xmlsecurity/source/xmlsec/mscrypt/akmngr.cxx

   1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */
   2 /*
   3  * This file is part of the LibreOffice project.
   4  *
   5  * This Source Code Form is subject to the terms of the Mozilla Public
   6  * License, v. 2.0. If a copy of the MPL was not distributed with this
   7  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
   8  *
   9  * This file incorporates work covered by the following license notice:
  10  *
  11  *   Licensed to the Apache Software Foundation (ASF) under one or more
  12  *   contributor license agreements. See the NOTICE file distributed
  13  *   with this work for additional information regarding copyright
  14  *   ownership. The ASF licenses this file to you under the Apache
  15  *   License, Version 2.0 (the "License"); you may not use this file
  16  *   except in compliance with the License. You may obtain a copy of
  17  *   the License at http://www.apache.org/licenses/LICENSE-2.0 .
  18  */
  19 #include "akmngr.hxx"
  20
  21 #include <xmlsec/xmlsec.h>
  22 #include <xmlsec/keys.h>
  23 #include <xmlsec/keysmngr.h>
  24 #include <xmlsec/transforms.h>
  25 #include <xmlsec/errors.h>
  26
  27 #include <xmlsec/mscrypto/crypto.h>
  28 #include <xmlsec/mscrypto/keysstore.h>
  29 #include <xmlsec/mscrypto/x509.h>
  30
  31 /**
  32  * xmlSecMSCryptoAppliedKeysMngrCreate:
  33  *
  34  * Create and load key store and certificate database into keys manager
  35  *
  36  * Returns keys manager pointer on success or NULL otherwise.
  37  */
  38 xmlSecKeysMngrPtr xmlSecMSCryptoAppliedKeysMngrCreate()
  39 {
  40     xmlSecKeysMngrPtr        keyMngr = nullptr ;
  41     xmlSecKeyStorePtr        keyStore = nullptr ;
  42
  43     keyStore = xmlSecKeyStoreCreate(xmlSecMSCryptoKeysStoreId) ;
  44     if (keyStore == nullptr)
  45     {
  46         xmlSecError(XMLSEC_ERRORS_HERE,
  47                     nullptr,
  48                     "xmlSecKeyStoreCreate",
  49                     XMLSEC_ERRORS_R_XMLSEC_FAILED,
  50                     XMLSEC_ERRORS_NO_MESSAGE) ;
  51         return nullptr ;
  52     }
  53
  54     /*-
  55      * At present, MS Crypto engine do not provide a way to setup a key store.
  56      */
  57     if (keyStore != nullptr)
  58     {
  59         /*TODO: binding key store.*/
  60     }
  61
  62     keyMngr = xmlSecKeysMngrCreate() ;
  63     if (keyMngr == nullptr)
  64     {
  65         xmlSecError(XMLSEC_ERRORS_HERE,
  66                     nullptr,
  67                     "xmlSecKeysMngrCreate",
  68                     XMLSEC_ERRORS_R_XMLSEC_FAILED,
  69                     XMLSEC_ERRORS_NO_MESSAGE) ;
  70
  71         xmlSecKeyStoreDestroy(keyStore) ;
  72         return nullptr ;
  73     }
  74
  75     /*-
  76      * Add key store to manager, from now on keys manager destroys the store if
  77      * needed
  78      */
  79     if (xmlSecKeysMngrAdoptKeysStore(keyMngr, keyStore) < 0)
  80     {
  81         xmlSecError(XMLSEC_ERRORS_HERE,
  82                     xmlSecErrorsSafeString(xmlSecKeyStoreGetName(keyStore)),
  83                     "xmlSecKeysMngrAdoptKeyStore",
  84                     XMLSEC_ERRORS_R_XMLSEC_FAILED,
  85                     XMLSEC_ERRORS_NO_MESSAGE) ;
  86
  87         xmlSecKeyStoreDestroy(keyStore) ;
  88         xmlSecKeysMngrDestroy(keyMngr) ;
  89         return nullptr ;
  90     }
  91
  92     /*-
  93      * Initialize crypto library specific data in keys manager
  94      */
  95     if (xmlSecMSCryptoKeysMngrInit(keyMngr) < 0)
  96     {
  97         xmlSecError(XMLSEC_ERRORS_HERE,
  98                     nullptr,
  99                     "xmlSecMSCryptoKeysMngrInit",
 100                     XMLSEC_ERRORS_R_XMLSEC_FAILED,
 101                     XMLSEC_ERRORS_NO_MESSAGE) ;
 102
 103         xmlSecKeysMngrDestroy(keyMngr) ;
 104         return nullptr ;
 105     }
 106
 107     /*-
 108      * Set certificate database to X509 key data store
 109      */
 110     /*-
 111      * At present, MS Crypto engine do not provide a way to setup a cert store.
