| blob | 1881ea923495f650f3e68a5ea3497fac44cce96f |
1 --- misc/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.am 2009-06-25 22:53:18.000000000 +0200
2 +++ misc/build/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.am 2009-09-21 14:02:48.563253008 +0200
3 @@ -3,6 +3,7 @@
4 xmlsecmscryptoincdir = $(includedir)/xmlsec1/xmlsec/mscrypto
6 xmlsecmscryptoinc_HEADERS = \
7 +akmngr.h \
8 app.h \
9 certkeys.h \
10 crypto.h \
11 --- misc/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.in 2009-06-25 22:53:30.000000000 +0200
12 +++ misc/build/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.in 2009-09-21 14:02:48.571021349 +0200
13 @@ -281,6 +281,7 @@
14 NULL =
15 xmlsecmscryptoincdir = $(includedir)/xmlsec1/xmlsec/mscrypto
16 xmlsecmscryptoinc_HEADERS = \
17 +akmngr.h \
18 app.h \
19 certkeys.h \
20 crypto.h \
21 --- misc/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.am 2009-06-25 22:53:18.000000000 +0200
22 +++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.am 2009-09-21 14:02:48.577933031 +0200
23 @@ -10,6 +10,9 @@
24 keysstore.h \
25 pkikeys.h \
26 x509.h \
27 +akmngr.h \
28 +tokens.h \
29 +ciphers.h \
30 $(NULL)
32 install-exec-hook:
33 --- misc/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.in 2009-06-25 22:53:31.000000000 +0200
34 +++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.in 2009-09-21 14:02:48.585376325 +0200
35 @@ -288,6 +288,9 @@
36 keysstore.h \
37 pkikeys.h \
38 x509.h \
39 +akmngr.h \
40 +tokens.h \
41 +ciphers.h \
42 $(NULL)
44 all: all-am
45 --- misc/xmlsec1-1.2.14/include/xmlsec/nss/app.h 2009-06-25 22:53:18.000000000 +0200
46 +++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/app.h 2009-09-21 14:02:48.612847068 +0200
47 @@ -22,6 +22,9 @@
48 #include <xmlsec/keysmngr.h>
49 #include <xmlsec/transforms.h>
51 +#include <xmlsec/nss/tokens.h>
52 +#include <xmlsec/nss/akmngr.h>
53 +
54 /**
55 * Init/shutdown
56 */
57 @@ -36,6 +39,8 @@
58 xmlSecKeyPtr key);
59 XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr,
60 const char* uri);
61 +XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKeySlot(xmlSecKeysMngrPtr mngr,
62 + xmlSecNssKeySlotPtr keySlot);
63 XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr,
64 const char* filename,
65 xmlSecKeyDataType type);
66 --- misc/xmlsec1-1.2.14/include/xmlsec/nss/keysstore.h 2009-06-25 22:53:18.000000000 +0200
67 +++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/keysstore.h 2009-09-21 14:02:48.626261748 +0200
68 @@ -16,6 +16,8 @@
69 #endif /* __cplusplus */
71 #include <xmlsec/xmlsec.h>
72 +#include <xmlsec/keysmngr.h>
73 +#include <xmlsec/nss/tokens.h>
75 /****************************************************************************
76 *
77 @@ -31,6 +33,8 @@
78 XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId xmlSecNssKeysStoreGetKlass (void);
79 XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKey (xmlSecKeyStorePtr store,
80 xmlSecKeyPtr key);
81 +XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKeySlot(xmlSecKeyStorePtr store,
82 + xmlSecNssKeySlotPtr keySlot);
83 XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store,
84 const char *uri,
85 xmlSecKeysMngrPtr keysMngr);
86 --- misc/xmlsec1-1.2.14/src/nss/Makefile.am 2009-06-25 22:53:18.000000000 +0200
87 +++ misc/build/xmlsec1-1.2.14/src/nss/Makefile.am 2009-09-21 14:02:48.591560472 +0200
88 @@ -35,6 +35,9 @@
89 kw_des.c \
90 kw_aes.c \
91 globals.h \
92 + akmngr.c \
93 + keywrapers.c \
94 + tokens.c \
95 $(NULL)
97 if SHAREDLIB_HACK
98 --- misc/xmlsec1-1.2.14/src/nss/Makefile.in 2009-06-25 22:53:33.000000000 +0200
99 +++ misc/build/xmlsec1-1.2.14/src/nss/Makefile.in 2009-09-21 14:02:48.599339718 +0200
100 @@ -72,7 +72,8 @@
101 am__libxmlsec1_nss_la_SOURCES_DIST = app.c bignum.c ciphers.c crypto.c \
102 digests.c hmac.c pkikeys.c signatures.c symkeys.c x509.c \
103 x509vfy.c keysstore.c keytrans.c kw_des.c kw_aes.c globals.h \
104 - ../strings.c
105 + ../strings.c \
106 + akmngr.c keywrapers.c tokens.c
107 am__objects_1 =
108 @SHAREDLIB_HACK_TRUE@am__objects_2 = libxmlsec1_nss_la-strings.lo
109 am_libxmlsec1_nss_la_OBJECTS = libxmlsec1_nss_la-app.lo \
110 @@ -83,6 +84,8 @@
111 libxmlsec1_nss_la-x509.lo libxmlsec1_nss_la-x509vfy.lo \
112 libxmlsec1_nss_la-keysstore.lo libxmlsec1_nss_la-keytrans.lo \
113 libxmlsec1_nss_la-kw_des.lo libxmlsec1_nss_la-kw_aes.lo \
114 + libxmlsec1_nss_la-akmngr.lo libxmlsec1_nss_la-keywrapers.lo \
115 + libxmlsec1_nss_la-tokens.lo \
116 $(am__objects_1) $(am__objects_2)
117 libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS)
118 libxmlsec1_nss_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
119 @@ -333,6 +336,7 @@
120 libxmlsec1_nss_la_SOURCES = app.c bignum.c ciphers.c crypto.c \
121 digests.c hmac.c pkikeys.c signatures.c symkeys.c x509.c \
122 x509vfy.c keysstore.c keytrans.c kw_des.c kw_aes.c globals.h \
123 + akmngr.c keywrapers.c tokens.c \
124 $(NULL) $(am__append_1)
125 libxmlsec1_nss_la_LIBADD = \
126 ../libxmlsec1.la \
127 @@ -439,6 +443,9 @@
128 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-symkeys.Plo@am__quote@
129 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509.Plo@am__quote@
130 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509vfy.Plo@am__quote@
131 +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo@am__quote@
132 +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Plo@am__quote@
133 +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-tokens.Plo@am__quote@
135 .c.o:
136 @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
137 @@ -468,6 +475,27 @@
138 @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
139 @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
141 +libxmlsec1_nss_la-akmngr.lo: akmngr.c
142 +@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-akmngr.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo" -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c; \
143 +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo"; exit 1; fi
144 +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='akmngr.c' object='libxmlsec1_nss_la-akmngr.lo' libtool=yes @AMDEPBACKSLASH@
145 +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
146 +@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c
147 +
148 +libxmlsec1_nss_la-keywrapers.lo: keywrapers.c
149 +@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-keywrapers.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo" -c -o libxmlsec1_nss_la-keywrapers.lo `test -f 'keywrapers.c' || echo '$(srcdir)/'`keywrapers.c; \
150 +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo"; exit 1; fi
151 +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='keywrapers.c' object='libxmlsec1_nss_la-keywrapers.lo' libtool=yes @AMDEPBACKSLASH@
152 +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
153 +@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-keywrapers.lo `test -f 'keywrapers.c' || echo '$(srcdir)/'`keywrapers.c
154 +
155 +libxmlsec1_nss_la-tokens.lo: tokens.c
156 +@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-tokens.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo" -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c; \
157 +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-tokens.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo"; exit 1; fi
158 +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tokens.c' object='libxmlsec1_nss_la-tokens.lo' libtool=yes @AMDEPBACKSLASH@
159 +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
160 +@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c
161 +
162 libxmlsec1_nss_la-bignum.lo: bignum.c
163 @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-bignum.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo -c -o libxmlsec1_nss_la-bignum.lo `test -f 'bignum.c' || echo '$(srcdir)/'`bignum.c
164 @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo $(DEPDIR)/libxmlsec1_nss_la-bignum.Plo
165 --- misc/xmlsec1-1.2.14/src/nss/hmac.c 2009-06-26 06:18:13.000000000 +0200
166 +++ misc/build/xmlsec1-1.2.14/src/nss/hmac.c 2009-09-21 14:02:48.649065288 +0200
167 @@ -23,8 +23,8 @@
168 #include <xmlsec/transforms.h>
169 #include <xmlsec/errors.h>
171 -#include <xmlsec/nss/app.h>
172 #include <xmlsec/nss/crypto.h>
173 +#include <xmlsec/nss/tokens.h>
175 /* sizes in bits */
176 #define XMLSEC_NSS_MIN_HMAC_SIZE 80
177 @@ -286,13 +286,13 @@
178 keyItem.data = xmlSecBufferGetData(buffer);
179 keyItem.len = xmlSecBufferGetSize(buffer);
181 - slot = PK11_GetBestSlot(ctx->digestType, NULL);
182 + slot = xmlSecNssSlotGet(ctx->digestType);
183 if(slot == NULL) {
184 xmlSecError(XMLSEC_ERRORS_HERE,
185 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
186 - "PK11_GetBestSlot",
187 + "xmlSecNssSlotGet",
188 XMLSEC_ERRORS_R_CRYPTO_FAILED,
189 - XMLSEC_ERRORS_NO_MESSAGE);
190 + "error code=%d", PORT_GetError());
191 return(-1);
192 }
194 --- misc/xmlsec1-1.2.14/src/nss/keysstore.c 2009-06-25 22:53:18.000000000 +0200
195 +++ misc/build/xmlsec1-1.2.14/src/nss/keysstore.c 2009-09-21 14:02:48.633533885 +0200
196 @@ -1,36 +1,56 @@
197 /**
198 * XMLSec library
199 *
200 - * Nss keys store that uses Simple Keys Store under the hood. Uses the
201 - * Nss DB as a backing store for the finding keys, but the NSS DB is
202 - * not written to by the keys store.
203 - * So, if store->findkey is done and the key is not found in the simple
204 - * keys store, the NSS DB is looked up.
205 - * If store is called to adopt a key, that key is not written to the NSS
206 - * DB.
207 - * Thus, the NSS DB can be used to pre-load keys and becomes an alternate
208 - * source of keys for xmlsec
209 - *
210 * This is free software; see Copyright file in the source
211 * distribution for precise wording.
212 *
213 * Copyright (c) 2003 America Online, Inc. All rights reserved.
214 */
215 +
216 +/**
217 + * NSS key store uses a key list and a slot list as the key repository. NSS slot
218 + * list is a backup repository for the finding keys. If a key is not found from
219 + * the key list, the NSS slot list is looked up.
220 + *
221 + * Any key in the key list will not save to pkcs11 slot. When a store to called
222 + * to adopt a key, the key is resident in the key list; While a store to called
223 + * to set a is resident in the key list; While a store to called to set a slot
224 + * list, which means that the keys in the listed slot can be used for xml sign-
225 + * nature or encryption.
226 + *
227 + * Then, a user can adjust slot list to effect the crypto behaviors of xmlSec.
228 + *
229 + * The framework will decrease the user interfaces to administrate xmlSec crypto
230 + * engine. He can only focus on NSS layer functions. For examples, after the
231 + * user set up a slot list handler to the keys store, he do not need to do any
232 + * other work atop xmlSec interfaces, his action on the slot list handler, such
233 + * as add a token to, delete a token from the list, will directly effect the key
234 + * store behaviors.
235 + *
236 + * For example, a scenariio:
237 + * 0. Create a slot list;( NSS interfaces )
238 + * 1. Create a keys store;( xmlSec interfaces )
239 + * 2. Set slot list with the keys store;( xmlSec Interfaces )
240 + * 3. Add a slot to the slot list;( NSS interfaces )
241 + * 4. Perform xml signature; ( xmlSec Interfaces )
242 + * 5. Deleter a slot from the slot list;( NSS interfaces )
243 + * 6. Perform xml encryption; ( xmlSec Interfaces )
244 + * 7. Perform xml signature;( xmlSec Interfaces )
245 + * 8. Destroy the keys store;( xmlSec Interfaces )
246 + * 8. Destroy the slot list.( NSS Interfaces )
247 + */
248 #include "globals.h"
250 #include <stdlib.h>
251 #include <string.h>
253 #include <nss.h>
254 -#include <cert.h>
255 #include <pk11func.h>
256 +#include <prinit.h>
257 #include <keyhi.h>
259 -#include <libxml/tree.h>
260 -
261 #include <xmlsec/xmlsec.h>
262 -#include <xmlsec/buffer.h>
263 -#include <xmlsec/base64.h>
264 +#include <xmlsec/keys.h>
265 #include <xmlsec/errors.h>
266 #include <xmlsec/xmltree.h>
268 @@ -38,82 +58,461 @@
270 #include <xmlsec/nss/crypto.h>
271 #include <xmlsec/nss/keysstore.h>
272 -#include <xmlsec/nss/x509.h>
273 +#include <xmlsec/nss/tokens.h>
274 +#include <xmlsec/nss/ciphers.h>
275 #include <xmlsec/nss/pkikeys.h>
277 /****************************************************************************
278 *
279 - * Nss Keys Store. Uses Simple Keys Store under the hood
280 + * Internal NSS key store context
281 *
282 - * Simple Keys Store ptr is located after xmlSecKeyStore
283 + * This context is located after xmlSecKeyStore
284 *
285 ***************************************************************************/
286 +typedef struct _xmlSecNssKeysStoreCtx xmlSecNssKeysStoreCtx ;
287 +typedef struct _xmlSecNssKeysStoreCtx* xmlSecNssKeysStoreCtxPtr ;
288 +
289 +struct _xmlSecNssKeysStoreCtx {
290 + xmlSecPtrListPtr keyList ;
291 + xmlSecPtrListPtr slotList ;
292 +} ;
293 +
294 #define xmlSecNssKeysStoreSize \
295 - (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr))
296 + ( sizeof( xmlSecKeyStore ) + sizeof( xmlSecNssKeysStoreCtx ) )
298 -#define xmlSecNssKeysStoreGetSS(store) \
299 - ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \
300 - (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \
301 - (xmlSecKeyStorePtr*)NULL)
302 -
303 -static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store);
304 -static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store);
305 -static xmlSecKeyPtr xmlSecNssKeysStoreFindKey (xmlSecKeyStorePtr store,
306 - const xmlChar* name,
307 - xmlSecKeyInfoCtxPtr keyInfoCtx);
308 +#define xmlSecNssKeysStoreGetCtx( data ) \
309 + ( ( xmlSecNssKeysStoreCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyStore ) ) )
311 -static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
312 - sizeof(xmlSecKeyStoreKlass),
313 - xmlSecNssKeysStoreSize,
314 +int xmlSecNssKeysStoreAdoptKeySlot(
315 + xmlSecKeyStorePtr store ,
316 + xmlSecNssKeySlotPtr keySlot
317 +) {
318 + xmlSecNssKeysStoreCtxPtr context = NULL ;
319 +
320 + xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
321 + xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
322 + context = xmlSecNssKeysStoreGetCtx( store ) ;
323 + if( context == NULL ) {
324 + xmlSecError( XMLSEC_ERRORS_HERE ,
325 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
326 + "xmlSecNssKeysStoreGetCtx" ,
327 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
328 + XMLSEC_ERRORS_NO_MESSAGE ) ;
329 + return -1 ;
330 + }
331 +
332 + if( context->slotList == NULL ) {
333 + if( ( context->slotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ) == NULL ) {
334 + xmlSecError( XMLSEC_ERRORS_HERE ,
335 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
336 + "xmlSecPtrListCreate" ,
337 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
338 + XMLSEC_ERRORS_NO_MESSAGE ) ;
339 + return -1 ;
340 + }
341 + }
342 +
343 + if( !xmlSecPtrListCheckId( context->slotList , xmlSecNssKeySlotListId ) ) {
344 + xmlSecError( XMLSEC_ERRORS_HERE ,
345 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
346 + "xmlSecPtrListCheckId" ,
347 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
348 + XMLSEC_ERRORS_NO_MESSAGE ) ;
349 + return -1 ;
350 + }
351 +
352 + if( xmlSecPtrListAdd( context->slotList , keySlot ) < 0 ) {
353 + xmlSecError( XMLSEC_ERRORS_HERE ,
354 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
355 + "xmlSecPtrListAdd" ,
356 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
357 + XMLSEC_ERRORS_NO_MESSAGE ) ;
358 + return -1 ;
359 + }
360 + return 0 ;
361 +}
363 - /* data */
364 - BAD_CAST "NSS-keys-store", /* const xmlChar* name; */
365 -
366 - /* constructors/destructor */
367 - xmlSecNssKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */
368 - xmlSecNssKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */
369 - xmlSecNssKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */
370 -
371 - /* reserved for the future */
372 - NULL, /* void* reserved0; */
373 - NULL, /* void* reserved1; */
374 -};
375 +int xmlSecNssKeysStoreAdoptKey(
376 + xmlSecKeyStorePtr store ,
377 + xmlSecKeyPtr key
378 +) {
379 + xmlSecNssKeysStoreCtxPtr context = NULL ;
380 +
381 + xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
382 + xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
383 +
384 + context = xmlSecNssKeysStoreGetCtx( store ) ;
385 + if( context == NULL ) {
386 + xmlSecError( XMLSEC_ERRORS_HERE ,
387 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
388 + "xmlSecNssKeysStoreGetCtx" ,
389 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
390 + XMLSEC_ERRORS_NO_MESSAGE ) ;
391 + return -1 ;
392 + }
393 +
394 + if( context->keyList == NULL ) {
395 + if( ( context->keyList = xmlSecPtrListCreate( xmlSecKeyPtrListId ) ) == NULL ) {
396 + xmlSecError( XMLSEC_ERRORS_HERE ,
397 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
398 + "xmlSecPtrListCreate" ,
399 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
400 + XMLSEC_ERRORS_NO_MESSAGE ) ;
401 + return -1 ;
402 + }
403 + }
404 +
405 + if( !xmlSecPtrListCheckId( context->keyList , xmlSecKeyPtrListId ) ) {
406 + xmlSecError( XMLSEC_ERRORS_HERE ,
407 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
408 + "xmlSecPtrListCheckId" ,
409 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
410 + XMLSEC_ERRORS_NO_MESSAGE ) ;
411 + return -1 ;
412 + }
413 +
414 + if( xmlSecPtrListAdd( context->keyList , key ) < 0 ) {
415 + xmlSecError( XMLSEC_ERRORS_HERE ,
416 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
417 + "xmlSecPtrListAdd" ,
418 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
419 + XMLSEC_ERRORS_NO_MESSAGE ) ;
420 + return -1 ;
421 + }
423 -/**
424 - * xmlSecNssKeysStoreGetKlass:
425 - *
426 - * The Nss list based keys store klass.
