xmlsecurity/source/xmlsec/mscrypt/akmngr.cxx

   1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */
   2 /*
   3  * This file is part of the LibreOffice project.
   4  *
   5  * This Source Code Form is subject to the terms of the Mozilla Public
   6  * License, v. 2.0. If a copy of the MPL was not distributed with this
   7  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
   8  *
   9  * This file incorporates work covered by the following license notice:
  10  *
  11  *   Licensed to the Apache Software Foundation (ASF) under one or more
  12  *   contributor license agreements. See the NOTICE file distributed
  13  *   with this work for additional information regarding copyright
  14  *   ownership. The ASF licenses this file to you under the Apache
  15  *   License, Version 2.0 (the "License"); you may not use this file
  16  *   except in compliance with the License. You may obtain a copy of
  17  *   the License at http://www.apache.org/licenses/LICENSE-2.0 .
  18  */
  19 #include "akmngr.hxx"
  20
  21 #include <xmlsec/xmlsec.h>
  22 #include <xmlsec/keys.h>
  23 #include <xmlsec/keysmngr.h>
  24 #include <xmlsec/transforms.h>
  25 #include <xmlsec/errors.h>
  26
  27 #include <xmlsec/mscrypto/crypto.h>
  28 #include <xmlsec/mscrypto/keysstore.h>
  29 #include <xmlsec/mscrypto/x509.h>
  30
  31 namespace xmlsecurity
  32 {
  33
  34 /**
  35  * MSCryptoAppliedKeysMngrCreate:
  36  *
  37  * Create and load key store and certificate database into keys manager
  38  *
  39  * Returns keys manager pointer on success or NULL otherwise.
  40  */
  41 xmlSecKeysMngrPtr MSCryptoAppliedKeysMngrCreate()
  42 {
  43     xmlSecKeysMngrPtr        keyMngr = nullptr ;
  44     xmlSecKeyStorePtr        keyStore = nullptr ;
  45
  46     keyStore = xmlSecKeyStoreCreate(xmlSecMSCryptoKeysStoreId) ;
  47     if (keyStore == nullptr)
  48     {
  49         xmlSecError(XMLSEC_ERRORS_HERE,
  50                     nullptr,
  51                     "xmlSecKeyStoreCreate",
  52                     XMLSEC_ERRORS_R_XMLSEC_FAILED,
  53                     XMLSEC_ERRORS_NO_MESSAGE) ;
  54         return nullptr ;
  55     }
  56
  57     /*-
  58      * At present, MS Crypto engine do not provide a way to setup a key store.
  59      */
  60     if (keyStore != nullptr)
  61     {
  62         /*TODO: binding key store.*/
  63     }
  64
  65     keyMngr = xmlSecKeysMngrCreate() ;
  66     if (keyMngr == nullptr)
  67     {
  68         xmlSecError(XMLSEC_ERRORS_HERE,
  69                     nullptr,
  70                     "xmlSecKeysMngrCreate",
  71                     XMLSEC_ERRORS_R_XMLSEC_FAILED,
  72                     XMLSEC_ERRORS_NO_MESSAGE) ;
  73
  74         xmlSecKeyStoreDestroy(keyStore) ;
  75         return nullptr ;
  76     }
  77
  78     /*-
  79      * Add key store to manager, from now on keys manager destroys the store if
  80      * needed
  81      */
  82     if (xmlSecKeysMngrAdoptKeysStore(keyMngr, keyStore) < 0)
  83     {
  84         xmlSecError(XMLSEC_ERRORS_HERE,
  85                     xmlSecErrorsSafeString(xmlSecKeyStoreGetName(keyStore)),
  86                     "xmlSecKeysMngrAdoptKeyStore",
  87                     XMLSEC_ERRORS_R_XMLSEC_FAILED,
  88                     XMLSEC_ERRORS_NO_MESSAGE) ;
  89
  90         xmlSecKeyStoreDestroy(keyStore) ;
  91         xmlSecKeysMngrDestroy(keyMngr) ;
  92         return nullptr ;
  93     }
  94
  95     /*-
  96      * Initialize crypto library specific data in keys manager
  97      */
  98     if (xmlSecMSCryptoKeysMngrInit(keyMngr) < 0)
  99     {
 100         xmlSecError(XMLSEC_ERRORS_HERE,
 101                     nullptr,
 102                     "xmlSecMSCryptoKeysMngrInit",
 103                     XMLSEC_ERRORS_R_XMLSEC_FAILED,
 104                     XMLSEC_ERRORS_NO_MESSAGE) ;
 105
 106         xmlSecKeysMngrDestroy(keyMngr) ;
 107         return nullptr ;
 108     }
 109
 110     /*-
 111      * Set certificate database to X509 key data store
 112      */
 113     /*-
 114      * At present, MS Crypto engine do not provide a way to setup a cert store.