 112      */
 113
 114     /*-
 115      * Set the getKey callback
 116      */
 117     keyMngr->getKey = xmlSecKeysMngrGetKey ;
 118
 119     return keyMngr ;
 120 }
 121
 122 int
 123 xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore(
 124     xmlSecKeysMngrPtr    mngr,
 125     HCERTSTORE keyStore
 126 )
 127 {
 128     xmlSecKeyDataStorePtr x509Store ;
 129
 130     xmlSecAssert2(mngr != nullptr, -1) ;
 131     xmlSecAssert2(keyStore != nullptr, -1) ;
 132
 133     x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCryptoX509StoreId) ;
 134     if (x509Store == nullptr)
 135     {
 136         xmlSecError(XMLSEC_ERRORS_HERE,
 137                     nullptr,
 138                     "xmlSecKeysMngrGetDataStore",
 139                     XMLSEC_ERRORS_R_XMLSEC_FAILED,
 140                     XMLSEC_ERRORS_NO_MESSAGE) ;
 141         return (-1) ;
 142     }
 143
 144     if (xmlSecMSCryptoX509StoreAdoptKeyStore(x509Store, keyStore) < 0)
 145     {
 146         xmlSecError(XMLSEC_ERRORS_HERE,
 147                     xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(x509Store)),
 148                     "xmlSecMSCryptoX509StoreAdoptKeyStore",
 149                     XMLSEC_ERRORS_R_XMLSEC_FAILED,
 150                     XMLSEC_ERRORS_NO_MESSAGE) ;
 151         return (-1) ;
 152     }
 153
 154     return (0) ;
 155 }
 156
 157 int
 158 xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore(
 159     xmlSecKeysMngrPtr    mngr,
 160     HCERTSTORE trustedStore
 161 )
 162 {
 163     xmlSecKeyDataStorePtr x509Store ;
 164
 165     xmlSecAssert2(mngr != nullptr, -1) ;
 166     xmlSecAssert2(trustedStore != nullptr, -1) ;
 167
 168     x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCryptoX509StoreId) ;
 169     if (x509Store == nullptr)
 170     {
 171         xmlSecError(XMLSEC_ERRORS_HERE,
 172                     nullptr,
 173                     "xmlSecKeysMngrGetDataStore",
 174                     XMLSEC_ERRORS_R_XMLSEC_FAILED,
 175                     XMLSEC_ERRORS_NO_MESSAGE) ;
 176         return (-1) ;
 177     }
 178
 179     if (xmlSecMSCryptoX509StoreAdoptTrustedStore(x509Store, trustedStore) < 0)
 180     {
 181         xmlSecError(XMLSEC_ERRORS_HERE,
 182                     xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(x509Store)),
 183                     "xmlSecMSCryptoX509StoreAdoptKeyStore",
 184                     XMLSEC_ERRORS_R_XMLSEC_FAILED,
 185                     XMLSEC_ERRORS_NO_MESSAGE) ;
 186         return (-1) ;
 187     }
 188
 189     return (0) ;
 190 }
 191
 192 int
 193 xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore(
 194     xmlSecKeysMngrPtr    mngr,
 195     HCERTSTORE untrustedStore
 196 )
 197 {
 198     xmlSecKeyDataStorePtr x509Store ;
 199
 200     xmlSecAssert2(mngr != nullptr, -1) ;
 201     xmlSecAssert2(untrustedStore != nullptr, -1) ;
 202
 203     x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCryptoX509StoreId) ;
 204     if (x509Store == nullptr)
 205     {
 206         xmlSecError(XMLSEC_ERRORS_HERE,
 207                     nullptr,
 208                     "xmlSecKeysMngrGetDataStore",
 209                     XMLSEC_ERRORS_R_XMLSEC_FAILED,
 210                     XMLSEC_ERRORS_NO_MESSAGE) ;
 211         return (-1) ;
 212     }
 213
 214     if (xmlSecMSCryptoX509StoreAdoptUntrustedStore(x509Store, untrustedStore) < 0)
 215     {
 216         xmlSecError(XMLSEC_ERRORS_HERE,
 217                     xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(x509Store)),
 218                     "xmlSecMSCryptoX509StoreAdoptKeyStore",
 219                     XMLSEC_ERRORS_R_XMLSEC_FAILED,
 220                     XMLSEC_ERRORS_NO_MESSAGE) ;
 221         return (-1) ;
 222     }
 223
 224     return (0) ;
 225 }
 226
 227 /* vim:set shiftwidth=4 softtabstop=4 expandtab cinoptions=b1,g0,N-s cinkeys+=0=break: */