427 + return 0 ;
428 +}
429 +
430 +/*
431 + * xmlSecKeyStoreInitializeMethod:
432 + * @store: the store.
433 + *
434 + * Keys store specific initialization method.
435 *
436 - * Returns: Nss list based keys store klass.
437 + * Returns 0 on success or a negative value if an error occurs.
438 */
439 -xmlSecKeyStoreId
440 -xmlSecNssKeysStoreGetKlass(void) {
441 - return(&xmlSecNssKeysStoreKlass);
442 +static int
443 +xmlSecNssKeysStoreInitialize(
444 + xmlSecKeyStorePtr store
445 +) {
446 + xmlSecNssKeysStoreCtxPtr context = NULL ;
447 +
448 + xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
449 + xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
450 +
451 + context = xmlSecNssKeysStoreGetCtx( store ) ;
452 + if( context == NULL ) {
453 + xmlSecError( XMLSEC_ERRORS_HERE ,
454 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
455 + "xmlSecNssKeysStoreGetCtx" ,
456 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
457 + XMLSEC_ERRORS_NO_MESSAGE ) ;
458 + return -1 ;
459 + }
460 +
461 + context->keyList = NULL ;
462 + context->slotList = NULL ;
463 +
464 + return 0 ;
465 }
467 /**
468 - * xmlSecNssKeysStoreAdoptKey:
469 - * @store: the pointer to Nss keys store.
470 - * @key: the pointer to key.
471 - *
472 - * Adds @key to the @store.
473 *
474 - * Returns: 0 on success or a negative value if an error occurs.
475 + * xmlSecKeyStoreFinalizeMethod:
476 + * @store: the store.
477 + *
478 + * Keys store specific finalization (destroy) method.
479 */
480 -int
481 -xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) {
482 - xmlSecKeyStorePtr *ss;
483 -
484 - xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
485 - xmlSecAssert2((key != NULL), -1);
486 +void
487 +xmlSecNssKeysStoreFinalize(
488 + xmlSecKeyStorePtr store
489 +) {
490 + xmlSecNssKeysStoreCtxPtr context = NULL ;
491 +
492 + xmlSecAssert( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) ) ;
493 + xmlSecAssert( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) ) ;
494 +
495 + context = xmlSecNssKeysStoreGetCtx( store ) ;
496 + if( context == NULL ) {
497 + xmlSecError( XMLSEC_ERRORS_HERE ,
498 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
499 + "xmlSecNssKeysStoreGetCtx" ,
500 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
501 + XMLSEC_ERRORS_NO_MESSAGE ) ;
502 + return ;
503 + }
504 +
505 + if( context->keyList != NULL ) {
506 + xmlSecPtrListDestroy( context->keyList ) ;
507 + context->keyList = NULL ;
508 + }
509 +
510 + if( context->slotList != NULL ) {
511 + xmlSecPtrListDestroy( context->slotList ) ;
512 + context->slotList = NULL ;
513 + }
514 +}
515 +
516 +xmlSecKeyPtr
517 +xmlSecNssKeysStoreFindKeyFromSlot(
518 + PK11SlotInfo* slot,
519 + const xmlChar* name,
520 + xmlSecKeyInfoCtxPtr keyInfoCtx
521 +) {
522 + xmlSecKeyPtr key = NULL ;
523 + xmlSecKeyDataPtr data = NULL ;
524 + int length ;
525 +
526 + xmlSecAssert2( slot != NULL , NULL ) ;
527 + xmlSecAssert2( name != NULL , NULL ) ;
528 + xmlSecAssert2( keyInfoCtx != NULL , NULL ) ;
529 +
530 + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSymmetric ) == xmlSecKeyDataTypeSymmetric ) {
531 + PK11SymKey* symKey ;
532 + PK11SymKey* curKey ;
533 +
534 + /* Find symmetric key from the slot by name */
535 + symKey = PK11_ListFixedKeysInSlot( slot , ( char* )name , NULL ) ;
536 + for( curKey = symKey ; curKey != NULL ; curKey = PK11_GetNextSymKey( curKey ) ) {
537 + /* Check the key request */
538 + length = PK11_GetKeyLength( curKey ) ;
539 + length *= 8 ;
540 + if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
541 + ( length > 0 ) &&
542 + ( length < keyInfoCtx->keyReq.keyBitsSize ) )
543 + continue ;
544 +
545 + /* We find a eligible key */
546 + data = xmlSecNssSymKeyDataKeyAdopt( curKey ) ;
547 + if( data == NULL ) {
548 + /* Do nothing */
549 + }
550 + break ;
551 + }
552 +
553 + /* Destroy the sym key list */
554 + for( curKey = symKey ; curKey != NULL ; ) {
555 + symKey = curKey ;
556 + curKey = PK11_GetNextSymKey( symKey ) ;
557 + PK11_FreeSymKey( symKey ) ;
558 + }
559 + } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
560 + SECKEYPublicKeyList* pubKeyList ;
561 + SECKEYPublicKey* pubKey ;
562 + SECKEYPublicKeyListNode* curPub ;
563 +
564 + /* Find asymmetric key from the slot by name */
565 + pubKeyList = PK11_ListPublicKeysInSlot( slot , ( char* )name ) ;
566 + pubKey = NULL ;
567 + curPub = PUBKEY_LIST_HEAD(pubKeyList);
568 + for( ; !PUBKEY_LIST_END(curPub, pubKeyList) ; curPub = PUBKEY_LIST_NEXT( curPub ) ) {
569 + /* Check the key request */
570 + length = SECKEY_PublicKeyStrength( curPub->key ) ;
571 + length *= 8 ;
572 + if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
573 + ( length > 0 ) &&
574 + ( length < keyInfoCtx->keyReq.keyBitsSize ) )
575 + continue ;
576 +
577 + /* We find a eligible key */
578 + pubKey = curPub->key ;
579 + break ;
580 + }
581 +
582 + if( pubKey != NULL ) {
583 + data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
584 + if( data == NULL ) {
585 + /* Do nothing */
586 + }
587 + }
588 +
589 + /* Destroy the public key list */
590 + SECKEY_DestroyPublicKeyList( pubKeyList ) ;
591 + } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
592 + SECKEYPrivateKeyList* priKeyList = NULL ;
593 + SECKEYPrivateKey* priKey = NULL ;
594 + SECKEYPrivateKeyListNode* curPri ;
595 +
596 + /* Find asymmetric key from the slot by name */
597 + priKeyList = PK11_ListPrivKeysInSlot( slot , ( char* )name , NULL ) ;
598 + priKey = NULL ;
599 + curPri = PRIVKEY_LIST_HEAD(priKeyList);
600 + for( ; !PRIVKEY_LIST_END(curPri, priKeyList) ; curPri = PRIVKEY_LIST_NEXT( curPri ) ) {
601 + /* Check the key request */
602 + length = PK11_SignatureLen( curPri->key ) ;
603 + length *= 8 ;
604 + if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
605 + ( length > 0 ) &&
606 + ( length < keyInfoCtx->keyReq.keyBitsSize ) )
607 + continue ;
608 +
609 + /* We find a eligible key */
610 + priKey = curPri->key ;
611 + break ;
612 + }
613 +
614 + if( priKey != NULL ) {
615 + data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
616 + if( data == NULL ) {
617 + /* Do nothing */
618 + }
619 + }
620 +
621 + /* Destroy the private key list */
622 + SECKEY_DestroyPrivateKeyList( priKeyList ) ;
623 + }
624 +
625 + /* If we have gotten the key value */
626 + if( data != NULL ) {
627 + if( ( key = xmlSecKeyCreate() ) == NULL ) {
628 + xmlSecError( XMLSEC_ERRORS_HERE ,
629 + NULL ,
630 + "xmlSecKeyCreate" ,
631 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
632 + XMLSEC_ERRORS_NO_MESSAGE ) ;
633 +
634 + xmlSecKeyDataDestroy( data ) ;
635 + return NULL ;
636 + }
637 +
638 + if( xmlSecKeySetValue( key , data ) < 0 ) {
639 + xmlSecError( XMLSEC_ERRORS_HERE ,
640 + NULL ,
641 + "xmlSecKeySetValue" ,
642 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
643 + XMLSEC_ERRORS_NO_MESSAGE ) ;
644 +
645 + xmlSecKeyDestroy( key ) ;
646 + xmlSecKeyDataDestroy( data ) ;
647 + return NULL ;
648 + }
649 + }
651 - ss = xmlSecNssKeysStoreGetSS(store);
652 - xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
653 - (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
654 + return(key);
655 +}
656 +
657 +/**
658 + * xmlSecKeyStoreFindKeyMethod:
659 + * @store: the store.
660 + * @name: the desired key name.
661 + * @keyInfoCtx: the pointer to key info context.
662 + *
663 + * Keys store specific find method. The caller is responsible for destroying
664 + * the returned key using #xmlSecKeyDestroy method.
665 + *
666 + * Returns the pointer to a key or NULL if key is not found or an error occurs.
667 + */
668 +static xmlSecKeyPtr
669 +xmlSecNssKeysStoreFindKey(
670 + xmlSecKeyStorePtr store ,
671 + const xmlChar* name ,
672 + xmlSecKeyInfoCtxPtr keyInfoCtx
673 +) {
674 + xmlSecNssKeysStoreCtxPtr context = NULL ;
675 + xmlSecKeyPtr key = NULL ;
676 + xmlSecNssKeySlotPtr keySlot = NULL ;
677 + xmlSecSize pos ;
678 + xmlSecSize size ;
679 +
680 + xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , NULL ) ;
681 + xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , NULL ) ;
682 + xmlSecAssert2( keyInfoCtx != NULL , NULL ) ;
683 +
684 + context = xmlSecNssKeysStoreGetCtx( store ) ;
685 + if( context == NULL ) {
686 + xmlSecError( XMLSEC_ERRORS_HERE ,
687 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
688 + "xmlSecNssKeysStoreGetCtx" ,
689 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
690 + XMLSEC_ERRORS_NO_MESSAGE ) ;
691 + return NULL ;
692 + }
693 +
694 + /*-
695 + * Look for key at keyList at first.
696 + */
697 + if( context->keyList != NULL ) {
698 + size = xmlSecPtrListGetSize( context->keyList ) ;
699 + for( pos = 0 ; pos < size ; pos ++ ) {
700 + key = ( xmlSecKeyPtr )xmlSecPtrListGetItem( context->keyList , pos ) ;
701 + if( key != NULL && xmlSecKeyMatch( key , name , &( keyInfoCtx->keyReq ) ) ) {
702 + return xmlSecKeyDuplicate( key ) ;
703 + }
704 + }
705 + }
706 +
707 + /*-
708 + * Find the key from slotList
709 + */
710 + if( context->slotList != NULL ) {
711 + PK11SlotInfo* slot = NULL ;
712 +
713 + size = xmlSecPtrListGetSize( context->slotList ) ;
714 + for( pos = 0 ; pos < size ; pos ++ ) {
715 + keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( context->slotList , pos ) ;
716 + slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
717 + if( slot == NULL ) {
718 + continue ;
719 + } else {
720 + key = xmlSecNssKeysStoreFindKeyFromSlot( slot, name, keyInfoCtx ) ;
721 + if( key == NULL ) {
722 + continue ;
723 + } else {
724 + return( key ) ;
725 + }
726 + }
727 + }
728 + }
729 +
730 + /*-
731 + * Create a session key if we can not find the key from keyList and slotList
732 + */
733 + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSession ) == xmlSecKeyDataTypeSession ) {
734 + key = xmlSecKeyGenerate( keyInfoCtx->keyReq.keyId , keyInfoCtx->keyReq.keyBitsSize , xmlSecKeyDataTypeSession ) ;
735 + if( key == NULL ) {
736 + xmlSecError( XMLSEC_ERRORS_HERE ,
737 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
738 + "xmlSecKeySetValue" ,
739 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
740 + XMLSEC_ERRORS_NO_MESSAGE ) ;
741 + return NULL ;
742 + }
743 +
744 + return key ;
745 + }
746 +
747 + /**
748 + * We have no way to find the key any more.
749 + */
750 + return NULL ;
751 +}
752 +
753 +static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
754 + sizeof( xmlSecKeyStoreKlass ) ,
755 + xmlSecNssKeysStoreSize ,
756 + BAD_CAST "implicit_nss_keys_store" ,
757 + xmlSecNssKeysStoreInitialize ,
758 + xmlSecNssKeysStoreFinalize ,
759 + xmlSecNssKeysStoreFindKey ,
760 + NULL ,
761 + NULL
762 +} ;
764 - return (xmlSecSimpleKeysStoreAdoptKey(*ss, key));
765 +/**
766 + * xmlSecNssKeysStoreGetKlass:
767 + *
768 + * The simple list based keys store klass.
