInitialize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlFreeDoc(doc);
return(-1);
}
keyInfoCtx.mode = xmlSecKeyInfoModeWrite;
keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
keyInfoCtx.keyReq.keyType = type;
keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny;
/* finally write key in the node */
ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecKeyInfoNodeWrite",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
xmlFreeDoc(doc);
return(-1);
}
xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
}
/* now write result */
ret = xmlSaveFormatFile(filename, doc, 1);
if(ret < 0) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSaveFormatFile",
XMLSEC_ERRORS_R_XML_FAILED,
"filename=%s",
xmlSecErrorsSafeString(filename));
xmlFreeDoc(doc);
return(-1);
}
xmlFreeDoc(doc);
return(0);
}
/**
* xmlSecSimpleKeysStoreLoad:
* @store: the pointer to simple keys store.
* @uri: the filename.
* @keysMngr: the pointer to associated keys manager.
*
* Reads keys from an XML file.
*
* Returns 0 on success or a negative value if an error occurs.
*/
int
xmlSecSimpleKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
xmlSecKeysMngrPtr keysMngr) {
xmlDocPtr doc;
xmlNodePtr root;
xmlNodePtr cur;
xmlSecKeyPtr key;
xmlSecKeyInfoCtx keyInfoCtx;
int ret;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecSimpleKeysStoreId), -1);
xmlSecAssert2(uri != NULL, -1);
doc = xmlParseFile(uri);
if(doc == NULL) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlParseFile",
XMLSEC_ERRORS_R_XML_FAILED,
"uri=%s",
xmlSecErrorsSafeString(uri));
return(-1);
}
root = xmlDocGetRootElement(doc);
if(!xmlSecCheckNodeName(root, BAD_CAST "Keys", xmlSecNs)) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
xmlSecErrorsSafeString(xmlSecNodeGetName(root)),
XMLSEC_ERRORS_R_INVALID_NODE,
"expected-node=<xmlsec:Keys>");
xmlFreeDoc(doc);
return(-1);
}
cur = xmlSecGetNextElementNode(root->children);
while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs)) {
key = xmlSecKeyCreate();
if(key == NULL) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_INVALID_NODE,
"expected-node=%s",
xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
xmlFreeDoc(doc);
return(-1);
}
ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecKeyInfoCtxInitialize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDestroy(key);
xmlFreeDoc(doc);
return(-1);
}
keyInfoCtx.mode = xmlSecKeyInfoModeRead;
keyInfoCtx.keysMngr = keysMngr;
keyInfoCtx.flags = XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND |
XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
keyInfoCtx.keyReq.keyType = xmlSecKeyDataTypeAny;
keyInfoCtx.keyReq.keyUsage= xmlSecKeyDataUsageAny;
ret = xmlSecKeyInfoNodeRead(cur, key, &keyInfoCtx);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecKeyInfoNodeRead",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
xmlSecKeyDestroy(key);
xmlFreeDoc(doc);
return(-1);
}
xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
if(xmlSecKeyIsValid(key)) {
ret = xmlSecSimpleKeysStoreAdoptKey(store, key);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecSimpleKeysStoreAdoptKey",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDestroy(key);
xmlFreeDoc(doc);
return(-1);
}
} else {
/* we have an unknown key in our file, just ignore it */
xmlSecKeyDestroy(key);
}
cur = xmlSecGetNextElementNode(cur->next);
}
if(cur != NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_UNEXPECTED_NODE,
XMLSEC_ERRORS_NO_MESSAGE);
xmlFreeDoc(doc);
return(-1);
}
xmlFreeDoc(doc);
return(0);
}
static xmlSecKeyPtr
xmlSecMSCryptoKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyStorePtr* ss;
xmlSecKeyPtr key = NULL;
xmlSecKeyReqPtr keyReq = NULL;
PCCERT_CONTEXT pCertContext = NULL;
PCCERT_CONTEXT pCertContext2 = NULL;
xmlSecKeyDataPtr data = NULL;
xmlSecKeyDataPtr x509Data = NULL;
xmlSecKeyPtr res = NULL;
int ret;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCryptoKeysStoreId), NULL);
xmlSecAssert2(keyInfoCtx != NULL, NULL);
ss = xmlSecMSCryptoKeysStoreGetSS(store);
xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL);
/* first try to find key in the simple keys store */
key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx);
if (key != NULL) {
return (key);
}
/* Next try to find the key in the MS Certificate store, and construct an xmlSecKey.
