bump product version to 4.1.6.2
[LibreOffice.git] / libxmlsec / src / akmngr_nss.c
blob0eddf86ef931498456e1400e14e551492075e6a4
1 /**
2 * XMLSec library
4 * This is free software; see Copyright file in the source
5 * distribution for preciese wording.
7 * Copyright.........................
8 */
9 #include "globals.h"
11 #include <nspr.h>
12 #include <nss.h>
13 #include <pk11func.h>
14 #include <cert.h>
15 #include <keyhi.h>
17 #include <xmlsec/xmlsec.h>
18 #include <xmlsec/keys.h>
19 #include <xmlsec/transforms.h>
20 #include <xmlsec/errors.h>
22 #include <xmlsec/nss/crypto.h>
23 #include <xmlsec/nss/tokens.h>
24 #include <xmlsec/nss/akmngr.h>
25 #include <xmlsec/nss/pkikeys.h>
26 #include <xmlsec/nss/ciphers.h>
27 #include <xmlsec/nss/keysstore.h>
29 /**
30 * xmlSecNssAppliedKeysMngrCreate:
31 * @slot: array of pointers to NSS PKCS#11 slot information.
32 * @cSlots: number of slots in the array
33 * @handler: the pointer to NSS certificate database.
35 * Create and load NSS crypto slot and certificate database into keys manager
37 * Returns keys manager pointer on success or NULL otherwise.
39 xmlSecKeysMngrPtr
40 xmlSecNssAppliedKeysMngrCreate(
41 PK11SlotInfo** slots,
42 int cSlots,
43 CERTCertDBHandle* handler
44 ) {
45 xmlSecKeyDataStorePtr certStore = NULL ;
46 xmlSecKeysMngrPtr keyMngr = NULL ;
47 xmlSecKeyStorePtr keyStore = NULL ;
48 int islot = 0;
49 keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ;
50 if( keyStore == NULL ) {
51 xmlSecError( XMLSEC_ERRORS_HERE ,
52 NULL ,
53 "xmlSecKeyStoreCreate" ,
54 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
55 XMLSEC_ERRORS_NO_MESSAGE ) ;
56 return NULL ;
59 for (islot = 0; islot < cSlots; islot++)
61 xmlSecNssKeySlotPtr keySlot ;
63 /* Create a key slot */
64 keySlot = xmlSecNssKeySlotCreate() ;
65 if( keySlot == NULL ) {
66 xmlSecError( XMLSEC_ERRORS_HERE ,
67 xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
68 "xmlSecNssKeySlotCreate" ,
69 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
70 XMLSEC_ERRORS_NO_MESSAGE ) ;
72 xmlSecKeyStoreDestroy( keyStore ) ;
73 return NULL ;
76 /* Set slot */
77 if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) {
78 xmlSecError( XMLSEC_ERRORS_HERE ,
79 xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
80 "xmlSecNssKeySlotSetSlot" ,
81 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
82 XMLSEC_ERRORS_NO_MESSAGE ) ;
84 xmlSecKeyStoreDestroy( keyStore ) ;
85 xmlSecNssKeySlotDestroy( keySlot ) ;
86 return NULL ;
89 /* Adopt keySlot */
90 if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) {
91 xmlSecError( XMLSEC_ERRORS_HERE ,
92 xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
93 "xmlSecNssKeysStoreAdoptKeySlot" ,
94 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
95 XMLSEC_ERRORS_NO_MESSAGE ) ;
97 xmlSecKeyStoreDestroy( keyStore ) ;
98 xmlSecNssKeySlotDestroy( keySlot ) ;
99 return NULL ;
103 keyMngr = xmlSecKeysMngrCreate() ;
104 if( keyMngr == NULL ) {
105 xmlSecError( XMLSEC_ERRORS_HERE ,
106 NULL ,
107 "xmlSecKeysMngrCreate" ,
108 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
109 XMLSEC_ERRORS_NO_MESSAGE ) ;
111 xmlSecKeyStoreDestroy( keyStore ) ;
112 return NULL ;
116 * Add key store to manager, from now on keys manager destroys the store if
117 * needed
119 if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
120 xmlSecError( XMLSEC_ERRORS_HERE ,
121 xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
122 "xmlSecKeysMngrAdoptKeyStore" ,
123 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
124 XMLSEC_ERRORS_NO_MESSAGE ) ;
126 xmlSecKeyStoreDestroy( keyStore ) ;
127 xmlSecKeysMngrDestroy( keyMngr ) ;
128 return NULL ;
132 * Initialize crypto library specific data in keys manager
134 if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) {
135 xmlSecError( XMLSEC_ERRORS_HERE ,
136 NULL ,
137 "xmlSecKeysMngrCreate" ,
138 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
139 XMLSEC_ERRORS_NO_MESSAGE ) ;
141 xmlSecKeysMngrDestroy( keyMngr ) ;
142 return NULL ;
146 * Set certificate databse to X509 key data store
149 * Because Tej's implementation of certDB use the default DB, so I ignore
150 * the certDB handler at present. I'll modify the cert store sources to
151 * accept particular certDB instead of default ones.
