external/libxmlsec/src/akmngr_nss.c

   1 /**
   2  * XMLSec library
   3  *
   4  * This is free software; see Copyright file in the source
   5  * distribution for preciese wording.
   6  *
   7  * Copyright.........................
   8  */
   9 #include "globals.h"
  10
  11 #include <nspr.h>
  12 #include <nss.h>
  13 #include <pk11func.h>
  14 #include <cert.h>
  15 #include <keyhi.h>
  16
  17 #include <xmlsec/xmlsec.h>
  18 #include <xmlsec/keys.h>
  19 #include <xmlsec/transforms.h>
  20 #include <xmlsec/errors.h>
  21
  22 #include <xmlsec/nss/crypto.h>
  23 #include <xmlsec/nss/tokens.h>
  24 #include <xmlsec/nss/akmngr.h>
  25 #include <xmlsec/nss/pkikeys.h>
  26 #include <xmlsec/nss/ciphers.h>
  27 #include <xmlsec/nss/keysstore.h>
  28
  29 /**
  30  * xmlSecNssAppliedKeysMngrCreate:
  31  * @slot:           array of pointers to NSS PKCS#11 slot information.
  32  * @cSlots:         number of slots in the array
  33  * @handler:        the pointer to NSS certificate database.
  34  *
  35  * Create and load NSS crypto slot and certificate database into keys manager
  36  *
  37  * Returns keys manager pointer on success or NULL otherwise.
  38  */
  39 xmlSecKeysMngrPtr
  40 xmlSecNssAppliedKeysMngrCreate(
  41     PK11SlotInfo** slots,
  42     int cSlots,
  43     CERTCertDBHandle* handler
  44 ) {
  45     xmlSecKeyDataStorePtr   certStore = NULL ;
  46     xmlSecKeysMngrPtr       keyMngr = NULL ;
  47     xmlSecKeyStorePtr       keyStore = NULL ;
  48     int islot = 0;
  49     keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ;
  50     if( keyStore == NULL ) {
  51         xmlSecError( XMLSEC_ERRORS_HERE ,
  52             NULL ,
  53             "xmlSecKeyStoreCreate" ,
  54             XMLSEC_ERRORS_R_XMLSEC_FAILED ,
  55             XMLSEC_ERRORS_NO_MESSAGE ) ;
  56         return NULL ;
  57     }
  58
  59     for (islot = 0; islot < cSlots; islot++)
  60     {
  61         xmlSecNssKeySlotPtr     keySlot ;
  62
  63         /* Create a key slot */
  64         keySlot = xmlSecNssKeySlotCreate() ;
  65         if( keySlot == NULL ) {
  66             xmlSecError( XMLSEC_ERRORS_HERE ,
  67                 xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
  68                 "xmlSecNssKeySlotCreate" ,
  69                 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
  70                 XMLSEC_ERRORS_NO_MESSAGE ) ;
  71
  72             xmlSecKeyStoreDestroy( keyStore ) ;
  73             return NULL ;
  74         }
  75
  76         /* Set slot */
  77         if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) {
  78             xmlSecError( XMLSEC_ERRORS_HERE ,
  79                 xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
  80                 "xmlSecNssKeySlotSetSlot" ,
  81                 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
  82                 XMLSEC_ERRORS_NO_MESSAGE ) ;
  83
  84             xmlSecKeyStoreDestroy( keyStore ) ;
  85             xmlSecNssKeySlotDestroy( keySlot ) ;
  86             return NULL ;
  87         }
  88
  89         /* Adopt keySlot */
  90         if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) {
  91             xmlSecError( XMLSEC_ERRORS_HERE ,
  92                 xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