769 + *
770 + */
771 +xmlSecKeyStoreId
772 +xmlSecNssKeysStoreGetKlass( void ) {
773 + return &xmlSecNssKeysStoreKlass ;
774 }
776 +/**************************
777 + * Application routines
778 + */
779 +
780 /**
781 * xmlSecNssKeysStoreLoad:
782 * @store: the pointer to Nss keys store.
783 @@ -252,234 +651,147 @@
784 */
785 int
786 xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) {
787 - xmlSecKeyStorePtr *ss;
788 + xmlSecKeyInfoCtx keyInfoCtx;
789 + xmlSecNssKeysStoreCtxPtr context ;
790 + xmlSecPtrListPtr list;
791 + xmlSecKeyPtr key;
792 + xmlSecSize i, keysSize;
793 + xmlDocPtr doc;
794 + xmlNodePtr cur;
795 + xmlSecKeyDataPtr data;
796 + xmlSecPtrListPtr idsList;
797 + xmlSecKeyDataId dataId;
798 + xmlSecSize idsSize, j;
799 + int ret;
801 xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
802 - xmlSecAssert2((filename != NULL), -1);
803 -
804 - ss = xmlSecNssKeysStoreGetSS(store);
805 - xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
806 - (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
807 -
808 - return (xmlSecSimpleKeysStoreSave(*ss, filename, type));
809 -}
810 -
811 -static int
812 -xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) {
813 - xmlSecKeyStorePtr *ss;
814 + xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ), -1 ) ;
815 + xmlSecAssert2(filename != NULL, -1);
817 - xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
818 + context = xmlSecNssKeysStoreGetCtx( store ) ;
819 + xmlSecAssert2( context != NULL, -1 );
821 - ss = xmlSecNssKeysStoreGetSS(store);
822 - xmlSecAssert2((*ss == NULL), -1);
823 + list = context->keyList ;
824 + xmlSecAssert2( list != NULL, -1 );
825 + xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1);
827 - *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
828 - if(*ss == NULL) {
829 - xmlSecError(XMLSEC_ERRORS_HERE,
830 + /* create doc */
831 + doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs);
832 + if(doc == NULL) {
833 + xmlSecError(XMLSEC_ERRORS_HERE,
834 xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
835 - "xmlSecKeyStoreCreate",
836 + "xmlSecCreateTree",
837 XMLSEC_ERRORS_R_XMLSEC_FAILED,
838 - "xmlSecSimpleKeysStoreId");
839 + XMLSEC_ERRORS_NO_MESSAGE);
840 return(-1);
841 }
843 - return(0);
844 -}
845 -
846 -static void
847 -xmlSecNssKeysStoreFinalize(xmlSecKeyStorePtr store) {
848 - xmlSecKeyStorePtr *ss;
849 -
850 - xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId));
851 -
852 - ss = xmlSecNssKeysStoreGetSS(store);
853 - xmlSecAssert((ss != NULL) && (*ss != NULL));
854 -
855 - xmlSecKeyStoreDestroy(*ss);
856 -}
857 -
858 -static xmlSecKeyPtr
859 -xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
860 - xmlSecKeyInfoCtxPtr keyInfoCtx) {
861 - xmlSecKeyStorePtr* ss;
862 - xmlSecKeyPtr key = NULL;
863 - xmlSecKeyPtr retval = NULL;
864 - xmlSecKeyReqPtr keyReq = NULL;
865 - CERTCertificate *cert = NULL;
866 - SECKEYPublicKey *pubkey = NULL;
867 - SECKEYPrivateKey *privkey = NULL;
868 - xmlSecKeyDataPtr data = NULL;
869 - xmlSecKeyDataPtr x509Data = NULL;
870 - int ret;
871 -
872 - xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL);
873 - xmlSecAssert2(keyInfoCtx != NULL, NULL);
874 -
875 - ss = xmlSecNssKeysStoreGetSS(store);
876 - xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL);
877 -
878 - key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx);
879 - if (key != NULL) {
880 - return (key);
881 - }
882 -
883 - /* Try to find the key in the NSS DB, and construct an xmlSecKey.
884 - * we must have a name to lookup keys in NSS DB.
885 - */
886 - if (name == NULL) {
887 - goto done;
888 - }
889 + idsList = xmlSecKeyDataIdsGet();
890 + xmlSecAssert2(idsList != NULL, -1);
892 - /* what type of key are we looking for?
893 - * TBD: For now, we'll look only for public/private keys using the
894 - * name as a cert nickname. Later on, we can attempt to find
895 - * symmetric keys using PK11_FindFixedKey
896 - */
897 - keyReq = &(keyInfoCtx->keyReq);
898 - if (keyReq->keyType &
899 - (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) {
900 - cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name);
901 - if (cert == NULL) {
902 - goto done;
903 - }
904 + keysSize = xmlSecPtrListGetSize(list);
905 + idsSize = xmlSecPtrListGetSize(idsList);
906 + for(i = 0; i < keysSize; ++i) {
907 + key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i);
908 + xmlSecAssert2(key != NULL, -1);
910 - if (keyReq->keyType & xmlSecKeyDataTypePublic) {
911 - pubkey = CERT_ExtractPublicKey(cert);
912 - if (pubkey == NULL) {
913 + cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs);
914 + if(cur == NULL) {
915 xmlSecError(XMLSEC_ERRORS_HERE,
916 - NULL,
917 - "CERT_ExtractPublicKey",
918 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
919 - XMLSEC_ERRORS_NO_MESSAGE);
920 - goto done;
921 - }
922 + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
923 + "xmlSecAddChild",
924 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
925 + "node=%s",
926 + xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
927 + xmlFreeDoc(doc);
928 + return(-1);
929 }
931 - if (keyReq->keyType & xmlSecKeyDataTypePrivate) {
932 - privkey = PK11_FindKeyByAnyCert(cert, NULL);
933 - if (privkey == NULL) {
934 + /* special data key name */
935 + if(xmlSecKeyGetName(key) != NULL) {
936 + if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) {
937 xmlSecError(XMLSEC_ERRORS_HERE,
938 - NULL,
939 - "PK11_FindKeyByAnyCert",
940 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
941 - XMLSEC_ERRORS_NO_MESSAGE);
942 - goto done;
943 + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
944 + "xmlSecAddChild",
945 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
946 + "node=%s",
947 + xmlSecErrorsSafeString(xmlSecNodeKeyName));
948 + xmlFreeDoc(doc);
949 + return(-1);
950 }
951 }
953 - data = xmlSecNssPKIAdoptKey(privkey, pubkey);
954 - if(data == NULL) {
955 - xmlSecError(XMLSEC_ERRORS_HERE,
956 - NULL,
957 - "xmlSecNssPKIAdoptKey",
958 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
959 - XMLSEC_ERRORS_NO_MESSAGE);
960 - goto done;
961 - }
962 - privkey = NULL;
963 - pubkey = NULL;
964 -
965 - key = xmlSecKeyCreate();
966 - if (key == NULL) {
967 - xmlSecError(XMLSEC_ERRORS_HERE,
968 - NULL,
969 - "xmlSecKeyCreate",
970 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
971 - XMLSEC_ERRORS_NO_MESSAGE);
972 - return (NULL);
973 - }
974 -
975 - x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id);
976 - if(x509Data == NULL) {
977 - xmlSecError(XMLSEC_ERRORS_HERE,
978 - NULL,
979 - "xmlSecKeyDataCreate",
980 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
981 - "transform=%s",
982 - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id)));
983 - goto done;
984 - }
985 + /* create nodes for other keys data */
986 + for(j = 0; j < idsSize; ++j) {
987 + dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j);
988 + xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1);
989 +
990 + if(dataId->dataNodeName == NULL) {
991 + continue;
992 + }
993 +
994 + data = xmlSecKeyGetData(key, dataId);
995 + if(data == NULL) {
996 + continue;
997 + }
999 - ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert);
1000 - if (ret < 0) {
1001 - xmlSecError(XMLSEC_ERRORS_HERE,
1002 - NULL,
1003 - "xmlSecNssKeyDataX509AdoptKeyCert",
1004 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
1005 - "data=%s",
1006 - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
1007 - goto done;
1008 - }
1009 - cert = CERT_DupCertificate(cert);
1010 - if (cert == NULL) {
1011 - xmlSecError(XMLSEC_ERRORS_HERE,
1012 - NULL,
1013 - "CERT_DupCertificate",
1014 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
1015 - "data=%s",
1016 - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
1017 - goto done;
1018 + if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) {
1019 + xmlSecError(XMLSEC_ERRORS_HERE,
1020 + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
1021 + "xmlSecAddChild",
1022 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
1023 + "node=%s",
1024 + xmlSecErrorsSafeString(dataId->dataNodeName));
1025 + xmlFreeDoc(doc);
1026 + return(-1);
1027 + }
1028 }
1030 - ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert);
1031 + ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
1032 if (ret < 0) {
1033 xmlSecError(XMLSEC_ERRORS_HERE,
1034 - NULL,
1035 - "xmlSecNssKeyDataX509AdoptCert",
1036 + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
1037 + "xmlSecKeyInfoCtxInitialize",
1038 XMLSEC_ERRORS_R_XMLSEC_FAILED,
1039 - "data=%s",
1040 - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
1041 - goto done;
1042 + XMLSEC_ERRORS_NO_MESSAGE);
1043 + xmlFreeDoc(doc);
1044 + return(-1);
1045 }
1046 - cert = NULL;
1048 - ret = xmlSecKeySetValue(key, data);
1049 - if (ret < 0) {
1050 - xmlSecError(XMLSEC_ERRORS_HERE,
1051 - NULL,
1052 - "xmlSecKeySetValue",
1053 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
1054 - "data=%s",
1055 - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
1056 - goto done;
1057 - }
1058 - data = NULL;
1059 + keyInfoCtx.mode = xmlSecKeyInfoModeWrite;
1060 + keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
1061 + keyInfoCtx.keyReq.keyType = type;
1062 + keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny;
1064 - ret = xmlSecKeyAdoptData(key, x509Data);
1065 + /* finally write key in the node */
1066 + ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx);
1067 if (ret < 0) {
1068 xmlSecError(XMLSEC_ERRORS_HERE,
1069 - NULL,
1070 - "xmlSecKeyAdoptData",
1071 + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
1072 + "xmlSecKeyInfoNodeWrite",
1073 XMLSEC_ERRORS_R_XMLSEC_FAILED,
1074 - "data=%s",
1075 - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
1076 - goto done;
1077 - }
1078 - x509Data = NULL;
1079 + XMLSEC_ERRORS_NO_MESSAGE);
1080 + xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
1081 + xmlFreeDoc(doc);
1082 + return(-1);
1083 + }
1085 - retval = key;
1086 - key = NULL;
1087 + xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
1088 }
1090 -done:
1091 - if (cert != NULL) {
1092 - CERT_DestroyCertificate(cert);
1093 - }
1094 - if (pubkey != NULL) {
1095 - SECKEY_DestroyPublicKey(pubkey);
1096 - }
1097 - if (privkey != NULL) {
1098 - SECKEY_DestroyPrivateKey(privkey);
1099 - }
1100 - if (data != NULL) {
1101 - xmlSecKeyDataDestroy(data);
1102 - }
1103 - if (x509Data != NULL) {
1104 - xmlSecKeyDataDestroy(x509Data);
1105 - }
1106 - if (key != NULL) {
1107 - xmlSecKeyDestroy(key);
1108 + /* now write result */
1109 + ret = xmlSaveFormatFile(filename, doc, 1);
1110 + if (ret < 0) {
1111 + xmlSecError(XMLSEC_ERRORS_HERE,
1112 + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
1113 + "xmlSaveFormatFile",
1114 + XMLSEC_ERRORS_R_XML_FAILED,
1115 + "filename=%s",
1116 + xmlSecErrorsSafeString(filename));
1117 + xmlFreeDoc(doc);
1118 + return(-1);
1119 }
1121 - return (retval);
1122 + xmlFreeDoc(doc);
1123 + return(0);
1124 }
1125 --- misc/xmlsec1-1.2.14/src/nss/pkikeys.c 2009-06-25 22:53:18.000000000 +0200
1126 +++ misc/build/xmlsec1-1.2.14/src/nss/pkikeys.c 2009-09-21 14:02:48.657352624 +0200
1127 @@ -24,6 +24,7 @@
1128 #include <xmlsec/nss/crypto.h>
1129 #include <xmlsec/nss/bignum.h>
1130 #include <xmlsec/nss/pkikeys.h>
1131 +#include <xmlsec/nss/tokens.h>
1133 /**************************************************************************
1134 *
1135 @@ -115,6 +116,8 @@
1136 xmlSecNssPKIKeyDataCtxPtr ctxSrc)
1137 {
1138 xmlSecNSSPKIKeyDataCtxFree(ctxDst);
1139 + ctxDst->privkey = NULL ;
1140 + ctxDst->pubkey = NULL ;
1141 if (ctxSrc->privkey != NULL) {
1142 ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey);
1143 if(ctxDst->privkey == NULL) {
1144 @@ -588,13 +591,13 @@
1145 goto done;
1146 }
1148 - slot = PK11_GetBestSlot(CKM_DSA, NULL);
1149 + slot = xmlSecNssSlotGet(CKM_DSA);
1150 if(slot == NULL) {
1151 xmlSecError(XMLSEC_ERRORS_HERE,
1152 xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
1153 - "PK11_GetBestSlot",
1154 + "xmlSecNssSlotGet",
1155 XMLSEC_ERRORS_R_CRYPTO_FAILED,
1156 - XMLSEC_ERRORS_NO_MESSAGE);
1157 + "error code=%d", PORT_GetError());
1158 ret = -1;
1159 goto done;
1160 }
1161 @@ -792,14 +795,14 @@
1162 if (slot != NULL) {
1163 PK11_FreeSlot(slot);
1164 }
1165 - if (ret != 0) {
1166 +
1167 if (pubkey != NULL) {
1168 SECKEY_DestroyPublicKey(pubkey);
1169 }
1170 if (data != NULL) {
1171 xmlSecKeyDataDestroy(data);
1172 }
1173 - }
1174 +
1175 return(ret);
1176 }
1178 @@ -818,7 +821,7 @@
1180 ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
1181 xmlSecAssert2(ctx != NULL, -1);
1182 - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
1183 +/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
1185 if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
1186 /* we can have only private key or public key */
1187 @@ -940,7 +943,8 @@
1188 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
1189 "PK11_PQG_ParamGen",
1190 XMLSEC_ERRORS_R_CRYPTO_FAILED,
1191 - "size=%d", sizeBits);
1192 + "size=%d, error code=%d", sizeBits, PORT_GetError());
1193 + ret = -1;
1194 goto done;
1195 }
1197 @@ -950,11 +954,12 @@
1198 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
1199 "PK11_PQG_VerifyParams",
1200 XMLSEC_ERRORS_R_CRYPTO_FAILED,
1201 - "size=%d", sizeBits);
1202 + "size=%d, error code=%d", sizeBits, PORT_GetError());
1203 + ret = -1;