* we must have a name to lookup keys in the certificate store.
*/
if (name == NULL) {
goto done;
}
/* what type of key are we looking for?
* WK: For now, we'll look only for public/private keys using the
* name as a cert nickname. Then the name is regarded as the subject
* dn of the certificate to be searched for.
*/
keyReq = &(keyInfoCtx->keyReq);
if (keyReq->keyType & (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) {
pCertContext = xmlSecMSCryptoKeysStoreFindCert(store, name, keyInfoCtx);
if(pCertContext == NULL) {
goto done;
}
/* set cert in x509 data */
x509Data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataX509Id);
if(x509Data == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyDataCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
pCertContext2 = CertDuplicateCertificateContext(pCertContext);
if (NULL == pCertContext2) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"CertDuplicateCertificateContext",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
ret = xmlSecMSCryptoKeyDataX509AdoptCert(x509Data, pCertContext2);
if (ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecMSCryptoKeyDataX509AdoptCert",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
pCertContext2 = NULL;
pCertContext2 = CertDuplicateCertificateContext(pCertContext);
if (NULL == pCertContext2) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"CertDuplicateCertificateContext",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
ret = xmlSecMSCryptoKeyDataX509AdoptKeyCert(x509Data, pCertContext2);
if (ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecMSCryptoKeyDataX509AdoptKeyCert",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
pCertContext2 = NULL;
/* set cert in key data */
data = xmlSecMSCryptoCertAdopt(pCertContext, keyReq->keyType);
if(data == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecMSCryptoCertAdopt",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
pCertContext = NULL;
/* create key and add key data and x509 data to it */
key = xmlSecKeyCreate();
if (key == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
ret = xmlSecKeySetValue(key, data);
if (ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeySetValue",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
goto done;
}
data = NULL;
ret = xmlSecKeyAdoptData(key, x509Data);
if (ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyAdoptData",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
x509Data = NULL;
/* Set the name of the key to the given name */
ret = xmlSecKeySetName(key, name);
if (ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecKeySetName",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
/* now that we have a key, make sure it is valid and let the simple
* store adopt it */
if (xmlSecKeyIsValid(key)) {
res = key;
key = NULL;
}
}
done:
if (NULL != pCertContext) {
CertFreeCertificateContext(pCertContext);
}
if (NULL != pCertContext2) {
CertFreeCertificateContext(pCertContext2);
}
if (data != NULL) {
xmlSecKeyDataDestroy(data);
}
if (x509Data != NULL) {
xmlSecKeyDataDestroy(x509Data);
}
if (key != NULL) {
xmlSecKeyDestroy(key);
}
return (res);
}
static PCCERT_CONTEXT
xmlSecMSCryptoKeysStoreFindCert(xmlSecKeyStorePtr store, const xmlChar* name,
xmlSecKeyInfoCtxPtr keyInfoCtx) {
const char* storeName;
HCERTSTORE hStoreHandle = NULL;
PCCERT_CONTEXT pCertContext = NULL;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCryptoKeysStoreId), NULL);
xmlSecAssert2(name != NULL, NULL);
xmlSecAssert2(keyInfoCtx != NULL, NULL);
storeName = xmlSecMSCryptoAppGetCertStoreName();
if(storeName == NULL) {
storeName = XMLSEC_MSCRYPTO_APP_DEFAULT_CERT_STORE_NAME;
}
hStoreHandle = CertOpenSystemStore(0, storeName);
if (NULL == hStoreHandle) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"CertOpenSystemStore",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