  93                 "xmlSecNssKeysStoreAdoptKeySlot" ,
  94                 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
  95                 XMLSEC_ERRORS_NO_MESSAGE ) ;
  96
  97             xmlSecKeyStoreDestroy( keyStore ) ;
  98             xmlSecNssKeySlotDestroy( keySlot ) ;
  99             return NULL ;
 100         }
 101     }
 102
 103     keyMngr = xmlSecKeysMngrCreate() ;
 104     if( keyMngr == NULL ) {
 105         xmlSecError( XMLSEC_ERRORS_HERE ,
 106             NULL ,
 107             "xmlSecKeysMngrCreate" ,
 108             XMLSEC_ERRORS_R_XMLSEC_FAILED ,
 109             XMLSEC_ERRORS_NO_MESSAGE ) ;
 110
 111         xmlSecKeyStoreDestroy( keyStore ) ;
 112         return NULL ;
 113     }
 114
 115     /*-
 116      * Add key store to manager, from now on keys manager destroys the store if
 117      * needed
 118      */
 119     if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
 120         xmlSecError( XMLSEC_ERRORS_HERE ,
 121             xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
 122             "xmlSecKeysMngrAdoptKeyStore" ,
 123             XMLSEC_ERRORS_R_XMLSEC_FAILED ,
 124             XMLSEC_ERRORS_NO_MESSAGE ) ;
 125
 126         xmlSecKeyStoreDestroy( keyStore ) ;
 127         xmlSecKeysMngrDestroy( keyMngr ) ;
 128         return NULL ;
 129     }
 130
 131     /*-
 132      * Initialize crypto library specific data in keys manager
 133      */
 134     if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) {
 135         xmlSecError( XMLSEC_ERRORS_HERE ,
 136             NULL ,
 137             "xmlSecKeysMngrCreate" ,
 138             XMLSEC_ERRORS_R_XMLSEC_FAILED ,
 139             XMLSEC_ERRORS_NO_MESSAGE ) ;
 140
 141         xmlSecKeysMngrDestroy( keyMngr ) ;
 142         return NULL ;
 143     }
 144
 145     /*-
 146      * Set certificate databse to X509 key data store
 147      */
 148     /**
 149      * Because Tej's implementation of certDB use the default DB, so I ignore
 150      * the certDB handler at present. I'll modify the cert store sources to
 151      * accept particular certDB instead of default ones.
 152     certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ;
 153     if( certStore == NULL ) {
 154         xmlSecError( XMLSEC_ERRORS_HERE ,
 155             xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
 156             "xmlSecKeysMngrGetDataStore" ,
 157             XMLSEC_ERRORS_R_XMLSEC_FAILED ,
 158             XMLSEC_ERRORS_NO_MESSAGE ) ;
 159
 160         xmlSecKeysMngrDestroy( keyMngr ) ;
 161         return NULL ;
 162     }
 163
 164     if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) {
 165         xmlSecError( XMLSEC_ERRORS_HERE ,
 166             xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
 167             "xmlSecNssKeyDataStoreX509SetCertDb" ,
 168             XMLSEC_ERRORS_R_XMLSEC_FAILED ,
 169             XMLSEC_ERRORS_NO_MESSAGE ) ;
 170
 171         xmlSecKeysMngrDestroy( keyMngr ) ;
 172         return NULL ;
 173     }
 174     */
 175
 176     /*-
 177      * Set the getKey callback
 178      */
 179     keyMngr->getKey = xmlSecKeysMngrGetKey ;
 180
 181     return keyMngr ;
 182 }
 183
 184 int
 185 xmlSecNssAppliedKeysMngrSymKeyLoad(
 186     xmlSecKeysMngrPtr   mngr ,