1204 goto done;
1205 }
1207 - slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL);
1208 + slot = xmlSecNssSlotGet(CKM_DSA_KEY_PAIR_GEN);
1209 PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
1210 privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams,
1211 &pubkey, PR_FALSE, PR_TRUE, NULL);
1212 @@ -964,8 +969,9 @@
1213 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
1214 "PK11_GenerateKeyPair",
1215 XMLSEC_ERRORS_R_CRYPTO_FAILED,
1216 - XMLSEC_ERRORS_NO_MESSAGE);
1217 + "error code=%d", PORT_GetError());
1219 + ret = -1;
1220 goto done;
1221 }
1223 @@ -979,6 +985,8 @@
1224 goto done;
1225 }
1227 + privkey = NULL ;
1228 + pubkey = NULL ;
1229 ret = 0;
1231 done:
1232 @@ -991,16 +999,13 @@
1233 if (pqgVerify != NULL) {
1234 PK11_PQG_DestroyVerify(pqgVerify);
1235 }
1236 - if (ret == 0) {
1237 - return (0);
1238 - }
1239 if (pubkey != NULL) {
1240 SECKEY_DestroyPublicKey(pubkey);
1241 }
1242 if (privkey != NULL) {
1243 SECKEY_DestroyPrivateKey(privkey);
1244 }
1245 - return(-1);
1246 + return(ret);
1247 }
1249 static xmlSecKeyDataType
1250 @@ -1010,10 +1015,10 @@
1251 xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown);
1252 ctx = xmlSecNssPKIKeyDataGetCtx(data);
1253 xmlSecAssert2(ctx != NULL, -1);
1254 - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
1255 +/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
1256 if (ctx->privkey != NULL) {
1257 return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
1258 - } else {
1259 + } else if( ctx->pubkey != NULL ) {
1260 return(xmlSecKeyDataTypePublic);
1261 }
1263 @@ -1027,7 +1032,7 @@
1264 xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0);
1265 ctx = xmlSecNssPKIKeyDataGetCtx(data);
1266 xmlSecAssert2(ctx != NULL, -1);
1267 - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
1268 +/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
1270 return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
1271 }
1272 @@ -1216,13 +1221,13 @@
1273 goto done;
1274 }
1276 - slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL);
1277 + slot = xmlSecNssSlotGet(CKM_RSA_PKCS);
1278 if(slot == NULL) {
1279 xmlSecError(XMLSEC_ERRORS_HERE,
1280 xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
1281 - "PK11_GetBestSlot",
1282 + "xmlSecNssSlotGet",
1283 XMLSEC_ERRORS_R_CRYPTO_FAILED,
1284 - XMLSEC_ERRORS_NO_MESSAGE);
1285 + "error code=%d", PORT_GetError());
1286 ret = -1;
1287 goto done;
1288 }
1289 @@ -1384,7 +1389,7 @@
1291 ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
1292 xmlSecAssert2(ctx != NULL, -1);
1293 - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
1294 +/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/
1297 if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
1298 @@ -1455,7 +1460,7 @@
1299 params.keySizeInBits = sizeBits;
1300 params.pe = 65537;
1302 - slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL);
1303 + slot = xmlSecNssSlotGet(CKM_RSA_PKCS_KEY_PAIR_GEN);
1304 PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
1305 privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, ¶ms,
1306 &pubkey, PR_FALSE, PR_TRUE, NULL);
1307 @@ -1525,7 +1530,7 @@
1309 ctx = xmlSecNssPKIKeyDataGetCtx(data);
1310 xmlSecAssert2(ctx != NULL, -1);
1311 - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
1312 +/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/
1314 return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
1315 }
1316 --- misc/xmlsec1-1.2.14/src/nss/symkeys.c 2009-06-25 22:53:18.000000000 +0200
1317 +++ misc/build/xmlsec1-1.2.14/src/nss/symkeys.c 2009-09-21 14:02:48.620574832 +0200
1318 @@ -15,20 +15,41 @@
1319 #include <stdio.h>
1320 #include <string.h>
1322 +#include <pk11func.h>
1323 +#include <nss.h>
1324 +
1325 #include <xmlsec/xmlsec.h>
1326 #include <xmlsec/xmltree.h>
1327 +#include <xmlsec/base64.h>
1328 #include <xmlsec/keys.h>
1329 #include <xmlsec/keyinfo.h>
1330 #include <xmlsec/transforms.h>
1331 #include <xmlsec/errors.h>
1333 #include <xmlsec/nss/crypto.h>
1334 +#include <xmlsec/nss/ciphers.h>
1335 +#include <xmlsec/nss/tokens.h>
1337 /*****************************************************************************
1338 *
1339 - * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary
1340 + * Symmetic (binary) keys - a wrapper over slot information and PK11SymKey
1341 *
1342 ****************************************************************************/
1343 +typedef struct _xmlSecNssSymKeyDataCtx xmlSecNssSymKeyDataCtx ;
1344 +typedef struct _xmlSecNssSymKeyDataCtx* xmlSecNssSymKeyDataCtxPtr ;
1345 +
1346 +struct _xmlSecNssSymKeyDataCtx {
1347 + CK_MECHANISM_TYPE cipher ; /* the symmetic key mechanism */
1348 + PK11SlotInfo* slot ; /* the key resident slot */
1349 + PK11SymKey* symkey ; /* the symmetic key */
1350 +} ;
1351 +
1352 +#define xmlSecNssSymKeyDataSize \
1353 + ( sizeof( xmlSecKeyData ) + sizeof( xmlSecNssSymKeyDataCtx ) )
1354 +
1355 +#define xmlSecNssSymKeyDataGetCtx( data ) \
1356 + ( ( xmlSecNssSymKeyDataCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyData ) ) )
1357 +
1358 static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data);
1359 static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
1360 xmlSecKeyDataPtr src);
1361 @@ -67,107 +88,743 @@
1362 (xmlSecKeyDataIsValid((data)) && \
1363 xmlSecNssSymKeyDataKlassCheck((data)->id))
1365 +/**
1366 + * xmlSecNssSymKeyDataAdoptKey:
1367 + * @data: the pointer to symmetric key data.
1368 + * @symkey: the symmetric key
1369 + *
1370 + * Set the value of symmetric key data.
1371 + *
1372 + * Returns 0 on success or a negative value if an error occurs.
1373 + */
1374 +int
1375 +xmlSecNssSymKeyDataAdoptKey(
1376 + xmlSecKeyDataPtr data ,
1377 + PK11SymKey* symkey
1378 +) {
1379 + xmlSecNssSymKeyDataCtxPtr context = NULL ;
1380 +
1381 + xmlSecAssert2( xmlSecNssSymKeyDataCheckId( data ), -1 ) ;
1382 + xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), -1 ) ;
1383 + xmlSecAssert2( symkey != NULL, -1 ) ;
1384 +
1385 + context = xmlSecNssSymKeyDataGetCtx( data ) ;
1386 + xmlSecAssert2(context != NULL, -1);
1387 +
1388 + context->cipher = PK11_GetMechanism( symkey ) ;
1389 +
1390 + if( context->slot != NULL ) {
1391 + PK11_FreeSlot( context->slot ) ;
1392 + context->slot = NULL ;
1393 + }
1394 + context->slot = PK11_GetSlotFromKey( symkey ) ;
1395 +
1396 + if( context->symkey != NULL ) {
1397 + PK11_FreeSymKey( context->symkey ) ;
1398 + context->symkey = NULL ;
1399 + }
1400 + context->symkey = PK11_ReferenceSymKey( symkey ) ;
1401 +
1402 + return 0 ;
1403 +}
1404 +
1405 +xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt(
1406 + PK11SymKey* symKey
1407 +) {
1408 + xmlSecKeyDataPtr data = NULL ;
1409 + CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM ;
1410 +
1411 + xmlSecAssert2( symKey != NULL , NULL ) ;
1412 +
1413 + mechanism = PK11_GetMechanism( symKey ) ;
1414 + switch( mechanism ) {
1415 + case CKM_DES3_KEY_GEN :
1416 + case CKM_DES3_CBC :
1417 + case CKM_DES3_MAC :
1418 + data = xmlSecKeyDataCreate( xmlSecNssKeyDataDesId ) ;
1419 + if( data == NULL ) {
1420 + xmlSecError( XMLSEC_ERRORS_HERE ,
1421 + NULL ,
1422 + "xmlSecKeyDataCreate" ,
1423 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
1424 + "xmlSecNssKeyDataDesId" ) ;
1425 + return NULL ;
1426 + }
1427 + break ;
1428 + case CKM_AES_KEY_GEN :
1429 + case CKM_AES_CBC :
1430 + case CKM_AES_MAC :
1431 + data = xmlSecKeyDataCreate( xmlSecNssKeyDataAesId ) ;
1432 + if( data == NULL ) {
1433 + xmlSecError( XMLSEC_ERRORS_HERE ,
1434 + NULL ,
1435 + "xmlSecKeyDataCreate" ,
1436 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
1437 + "xmlSecNssKeyDataDesId" ) ;
1438 + return NULL ;
1439 + }
1440 + break ;
1441 + default :
1442 + xmlSecError( XMLSEC_ERRORS_HERE ,
1443 + NULL ,
1444 + NULL ,
1445 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
1446 + "Unsupported mechanism" ) ;
1447 + return NULL ;
1448 + }
1449 +
1450 + if( xmlSecNssSymKeyDataAdoptKey( data , symKey ) < 0 ) {
1451 + xmlSecError( XMLSEC_ERRORS_HERE ,
1452 + NULL ,
1453 + "xmlSecNssSymKeyDataAdoptKey" ,
1454 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
1455 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1456 +
1457 + xmlSecKeyDataDestroy( data ) ;
1458 + return NULL ;
1459 + }
1460 +
1461 + return data ;
1462 +}
1463 +
1464 +
1465 +PK11SymKey*
1466 +xmlSecNssSymKeyDataGetKey(
1467 + xmlSecKeyDataPtr data
1468 +) {
1469 + xmlSecNssSymKeyDataCtxPtr ctx;
1470 + PK11SymKey* symkey ;
1471 +
1472 + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), NULL);
1473 + xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), NULL);
1474 +
1475 + ctx = xmlSecNssSymKeyDataGetCtx(data);
1476 + xmlSecAssert2(ctx != NULL, NULL);
1477 +
1478 + if( ctx->symkey != NULL ) {
1479 + symkey = PK11_ReferenceSymKey( ctx->symkey ) ;
1480 + } else {
1481 + symkey = NULL ;
1482 + }
1483 +
1484 + return(symkey);
1485 +}
1486 +
1487 static int
1488 xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) {
1489 + xmlSecNssSymKeyDataCtxPtr ctx;
1490 +
1491 xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
1492 -
1493 - return(xmlSecKeyDataBinaryValueInitialize(data));
1494 + xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), -1);
1495 +
1496 + ctx = xmlSecNssSymKeyDataGetCtx(data);
1497 + xmlSecAssert2(ctx != NULL, -1);
1498 +
1499 + memset( ctx, 0, sizeof(xmlSecNssSymKeyDataCtx));
1500 +
1501 + /* Set the block cipher mechanism */
1502 +#ifndef XMLSEC_NO_DES
1503 + if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) {
1504 + ctx->cipher = CKM_DES3_KEY_GEN;
1505 + } else
1506 +#endif /* XMLSEC_NO_DES */
1507 +
1508 +#ifndef XMLSEC_NO_AES
1509 + if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) {
1510 + ctx->cipher = CKM_AES_KEY_GEN;
1511 + } else
1512 +#endif /* XMLSEC_NO_AES */
1513 +
1514 + if(1) {
1515 + xmlSecError( XMLSEC_ERRORS_HERE ,
1516 + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
1517 + NULL ,
1518 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1519 + "Unsupported block cipher" ) ;
1520 + return(-1) ;
1521 + }
1522 +
1523 + return(0);
1524 }
1526 static int
1527 xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
1528 + xmlSecNssSymKeyDataCtxPtr ctxDst;
1529 + xmlSecNssSymKeyDataCtxPtr ctxSrc;
1530 +
1531 xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1);
1532 + xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecNssSymKeyDataSize), -1);
1533 xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1);
1534 + xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecNssSymKeyDataSize), -1);
1535 xmlSecAssert2(dst->id == src->id, -1);
1536 -
1537 - return(xmlSecKeyDataBinaryValueDuplicate(dst, src));
1538 +
1539 + ctxDst = xmlSecNssSymKeyDataGetCtx(dst);
1540 + xmlSecAssert2(ctxDst != NULL, -1);
1541 +
1542 + ctxSrc = xmlSecNssSymKeyDataGetCtx(src);
1543 + xmlSecAssert2(ctxSrc != NULL, -1);
1544 +
1545 + ctxDst->cipher = ctxSrc->cipher ;
1546 +
1547 + if( ctxSrc->slot != NULL ) {
1548 + if( ctxDst->slot != NULL && ctxDst->slot != ctxSrc->slot ) {
1549 + PK11_FreeSlot( ctxDst->slot ) ;
1550 + ctxDst->slot = NULL ;
1551 + }
1552 +
1553 + if( ctxDst->slot == NULL && ctxSrc->slot != NULL )
1554 + ctxDst->slot = PK11_ReferenceSlot( ctxSrc->slot ) ;
1555 + } else {
1556 + if( ctxDst->slot != NULL ) {
1557 + PK11_FreeSlot( ctxDst->slot ) ;
1558 + ctxDst->slot = NULL ;
1559 + }
1560 + }
1561 +
1562 + if( ctxSrc->symkey != NULL ) {
1563 + if( ctxDst->symkey != NULL && ctxDst->symkey != ctxSrc->symkey ) {
1564 + PK11_FreeSymKey( ctxDst->symkey ) ;
1565 + ctxDst->symkey = NULL ;
1566 + }
1567 +
1568 + if( ctxDst->symkey == NULL && ctxSrc->symkey != NULL )
1569 + ctxDst->symkey = PK11_ReferenceSymKey( ctxSrc->symkey ) ;
1570 + } else {
1571 + if( ctxDst->symkey != NULL ) {
1572 + PK11_FreeSymKey( ctxDst->symkey ) ;
1573 + ctxDst->symkey = NULL ;
1574 + }
1575 + }
1576 +
1577 + return(0);
1578 }
1580 static void
1581 xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) {
1582 + xmlSecNssSymKeyDataCtxPtr ctx;
1583 +
1584 xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
1585 -
1586 - xmlSecKeyDataBinaryValueFinalize(data);
1587 + xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize));
1588 +
1589 + ctx = xmlSecNssSymKeyDataGetCtx(data);
1590 + xmlSecAssert(ctx != NULL);
1591 +
1592 + if( ctx->slot != NULL ) {
1593 + PK11_FreeSlot( ctx->slot ) ;
1594 + ctx->slot = NULL ;
1595 + }
1596 +
1597 + if( ctx->symkey != NULL ) {
1598 + PK11_FreeSymKey( ctx->symkey ) ;
1599 + ctx->symkey = NULL ;
1600 + }
1601 +
1602 + ctx->cipher = CKM_INVALID_MECHANISM ;
1603 }
1605 static int
1606 xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
1607 xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
1608 - xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
1609 + PK11SymKey* symKey ;
1610 + PK11SlotInfo* slot ;
1611 + xmlSecBufferPtr keyBuf;
1612 + xmlSecSize len;
1613 + xmlSecKeyDataPtr data;
1614 + xmlSecNssSymKeyDataCtxPtr ctx;
1615 + SECItem keyItem ;
1616 + int ret;
1617 +
1618 + xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
1619 + xmlSecAssert2(key != NULL, -1);
1620 + xmlSecAssert2(node != NULL, -1);
1621 + xmlSecAssert2(keyInfoCtx != NULL, -1);
1622 +
1623 + /* Create a new KeyData from a id */
1624 + data = xmlSecKeyDataCreate(id);
1625 + if(data == NULL ) {
1626 + xmlSecError(XMLSEC_ERRORS_HERE,
