xmlsecurity/source/xmlsec/mscrypt/akmngr.cxx

   1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */
   2 /*
   3  * This file is part of the LibreOffice project.
   4  *
   5  * This Source Code Form is subject to the terms of the Mozilla Public
   6  * License, v. 2.0. If a copy of the MPL was not distributed with this
   7  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
   8  *
   9  * This file incorporates work covered by the following license notice:
  10  *
  11  *   Licensed to the Apache Software Foundation (ASF) under one or more
  12  *   contributor license agreements. See the NOTICE file distributed
  13  *   with this work for additional information regarding copyright
  14  *   ownership. The ASF licenses this file to you under the Apache
  15  *   License, Version 2.0 (the "License"); you may not use this file
  16  *   except in compliance with the License. You may obtain a copy of
  17  *   the License at http://www.apache.org/licenses/LICENSE-2.0 .
  18  */
  19
  20 #include <sal/config.h>
  21
  22 #include "akmngr.hxx"
  23
  24 #include <xmlsec/xmlsec.h>
  25 #include <xmlsec/keys.h>
  26 #include <xmlsec/keysmngr.h>
  27 #include <xmlsec/transforms.h>
  28 #include <xmlsec/errors.h>
  29
  30 #include <xmlsec/mscng/crypto.h>
  31 #include <xmlsec/mscng/keysstore.h>
  32 #include <xmlsec/mscng/x509.h>
  33 #include <svl/cryptosign.hxx>
  34
  35 namespace xmlsecurity
  36 {
  37
  38 /**
  39  * MSCryptoAppliedKeysMngrCreate:
  40  *
  41  * Create and load key store and certificate database into keys manager
  42  *
  43  * Returns keys manager pointer on success or NULL otherwise.
  44  */
  45 xmlSecKeysMngrPtr MSCryptoAppliedKeysMngrCreate()
  46 {
  47     xmlSecKeysMngrPtr        keyMngr = nullptr ;
  48     xmlSecKeyStorePtr        keyStore = nullptr ;
  49
  50     keyStore = xmlSecKeyStoreCreate(xmlSecMSCngKeysStoreId);
  51     if (keyStore == nullptr)
  52     {
  53         xmlSecError(XMLSEC_ERRORS_HERE,
  54                     nullptr,
  55                     "xmlSecKeyStoreCreate",
  56                     XMLSEC_ERRORS_R_XMLSEC_FAILED,
  57                     XMLSEC_ERRORS_NO_MESSAGE) ;
  58         return nullptr ;
  59     }
  60
  61     keyMngr = xmlSecKeysMngrCreate() ;
  62     if (keyMngr == nullptr)
  63     {
  64         xmlSecError(XMLSEC_ERRORS_HERE,
  65                     nullptr,
  66                     "xmlSecKeysMngrCreate",
  67                     XMLSEC_ERRORS_R_XMLSEC_FAILED,
  68                     XMLSEC_ERRORS_NO_MESSAGE) ;
  69
  70         xmlSecKeyStoreDestroy(keyStore) ;
  71         return nullptr ;
  72     }
  73
  74     /*-
  75      * Add key store to manager, from now on keys manager destroys the store if
  76      * needed
  77      */
  78     if (xmlSecKeysMngrAdoptKeysStore(keyMngr, keyStore) < 0)
  79     {
  80         xmlSecError(XMLSEC_ERRORS_HERE,
  81                     xmlSecErrorsSafeString(xmlSecKeyStoreGetName(keyStore)),
  82                     "xmlSecKeysMngrAdoptKeyStore",
  83                     XMLSEC_ERRORS_R_XMLSEC_FAILED,
  84                     XMLSEC_ERRORS_NO_MESSAGE) ;
  85
  86         xmlSecKeyStoreDestroy(keyStore) ;
  87         xmlSecKeysMngrDestroy(keyMngr) ;
  88         return nullptr ;
  89     }
  90
  91     /*-
  92      * Initialize crypto library specific data in keys manager
  93      */
  94     if (xmlSecMSCngKeysMngrInit(keyMngr) < 0)
  95     {
  96         xmlSecError(XMLSEC_ERRORS_HERE,
  97                     nullptr,
  98                     "xmlSecMSCngKeysMngrInit",
  99                     XMLSEC_ERRORS_R_XMLSEC_FAILED,
 100                     XMLSEC_ERRORS_NO_MESSAGE);
 101
 102         xmlSecKeysMngrDestroy(keyMngr);
 103         return nullptr;
 104     }
 105
 106     /*-
 107      * Set certificate database to X509 key data store
 108      */
 109     /*-
 110      * At present, MS Crypto engine do not provide a way to setup a cert store.