152 certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ;
153 if( certStore == NULL ) {
154 xmlSecError( XMLSEC_ERRORS_HERE ,
155 xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
156 "xmlSecKeysMngrGetDataStore" ,
157 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
158 XMLSEC_ERRORS_NO_MESSAGE ) ;
160 xmlSecKeysMngrDestroy( keyMngr ) ;
161 return NULL ;
164 if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) {
165 xmlSecError( XMLSEC_ERRORS_HERE ,
166 xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
167 "xmlSecNssKeyDataStoreX509SetCertDb" ,
168 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
169 XMLSEC_ERRORS_NO_MESSAGE ) ;
171 xmlSecKeysMngrDestroy( keyMngr ) ;
172 return NULL ;
177 * Set the getKey callback
179 keyMngr->getKey = xmlSecKeysMngrGetKey ;
181 return keyMngr ;
185 xmlSecNssAppliedKeysMngrSymKeyLoad(
186 xmlSecKeysMngrPtr mngr ,
187 PK11SymKey* symKey
189 xmlSecKeyPtr key ;
190 xmlSecKeyDataPtr data ;
191 xmlSecKeyStorePtr keyStore ;
193 xmlSecAssert2( mngr != NULL , -1 ) ;
194 xmlSecAssert2( symKey != NULL , -1 ) ;
196 keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
197 if( keyStore == NULL ) {
198 xmlSecError( XMLSEC_ERRORS_HERE ,
199 NULL ,
200 "xmlSecKeysMngrGetKeysStore" ,
201 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
202 XMLSEC_ERRORS_NO_MESSAGE ) ;
203 return(-1) ;
205 xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
207 data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ;
208 if( data == NULL ) {
209 xmlSecError( XMLSEC_ERRORS_HERE ,
210 NULL ,
211 "xmlSecNssSymKeyDataKeyAdopt" ,
212 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
213 XMLSEC_ERRORS_NO_MESSAGE ) ;
214 return(-1) ;
217 key = xmlSecKeyCreate() ;
218 if( key == NULL ) {
219 xmlSecError( XMLSEC_ERRORS_HERE ,
220 NULL ,
221 "xmlSecNssSymKeyDataKeyAdopt" ,
222 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
223 XMLSEC_ERRORS_NO_MESSAGE ) ;
224 xmlSecKeyDataDestroy( data ) ;
225 return(-1) ;
228 if( xmlSecKeySetValue( key , data ) < 0 ) {
229 xmlSecError( XMLSEC_ERRORS_HERE ,
230 NULL ,
231 "xmlSecNssSymKeyDataKeyAdopt" ,
232 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
233 XMLSEC_ERRORS_NO_MESSAGE ) ;
234 xmlSecKeyDataDestroy( data ) ;
235 return(-1) ;
238 if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
239 xmlSecError( XMLSEC_ERRORS_HERE ,
240 NULL ,
241 "xmlSecNssSymKeyDataKeyAdopt" ,
242 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
243 XMLSEC_ERRORS_NO_MESSAGE ) ;
244 xmlSecKeyDestroy( key ) ;
245 return(-1) ;
248 return(0) ;
252 xmlSecNssAppliedKeysMngrPubKeyLoad(
253 xmlSecKeysMngrPtr mngr ,
254 SECKEYPublicKey* pubKey
256 xmlSecKeyPtr key ;
257 xmlSecKeyDataPtr data ;
258 xmlSecKeyStorePtr keyStore ;
260 xmlSecAssert2( mngr != NULL , -1 ) ;
261 xmlSecAssert2( pubKey != NULL , -1 ) ;
263 keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
264 if( keyStore == NULL ) {
265 xmlSecError( XMLSEC_ERRORS_HERE ,
266 NULL ,
267 "xmlSecKeysMngrGetKeysStore" ,