1627 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
1628 + "xmlSecKeyDataCreate",
1629 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
1630 + XMLSEC_ERRORS_NO_MESSAGE);
1631 + return(-1);
1632 + }
1633 +
1634 + ctx = xmlSecNssSymKeyDataGetCtx(data);
1635 + xmlSecAssert2(ctx != NULL, -1);
1636 +
1637 + /* Create a buffer for raw symmetric key value */
1638 + if( ( keyBuf = xmlSecBufferCreate( 128 ) ) == NULL ) {
1639 + xmlSecError( XMLSEC_ERRORS_HERE ,
1640 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
1641 + "xmlSecBufferCreate" ,
1642 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1643 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1644 + xmlSecKeyDataDestroy( data ) ;
1645 + return(-1) ;
1646 + }
1647 +
1648 + /* Read the raw key value */
1649 + if( xmlSecBufferBase64NodeContentRead( keyBuf , node ) < 0 ) {
1650 + xmlSecError( XMLSEC_ERRORS_HERE ,
1651 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
1652 + xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
1653 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1654 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1655 +
1656 + xmlSecBufferDestroy( keyBuf ) ;
1657 + xmlSecKeyDataDestroy( data ) ;
1658 + return(-1) ;
1659 + }
1660 +
1661 + /* Get slot */
1662 + slot = xmlSecNssSlotGet(ctx->cipher);
1663 + if( slot == NULL ) {
1664 + xmlSecError( XMLSEC_ERRORS_HERE ,
1665 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
1666 + "xmlSecNssSlotGet" ,
1667 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1668 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1669 +
1670 + xmlSecBufferDestroy( keyBuf ) ;
1671 + xmlSecKeyDataDestroy( data ) ;
1672 + return(-1) ;
1673 + }
1674 +
1675 + /* Wrap the raw key value SECItem */
1676 + keyItem.type = siBuffer ;
1677 + keyItem.data = xmlSecBufferGetData( keyBuf ) ;
1678 + keyItem.len = xmlSecBufferGetSize( keyBuf ) ;
1679 +
1680 + /* Import the raw key into slot temporalily and get the key handler*/
1681 + symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ;
1682 + if( symKey == NULL ) {
1683 + xmlSecError( XMLSEC_ERRORS_HERE ,
1684 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
1685 + "PK11_ImportSymKey" ,
1686 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1687 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1688 +
1689 + PK11_FreeSlot( slot ) ;
1690 + xmlSecBufferDestroy( keyBuf ) ;
1691 + xmlSecKeyDataDestroy( data ) ;
1692 + return(-1) ;
1693 + }
1694 + PK11_FreeSlot( slot ) ;
1695 +
1696 + /* raw key material has been copied into symKey, it isn't used any more */
1697 + xmlSecBufferDestroy( keyBuf ) ;
1698 +
1699 + /* Adopt the symmetric key into key data */
1700 + ret = xmlSecNssSymKeyDataAdoptKey(data, symKey);
1701 + if(ret < 0) {
1702 + xmlSecError(XMLSEC_ERRORS_HERE,
1703 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
1704 + "xmlSecKeyDataBinaryValueSetBuffer",
1705 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
1706 + XMLSEC_ERRORS_NO_MESSAGE);
1707 + PK11_FreeSymKey( symKey ) ;
1708 + xmlSecKeyDataDestroy( data ) ;
1709 + return(-1);
1710 + }
1711 + /* symKey has been duplicated into data, it isn't used any more */
1712 + PK11_FreeSymKey( symKey ) ;
1713 +
1714 + /* Check value */
1715 + if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
1716 + xmlSecError(XMLSEC_ERRORS_HERE,
1717 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
1718 + "xmlSecKeyReqMatchKeyValue",
1719 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
1720 + XMLSEC_ERRORS_NO_MESSAGE);
1721 + xmlSecKeyDataDestroy( data ) ;
1722 + return(0);
1723 + }
1725 - return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx));
1726 + ret = xmlSecKeySetValue(key, data);
1727 + if(ret < 0) {
1728 + xmlSecError(XMLSEC_ERRORS_HERE,
1729 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
1730 + "xmlSecKeySetValue",
1731 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
1732 + XMLSEC_ERRORS_NO_MESSAGE);
1733 + xmlSecKeyDataDestroy( data ) ;
1734 + return(-1);
1735 + }
1736 +
1737 + return(0);
1738 }
1740 static int
1741 xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
1742 xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
1743 + PK11SymKey* symKey ;
1744 +
1745 xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
1746 -
1747 - return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx));
1748 + xmlSecAssert2(key != NULL, -1);
1749 + xmlSecAssert2(node != NULL, -1);
1750 + xmlSecAssert2(keyInfoCtx != NULL, -1);
1751 +
1752 + /* Get symmetric key from "key" */
1753 + symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key));
1754 + if( symKey != NULL ) {
1755 + SECItem* keyItem ;
1756 + xmlSecBufferPtr keyBuf ;
1757 +
1758 + /* Extract raw key data from symmetric key */
1759 + if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
1760 + xmlSecError(XMLSEC_ERRORS_HERE,
1761 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
1762 + "PK11_ExtractKeyValue",
1763 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
1764 + XMLSEC_ERRORS_NO_MESSAGE);
1765 + PK11_FreeSymKey( symKey ) ;
1766 + return(-1);
1767 + }
1768 +
1769 + /* Get raw key data from "symKey" */
1770 + keyItem = PK11_GetKeyData( symKey ) ;
1771 + if(keyItem == NULL) {
1772 + xmlSecError(XMLSEC_ERRORS_HERE,
1773 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
1774 + "PK11_GetKeyData",
1775 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
1776 + XMLSEC_ERRORS_NO_MESSAGE);
1777 + PK11_FreeSymKey( symKey ) ;
1778 + return(-1);
1779 + }
1780 +
1781 + /* Create key data buffer with raw kwy material */
1782 + keyBuf = xmlSecBufferCreate(keyItem->len) ;
1783 + if(keyBuf == NULL) {
1784 + xmlSecError(XMLSEC_ERRORS_HERE,
1785 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
1786 + "xmlSecBufferCreate",
1787 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
1788 + XMLSEC_ERRORS_NO_MESSAGE);
1789 + PK11_FreeSymKey( symKey ) ;
1790 + return(-1);
1791 + }
1792 +
1793 + xmlSecBufferSetData( keyBuf , keyItem->data , keyItem->len ) ;
1794 +
1795 + /* Write raw key material into current xml node */
1796 + if( xmlSecBufferBase64NodeContentWrite( keyBuf, node, XMLSEC_BASE64_LINESIZE ) < 0 ) {
1797 + xmlSecError(XMLSEC_ERRORS_HERE,
1798 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
1799 + "xmlSecBufferBase64NodeContentWrite",
1800 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
1801 + XMLSEC_ERRORS_NO_MESSAGE);
1802 + xmlSecBufferDestroy(keyBuf);
1803 + PK11_FreeSymKey( symKey ) ;
1804 + return(-1);
1805 + }
1806 + xmlSecBufferDestroy(keyBuf);
1807 + PK11_FreeSymKey( symKey ) ;
1808 + }
1809 +
1810 + return 0 ;
1811 }
1813 static int
1814 xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
1815 const xmlSecByte* buf, xmlSecSize bufSize,
1816 xmlSecKeyInfoCtxPtr keyInfoCtx) {
1817 - xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
1818 + PK11SymKey* symKey ;
1819 + PK11SlotInfo* slot ;
1820 + xmlSecKeyDataPtr data;
1821 + xmlSecNssSymKeyDataCtxPtr ctx;
1822 + SECItem keyItem ;
1823 + int ret;
1824 +
1825 + xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
1826 + xmlSecAssert2(key != NULL, -1);
1827 + xmlSecAssert2(buf != NULL, -1);
1828 + xmlSecAssert2(bufSize != 0, -1);
1829 + xmlSecAssert2(keyInfoCtx != NULL, -1);
1830 +
1831 + /* Create a new KeyData from a id */
1832 + data = xmlSecKeyDataCreate(id);
1833 + if(data == NULL ) {
1834 + xmlSecError(XMLSEC_ERRORS_HERE,
1835 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
1836 + "xmlSecKeyDataCreate",
1837 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
1838 + XMLSEC_ERRORS_NO_MESSAGE);
1839 + return(-1);
1840 + }
1841 +
1842 + ctx = xmlSecNssSymKeyDataGetCtx(data);
1843 + xmlSecAssert2(ctx != NULL, -1);
1844 +
1845 + /* Get slot */
1846 + slot = xmlSecNssSlotGet(ctx->cipher);
1847 + if( slot == NULL ) {
1848 + xmlSecError( XMLSEC_ERRORS_HERE ,
1849 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
1850 + "xmlSecNssSlotGet" ,
1851 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1852 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1853 + xmlSecKeyDataDestroy( data ) ;
1854 + return(-1) ;
1855 + }
1856 +
1857 + /* Wrap the raw key value SECItem */
1858 + keyItem.type = siBuffer ;
1859 + keyItem.data = buf ;
1860 + keyItem.len = bufSize ;
1861 +
1862 + /* Import the raw key into slot temporalily and get the key handler*/
1863 + symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ;
1864 + if( symKey == NULL ) {
1865 + xmlSecError( XMLSEC_ERRORS_HERE ,
1866 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
1867 + "PK11_ImportSymKey" ,
1868 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1869 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1870 + PK11_FreeSlot( slot ) ;
1871 + xmlSecKeyDataDestroy( data ) ;
1872 + return(-1) ;
1873 + }
1874 +
1875 + /* Adopt the symmetric key into key data */
1876 + ret = xmlSecNssSymKeyDataAdoptKey(data, symKey);
1877 + if(ret < 0) {
1878 + xmlSecError(XMLSEC_ERRORS_HERE,
1879 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
1880 + "xmlSecKeyDataBinaryValueSetBuffer",
1881 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
1882 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1883 + PK11_FreeSymKey( symKey ) ;
1884 + PK11_FreeSlot( slot ) ;
1885 + xmlSecKeyDataDestroy( data ) ;
1886 + return(-1);
1887 + }
1888 + /* symKey has been duplicated into data, it isn't used any more */
1889 + PK11_FreeSymKey( symKey ) ;
1890 + PK11_FreeSlot( slot ) ;
1891 +
1892 + /* Check value */
1893 + if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
1894 + xmlSecError(XMLSEC_ERRORS_HERE,
1895 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
1896 + "xmlSecKeyReqMatchKeyValue",
1897 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
1898 + XMLSEC_ERRORS_NO_MESSAGE);
1899 + xmlSecKeyDataDestroy( data ) ;
1900 + return(0);
1901 + }
1903 - return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx));
1904 + ret = xmlSecKeySetValue(key, data);
1905 + if(ret < 0) {
1906 + xmlSecError(XMLSEC_ERRORS_HERE,
1907 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
1908 + "xmlSecKeySetValue",
1909 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
1910 + XMLSEC_ERRORS_NO_MESSAGE);
1911 + xmlSecKeyDataDestroy( data ) ;
1912 + return(-1);
1913 + }
1914 +
1915 + return(0);
1916 }
1918 static int
1919 xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
1920 xmlSecByte** buf, xmlSecSize* bufSize,
1921 xmlSecKeyInfoCtxPtr keyInfoCtx) {
1922 + PK11SymKey* symKey ;
1923 +
1924 xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
1925 + xmlSecAssert2(key != NULL, -1);
1926 + xmlSecAssert2(buf != NULL, -1);
1927 + xmlSecAssert2(bufSize != 0, -1);
1928 + xmlSecAssert2(keyInfoCtx != NULL, -1);
1929 +
1930 + /* Get symmetric key from "key" */
1931 + symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key));
1932 + if( symKey != NULL ) {
1933 + SECItem* keyItem ;
1934 +
1935 + /* Extract raw key data from symmetric key */
1936 + if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
1937 + xmlSecError(XMLSEC_ERRORS_HERE,
1938 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
1939 + "PK11_ExtractKeyValue",
1940 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
1941 + XMLSEC_ERRORS_NO_MESSAGE);
1942 + PK11_FreeSymKey( symKey ) ;
1943 + return(-1);
1944 + }
1945 +
1946 + /* Get raw key data from "symKey" */
1947 + keyItem = PK11_GetKeyData( symKey ) ;
1948 + if(keyItem == NULL) {
1949 + xmlSecError(XMLSEC_ERRORS_HERE,
1950 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
1951 + "PK11_GetKeyData",
1952 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
1953 + XMLSEC_ERRORS_NO_MESSAGE);
1954 + PK11_FreeSymKey( symKey ) ;
1955 + return(-1);
1956 + }
1957 +
1958 + *bufSize = keyItem->len;
1959 + *buf = ( xmlSecByte* )xmlMalloc( *bufSize );
1960 + if( *buf == NULL ) {
1961 + xmlSecError(XMLSEC_ERRORS_HERE,
1962 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
1963 + NULL,
1964 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
1965 + XMLSEC_ERRORS_NO_MESSAGE);
1966 + PK11_FreeSymKey( symKey ) ;
1967 + return(-1);
1968 + }
1969 +
1970 + memcpy((*buf), keyItem->data, (*bufSize));
1971 + PK11_FreeSymKey( symKey ) ;
1972 + }
1974 - return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx));
1975 + return 0 ;
1976 }
1978 static int
1979 xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
1980 - xmlSecBufferPtr buffer;
1981 + PK11SymKey* symkey ;
1982 + PK11SlotInfo* slot ;
1983 + xmlSecNssSymKeyDataCtxPtr ctx;
1984 + int ret;
1986 xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
1987 xmlSecAssert2(sizeBits > 0, -1);
1989 - buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
1990 - xmlSecAssert2(buffer != NULL, -1);
1991 -
1992 - return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8));
1993 + ctx = xmlSecNssSymKeyDataGetCtx(data);
1994 + xmlSecAssert2(ctx != NULL, -1);
1995 +
1996 + if( sizeBits % 8 != 0 ) {
1997 + xmlSecError(XMLSEC_ERRORS_HERE,
1998 + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
1999 + NULL,
2000 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
2001 + "Symmetric key size must be octuple");
2002 + return(-1);
2003 + }
2004 +
2005 + /* Get slot */
2006 + slot = xmlSecNssSlotGet(ctx->cipher);
2007 + if( slot == NULL ) {
2008 + xmlSecError( XMLSEC_ERRORS_HERE ,
2009 + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