 187     PK11SymKey*         symKey
 188 ) {
 189     xmlSecKeyPtr        key ;
 190     xmlSecKeyDataPtr    data ;
 191     xmlSecKeyStorePtr   keyStore ;
 192
 193     xmlSecAssert2( mngr != NULL , -1 ) ;
 194     xmlSecAssert2( symKey != NULL , -1 ) ;
 195
 196     keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
 197     if( keyStore == NULL ) {
 198         xmlSecError( XMLSEC_ERRORS_HERE ,
 199             NULL ,
 200             "xmlSecKeysMngrGetKeysStore" ,
 201             XMLSEC_ERRORS_R_XMLSEC_FAILED ,
 202             XMLSEC_ERRORS_NO_MESSAGE ) ;
 203         return(-1) ;
 204     }
 205     xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
 206
 207     data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ;
 208     if( data == NULL ) {
 209         xmlSecError( XMLSEC_ERRORS_HERE ,
 210             NULL ,
 211             "xmlSecNssSymKeyDataKeyAdopt" ,
 212             XMLSEC_ERRORS_R_XMLSEC_FAILED ,
 213             XMLSEC_ERRORS_NO_MESSAGE ) ;
 214         return(-1) ;
 215     }
 216
 217     key = xmlSecKeyCreate() ;
 218     if( key == NULL ) {
 219         xmlSecError( XMLSEC_ERRORS_HERE ,
 220             NULL ,
 221             "xmlSecNssSymKeyDataKeyAdopt" ,
 222             XMLSEC_ERRORS_R_XMLSEC_FAILED ,
 223             XMLSEC_ERRORS_NO_MESSAGE ) ;
 224         xmlSecKeyDataDestroy( data ) ;
 225         return(-1) ;
 226     }
 227
 228     if( xmlSecKeySetValue( key , data ) < 0 ) {
 229         xmlSecError( XMLSEC_ERRORS_HERE ,
 230             NULL ,
 231             "xmlSecNssSymKeyDataKeyAdopt" ,
 232             XMLSEC_ERRORS_R_XMLSEC_FAILED ,
 233             XMLSEC_ERRORS_NO_MESSAGE ) ;
 234         xmlSecKeyDataDestroy( data ) ;
 235         return(-1) ;
 236     }
 237
 238     if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
 239         xmlSecError( XMLSEC_ERRORS_HERE ,
 240             NULL ,
 241             "xmlSecNssSymKeyDataKeyAdopt" ,
 242             XMLSEC_ERRORS_R_XMLSEC_FAILED ,
 243             XMLSEC_ERRORS_NO_MESSAGE ) ;
 244         xmlSecKeyDestroy( key ) ;
 245         return(-1) ;
 246     }
 247
 248     return(0) ;
 249 }
 250
 251 int
 252 xmlSecNssAppliedKeysMngrPubKeyLoad(
 253     xmlSecKeysMngrPtr   mngr ,
 254     SECKEYPublicKey*    pubKey
 255 ) {
 256     xmlSecKeyPtr        key ;
 257     xmlSecKeyDataPtr    data ;
 258     xmlSecKeyStorePtr   keyStore ;
 259
 260     xmlSecAssert2( mngr != NULL , -1 ) ;
 261     xmlSecAssert2( pubKey != NULL , -1 ) ;
 262
 263     keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
 264     if( keyStore == NULL ) {
 265         xmlSecError( XMLSEC_ERRORS_HERE ,
 266             NULL ,
 267             "xmlSecKeysMngrGetKeysStore" ,
 268             XMLSEC_ERRORS_R_XMLSEC_FAILED ,
 269             XMLSEC_ERRORS_NO_MESSAGE ) ;
 270         return(-1) ;
 271     }
 272     xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
 273
 274     data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
 275     if( data == NULL ) {
 276         xmlSecError( XMLSEC_ERRORS_HERE ,
 277             NULL ,
 278             "xmlSecNssPKIAdoptKey" ,
 279             XMLSEC_ERRORS_R_XMLSEC_FAILED ,
 280             XMLSEC_ERRORS_NO_MESSAGE ) ;
 281         return(-1) ;
 282     }
 283
 284     key = xmlSecKeyCreate() ;