"storeName=%s",
xmlSecErrorsSafeString(storeName));
return(NULL);
}
/* first attempt: search by cert id == name */
if(pCertContext == NULL) {
size_t len = xmlStrlen(name) + 1;
wchar_t * lpCertID;
/* aleksey todo: shouldn't we call MultiByteToWideChar first to get the buffer size? */
lpCertID = (wchar_t *)xmlMalloc(sizeof(wchar_t) * len);
if(lpCertID == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
NULL,
XMLSEC_ERRORS_R_MALLOC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
CertCloseStore(hStoreHandle, 0);
return(NULL);
}
MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, name, -1, lpCertID, len);
pCertContext = CertFindCertificateInStore(
hStoreHandle,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
0,
CERT_FIND_SUBJECT_STR,
lpCertID,
NULL);
xmlFree(lpCertID);
}
/* We don't give up easily, now try to fetch the cert with a full blown
* subject dn
*/
if (NULL == pCertContext) {
BYTE* bdata;
DWORD len;
bdata = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
name,
CERT_OID_NAME_STR,
&len);
if(bdata != NULL) {
CERT_NAME_BLOB cnb;
cnb.cbData = len;
cnb.pbData = bdata;
pCertContext = CertFindCertificateInStore(hStoreHandle,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
0,
CERT_FIND_SUBJECT_NAME,
&cnb,
NULL);
xmlFree(bdata);
}
}
/* We don't give up easily, now try to fetch the cert with a full blown
* subject dn, and try with a reversed dn
*/
if (NULL == pCertContext) {
BYTE* bdata;
DWORD len;
bdata = xmlSecMSCryptoCertStrToName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
name,
CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG,
&len);
if(bdata != NULL) {
CERT_NAME_BLOB cnb;
cnb.cbData = len;
cnb.pbData = bdata;
pCertContext = CertFindCertificateInStore(hStoreHandle,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
0,
CERT_FIND_SUBJECT_NAME,
&cnb,
NULL);
xmlFree(bdata);
}
}
/*
* Try ro find certificate with name="Friendly Name"
*/
if (NULL == pCertContext) {
DWORD dwPropSize;
PBYTE pbFriendlyName;
PCCERT_CONTEXT pCertCtxIter = NULL;
size_t len = xmlStrlen(name) + 1;
wchar_t * lpFName;
lpFName = (wchar_t *)xmlMalloc(sizeof(wchar_t) * len);
if(lpFName == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
NULL,
XMLSEC_ERRORS_R_MALLOC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
CertCloseStore(hStoreHandle, 0);
return(NULL);
}
MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, name, -1, lpFName, len);
while (pCertCtxIter = CertEnumCertificatesInStore(hStoreHandle, pCertCtxIter)) {
if (TRUE != CertGetCertificateContextProperty(pCertCtxIter,
CERT_FRIENDLY_NAME_PROP_ID,
NULL,
&dwPropSize)) {
continue;
}
pbFriendlyName = xmlMalloc(dwPropSize);
if(pbFriendlyName == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
NULL,
XMLSEC_ERRORS_R_MALLOC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlFree(lpFName);
CertCloseStore(hStoreHandle, 0);
return(NULL);
}
if (TRUE != CertGetCertificateContextProperty(pCertCtxIter,
CERT_FRIENDLY_NAME_PROP_ID,
pbFriendlyName,
&dwPropSize)) {
xmlFree(pbFriendlyName);
continue;
}
/* Compare FriendlyName to name */
if (!wcscmp(lpFName, (const wchar_t *)pbFriendlyName)) {
pCertContext = pCertCtxIter;
xmlFree(pbFriendlyName);
break;
}
xmlFree(pbFriendlyName);
}
xmlFree(lpFName);
}
/* We could do the following here:
* It would be nice if we could locate the cert with issuer name and
* serial number, the given keyname can be something like this:
* 'serial=1234567;issuer=CN=ikke, C=NL'
* to be implemented by the first person who reads this, and thinks it's
* a good idea :) WK
*/
/* OK, I give up, I'm gone :( */
/* aleksey todo: is it a right idea to close store if we have a handle to
* a cert in this store? */
CertCloseStore(hStoreHandle, 0);
return(pCertContext);
}
static PCCERT_CONTEXT