2010 + "xmlSecNssSlotGet" ,
2011 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
2012 + XMLSEC_ERRORS_NO_MESSAGE ) ;
2013 + return(-1) ;
2014 + }
2015 +
2016 + if( PK11_Authenticate( slot, PR_FALSE , NULL ) != SECSuccess ) {
2017 + xmlSecError( XMLSEC_ERRORS_HERE ,
2018 + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
2019 + "PK11_Authenticate" ,
2020 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2021 + XMLSEC_ERRORS_NO_MESSAGE ) ;
2022 + PK11_FreeSlot( slot ) ;
2023 + return -1 ;
2024 + }
2025 +
2026 + symkey = PK11_KeyGen( slot , ctx->cipher , NULL , sizeBits/8 , NULL ) ;
2027 + if( symkey == NULL ) {
2028 + xmlSecError( XMLSEC_ERRORS_HERE ,
2029 + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
2030 + "PK11_KeyGen" ,
2031 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2032 + XMLSEC_ERRORS_NO_MESSAGE ) ;
2033 + PK11_FreeSlot( slot ) ;
2034 + return -1 ;
2035 + }
2036 +
2037 + if( ctx->slot != NULL ) {
2038 + PK11_FreeSlot( ctx->slot ) ;
2039 + ctx->slot = NULL ;
2040 + }
2041 + ctx->slot = slot ;
2042 +
2043 + if( ctx->symkey != NULL ) {
2044 + PK11_FreeSymKey( ctx->symkey ) ;
2045 + ctx->symkey = NULL ;
2046 + }
2047 + ctx->symkey = symkey ;
2048 +
2049 + return 0;
2050 }
2052 static xmlSecKeyDataType
2053 xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) {
2054 - xmlSecBufferPtr buffer;
2055 + xmlSecNssSymKeyDataCtxPtr context = NULL ;
2056 + xmlSecKeyDataType type = xmlSecKeyDataTypeUnknown ;
2058 xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown);
2059 + xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), xmlSecKeyDataTypeUnknown ) ;
2061 - buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
2062 - xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown);
2063 + context = xmlSecNssSymKeyDataGetCtx( data ) ;
2064 + if( context == NULL ) {
2065 + xmlSecError( XMLSEC_ERRORS_HERE ,
2066 + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
2067 + "xmlSecNssSymKeyDataGetCtx" ,
2068 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2069 + XMLSEC_ERRORS_NO_MESSAGE ) ;
2070 + return xmlSecKeyDataTypeUnknown ;
2071 + }
2073 - return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown);
2074 + if( context->symkey != NULL ) {
2075 + type |= xmlSecKeyDataTypeSymmetric ;
2076 + } else {
2077 + type |= xmlSecKeyDataTypeUnknown ;
2078 + }
2079 +
2080 + return type ;
2081 }
2083 static xmlSecSize
2084 xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) {
2085 + xmlSecNssSymKeyDataCtxPtr context ;
2086 + unsigned int length = 0 ;
2087 +
2088 xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0);
2089 + xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), 0 ) ;
2090 + context = xmlSecNssSymKeyDataGetCtx( data ) ;
2091 + if( context == NULL ) {
2092 + xmlSecError( XMLSEC_ERRORS_HERE ,
2093 + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
2094 + "xmlSecNssSymKeyDataGetCtx" ,
2095 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2096 + XMLSEC_ERRORS_NO_MESSAGE ) ;
2097 + return 0 ;
2098 + }
2099 +
2100 + if( context->symkey != NULL ) {
2101 + length = PK11_GetKeyLength( context->symkey ) ;
2102 + length *= 8 ;
2103 + }
2105 - return(xmlSecKeyDataBinaryValueGetSize(data));
2106 + return length ;
2107 }
2109 static void
2110 xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) {
2111 xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
2113 - xmlSecKeyDataBinaryValueDebugDump(data, output);
2114 + /* print only size, everything else is sensitive */
2115 + fprintf( output , "=== %s: size=%d\n" , data->id->dataNodeName ,
2116 + xmlSecKeyDataGetSize(data)) ;
2117 }
2119 static void
2120 xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
2121 xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
2122 -
2123 - xmlSecKeyDataBinaryValueDebugXmlDump(data, output);
2124 +
2125 + /* print only size, everything else is sensitive */
2126 + fprintf( output , "<%s size=\"%d\" />\n" , data->id->dataNodeName ,
2127 + xmlSecKeyDataGetSize(data)) ;
2128 }
2130 static int
2131 @@ -201,7 +858,7 @@
2132 *************************************************************************/
2133 static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = {
2134 sizeof(xmlSecKeyDataKlass),
2135 - xmlSecKeyDataBinarySize,
2136 + xmlSecNssSymKeyDataSize,
2138 /* data */
2139 xmlSecNameAESKeyValue,
2140 @@ -282,7 +939,7 @@
2141 *************************************************************************/
2142 static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = {
2143 sizeof(xmlSecKeyDataKlass),
2144 - xmlSecKeyDataBinarySize,
2145 + xmlSecNssSymKeyDataSize,
2147 /* data */
2148 xmlSecNameDESKeyValue,
2149 @@ -364,7 +1021,7 @@
2150 *************************************************************************/
2151 static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = {
2152 sizeof(xmlSecKeyDataKlass),
2153 - xmlSecKeyDataBinarySize,
2154 + xmlSecNssSymKeyDataSize,
2156 /* data */
2157 xmlSecNameHMACKeyValue,
2158 --- misc/xmlsec1-1.2.14/src/nss/x509.c 2009-06-25 22:53:18.000000000 +0200
2159 +++ misc/build/xmlsec1-1.2.14/src/nss/x509.c 2009-09-21 14:02:48.642312431 +0200
2160 @@ -34,7 +34,6 @@
2161 #include <xmlsec/keys.h>
2162 #include <xmlsec/keyinfo.h>
2163 #include <xmlsec/keysmngr.h>
2164 -#include <xmlsec/x509.h>
2165 #include <xmlsec/base64.h>
2166 #include <xmlsec/errors.h>
2168 @@ -61,33 +60,18 @@
2169 static int xmlSecNssX509CertificateNodeRead (xmlSecKeyDataPtr data,
2170 xmlNodePtr node,
2171 xmlSecKeyInfoCtxPtr keyInfoCtx);
2172 -static int xmlSecNssX509CertificateNodeWrite (CERTCertificate* cert,
2173 - xmlNodePtr node,
2174 - xmlSecKeyInfoCtxPtr keyInfoCtx);
2175 static int xmlSecNssX509SubjectNameNodeRead (xmlSecKeyDataPtr data,
2176 xmlNodePtr node,
2177 xmlSecKeyInfoCtxPtr keyInfoCtx);
2178 -static int xmlSecNssX509SubjectNameNodeWrite (CERTCertificate* cert,
2179 - xmlNodePtr node,
2180 - xmlSecKeyInfoCtxPtr keyInfoCtx);
2181 static int xmlSecNssX509IssuerSerialNodeRead (xmlSecKeyDataPtr data,
2182 xmlNodePtr node,
2183 xmlSecKeyInfoCtxPtr keyInfoCtx);
2184 -static int xmlSecNssX509IssuerSerialNodeWrite (CERTCertificate* cert,
2185 - xmlNodePtr node,
2186 - xmlSecKeyInfoCtxPtr keyInfoCtx);
2187 static int xmlSecNssX509SKINodeRead (xmlSecKeyDataPtr data,
2188 xmlNodePtr node,
2189 xmlSecKeyInfoCtxPtr keyInfoCtx);
2190 -static int xmlSecNssX509SKINodeWrite (CERTCertificate* cert,
2191 - xmlNodePtr node,
2192 - xmlSecKeyInfoCtxPtr keyInfoCtx);
2193 static int xmlSecNssX509CRLNodeRead (xmlSecKeyDataPtr data,
2194 xmlNodePtr node,
2195 xmlSecKeyInfoCtxPtr keyInfoCtx);
2196 -static int xmlSecNssX509CRLNodeWrite (CERTSignedCrl* crl,
2197 - xmlNodePtr node,
2198 - xmlSecKeyInfoCtxPtr keyInfoCtx);
2199 static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data,
2200 xmlSecKeyPtr key,
2201 xmlSecKeyInfoCtxPtr keyInfoCtx);
2202 @@ -104,9 +88,6 @@
2203 xmlSecKeyInfoCtxPtr keyInfoCtx);
2204 static xmlChar* xmlSecNssX509CrlBase64DerWrite (CERTSignedCrl* crl,
2205 int base64LineWrap);
2206 -static xmlChar* xmlSecNssX509NameWrite (CERTName* nm);
2207 -static xmlChar* xmlSecNssASN1IntegerWrite (SECItem *num);
2208 -static xmlChar* xmlSecNssX509SKIWrite (CERTCertificate* cert);
2209 static void xmlSecNssX509CertDebugDump (CERTCertificate* cert,
2210 FILE* output);
2211 static void xmlSecNssX509CertDebugXmlDump (CERTCertificate* cert,
2212 @@ -752,31 +733,22 @@
2213 xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
2214 xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
2215 xmlSecKeyDataPtr data;
2216 + xmlNodePtr cur;
2217 + xmlChar* buf;
2218 CERTCertificate* cert;
2219 CERTSignedCrl* crl;
2220 xmlSecSize size, pos;
2221 - int content = 0;
2222 - int ret;
2224 xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1);
2225 xmlSecAssert2(key != NULL, -1);
2226 xmlSecAssert2(node != NULL, -1);
2227 xmlSecAssert2(keyInfoCtx != NULL, -1);
2229 - content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx);
2230 - if (content < 0) {
2231 - xmlSecError(XMLSEC_ERRORS_HERE,
2232 - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
2233 - "xmlSecX509DataGetNodeContent",
2234 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
2235 - "content=%d", content);
2236 - return(-1);
2237 - } else if(content == 0) {
2238 - /* by default we are writing certificates and crls */
2239 - content = XMLSEC_X509DATA_DEFAULT;
2240 + /* todo: flag in ctx remove all existing content */
2241 + if(0) {
2242 + xmlNodeSetContent(node, NULL);
2243 }
2245 - /* get x509 data */
2246 data = xmlSecKeyGetData(key, id);
2247 if(data == NULL) {
2248 /* no x509 data in the key */
2249 @@ -796,79 +768,74 @@
2250 return(-1);
2251 }
2253 - if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) {
2254 - ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx);
2255 - if(ret < 0) {
2256 + /* set base64 lines size from context */
2257 + buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
2258 + if(buf == NULL) {
2259 xmlSecError(XMLSEC_ERRORS_HERE,
2260 xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
2261 - "xmlSecNssX509CertificateNodeWrite",
2262 + "xmlSecNssX509CertBase64DerWrite",
2263 XMLSEC_ERRORS_R_XMLSEC_FAILED,
2264 - "pos=%d", pos);
2265 + XMLSEC_ERRORS_NO_MESSAGE);
2266 return(-1);
2267 - }
2268 }
2270 - if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) {
2271 - ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx);
2272 - if(ret < 0) {
2273 + cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
2274 + if(cur == NULL) {
2275 xmlSecError(XMLSEC_ERRORS_HERE,
2276 xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
2277 - "xmlSecNssX509SubjectNameNodeWrite",
2278 + "xmlSecAddChild",
2279 XMLSEC_ERRORS_R_XMLSEC_FAILED,
2280 - "pos=%d", pos);
2281 + "node=%s",
2282 + xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
2283 + xmlFree(buf);
2284 return(-1);
2285 - }
2286 }
2287 + /* todo: add \n around base64 data - from context */
2288 + /* todo: add errors check */
2289 + xmlNodeSetContent(cur, xmlSecStringCR);
2290 + xmlNodeSetContent(cur, buf);
2291 + xmlFree(buf);
2292 + }
2294 - if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) {
2295 - ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx);
2296 - if(ret < 0) {
2297 - xmlSecError(XMLSEC_ERRORS_HERE,
2298 - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
2299 - "xmlSecNssX509IssuerSerialNodeWrite",
2300 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
2301 - "pos=%d", pos);
2302 - return(-1);
2303 - }
2304 + /* write crls */
2305 + size = xmlSecNssKeyDataX509GetCrlsSize(data);
2306 + for(pos = 0; pos < size; ++pos) {
2307 + crl = xmlSecNssKeyDataX509GetCrl(data, pos);
2308 + if(crl == NULL) {
2309 + xmlSecError(XMLSEC_ERRORS_HERE,
2310 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
2311 + "xmlSecNssKeyDataX509GetCrl",
2312 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
2313 + "pos=%d", pos);
2314 + return(-1);
2315 }
2317 - if((content & XMLSEC_X509DATA_SKI_NODE) != 0) {
2318 - ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx);
2319 - if(ret < 0) {
2320 - xmlSecError(XMLSEC_ERRORS_HERE,
2321 - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
2322 - "xmlSecNssX509SKINodeWrite",
2323 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
2324 - "pos=%d", pos);
2325 - return(-1);
2326 - }
2327 + /* set base64 lines size from context */
2328 + buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
2329 + if(buf == NULL) {
2330 + xmlSecError(XMLSEC_ERRORS_HERE,
2331 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
2332 + "xmlSecNssX509CrlBase64DerWrite",
2333 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
2334 + XMLSEC_ERRORS_NO_MESSAGE);
2335 + return(-1);
2336 }
2337 - }
2339 - /* write crls if needed */
2340 - if((content & XMLSEC_X509DATA_CRL_NODE) != 0) {
2341 - size = xmlSecNssKeyDataX509GetCrlsSize(data);
2342 - for(pos = 0; pos < size; ++pos) {
2343 - crl = xmlSecNssKeyDataX509GetCrl(data, pos);
2344 - if(crl == NULL) {
2345 - xmlSecError(XMLSEC_ERRORS_HERE,
2346 - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
2347 - "xmlSecNssKeyDataX509GetCrl",
2348 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
2349 - "pos=%d", pos);
2350 - return(-1);
2351 - }
2352 -
2353 - ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx);
2354 - if(ret < 0) {
2355 - xmlSecError(XMLSEC_ERRORS_HERE,
2356 - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
2357 - "xmlSecNssX509CRLNodeWrite",
2358 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
2359 - "pos=%d", pos);
2360 - return(-1);
2361 - }
2362 - }
2363 + cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
2364 + if(cur == NULL) {
2365 + xmlSecError(XMLSEC_ERRORS_HERE,
2366 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
2367 + "xmlSecAddChild",
2368 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
2369 + "new_node=%s",
2370 + xmlSecErrorsSafeString(xmlSecNodeX509CRL));
2371 + xmlFree(buf);
2372 + return(-1);
2373 + }
2374 + /* todo: add \n around base64 data - from context */
2375 + /* todo: add errors check */
2376 + xmlNodeSetContent(cur, xmlSecStringCR);
2377 + xmlNodeSetContent(cur, buf);
2378 }
2380 return(0);
2381 @@ -1057,46 +1024,6 @@
2382 return(0);
2383 }
2385 -static int
2386 -xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
2387 - xmlChar* buf;
2388 - xmlNodePtr cur;
2389 -
2390 - xmlSecAssert2(cert != NULL, -1);