268 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
269 XMLSEC_ERRORS_NO_MESSAGE ) ;
270 return(-1) ;
272 xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
274 data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
275 if( data == NULL ) {
276 xmlSecError( XMLSEC_ERRORS_HERE ,
277 NULL ,
278 "xmlSecNssPKIAdoptKey" ,
279 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
280 XMLSEC_ERRORS_NO_MESSAGE ) ;
281 return(-1) ;
284 key = xmlSecKeyCreate() ;
285 if( key == NULL ) {
286 xmlSecError( XMLSEC_ERRORS_HERE ,
287 NULL ,
288 "xmlSecNssSymKeyDataKeyAdopt" ,
289 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
290 XMLSEC_ERRORS_NO_MESSAGE ) ;
291 xmlSecKeyDataDestroy( data ) ;
292 return(-1) ;
295 if( xmlSecKeySetValue( key , data ) < 0 ) {
296 xmlSecError( XMLSEC_ERRORS_HERE ,
297 NULL ,
298 "xmlSecNssSymKeyDataKeyAdopt" ,
299 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
300 XMLSEC_ERRORS_NO_MESSAGE ) ;
301 xmlSecKeyDataDestroy( data ) ;
302 return(-1) ;
305 if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
306 xmlSecError( XMLSEC_ERRORS_HERE ,
307 NULL ,
308 "xmlSecNssSymKeyDataKeyAdopt" ,
309 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
310 XMLSEC_ERRORS_NO_MESSAGE ) ;
311 xmlSecKeyDestroy( key ) ;
312 return(-1) ;
315 return(0) ;
319 xmlSecNssAppliedKeysMngrPriKeyLoad(
320 xmlSecKeysMngrPtr mngr ,
321 SECKEYPrivateKey* priKey
323 xmlSecKeyPtr key ;
324 xmlSecKeyDataPtr data ;
325 xmlSecKeyStorePtr keyStore ;
327 xmlSecAssert2( mngr != NULL , -1 ) ;
328 xmlSecAssert2( priKey != NULL , -1 ) ;
330 keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
331 if( keyStore == NULL ) {
332 xmlSecError( XMLSEC_ERRORS_HERE ,
333 NULL ,
334 "xmlSecKeysMngrGetKeysStore" ,
335 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
336 XMLSEC_ERRORS_NO_MESSAGE ) ;
337 return(-1) ;
339 xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
341 data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
342 if( data == NULL ) {
343 xmlSecError( XMLSEC_ERRORS_HERE ,
344 NULL ,
345 "xmlSecNssPKIAdoptKey" ,
346 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
347 XMLSEC_ERRORS_NO_MESSAGE ) ;
348 return(-1) ;
351 key = xmlSecKeyCreate() ;
352 if( key == NULL ) {
353 xmlSecError( XMLSEC_ERRORS_HERE ,
354 NULL ,
355 "xmlSecNssSymKeyDataKeyAdopt" ,
356 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
357 XMLSEC_ERRORS_NO_MESSAGE ) ;
358 xmlSecKeyDataDestroy( data ) ;
359 return(-1) ;
362 if( xmlSecKeySetValue( key , data ) < 0 ) {
363 xmlSecError( XMLSEC_ERRORS_HERE ,
364 NULL ,
365 "xmlSecNssSymKeyDataKeyAdopt" ,
366 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
367 XMLSEC_ERRORS_NO_MESSAGE ) ;
368 xmlSecKeyDataDestroy( data ) ;
369 return(-1) ;
372 if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
373 xmlSecError( XMLSEC_ERRORS_HERE ,
374 NULL ,
375 "xmlSecNssSymKeyDataKeyAdopt" ,
376 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
377 XMLSEC_ERRORS_NO_MESSAGE ) ;
378 xmlSecKeyDestroy( key ) ;
379 return(-1) ;
382 return(0) ;