 111      */
 112
 113     /*-
 114      * Set the getKey callback
 115      */
 116     keyMngr->getKey = xmlSecKeysMngrGetKey ;
 117
 118     return keyMngr ;
 119 }
 120
 121 int
 122 MSCryptoAppliedKeysMngrAdoptKeyStore(
 123     xmlSecKeysMngrPtr    mngr,
 124     HCERTSTORE keyStore
 125 )
 126 {
 127     xmlSecKeyDataStorePtr x509Store ;
 128
 129     xmlSecAssert2(mngr != nullptr, -1) ;
 130     xmlSecAssert2(keyStore != nullptr, -1) ;
 131
 132     x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCngX509StoreId);
 133     if (x509Store == nullptr)
 134     {
 135         xmlSecError(XMLSEC_ERRORS_HERE,
 136                     nullptr,
 137                     "xmlSecKeysMngrGetDataStore",
 138                     XMLSEC_ERRORS_R_XMLSEC_FAILED,
 139                     XMLSEC_ERRORS_NO_MESSAGE) ;
 140         return -1 ;
 141     }
 142
 143     if (xmlSecMSCngX509StoreAdoptKeyStore(x509Store, keyStore) < 0)
 144     {
 145         xmlSecError(XMLSEC_ERRORS_HERE,
 146                     xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(x509Store)),
 147                     "xmlSecMSCngX509StoreAdoptKeyStore",
 148                     XMLSEC_ERRORS_R_XMLSEC_FAILED,
 149                     XMLSEC_ERRORS_NO_MESSAGE);
 150         return -1;
 151     }
 152
 153     return 0 ;
 154 }
 155
 156 int
 157 MSCryptoAppliedKeysMngrAdoptTrustedStore(
 158     xmlSecKeysMngrPtr    mngr,
 159     HCERTSTORE trustedStore
 160 )
 161 {
 162     xmlSecKeyDataStorePtr x509Store ;
 163
 164     xmlSecAssert2(mngr != nullptr, -1) ;
 165     xmlSecAssert2(trustedStore != nullptr, -1) ;
 166
 167     x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCngX509StoreId);
 168     if (x509Store == nullptr)
 169     {
 170         xmlSecError(XMLSEC_ERRORS_HERE,
 171                     nullptr,
 172                     "xmlSecKeysMngrGetDataStore",
 173                     XMLSEC_ERRORS_R_XMLSEC_FAILED,
 174                     XMLSEC_ERRORS_NO_MESSAGE) ;
 175         return -1 ;
 176     }
 177
 178     if (xmlSecMSCngX509StoreAdoptTrustedStore(x509Store, trustedStore) < 0)
 179     {
 180         xmlSecError(XMLSEC_ERRORS_HERE,
 181                     xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(x509Store)),
 182                     "xmlSecMSCngX509StoreAdoptKeyStore",
 183                     XMLSEC_ERRORS_R_XMLSEC_FAILED,
 184                     XMLSEC_ERRORS_NO_MESSAGE);
 185         return -1;
 186     }
 187
 188     return 0 ;
 189 }
 190
 191 int
 192 MSCryptoAppliedKeysMngrAdoptUntrustedStore(
 193     xmlSecKeysMngrPtr    mngr,
 194     HCERTSTORE untrustedStore
 195 )
 196 {
 197     xmlSecKeyDataStorePtr x509Store ;
 198
 199     xmlSecAssert2(mngr != nullptr, -1) ;
 200     xmlSecAssert2(untrustedStore != nullptr, -1) ;
 201
 202     x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCngX509StoreId);
 203     if (x509Store == nullptr)
 204     {
 205         xmlSecError(XMLSEC_ERRORS_HERE,
 206                     nullptr,
 207                     "xmlSecKeysMngrGetDataStore",
 208                     XMLSEC_ERRORS_R_XMLSEC_FAILED,
 209                     XMLSEC_ERRORS_NO_MESSAGE) ;
 210         return -1 ;
 211     }
 212
 213     if (xmlSecMSCngX509StoreAdoptUntrustedStore(x509Store, untrustedStore) < 0)
 214     {
 215         xmlSecError(XMLSEC_ERRORS_HERE,
 216                     xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(x509Store)),
 217                     "xmlSecMSCngX509StoreAdoptKeyStore",
 218                     XMLSEC_ERRORS_R_XMLSEC_FAILED,
 219                     XMLSEC_ERRORS_NO_MESSAGE);
 220         return -1;
 221     }
 222
 223     return 0 ;
 224 }
 225
 226 }
 227
 228 /* vim:set shiftwidth=4 softtabstop=4 expandtab cinoptions=b1,g0,N-s cinkeys+=0=break: */