2391 - xmlSecAssert2(node != NULL, -1);
2392 - xmlSecAssert2(keyInfoCtx != NULL, -1);
2393 -
2394 - /* set base64 lines size from context */
2395 - buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
2396 - if(buf == NULL) {
2397 - xmlSecError(XMLSEC_ERRORS_HERE,
2398 - NULL,
2399 - "xmlSecNssX509CertBase64DerWrite",
2400 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
2401 - XMLSEC_ERRORS_NO_MESSAGE);
2402 - return(-1);
2403 - }
2404 -
2405 - cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
2406 - if(cur == NULL) {
2407 - xmlSecError(XMLSEC_ERRORS_HERE,
2408 - NULL,
2409 - "xmlSecAddChild",
2410 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
2411 - "node=%s",
2412 - xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
2413 - xmlFree(buf);
2414 - return(-1);
2415 - }
2416 -
2417 - /* todo: add \n around base64 data - from context */
2418 - /* todo: add errors check */
2419 - xmlNodeSetContent(cur, xmlSecStringCR);
2420 - xmlNodeSetContent(cur, buf);
2421 - xmlFree(buf);
2422 - return(0);
2423 -}
2424 -
2425 static int
2426 xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
2427 xmlSecKeyDataStorePtr x509Store;
2428 @@ -1120,19 +1047,13 @@
2429 }
2431 subject = xmlNodeGetContent(node);
2432 - if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) {
2433 - if(subject != NULL) {
2434 - xmlFree(subject);
2435 - }
2436 - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
2437 + if(subject == NULL) {
2438 xmlSecError(XMLSEC_ERRORS_HERE,
2439 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
2440 xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
2441 XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
2442 XMLSEC_ERRORS_NO_MESSAGE);
2443 return(-1);
2444 - }
2445 - return(0);
2446 }
2448 cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx);
2449 @@ -1169,40 +1090,6 @@
2450 return(0);
2451 }
2453 -static int
2454 -xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
2455 - xmlChar* buf = NULL;
2456 - xmlNodePtr cur = NULL;
2457 -
2458 - xmlSecAssert2(cert != NULL, -1);
2459 - xmlSecAssert2(node != NULL, -1);
2460 -
2461 - buf = xmlSecNssX509NameWrite(&(cert->subject));
2462 - if(buf == NULL) {
2463 - xmlSecError(XMLSEC_ERRORS_HERE,
2464 - NULL,
2465 - "xmlSecNssX509NameWrite(&(cert->subject))",
2466 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
2467 - XMLSEC_ERRORS_NO_MESSAGE);
2468 - return(-1);
2469 - }
2470 -
2471 - cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs);
2472 - if(cur == NULL) {
2473 - xmlSecError(XMLSEC_ERRORS_HERE,
2474 - NULL,
2475 - "xmlSecAddChild",
2476 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
2477 - "node=%s",
2478 - xmlSecErrorsSafeString(xmlSecNodeX509SubjectName));
2479 - xmlFree(buf);
2480 - return(-1);
2481 - }
2482 - xmlSecNodeEncodeAndSetContent(cur, buf);
2483 - xmlFree(buf);
2484 - return(0);
2485 -}
2486 -
2487 static int
2488 xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
2489 xmlSecKeyDataStorePtr x509Store;
2490 @@ -1228,21 +1115,9 @@
2491 }
2493 cur = xmlSecGetNextElementNode(node->children);
2494 - if(cur == NULL) {
2495 - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
2496 - xmlSecError(XMLSEC_ERRORS_HERE,
2497 - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
2498 - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
2499 - XMLSEC_ERRORS_R_NODE_NOT_FOUND,
2500 - "node=%s",
2501 - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
2502 - return(-1);
2503 - }
2504 - return(0);
2505 - }
2507 /* the first is required node X509IssuerName */
2508 - if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
2509 + if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
2510 xmlSecError(XMLSEC_ERRORS_HERE,
2511 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
2512 xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
2513 @@ -1336,78 +1211,6 @@
2514 return(0);
2515 }
2517 -static int
2518 -xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
2519 - xmlNodePtr cur;
2520 - xmlNodePtr issuerNameNode;
2521 - xmlNodePtr issuerNumberNode;
2522 - xmlChar* buf;
2523 -
2524 - xmlSecAssert2(cert != NULL, -1);
2525 - xmlSecAssert2(node != NULL, -1);
2526 -
2527 - /* create xml nodes */
2528 - cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs);
2529 - if(cur == NULL) {
2530 - xmlSecError(XMLSEC_ERRORS_HERE,
2531 - NULL,
2532 - "xmlSecAddChild",
2533 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
2534 - "node=%s",
2535 - xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial));
2536 - return(-1);
2537 - }
2538 -
2539 - issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs);
2540 - if(issuerNameNode == NULL) {
2541 - xmlSecError(XMLSEC_ERRORS_HERE,
2542 - NULL,
2543 - "xmlSecAddChild",
2544 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
2545 - "node=%s",
2546 - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
2547 - return(-1);
2548 - }
2549 -
2550 - issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs);
2551 - if(issuerNumberNode == NULL) {
2552 - xmlSecError(XMLSEC_ERRORS_HERE,
2553 - NULL,
2554 - "xmlSecAddChild",
2555 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
2556 - "node=%s",
2557 - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
2558 - return(-1);
2559 - }
2560 -
2561 - /* write data */
2562 - buf = xmlSecNssX509NameWrite(&(cert->issuer));
2563 - if(buf == NULL) {
2564 - xmlSecError(XMLSEC_ERRORS_HERE,
2565 - NULL,
2566 - "xmlSecNssX509NameWrite(&(cert->issuer))",
2567 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
2568 - XMLSEC_ERRORS_NO_MESSAGE);
2569 - return(-1);
2570 - }
2571 - xmlSecNodeEncodeAndSetContent(issuerNameNode, buf);
2572 - xmlFree(buf);
2573 -
2574 - buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber));
2575 - if(buf == NULL) {
2576 - xmlSecError(XMLSEC_ERRORS_HERE,
2577 - NULL,
2578 - "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))",
2579 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
2580 - XMLSEC_ERRORS_NO_MESSAGE);
2581 - return(-1);
2582 - }
2583 - xmlNodeSetContent(issuerNumberNode, buf);
2584 - xmlFree(buf);
2585 -
2586 - return(0);
2587 -}
2588 -
2589 static int
2590 xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
2591 xmlSecKeyDataStorePtr x509Store;
2592 @@ -1431,11 +1234,7 @@
2593 }
2595 ski = xmlNodeGetContent(node);
2596 - if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) {
2597 - if(ski != NULL) {
2598 - xmlFree(ski);
2599 - }
2600 - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
2601 + if(ski == NULL) {
2602 xmlSecError(XMLSEC_ERRORS_HERE,
2603 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
2604 xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
2605 @@ -1443,8 +1242,6 @@
2606 "node=%s",
2607 xmlSecErrorsSafeString(xmlSecNodeX509SKI));
2608 return(-1);
2609 - }
2610 - return(0);
2611 }
2613 cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx);
2614 @@ -1479,41 +1276,6 @@
2615 return(0);
2616 }
2618 -static int
2619 -xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
2620 - xmlChar *buf = NULL;
2621 - xmlNodePtr cur = NULL;
2622 -
2623 - xmlSecAssert2(cert != NULL, -1);
2624 - xmlSecAssert2(node != NULL, -1);
2625 -
2626 - buf = xmlSecNssX509SKIWrite(cert);
2627 - if(buf == NULL) {
2628 - xmlSecError(XMLSEC_ERRORS_HERE,
2629 - NULL,
2630 - "xmlSecNssX509SKIWrite",
2631 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
2632 - XMLSEC_ERRORS_NO_MESSAGE);
2633 - return(-1);
2634 - }
2635 -
2636 - cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs);
2637 - if(cur == NULL) {
2638 - xmlSecError(XMLSEC_ERRORS_HERE,
2639 - NULL,
2640 - "xmlSecAddChild",
2641 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
2642 - "new_node=%s",
2643 - xmlSecErrorsSafeString(xmlSecNodeX509SKI));
2644 - xmlFree(buf);
2645 - return(-1);
2646 - }
2647 - xmlSecNodeEncodeAndSetContent(cur, buf);
2648 - xmlFree(buf);
2649 -
2650 - return(0);
2651 -}
2652 -
2653 static int
2654 xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
2655 xmlChar *content;
2656 @@ -1524,19 +1286,13 @@
2657 xmlSecAssert2(keyInfoCtx != NULL, -1);
2659 content = xmlNodeGetContent(node);
2660 - if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
2661 - if(content != NULL) {
2662 - xmlFree(content);
2663 - }
2664 - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
2665 + if(content == NULL){
2666 xmlSecError(XMLSEC_ERRORS_HERE,
2667 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
2668 xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
2669 XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
2670 XMLSEC_ERRORS_NO_MESSAGE);
2671 return(-1);
2672 - }
2673 - return(0);
2674 }
2676 crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx);
2677 @@ -1556,47 +1312,6 @@
2678 }
2680 static int
2681 -xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
2682 - xmlChar* buf = NULL;
2683 - xmlNodePtr cur = NULL;
2684 -
2685 - xmlSecAssert2(crl != NULL, -1);
2686 - xmlSecAssert2(node != NULL, -1);
2687 - xmlSecAssert2(keyInfoCtx != NULL, -1);
2688 -
2689 - /* set base64 lines size from context */
2690 - buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
2691 - if(buf == NULL) {
2692 - xmlSecError(XMLSEC_ERRORS_HERE,
2693 - NULL,
2694 - "xmlSecNssX509CrlBase64DerWrite",
2695 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
2696 - XMLSEC_ERRORS_NO_MESSAGE);
2697 - return(-1);
2698 - }
2699 -
2700 - cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
2701 - if(cur == NULL) {
2702 - xmlSecError(XMLSEC_ERRORS_HERE,
2703 - NULL,
2704 - "xmlSecAddChild",
2705 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
2706 - "new_node=%s",
2707 - xmlSecErrorsSafeString(xmlSecNodeX509CRL));
2708 - xmlFree(buf);
2709 - return(-1);
2710 - }
2711 - /* todo: add \n around base64 data - from context */
2712 - /* todo: add errors check */
2713 - xmlNodeSetContent(cur, xmlSecStringCR);
2714 - xmlNodeSetContent(cur, buf);
2715 - xmlFree(buf);
2716 -
2717 - return(0);
2718 -}
2719 -
2720 -
2721 -static int
2722 xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
2723 xmlSecKeyInfoCtxPtr keyInfoCtx) {
2724 xmlSecNssX509DataCtxPtr ctx;
2725 @@ -1604,6 +1319,10 @@
2726 int ret;
2727 SECStatus status;
2728 PRTime notBefore, notAfter;
2729 +
2730 + PK11SlotInfo* slot ;
2731 + SECKEYPublicKey *pubKey = NULL;
2732 + SECKEYPrivateKey *priKey = NULL;
2734 xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1);
2735 xmlSecAssert2(key != NULL, -1);
2736 @@ -1636,10 +1355,14 @@
2737 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
2738 "CERT_DupCertificate",
2739 XMLSEC_ERRORS_R_CRYPTO_FAILED,
2740 - XMLSEC_ERRORS_NO_MESSAGE);
2741 + "error code=%d", PORT_GetError());
2742 return(-1);
2743 }
2744 -
2745 +
2746 + /*-
2747 + * Get Public key from cert, which does not always work for sign
2748 + * action.
2749 + *
2750 keyValue = xmlSecNssX509CertGetKey(ctx->keyCert);
2751 if(keyValue == NULL) {
2752 xmlSecError(XMLSEC_ERRORS_HERE,
2753 @@ -1649,6 +1372,54 @@
2754 XMLSEC_ERRORS_NO_MESSAGE);
2755 return(-1);
2756 }
2757 + */
2758 + /*-
2759 + * I'll search key according to KeyReq.
2760 + */
2761 + slot = cert->slot ;
2762 + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
2763 + if( ( priKey = PK11_FindPrivateKeyFromCert( slot , cert , NULL ) ) == NULL ) {
2764 + xmlSecError( XMLSEC_ERRORS_HERE ,
2765 + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
2766 + "PK11_FindPrivateKeyFromCert" ,
2767 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2768 + XMLSEC_ERRORS_NO_MESSAGE ) ;
2769 + return -1 ;
2770 + }
2771 + }
2772 +
2773 + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
2774 + if( ( pubKey = CERT_ExtractPublicKey( cert ) ) == NULL ) {
2775 + xmlSecError( XMLSEC_ERRORS_HERE ,
2776 + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
2777 + "CERT_ExtractPublicKey" ,
2778 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2779 + XMLSEC_ERRORS_NO_MESSAGE ) ;
2780 +
2781 +
2782 + if( priKey != NULL )
2783 + SECKEY_DestroyPrivateKey( priKey ) ;
2784 + return -1 ;
2785 + }
2786 + }
2787 +
2788 + keyValue = xmlSecNssPKIAdoptKey(priKey, pubKey);
2789 + if( keyValue == NULL ) {
2790 + xmlSecError( XMLSEC_ERRORS_HERE ,
2791 + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
2792 + "xmlSecNssPKIAdoptKey" ,
2793 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2794 + XMLSEC_ERRORS_NO_MESSAGE ) ;
2795 +
2796 + if( priKey != NULL )
2797 + SECKEY_DestroyPrivateKey( priKey ) ;
2798 +
2799 + if( pubKey != NULL )
2800 + SECKEY_DestroyPublicKey( pubKey ) ;
2801 +
2802 + return -1 ;
2803 + }
2804 + /* Modify keyValue get Done */
2806 /* verify that the key matches our expectations */
2807 if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
2808 @@ -1950,86 +1721,6 @@
2809 return(res);
2810 }
2812 -static xmlChar*
2813 -xmlSecNssX509NameWrite(CERTName* nm) {
2814 - xmlChar *res = NULL;
2815 - char *str;
2816 -
2817 - xmlSecAssert2(nm != NULL, NULL);
2818 -
2819 - str = CERT_NameToAscii(nm);
2820 - if (str == NULL) {
2821 - xmlSecError(XMLSEC_ERRORS_HERE,
2822 - NULL,
2823 - "CERT_NameToAscii",
2824 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
2825 - XMLSEC_ERRORS_NO_MESSAGE);
2826 - return(NULL);
2827 - }
2828 -
2829 - res = xmlStrdup(BAD_CAST str);
2830 - if(res == NULL) {
2831 - xmlSecError(XMLSEC_ERRORS_HERE,
2832 - NULL,
2833 - "xmlStrdup",
2834 - XMLSEC_ERRORS_R_MALLOC_FAILED,