 285     if( key == NULL ) {
 286         xmlSecError( XMLSEC_ERRORS_HERE ,
 287             NULL ,
 288             "xmlSecNssSymKeyDataKeyAdopt" ,
 289             XMLSEC_ERRORS_R_XMLSEC_FAILED ,
 290             XMLSEC_ERRORS_NO_MESSAGE ) ;
 291         xmlSecKeyDataDestroy( data ) ;
 292         return(-1) ;
 293     }
 294
 295     if( xmlSecKeySetValue( key , data ) < 0 ) {
 296         xmlSecError( XMLSEC_ERRORS_HERE ,
 297             NULL ,
 298             "xmlSecNssSymKeyDataKeyAdopt" ,
 299             XMLSEC_ERRORS_R_XMLSEC_FAILED ,
 300             XMLSEC_ERRORS_NO_MESSAGE ) ;
 301         xmlSecKeyDataDestroy( data ) ;
 302         return(-1) ;
 303     }
 304
 305     if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
 306         xmlSecError( XMLSEC_ERRORS_HERE ,
 307             NULL ,
 308             "xmlSecNssSymKeyDataKeyAdopt" ,
 309             XMLSEC_ERRORS_R_XMLSEC_FAILED ,
 310             XMLSEC_ERRORS_NO_MESSAGE ) ;
 311         xmlSecKeyDestroy( key ) ;
 312         return(-1) ;
 313     }
 314
 315     return(0) ;
 316 }
 317
 318 int
 319 xmlSecNssAppliedKeysMngrPriKeyLoad(
 320     xmlSecKeysMngrPtr   mngr ,
 321     SECKEYPrivateKey*   priKey
 322 ) {
 323     xmlSecKeyPtr        key ;
 324     xmlSecKeyDataPtr    data ;
 325     xmlSecKeyStorePtr   keyStore ;
 326
 327     xmlSecAssert2( mngr != NULL , -1 ) ;
 328     xmlSecAssert2( priKey != NULL , -1 ) ;
 329
 330     keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
 331     if( keyStore == NULL ) {
 332         xmlSecError( XMLSEC_ERRORS_HERE ,
 333             NULL ,
 334             "xmlSecKeysMngrGetKeysStore" ,
 335             XMLSEC_ERRORS_R_XMLSEC_FAILED ,
 336             XMLSEC_ERRORS_NO_MESSAGE ) ;
 337         return(-1) ;
 338     }
 339     xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
 340
 341     data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
 342     if( data == NULL ) {
 343         xmlSecError( XMLSEC_ERRORS_HERE ,
 344             NULL ,
 345             "xmlSecNssPKIAdoptKey" ,
 346             XMLSEC_ERRORS_R_XMLSEC_FAILED ,
 347             XMLSEC_ERRORS_NO_MESSAGE ) ;
 348         return(-1) ;
 349     }
 350
 351     key = xmlSecKeyCreate() ;
 352     if( key == NULL ) {
 353         xmlSecError( XMLSEC_ERRORS_HERE ,
 354             NULL ,
 355             "xmlSecNssSymKeyDataKeyAdopt" ,
 356             XMLSEC_ERRORS_R_XMLSEC_FAILED ,
 357             XMLSEC_ERRORS_NO_MESSAGE ) ;
 358         xmlSecKeyDataDestroy( data ) ;
 359         return(-1) ;
 360     }
 361
 362     if( xmlSecKeySetValue( key , data ) < 0 ) {
 363         xmlSecError( XMLSEC_ERRORS_HERE ,
 364             NULL ,
 365             "xmlSecNssSymKeyDataKeyAdopt" ,
 366             XMLSEC_ERRORS_R_XMLSEC_FAILED ,
 367             XMLSEC_ERRORS_NO_MESSAGE ) ;
 368         xmlSecKeyDataDestroy( data ) ;
 369         return(-1) ;
 370     }
 371
 372     if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
 373         xmlSecError( XMLSEC_ERRORS_HERE ,
 374             NULL ,
 375             "xmlSecNssSymKeyDataKeyAdopt" ,
 376             XMLSEC_ERRORS_R_XMLSEC_FAILED ,
 377             XMLSEC_ERRORS_NO_MESSAGE ) ;
 378         xmlSecKeyDestroy( key ) ;
 379         return(-1) ;
 380     }
 381
 382     return(0) ;
 383 }
 384