xmlSecMSCryptoKeysStoreFindCert(xmlSecKeyStorePtr store, const xmlChar* name,
xmlSecKeyInfoCtxPtr keyInfoCtx) {
LPCTSTR storeName;
HCERTSTORE hStoreHandle = NULL;
PCCERT_CONTEXT pCertContext = NULL;
LPTSTR wcName = NULL;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCryptoKeysStoreId), NULL);
xmlSecAssert2(name != NULL, NULL);
xmlSecAssert2(keyInfoCtx != NULL, NULL);
storeName = xmlSecMSCryptoAppGetCertStoreName();
if(storeName == NULL) {
storeName = XMLSEC_MSCRYPTO_APP_DEFAULT_CERT_STORE_NAME;
}
hStoreHandle = CertOpenSystemStore(0, storeName);
if (NULL == hStoreHandle) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"CertOpenSystemStore",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
"storeName=%s",
xmlSecErrorsSafeString(storeName));
return(NULL);
}
/* convert name to unicode */
wcName = xmlSecMSCryptoConvertUtf8ToTstr(name);
if(wcName == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
"xmlSecMSCryptoConvertUtf8ToUnicode",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"wcName");
CertCloseStore(hStoreHandle, 0);
return(NULL);
}
/* first attempt: try to find the cert with a full blown subject dn */
if(NULL == pCertContext) {
pCertContext = xmlSecMSCryptoX509FindCertBySubject(
hStoreHandle,
wcName,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING);
}
/*
* Try ro find certificate with name="Friendly Name"
*/
if (NULL == pCertContext) {
DWORD dwPropSize;
PBYTE pbFriendlyName;
PCCERT_CONTEXT pCertCtxIter = NULL;
while (pCertCtxIter = CertEnumCertificatesInStore(hStoreHandle, pCertCtxIter)) {
if (TRUE != CertGetCertificateContextProperty(pCertCtxIter,
CERT_FRIENDLY_NAME_PROP_ID,
NULL,
&dwPropSize)) {
continue;
}
pbFriendlyName = xmlMalloc(dwPropSize);
if(pbFriendlyName == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
NULL,
XMLSEC_ERRORS_R_MALLOC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlFree(wcName);
CertCloseStore(hStoreHandle, 0);
return(NULL);
}
if (TRUE != CertGetCertificateContextProperty(pCertCtxIter,
CERT_FRIENDLY_NAME_PROP_ID,
pbFriendlyName,
&dwPropSize)) {
xmlFree(pbFriendlyName);
continue;
}
/* Compare FriendlyName to name */
if (!lstrcmp(wcName, (LPCTSTR)pbFriendlyName)) {
pCertContext = pCertCtxIter;
xmlFree(pbFriendlyName);
break;
}
xmlFree(pbFriendlyName);
}
}
/* We don't give up easily, now try to find cert with part of the name
*/
if (NULL == pCertContext) {
pCertContext = CertFindCertificateInStore(
hStoreHandle,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
0,
CERT_FIND_SUBJECT_STR,
wcName,
NULL);
}
/* We could do the following here:
* It would be nice if we could locate the cert with issuer name and
* serial number, the given keyname can be something like this:
* 'serial=1234567;issuer=CN=ikke, C=NL'
* to be implemented by the first person who reads this, and thinks it's
* a good idea :) WK
*/
/* OK, I give up, I'm gone :( */
/* aleksey todo: is it a right idea to close store if we have a handle to
* a cert in this store? */
xmlFree(wcName);
CertCloseStore(hStoreHandle, 0);
return(pCertContext);
}
static xmlSecKeyPtr
xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyStorePtr* ss;
xmlSecKeyPtr key = NULL;
xmlSecKeyPtr retval = NULL;
xmlSecKeyReqPtr keyReq = NULL;
CERTCertificate *cert = NULL;
SECKEYPublicKey *pubkey = NULL;
SECKEYPrivateKey *privkey = NULL;
xmlSecKeyDataPtr data = NULL;
xmlSecKeyDataPtr x509Data = NULL;
int ret;
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL);
xmlSecAssert2(keyInfoCtx != NULL, NULL);
ss = xmlSecNssKeysStoreGetSS(store);
xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL);
key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx);
if (key != NULL) {
return (key);
}
/* Try to find the key in the NSS DB, and construct an xmlSecKey.
* we must have a name to lookup keys in NSS DB.
*/
if (name == NULL) {
goto done;
}
/* what type of key are we looking for?