2835 - XMLSEC_ERRORS_NO_MESSAGE);
2836 - PORT_Free(str);
2837 - return(NULL);
2838 - }
2839 - PORT_Free(str);
2840 - return(res);
2841 -}
2842 -
2843 -static xmlChar*
2844 -xmlSecNssASN1IntegerWrite(SECItem *num) {
2845 - xmlChar *res = NULL;
2846 -
2847 - xmlSecAssert2(num != NULL, NULL);
2848 -
2849 - /* TODO : to be implemented after
2850 - * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed
2851 - */
2852 - return(res);
2853 -}
2854 -
2855 -static xmlChar*
2856 -xmlSecNssX509SKIWrite(CERTCertificate* cert) {
2857 - xmlChar *res = NULL;
2858 - SECItem ski;
2859 - SECStatus rv;
2860 -
2861 - xmlSecAssert2(cert != NULL, NULL);
2862 -
2863 - memset(&ski, 0, sizeof(ski));
2864 -
2865 - rv = CERT_FindSubjectKeyIDExtension(cert, &ski);
2866 - if (rv != SECSuccess) {
2867 - xmlSecError(XMLSEC_ERRORS_HERE,
2868 - NULL,
2869 - "CERT_FindSubjectKeyIDExtension",
2870 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
2871 - XMLSEC_ERRORS_NO_MESSAGE);
2872 - SECITEM_FreeItem(&ski, PR_FALSE);
2873 - return(NULL);
2874 - }
2875 -
2876 - res = xmlSecBase64Encode(ski.data, ski.len, 0);
2877 - if(res == NULL) {
2878 - xmlSecError(XMLSEC_ERRORS_HERE,
2879 - NULL,
2880 - "xmlSecBase64Encode",
2881 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
2882 - XMLSEC_ERRORS_NO_MESSAGE);
2883 - SECITEM_FreeItem(&ski, PR_FALSE);
2884 - return(NULL);
2885 - }
2886 - SECITEM_FreeItem(&ski, PR_FALSE);
2887 -
2888 - return(res);
2889 -}
2890 -
2891 -
2892 static void
2893 xmlSecNssX509CertDebugDump(CERTCertificate* cert, FILE* output) {
2894 SECItem *sn;
2895 --- misc/xmlsec1-1.2.14/src/nss/x509vfy.c 2009-06-25 22:53:18.000000000 +0200
2896 +++ misc/build/xmlsec1-1.2.14/src/nss/x509vfy.c 2009-09-21 14:02:48.669245207 +0200
2897 @@ -30,6 +30,7 @@
2898 #include <xmlsec/keyinfo.h>
2899 #include <xmlsec/keysmngr.h>
2900 #include <xmlsec/base64.h>
2901 +#include <xmlsec/bn.h>
2902 #include <xmlsec/errors.h>
2904 #include <xmlsec/nss/crypto.h>
2905 @@ -61,17 +62,7 @@
2907 static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store);
2908 static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store);
2909 -static int xmlSecNssX509NameStringRead (xmlSecByte **str,
2910 - int *strLen,
2911 - xmlSecByte *res,
2912 - int resLen,
2913 - xmlSecByte delim,
2914 - int ingoreTrailingSpaces);
2915 -static xmlSecByte * xmlSecNssX509NameRead (xmlSecByte *str,
2916 - int len);
2917 -
2918 -static void xmlSecNssNumToItem(SECItem *it, unsigned long num);
2919 -
2920 +static int xmlSecNssIntegerToItem( const xmlChar* integer , SECItem *it ) ;
2922 static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = {
2923 sizeof(xmlSecKeyDataStoreKlass),
2924 @@ -339,40 +330,28 @@
2925 xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName,
2926 xmlChar *issuerSerial, xmlChar *ski) {
2927 CERTCertificate *cert = NULL;
2928 - xmlChar *p = NULL;
2929 CERTName *name = NULL;
2930 SECItem *nameitem = NULL;
2931 PRArenaPool *arena = NULL;
2933 if (subjectName != NULL) {
2934 - p = xmlSecNssX509NameRead(subjectName, xmlStrlen(subjectName));
2935 - if (p == NULL) {
2936 - xmlSecError(XMLSEC_ERRORS_HERE,
2937 - NULL,
2938 - "xmlSecNssX509NameRead",
2939 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
2940 - "subject=%s",
2941 - xmlSecErrorsSafeString(subjectName));
2942 - goto done;
2943 - }
2944 -
2945 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
2946 if (arena == NULL) {
2947 xmlSecError(XMLSEC_ERRORS_HERE,
2948 NULL,
2949 "PORT_NewArena",
2950 XMLSEC_ERRORS_R_CRYPTO_FAILED,
2951 - XMLSEC_ERRORS_NO_MESSAGE);
2952 + "error code=%d", PORT_GetError());
2953 goto done;
2954 }
2956 - name = CERT_AsciiToName((char*)p);
2957 + name = CERT_AsciiToName((char*)subjectName);
2958 if (name == NULL) {
2959 xmlSecError(XMLSEC_ERRORS_HERE,
2960 NULL,
2961 "CERT_AsciiToName",
2962 XMLSEC_ERRORS_R_XMLSEC_FAILED,
2963 - XMLSEC_ERRORS_NO_MESSAGE);
2964 + "error code=%d", PORT_GetError());
2965 goto done;
2966 }
2968 @@ -394,34 +373,23 @@
2969 if((issuerName != NULL) && (issuerSerial != NULL)) {
2970 CERTIssuerAndSN issuerAndSN;
2972 - p = xmlSecNssX509NameRead(issuerName, xmlStrlen(issuerName));
2973 - if (p == NULL) {
2974 - xmlSecError(XMLSEC_ERRORS_HERE,
2975 - NULL,
2976 - "xmlSecNssX509NameRead",
2977 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
2978 - "issuer=%s",
2979 - xmlSecErrorsSafeString(issuerName));
2980 - goto done;
2981 - }
2982 -
2983 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
2984 if (arena == NULL) {
2985 xmlSecError(XMLSEC_ERRORS_HERE,
2986 NULL,
2987 "PORT_NewArena",
2988 XMLSEC_ERRORS_R_CRYPTO_FAILED,
2989 - XMLSEC_ERRORS_NO_MESSAGE);
2990 + "error code=%d", PORT_GetError());
2991 goto done;
2992 }
2994 - name = CERT_AsciiToName((char*)p);
2995 + name = CERT_AsciiToName((char*)issuerName);
2996 if (name == NULL) {
2997 xmlSecError(XMLSEC_ERRORS_HERE,
2998 NULL,
2999 "CERT_AsciiToName",
3000 XMLSEC_ERRORS_R_XMLSEC_FAILED,
3001 - XMLSEC_ERRORS_NO_MESSAGE);
3002 + "error code=%d", PORT_GetError());
3003 goto done;
3004 }
3006 @@ -441,8 +409,15 @@
3007 issuerAndSN.derIssuer.data = nameitem->data;
3008 issuerAndSN.derIssuer.len = nameitem->len;
3010 - /* TBD: serial num can be arbitrarily long */
3011 - xmlSecNssNumToItem(&issuerAndSN.serialNumber, PORT_Atoi((char *)issuerSerial));
3012 + if( xmlSecNssIntegerToItem( issuerSerial, &issuerAndSN.serialNumber ) < 0 ) {
3013 + xmlSecError(XMLSEC_ERRORS_HERE,
3014 + NULL,
3015 + "xmlSecNssIntegerToItem",
3016 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
3017 + "serial number=%s",
3018 + xmlSecErrorsSafeString(issuerSerial));
3019 + goto done;
3020 + }
3022 cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(),
3023 &issuerAndSN);
3024 @@ -473,9 +448,6 @@
3025 }
3027 done:
3028 - if (p != NULL) {
3029 - PORT_Free(p);
3030 - }
3031 if (arena != NULL) {
3032 PORT_FreeArena(arena, PR_FALSE);
3033 }
3034 @@ -486,176 +458,6 @@
3035 return(cert);
3036 }
3038 -static xmlSecByte *
3039 -xmlSecNssX509NameRead(xmlSecByte *str, int len) {
3040 - xmlSecByte name[256];
3041 - xmlSecByte value[256];
3042 - xmlSecByte *retval = NULL;
3043 - xmlSecByte *p = NULL;
3044 - int nameLen, valueLen;
3045 -
3046 - xmlSecAssert2(str != NULL, NULL);
3047 -
3048 - /* return string should be no longer than input string */
3049 - retval = (xmlSecByte *)PORT_Alloc(len+1);
3050 - if(retval == NULL) {
3051 - xmlSecError(XMLSEC_ERRORS_HERE,
3052 - NULL,
3053 - "PORT_Alloc",
3054 - XMLSEC_ERRORS_R_MALLOC_FAILED,
3055 - XMLSEC_ERRORS_NO_MESSAGE);
3056 - return(NULL);
3057 - }
3058 - p = retval;
3059 -
3060 - while(len > 0) {
3061 - /* skip spaces after comma or semicolon */
3062 - while((len > 0) && isspace(*str)) {
3063 - ++str; --len;
3064 - }
3065 -
3066 - nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0);
3067 - if(nameLen < 0) {
3068 - xmlSecError(XMLSEC_ERRORS_HERE,
3069 - NULL,
3070 - "xmlSecNssX509NameStringRead",
3071 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
3072 - XMLSEC_ERRORS_NO_MESSAGE);
3073 - goto done;
3074 - }
3075 - memcpy(p, name, nameLen);
3076 - p+=nameLen;
3077 - *p++='=';
3078 - if(len > 0) {
3079 - ++str; --len;
3080 - if((*str) == '\"') {
3081 - valueLen = xmlSecNssX509NameStringRead(&str, &len,
3082 - value, sizeof(value), '"', 1);
3083 - if(valueLen < 0) {
3084 - xmlSecError(XMLSEC_ERRORS_HERE,
3085 - NULL,
3086 - "xmlSecNssX509NameStringRead",
3087 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
3088 - XMLSEC_ERRORS_NO_MESSAGE);
3089 - goto done;
3090 - }
3091 - /* skip spaces before comma or semicolon */
3092 - while((len > 0) && isspace(*str)) {
3093 - ++str; --len;
3094 - }
3095 - if((len > 0) && ((*str) != ',')) {
3096 - xmlSecError(XMLSEC_ERRORS_HERE,
3097 - NULL,
3098 - NULL,
3099 - XMLSEC_ERRORS_R_INVALID_DATA,
3100 - "comma is expected");
3101 - goto done;
3102 - }
3103 - if(len > 0) {
3104 - ++str; --len;
3105 - }
3106 - *p++='\"';
3107 - memcpy(p, value, valueLen);
3108 - p+=valueLen;
3109 - *p++='\"';
3110 - } else if((*str) == '#') {
3111 - /* TODO: read octect values */
3112 - xmlSecError(XMLSEC_ERRORS_HERE,
3113 - NULL,
3114 - NULL,
3115 - XMLSEC_ERRORS_R_INVALID_DATA,
3116 - "reading octect values is not implemented yet");
3117 - goto done;
3118 - } else {
3119 - valueLen = xmlSecNssX509NameStringRead(&str, &len,
3120 - value, sizeof(value), ',', 1);
3121 - if(valueLen < 0) {
3122 - xmlSecError(XMLSEC_ERRORS_HERE,
3123 - NULL,
3124 - "xmlSecNssX509NameStringRead",
3125 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
3126 - XMLSEC_ERRORS_NO_MESSAGE);
3127 - goto done;
3128 - }
3129 - memcpy(p, value, valueLen);
3130 - p+=valueLen;
3131 - if (len > 0)
3132 - *p++=',';
3133 - }
3134 - } else {
3135 - valueLen = 0;
3136 - }
3137 - if(len > 0) {
3138 - ++str; --len;
3139 - }
3140 - }
3141 -
3142 - *p = 0;
3143 - return(retval);
3144 -
3145 -done:
3146 - PORT_Free(retval);
3147 - return (NULL);
3148 -}
3149 -
3150 -static int
3151 -xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen,
3152 - xmlSecByte *res, int resLen,
3153 - xmlSecByte delim, int ingoreTrailingSpaces) {
3154 - xmlSecByte *p, *q, *nonSpace;
3155 -
3156 - xmlSecAssert2(str != NULL, -1);
3157 - xmlSecAssert2(strLen != NULL, -1);
3158 - xmlSecAssert2(res != NULL, -1);
3159 -
3160 - p = (*str);
3161 - nonSpace = q = res;
3162 - while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) {
3163 - if((*p) != '\\') {
3164 - if(ingoreTrailingSpaces && !isspace(*p)) {
3165 - nonSpace = q;
3166 - }
3167 - *(q++) = *(p++);
3168 - } else {
3169 - ++p;
3170 - nonSpace = q;
3171 - if(xmlSecIsHex((*p))) {
3172 - if((p - (*str) + 1) >= (*strLen)) {
3173 - xmlSecError(XMLSEC_ERRORS_HERE,
3174 - NULL,
3175 - NULL,
3176 - XMLSEC_ERRORS_R_INVALID_DATA,
3177 - "two hex digits expected");
3178 - return(-1);
3179 - }
3180 - *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]);
3181 - p += 2;
3182 - } else {
3183 - if(((++p) - (*str)) >= (*strLen)) {
3184 - xmlSecError(XMLSEC_ERRORS_HERE,
3185 - NULL,
3186 - NULL,
3187 - XMLSEC_ERRORS_R_INVALID_DATA,
3188 - "escaped symbol missed");
3189 - return(-1);
3190 - }
3191 - *(q++) = *(p++);
3192 - }
3193 - }
3194 - }
3195 - if(((p - (*str)) < (*strLen)) && ((*p) != delim)) {
3196 - xmlSecError(XMLSEC_ERRORS_HERE,
3197 - NULL,
3198 - NULL,
3199 - XMLSEC_ERRORS_R_INVALID_SIZE,
3200 - "buffer is too small");
3201 - return(-1);
3202 - }
3203 - (*strLen) -= (p - (*str));
3204 - (*str) = p;
3205 - return((ingoreTrailingSpaces) ? nonSpace - res + 1 : q - res);
3206 -}
3207 -
3208 /* code lifted from NSS */
3209 static void
3210 xmlSecNssNumToItem(SECItem *it, unsigned long ui)
3211 @@ -699,6 +501,77 @@
3212 it->len = len;
3213 PORT_Memcpy(it->data, bb + (sizeof(bb) - len), len);
3214 }
3215 +
3216 +static int
3217 +xmlSecNssIntegerToItem(
3218 + const xmlChar* integer ,
3219 + SECItem *item
3220 +) {
3221 + xmlSecBn bn ;
3222 + xmlSecSize i, length ;
3223 + const xmlSecByte* bnInteger ;
3224 +
3225 + xmlSecAssert2( integer != NULL, -1 ) ;
3226 + xmlSecAssert2( item != NULL, -1 ) ;
3227 +
3228 + if( xmlSecBnInitialize( &bn, 0 ) < 0 ) {
3229 + xmlSecError(XMLSEC_ERRORS_HERE,
3230 + NULL,
3231 + "xmlSecBnInitialize",
3232 + XMLSEC_ERRORS_R_INVALID_DATA,
3233 + XMLSEC_ERRORS_NO_MESSAGE);
3234 + return -1 ;
3235 + }
3236 +
3237 + if( xmlSecBnFromDecString( &bn, integer ) < 0 ) {
3238 + xmlSecError(XMLSEC_ERRORS_HERE,
3239 + NULL,
3240 + "xmlSecBnFromDecString",
3241 + XMLSEC_ERRORS_R_INVALID_DATA,
3242 + XMLSEC_ERRORS_NO_MESSAGE);
3243 + xmlSecBnFinalize( &bn ) ;
3244 + return -1 ;
3245 + }
3246 +
3247 + length = xmlSecBnGetSize( &bn ) ;
3248 + if( length <= 0 ) {
3249 + xmlSecError(XMLSEC_ERRORS_HERE,
3250 + NULL,
3251 + "xmlSecBnGetSize",
3252 + XMLSEC_ERRORS_R_INVALID_DATA,
3253 + XMLSEC_ERRORS_NO_MESSAGE);
3254 + }
3255 +
3256 + bnInteger = xmlSecBnGetData( &bn ) ;
3257 + if( bnInteger == NULL ) {
3258 + xmlSecError(XMLSEC_ERRORS_HERE,
3259 + NULL,
3260 + "xmlSecBnGetData",
3261 + XMLSEC_ERRORS_R_INVALID_DATA,
3262 + XMLSEC_ERRORS_NO_MESSAGE ) ;
3263 + xmlSecBnFinalize( &bn ) ;
3264 + return -1 ;
3265 + }
3266 +
3267 + item->data = ( unsigned char * )PORT_Alloc( length );
3268 + if( item->data == NULL ) {
3269 + xmlSecError(XMLSEC_ERRORS_HERE,
3270 + NULL,
3271 + "PORT_Alloc",
3272 + XMLSEC_ERRORS_R_INVALID_DATA,
3273 + XMLSEC_ERRORS_NO_MESSAGE ) ;
3274 + xmlSecBnFinalize( &bn ) ;
3275 + return -1 ;
3276 + }
3277 +
3278 + item->len = length;
3279 + for( i = 0 ; i < length ; i ++ )
3280 + item->data[i] = *( bnInteger + i ) ;
3281 +
3282 + xmlSecBnFinalize( &bn ) ;
3283 +
3284 + return 0 ;
3285 +}
3286 #endif /* XMLSEC_NO_X509 */
3289 --- misc/xmlsec1-1.2.14/win32/Makefile.msvc 2009-06-25 22:53:18.000000000 +0200
3290 +++ misc/build/xmlsec1-1.2.14/win32/Makefile.msvc 2009-09-21 14:02:48.607277908 +0200
3291 @@ -218,6 +218,9 @@
3292 $(XMLSEC_OPENSSL_INTDIR_A)\x509vfy.obj
3294 XMLSEC_NSS_OBJS = \
3295 + $(XMLSEC_NSS_INTDIR)\akmngr.obj\
3296 + $(XMLSEC_NSS_INTDIR)\keywrapers.obj\
3297 + $(XMLSEC_NSS_INTDIR)\tokens.obj\
3298 $(XMLSEC_NSS_INTDIR)\app.obj\
3299 $(XMLSEC_NSS_INTDIR)\bignum.obj\
3300 $(XMLSEC_NSS_INTDIR)\ciphers.obj \
3301 @@ -253,6 +256,7 @@
3302 $(XMLSEC_NSS_INTDIR_A)\strings.obj
3304 XMLSEC_MSCRYPTO_OBJS = \
3305 + $(XMLSEC_MSCRYPTO_INTDIR)\akmngr.obj\
3306 $(XMLSEC_MSCRYPTO_INTDIR)\app.obj\
3307 $(XMLSEC_MSCRYPTO_INTDIR)\crypto.obj \
3308 $(XMLSEC_MSCRYPTO_INTDIR)\ciphers.obj \