 115      */
 116
 117     /*-
 118      * Set the getKey callback
 119      */
 120     keyMngr->getKey = xmlSecKeysMngrGetKey ;
 121
 122     return keyMngr ;
 123 }
 124
 125 int
 126 MSCryptoAppliedKeysMngrAdoptKeyStore(
 127     xmlSecKeysMngrPtr    mngr,
 128     HCERTSTORE keyStore
 129 )
 130 {
 131     xmlSecKeyDataStorePtr x509Store ;
 132
 133     xmlSecAssert2(mngr != nullptr, -1) ;
 134     xmlSecAssert2(keyStore != nullptr, -1) ;
 135
 136     x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCryptoX509StoreId) ;
 137     if (x509Store == nullptr)
 138     {
 139         xmlSecError(XMLSEC_ERRORS_HERE,
 140                     nullptr,
 141                     "xmlSecKeysMngrGetDataStore",
 142                     XMLSEC_ERRORS_R_XMLSEC_FAILED,
 143                     XMLSEC_ERRORS_NO_MESSAGE) ;
 144         return -1 ;
 145     }
 146
 147     if (xmlSecMSCryptoX509StoreAdoptKeyStore(x509Store, keyStore) < 0)
 148     {
 149         xmlSecError(XMLSEC_ERRORS_HERE,
 150                     xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(x509Store)),
 151                     "xmlSecMSCryptoX509StoreAdoptKeyStore",
 152                     XMLSEC_ERRORS_R_XMLSEC_FAILED,
 153                     XMLSEC_ERRORS_NO_MESSAGE) ;
 154         return -1 ;
 155     }
 156
 157     return 0 ;
 158 }
 159
 160 int
 161 MSCryptoAppliedKeysMngrAdoptTrustedStore(
 162     xmlSecKeysMngrPtr    mngr,
 163     HCERTSTORE trustedStore
 164 )
 165 {
 166     xmlSecKeyDataStorePtr x509Store ;
 167
 168     xmlSecAssert2(mngr != nullptr, -1) ;
 169     xmlSecAssert2(trustedStore != nullptr, -1) ;
 170
 171     x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCryptoX509StoreId) ;
 172     if (x509Store == nullptr)
 173     {
 174         xmlSecError(XMLSEC_ERRORS_HERE,
 175                     nullptr,
 176                     "xmlSecKeysMngrGetDataStore",
 177                     XMLSEC_ERRORS_R_XMLSEC_FAILED,
 178                     XMLSEC_ERRORS_NO_MESSAGE) ;
 179         return -1 ;
 180     }
 181
 182     if (xmlSecMSCryptoX509StoreAdoptTrustedStore(x509Store, trustedStore) < 0)
 183     {
 184         xmlSecError(XMLSEC_ERRORS_HERE,
 185                     xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(x509Store)),
 186                     "xmlSecMSCryptoX509StoreAdoptKeyStore",
 187                     XMLSEC_ERRORS_R_XMLSEC_FAILED,
 188                     XMLSEC_ERRORS_NO_MESSAGE) ;
 189         return -1 ;
 190     }
 191
 192     return 0 ;
 193 }
 194
 195 int
 196 MSCryptoAppliedKeysMngrAdoptUntrustedStore(
 197     xmlSecKeysMngrPtr    mngr,
 198     HCERTSTORE untrustedStore
 199 )
 200 {
 201     xmlSecKeyDataStorePtr x509Store ;
 202
 203     xmlSecAssert2(mngr != nullptr, -1) ;
 204     xmlSecAssert2(untrustedStore != nullptr, -1) ;
 205
 206     x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCryptoX509StoreId) ;
 207     if (x509Store == nullptr)
 208     {
 209         xmlSecError(XMLSEC_ERRORS_HERE,
 210                     nullptr,
 211                     "xmlSecKeysMngrGetDataStore",
 212                     XMLSEC_ERRORS_R_XMLSEC_FAILED,
 213                     XMLSEC_ERRORS_NO_MESSAGE) ;
 214         return -1 ;
 215     }
 216
 217     if (xmlSecMSCryptoX509StoreAdoptUntrustedStore(x509Store, untrustedStore) < 0)
 218     {
 219         xmlSecError(XMLSEC_ERRORS_HERE,
 220                     xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(x509Store)),
 221                     "xmlSecMSCryptoX509StoreAdoptKeyStore",
 222                     XMLSEC_ERRORS_R_XMLSEC_FAILED,
 223                     XMLSEC_ERRORS_NO_MESSAGE) ;
 224         return -1 ;
 225     }
 226
 227     return 0 ;
 228 }
 229
 230 }
 231
 232 /* vim:set shiftwidth=4 softtabstop=4 expandtab cinoptions=b1,g0,N-s cinkeys+=0=break: */