* TBD: For now, we'll look only for public/private keys using the
* name as a cert nickname. Later on, we can attempt to find
* symmetric keys using PK11_FindFixedKey
*/
keyReq = &(keyInfoCtx->keyReq);
if (keyReq->keyType &
(xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) {
cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name);
if (cert == NULL) {
goto done;
}
if (keyReq->keyType & xmlSecKeyDataTypePublic) {
pubkey = CERT_ExtractPublicKey(cert);
if (pubkey == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"CERT_ExtractPublicKey",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
}
if (keyReq->keyType & xmlSecKeyDataTypePrivate) {
privkey = PK11_FindKeyByAnyCert(cert, NULL);
if (privkey == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"PK11_FindKeyByAnyCert",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
}
data = xmlSecNssPKIAdoptKey(privkey, pubkey);
if(data == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecNssPKIAdoptKey",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
privkey = NULL;
pubkey = NULL;
key = xmlSecKeyCreate();
if (key == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return (NULL);
}
x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id);
if(x509Data == NULL) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyDataCreate",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"transform=%s",
xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id)));
goto done;
}
ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert);
if (ret < 0) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecNssKeyDataX509AdoptKeyCert",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
cert = CERT_DupCertificate(cert);
if (cert == NULL) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
NULL,
"CERT_DupCertificate",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert);
if (ret < 0) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecNssKeyDataX509AdoptCert",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
cert = NULL;
ret = xmlSecKeySetValue(key, data);
if (ret < 0) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeySetValue",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
goto done;
}
data = NULL;
ret = xmlSecKeyAdoptData(key, x509Data);
if (ret < 0) {
xmlSecErr_a_ignorar6(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyAdoptData",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"data=%s",
xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
goto done;
}
x509Data = NULL;
retval = key;
key = NULL;
}
done:
if (cert != NULL) {
CERT_DestroyCertificate(cert);
}
if (pubkey != NULL) {
SECKEY_DestroyPublicKey(pubkey);
}
if (privkey != NULL) {
SECKEY_DestroyPrivateKey(privkey);
}
if (data != NULL) {
xmlSecKeyDataDestroy(data);
}
if (x509Data != NULL) {
xmlSecKeyDataDestroy(x509Data);
}
if (key != NULL) {
xmlSecKeyDestroy(key);
}
return (retval);
}
int
xmlSecNssAppliedKeysMngrPriKeyLoad(
xmlSecKeysMngrPtr mngr ,
SECKEYPrivateKey* priKey
) {
xmlSecKeyPtr key ;
xmlSecKeyDataPtr data ;
xmlSecKeyStorePtr keyStore ;
xmlSecAssert2( mngr != NULL , -1 ) ;
xmlSecAssert2( priKey != NULL , -1 ) ;
keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
if( keyStore == NULL ) {
xmlSecError( XMLSEC_ERRORS_HERE ,
NULL ,
"xmlSecKeysMngrGetKeysStore" ,
XMLSEC_ERRORS_R_XMLSEC_FAILED ,
XMLSEC_ERRORS_NO_MESSAGE ) ;
return(-1) ;
}
xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
if( data == NULL ) {
xmlSecError( XMLSEC_ERRORS_HERE ,
NULL ,
"xmlSecNssPKIAdoptKey" ,
XMLSEC_ERRORS_R_XMLSEC_FAILED ,
XMLSEC_ERRORS_NO_MESSAGE ) ;
return(-1) ;
}
key = xmlSecKeyCreate() ;
if( key == NULL ) {
xmlSecError( XMLSEC_ERRORS_HERE ,
NULL ,
"xmlSecNssSymKeyDataKeyAdopt" ,
XMLSEC_ERRORS_R_XMLSEC_FAILED ,
XMLSEC_ERRORS_NO_MESSAGE ) ;
xmlSecKeyDataDestroy( data ) ;
return(-1) ;
}
if( xmlSecKeySetValue( key , data ) < 0 ) {
xmlSecError( XMLSEC_ERRORS_HERE ,
NULL ,
"xmlSecNssSymKeyDataKeyAdopt" ,
XMLSEC_ERRORS_R_XMLSEC_FAILED ,
XMLSEC_ERRORS_NO_MESSAGE ) ;
xmlSecKeyDataDestroy( data ) ;
return(-1) ;
}
if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
xmlSecError( XMLSEC_ERRORS_HERE ,
NULL ,
"xmlSecNssSymKeyDataKeyAdopt" ,
XMLSEC_ERRORS_R_XMLSEC_FAILED ,
XMLSEC_ERRORS_NO_MESSAGE ) ;
xmlSecKeyDestroy( key ) ;
return(-1) ;
}
return(0) ;
}
