diff options
author | Aleksey Sanin <aleksey@src.gnome.org> | 2003-04-29 23:43:56 +0000 |
---|---|---|
committer | Aleksey Sanin <aleksey@src.gnome.org> | 2003-04-29 23:43:56 +0000 |
commit | 83a01a9d3710131bc51a738615483bcf53526855 (patch) | |
tree | dada674b5d6e0b08118aa80ec373cf4acf9f5aef | |
parent | 472c62c7a1044b2756e3fe2384a2d6547a0d6315 (diff) | |
download | xmlsec1-83a01a9d3710131bc51a738615483bcf53526855.tar.gz xmlsec1-83a01a9d3710131bc51a738615483bcf53526855.tar.bz2 xmlsec1-83a01a9d3710131bc51a738615483bcf53526855.zip |
first XKMS implementation framework (disabled by default)
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | apps/xmlsec.c | 242 | ||||
-rw-r--r-- | configure.in | 84 | ||||
-rw-r--r-- | include/xmlsec/Makefile.am | 1 | ||||
-rw-r--r-- | include/xmlsec/strings.h | 9 | ||||
-rw-r--r-- | include/xmlsec/xkms.h | 77 | ||||
-rw-r--r-- | include/xmlsec/xmlsec.h | 4 | ||||
-rw-r--r-- | src/Makefile.am | 1 | ||||
-rw-r--r-- | src/strings.c | 9 | ||||
-rw-r--r-- | src/xkms.c | 261 |
10 files changed, 676 insertions, 19 deletions
@@ -1,3 +1,10 @@ +Tue Apr 29 16:37:18 2003 Aleksey Sanin <aleksey@aleksey.com> + + * configure.in include/xmlsec/Makefile.am include/xmlsec/strings.h + include/xmlsec/xkms.h include/xmlsec/xmlsec.h + src/Makefile.am src/strings.c src/xkms.c apps/xmlsec.c: first + XKMS framework (disabled by default) + Mon Apr 28 21:13:03 2003 Aleksey Sanin <aleksey@aleksey.com> * docs/download.html docs/index.html docs/news.html: preparing diff --git a/apps/xmlsec.c b/apps/xmlsec.c index e8befd21..cb4b3479 100644 --- a/apps/xmlsec.c +++ b/apps/xmlsec.c @@ -33,6 +33,7 @@ #include <xmlsec/transforms.h> #include <xmlsec/xmldsig.h> #include <xmlsec/xmlenc.h> +#include <xmlsec/xkms.h> #include <xmlsec/parser.h> #include <xmlsec/templates.h> #include <xmlsec/errors.h> @@ -71,6 +72,10 @@ static const char helpCommands2[] = " --encrypt " "\tencrypt data and output XML document\n" " --decrypt " "\tdecrypt data from XML document\n" #endif /* XMLSEC_NO_XMLENC */ +#ifndef XMLSEC_NO_XKMS + " --xkms-locate " "\tprocess data as XKMS locate key request\n" + " --xkms-validate ""\tprocess data as XKMS validate key request\n" +#endif /* XMLSEC_NO_XKMS */ ; static const char helpVersion[] = @@ -106,6 +111,14 @@ static const char helpDecrypt[] = "Usage: xmlsec decrypt [<options>] <file>\n" "Decrypts XML Encryption data in the <file>\n"; +static const char helpXkmsLocate[] = + "Usage: xmlsec xkms-locate [<options>] <file>\n" + "Processes the <file> as XKMS (XKISS) locate request and outputs the response\n"; + +static const char helpXkmsValidate[] = + "Usage: xmlsec xkms-validate [<options>] <file>\n" + "Processes the <file> as XKMS (XKISS) validate request and outputs the response\n"; + static const char helpListKeyData[] = "Usage: xmlsec list-key-data\n" "Prints the list of known key data klasses\n"; @@ -121,9 +134,10 @@ static const char helpListTransforms[] = #define xmlSecAppCmdLineTopicEncCommon 0x0010 #define xmlSecAppCmdLineTopicEncEncrypt 0x0020 #define xmlSecAppCmdLineTopicEncDecrypt 0x0040 -#define xmlSecAppCmdLineTopicKeysMngr 0x0080 -#define xmlSecAppCmdLineTopicX509Certs 0x0100 -#define xmlSecAppCmdLineTopicVersion 0x0200 +#define xmlSecAppCmdLineTopicXkmsCommon 0x0080 +#define xmlSecAppCmdLineTopicKeysMngr 0x1000 +#define xmlSecAppCmdLineTopicX509Certs 0x2000 +#define xmlSecAppCmdLineTopicVersion 0x4000 #define xmlSecAppCmdLineTopicAll 0xFFFF /**************************************************************** @@ -671,7 +685,9 @@ typedef enum { xmlSecAppCommandSignTmpl, xmlSecAppCommandEncrypt, xmlSecAppCommandDecrypt, - xmlSecAppCommandEncryptTmpl + xmlSecAppCommandEncryptTmpl, + xmlSecAppCommandXkmsLocate, + xmlSecAppCommandXkmsValidate } xmlSecAppCommand; typedef struct _xmlSecAppXmlData xmlSecAppXmlData, @@ -719,6 +735,13 @@ static int xmlSecAppPrepareEncCtx (xmlSecEncCtxPtr encCtx); static void xmlSecAppPrintEncCtx (xmlSecEncCtxPtr encCtx); #endif /* XMLSEC_NO_XMLENC */ +#ifndef XMLSEC_NO_XKMS +static int xmlSecAppXkmsLocate (const char* filename); +static int xmlSecAppXkmsValidate (const char* filename); +static int xmlSecAppPrepareXkmsCtx (xmlSecXkmsCtxPtr xkmsCtx); +static void xmlSecAppPrintXkmsCtx (xmlSecXkmsCtxPtr xkmsCtx); +#endif /* XMLSEC_NO_XKMS */ + static void xmlSecAppListKeyData (void); static void xmlSecAppListTransforms (void); @@ -882,6 +905,25 @@ int main(int argc, const char **argv) { break; #endif /* XMLSEC_NO_TMPL_TEST */ #endif /* XMLSEC_NO_XMLENC */ + +#ifndef XMLSEC_NO_XKMS + case xmlSecAppCommandXkmsLocate: + for(i = pos; i < argc; ++i) { + if(xmlSecAppXkmsLocate(argv[i]) < 0) { + fprintf(stderr, "Error: failed to process xkms locate request from file \"%s\"\n", argv[i]); + goto fail; + } + } + break; + case xmlSecAppCommandXkmsValidate: + for(i = pos; i < argc; ++i) { + if(xmlSecAppXkmsValidate(argv[i]) < 0) { + fprintf(stderr, "Error: failed to process xkms locate request from file \"%s\"\n", argv[i]); + goto fail; + } + } + break; +#endif /* XMLSEC_NO_XKMS */ default: fprintf(stderr, "Error: invalid command %d\n", command); xmlSecAppPrintUsage(); @@ -1565,6 +1607,175 @@ xmlSecAppPrintEncCtx(xmlSecEncCtxPtr encCtx) { #endif /* XMLSEC_NO_XMLENC */ +#ifndef XMLSEC_NO_XKMS +static int +xmlSecAppXkmsLocate(const char* filename) { + xmlSecAppXmlDataPtr data = NULL; + xmlSecXkmsCtx xkmsCtx; + clock_t start_time; + int res = -1; + + if(filename == NULL) { + return(-1); + } + + if(xmlSecXkmsCtxInitialize(&xkmsCtx, gKeysMngr) < 0) { + fprintf(stderr, "Error: xkms context initialization failed\n"); + return(-1); + } + if(xmlSecAppPrepareXkmsCtx(&xkmsCtx) < 0) { + fprintf(stderr, "Error: xkms context preparation failed\n"); + goto done; + } + + /* parse template and select start node */ + data = xmlSecAppXmlDataCreate(filename, xmlSecNodeLocateRequest, xmlSecXkmsNs); + if(data == NULL) { + fprintf(stderr, "Error: failed to load template \"%s\"\n", filename); + goto done; + } + + start_time = clock(); + +#ifdef TODO + if(xmlSecXkmsCtxLocate(&xkmsCtx, data->startNode) < 0) { + fprintf(stderr, "Error: failed to process locate request\n"); + goto done; + } +#endif /* TODO */ + total_time += clock() - start_time; + + /* print out result only once per execution */ +#ifdef TODO + if(repeats <= 1) { + if(xkmsCtx.resultReplaced) { + if(xmlSecAppWriteResult(data->doc, NULL) < 0) { + goto done; + } + } else { + if(xmlSecAppWriteResult(NULL, xkmsCtx.result) < 0) { + goto done; + } + } + } +#endif /* TODO */ + + res = 0; + +done: + /* print debug info if requested */ + if(repeats <= 1) { + xmlSecAppPrintXkmsCtx(&xkmsCtx); + } + xmlSecXkmsCtxFinalize(&xkmsCtx); + + if(data != NULL) { + xmlSecAppXmlDataDestroy(data); + } + return(res); +} + +static int +xmlSecAppXkmsValidate(const char* filename) { + xmlSecAppXmlDataPtr data = NULL; + xmlSecXkmsCtx xkmsCtx; + clock_t start_time; + int res = -1; + + if(filename == NULL) { + return(-1); + } + + if(xmlSecXkmsCtxInitialize(&xkmsCtx, gKeysMngr) < 0) { + fprintf(stderr, "Error: xkms context initialization failed\n"); + return(-1); + } + if(xmlSecAppPrepareXkmsCtx(&xkmsCtx) < 0) { + fprintf(stderr, "Error: xkms context preparation failed\n"); + goto done; + } + + /* parse template and select start node */ + data = xmlSecAppXmlDataCreate(filename, xmlSecNodeValidateRequest, xmlSecXkmsNs); + if(data == NULL) { + fprintf(stderr, "Error: failed to load template \"%s\"\n", filename); + goto done; + } + + start_time = clock(); + +#ifdef TODO + if(xmlSecXkmsCtxValidate(&xkmsCtx, data->startNode) < 0) { + fprintf(stderr, "Error: failed to process validate request\n"); + goto done; + } +#endif /* TODO */ + total_time += clock() - start_time; + + /* print out result only once per execution */ +#ifdef TODO + if(repeats <= 1) { + if(xkmsCtx.resultReplaced) { + if(xmlSecAppWriteResult(data->doc, NULL) < 0) { + goto done; + } + } else { + if(xmlSecAppWriteResult(NULL, xkmsCtx.result) < 0) { + goto done; + } + } + } +#endif /* TODO */ + + res = 0; + +done: + /* print debug info if requested */ + if(repeats <= 1) { + xmlSecAppPrintXkmsCtx(&xkmsCtx); + } + xmlSecXkmsCtxFinalize(&xkmsCtx); + + if(data != NULL) { + xmlSecAppXmlDataDestroy(data); + } + return(res); +} + +static int +xmlSecAppPrepareXkmsCtx(xmlSecXkmsCtxPtr xkmsCtx) { + if(xkmsCtx == NULL) { + fprintf(stderr, "Error: xkms context is null\n"); + return(-1); + } + + /* set key info params */ + if(xmlSecAppPrepareKeyInfoReadCtx(&(xkmsCtx->keyInfoReadCtx)) < 0) { + fprintf(stderr, "Error: failed to prepare key info context\n"); + return(-1); + } + + return(0); +} + +static void +xmlSecAppPrintXkmsCtx(xmlSecXkmsCtxPtr xkmsCtx) { + if(xkmsCtx == NULL) { + return; + } + + /* print debug info if requested */ + if((print_debug != 0) || xmlSecAppCmdLineParamIsSet(&printDebugParam)) { + xmlSecXkmsCtxDebugDump(xkmsCtx, stdout); + } + + if(xmlSecAppCmdLineParamIsSet(&printXmlDebugParam)) { + xmlSecXkmsCtxDebugXmlDump(xkmsCtx, stdout); + } +} + +#endif /* XMLSEC_NO_XKMS */ + static void xmlSecAppListKeyData(void) { fprintf(stdout, "Registered key data klasses:\n"); @@ -2155,6 +2366,23 @@ xmlSecAppParseCommand(const char* cmd, xmlSecAppCmdLineParamTopic* cmdLineTopics #endif /* XMLSEC_NO_TMPL_TEST */ #endif /* XMLSEC_NO_XMLENC */ +#ifndef XMLSEC_NO_XKMS + if((strcmp(cmd, "xkms-locate") == 0) || (strcmp(cmd, "--xkms-locate") == 0)) { + (*cmdLineTopics) = xmlSecAppCmdLineTopicGeneral | + xmlSecAppCmdLineTopicXkmsCommon | + xmlSecAppCmdLineTopicKeysMngr | + xmlSecAppCmdLineTopicX509Certs; + return(xmlSecAppCommandXkmsLocate); + } else + if((strcmp(cmd, "xkms-validate") == 0) || (strcmp(cmd, "--xkms-validate") == 0)) { + (*cmdLineTopics) = xmlSecAppCmdLineTopicGeneral | + xmlSecAppCmdLineTopicXkmsCommon | + xmlSecAppCmdLineTopicKeysMngr | + xmlSecAppCmdLineTopicX509Certs; + return(xmlSecAppCommandXkmsValidate); + } else +#endif /* XMLSEC_NO_XKMS */ + if(1) { (*cmdLineTopics) = 0; return(xmlSecAppCommandUnknown); @@ -2198,6 +2426,12 @@ xmlSecAppPrintHelp(xmlSecAppCommand command, xmlSecAppCmdLineParamTopic topics) case xmlSecAppCommandEncryptTmpl: fprintf(stdout, "%s\n", helpEncryptTmpl); break; + case xmlSecAppCommandXkmsLocate: + fprintf(stdout, "%s\n", helpXkmsLocate); + break; + case xmlSecAppCommandXkmsValidate: + fprintf(stdout, "%s\n", helpXkmsValidate); + break; } if(topics != 0) { fprintf(stdout, "Options:\n"); diff --git a/configure.in b/configure.in index 634630a3..dee05b3d 100644 --- a/configure.in +++ b/configure.in @@ -61,22 +61,22 @@ XMLSEC_DEFINES="" dnl ========================================================================== dnl Specific setup for Aleksey's development environment: +dnl - with xkms support (while in development) dnl - with debug dnl - with pedantic compiler flags dnl - with static binaries dnl ========================================================================== -XMLSEC_STATIC_BINARIES="" AC_MSG_CHECKING(for development environment) -AC_ARG_ENABLE(development, [ --enable-development enable development environment (no)]) +AC_ARG_ENABLE(development, [ --enable-development enable development environment (no)]) if test "$enable_development" = "yes" -o "${LOGNAME}" = "aleksey" ; then - dnl CFLAGS="$CFLAGS -pedantic -Wall -ansi -W -Wunused -Wimplicit -Wreturn-type -Wswitch -Wcomment -Wtrigraphs -Wformat -Wchar-subscripts -Wuninitialized -Wparentheses -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline -Wredundant-decls" - CFLAGS="$CFLAGS -g -O -pedantic -Wall -ansi -W -Wunused -Wimplicit -Wreturn-type -Wswitch -Wcomment -Wtrigraphs -Wformat -Wchar-subscripts -Wuninitialized -Wparentheses -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Waggregate-return -Wmissing-prototypes -Wnested-externs -Winline -Wredundant-decls" - XMLSEC_STATIC_BINARIES="-static" + enable_xkms="yes" + enable_debuging="yes" + enable_pedantic="yes" + enable_static_linking="yes" AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) fi -AC_SUBST(XMLSEC_STATIC_BINARIES) dnl ========================================================================== @@ -99,8 +99,8 @@ LIBXML_PREFIX="" LIBXML_CFLAG="" LIBXML_LIBS="" AC_MSG_CHECKING(for libxml2 libraries >= $LIBXML_MIN_VERSION) -AC_ARG_WITH(libxml, [ --with-libxml=[PFX] libxml2 location]) -if test "$with_libxml" = "no" ; then +AC_ARG_WITH(libxml, [ --with-libxml=[PFX] libxml2 location]) +if test "$with_libxml" = "no" ; then AC_MSG_ERROR(libxml2 is required for $PACKAGE) else if test "$with_libxml" != "" ; then @@ -141,7 +141,7 @@ LIBXSLT_PREFIX="" LIBXSLT_CFLAGS="" LIBXSLT_LIBS="" AC_MSG_CHECKING(for libxslt libraries >= $LIBXSLT_MIN_VERSION) -AC_ARG_WITH(libxslt, [ --with-libxslt=[PFX] libxslt location]) +AC_ARG_WITH(libxslt, [ --with-libxslt=[PFX] libxslt location]) if test "$with_libxslt" = "no" ; then LIBXSLT_WITHOUT="yes" XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_XSLT=1" @@ -207,7 +207,7 @@ OPENSSL_CFLAGS="" OPENSSL_LIBS="" OPENSSL_LDADDS="" AC_MSG_CHECKING(for openssl libraries >= $OPENSSL_MIN_VERSION) -AC_ARG_WITH(openssl, [ --with-openssl=[PFX] openssl location]) +AC_ARG_WITH(openssl, [ --with-openssl=[PFX] openssl location]) if test "$with_openssl" = "no" ; then OPENSSL_WITHOUT="yes" XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST openssl" @@ -320,7 +320,7 @@ GNUTLS_CFLAGS="" GNUTLS_LIBS="" GNUTLS_LDADDS="" AC_MSG_CHECKING(for gnutls libraries >= $GNUTLS_MIN_VERSION) -AC_ARG_WITH(gnutls, [ --with-gnutls=[PFX] gnutls location]) +AC_ARG_WITH(gnutls, [ --with-gnutls=[PFX] gnutls location]) if test "$with_gnutls" = "no" ; then GNUTLS_WITHOUT="yes" XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST gnutls" @@ -395,7 +395,7 @@ ac_mozilla_name=mozilla-$NSS_MIN_VERSION ac_nss_lib_dir="/usr/lib /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name" ac_nss_inc_dir="/usr/include /usr/local/include /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name" AC_MSG_CHECKING(for nss libraries >= $NSS_MIN_VERSION) -AC_ARG_WITH(nss, [ --with-nss=[PFX] nss location]) +AC_ARG_WITH(nss, [ --with-nss=[PFX] nss location]) if test "$with_nss" = "no" ; then NSS_WITHOUT="yes" XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST nss" @@ -636,6 +636,21 @@ fi AC_SUBST(XMLSEC_NO_XMLENC) dnl ========================================================================== +dnl See do we need XKMS suport +dnl ========================================================================== +AC_MSG_CHECKING(for XMKMS support) +AC_ARG_ENABLE(xkms, [ --enable-xkms enable XKMS support (no)]) +if test "$enable_xkms" = "yes" ; then + XMLSEC_NO_XKMS="0" + AC_MSG_RESULT(yes) +else + XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_XKMS=1" + XMLSEC_NO_XKMS="1" + AC_MSG_RESULT(no) +fi +AC_SUBST(XMLSEC_NO_XKMS) + +dnl ========================================================================== dnl See do we need Simple Keys Manager dnl ========================================================================== AC_MSG_CHECKING(for Simple Keys Manager testing) @@ -651,8 +666,8 @@ dnl ========================================================================== dnl See do we need templates tests dnl ========================================================================== AC_MSG_CHECKING(for templates testing) -AC_ARG_ENABLE(skm, [ --enable-tmpl-tests enable templates testing in xmlsec utility (yes)]) -if test "$enable_tmpl_tests" = "no" ; then +AC_ARG_ENABLE(skm, [ --enable-tmpl-tests enable templates testing in xmlsec utility (yes)]) +if test "$enable_tmpl_tests" = "yes" ; then XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_TMPL_TEST=1" AC_MSG_RESULT(no) else @@ -660,18 +675,57 @@ else fi dnl ========================================================================== +dnl Debug +dnl ========================================================================== +AC_MSG_CHECKING(for debuging) +AC_ARG_ENABLE(debuging, [ --enable-debuging enable debuging compilation flags (no)]) +if test "$enable_debuging" = "yes" ; then + CFLAGS="$CFLAGS -g" + AC_MSG_RESULT(yes) +else + AC_MSG_RESULT(no) +fi + +dnl ========================================================================== dnl Profiling dnl ========================================================================== AC_MSG_CHECKING(for profiling) -AC_ARG_ENABLE(profiling, [ --enable-profiling enable profiling compilation flags (no)]) +AC_ARG_ENABLE(profiling, [ --enable-profiling enable profiling compilation flags (no)]) if test "$enable_profiling" = "yes" ; then CFLAGS="$CFLAGS -pg" AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) +fi + +dnl ========================================================================== +dnl Pedantic compilation +dnl ========================================================================== +AC_MSG_CHECKING(for pedantic) +AC_ARG_ENABLE(pedantic, [ --enable-pedantic enable pedantic compilation flags (no)]) +if test "$enable_pedantic" = "yes" ; then + dnl CFLAGS="$CFLAGS -pedantic -Wall -ansi -W -Wunused -Wimplicit -Wreturn-type -Wswitch -Wcomment -Wtrigraphs -Wformat -Wchar-subscripts -Wuninitialized -Wparentheses -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline -Wredundant-decls" + CFLAGS="$CFLAGS -O -pedantic -Wall -ansi -W -Wunused -Wimplicit -Wreturn-type -Wswitch -Wcomment -Wtrigraphs -Wformat -Wchar-subscripts -Wuninitialized -Wparentheses -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Waggregate-return -Wmissing-prototypes -Wnested-externs -Winline -Wredundant-decls" + AC_MSG_RESULT(yes) +else + AC_MSG_RESULT(no) fi dnl ========================================================================== +dnl Static linking +dnl ========================================================================== +XMLSEC_STATIC_BINARIES="" +AC_MSG_CHECKING(for static linking) +AC_ARG_ENABLE(static_linking, [ --enable-static-linking enable static linking (no)]) +if test "$enable_static_linking" = "yes" ; then + XMLSEC_STATIC_BINARIES="-static" + AC_MSG_RESULT(yes) +else + AC_MSG_RESULT(no) +fi +AC_SUBST(XMLSEC_STATIC_BINARIES) + +dnl ========================================================================== dnl Final steps: xmlsec config dnl ========================================================================== XMLSEC_CFLAGS="$XMLSEC_DEFINES -I${includedir}/xmlsec1 $LIBXML_CFLAGS $LIBXSLT_CFLAGS $XMLSEC_CRYPTO_CFLAGS -DXMLSEC_CRYPTO=\"@XMLSEC_CRYPTO@\"" diff --git a/include/xmlsec/Makefile.am b/include/xmlsec/Makefile.am index 33126135..30cf405a 100644 --- a/include/xmlsec/Makefile.am +++ b/include/xmlsec/Makefile.am @@ -24,6 +24,7 @@ xmlsecinc_HEADERS = \ templates.h \ transforms.h \ version.h \ + xkms.h \ xmldsig.h \ xmlenc.h \ xmlsec.h \ diff --git a/include/xmlsec/strings.h b/include/xmlsec/strings.h index 4b4c5b9f..4ea42ea1 100644 --- a/include/xmlsec/strings.h +++ b/include/xmlsec/strings.h @@ -27,6 +27,7 @@ extern "C" { XMLSEC_EXPORT_VAR const xmlChar xmlSecNs[]; XMLSEC_EXPORT_VAR const xmlChar xmlSecDSigNs[]; XMLSEC_EXPORT_VAR const xmlChar xmlSecEncNs[]; +XMLSEC_EXPORT_VAR const xmlChar xmlSecXkmsNs[]; XMLSEC_EXPORT_VAR const xmlChar xmlSecXPathNs[]; XMLSEC_EXPORT_VAR const xmlChar xmlSecXPath2Ns[]; XMLSEC_EXPORT_VAR const xmlChar xmlSecXPointerNs[]; @@ -68,6 +69,14 @@ XMLSEC_EXPORT_VAR const xmlChar xmlSecTypeEncElement[]; /************************************************************************* * + * XKMS Nodes + * + ************************************************************************/ +XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeLocateRequest[]; +XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeValidateRequest[]; + +/************************************************************************* + * * KeyInfo and Transform Nodes * ************************************************************************/ diff --git a/include/xmlsec/xkms.h b/include/xmlsec/xkms.h new file mode 100644 index 00000000..fa07388d --- /dev/null +++ b/include/xmlsec/xkms.h @@ -0,0 +1,77 @@ +/** + * XML Security Library (http://www.aleksey.com/xmlsec). + * + * "XML Key Management Specification v 2.0" implementation + * http://www.w3.org/TR/xkms2/ + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyrigth (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + */ +#ifndef __XMLSEC_XKMS_H__ +#define __XMLSEC_XKMS_H__ + +#ifndef XMLSEC_NO_XKMS + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ +#include <stdio.h> + +#include <libxml/tree.h> +#include <libxml/parser.h> + +#include <xmlsec/xmlsec.h> +#include <xmlsec/buffer.h> +#include <xmlsec/keys.h> +#include <xmlsec/keysmngr.h> +#include <xmlsec/keyinfo.h> +#include <xmlsec/transforms.h> + +/** + * xmlSecXkmsCtx: + * @userData: the pointer to user data (xmlsec and xmlsec-crypto libraries + * never touches this). + * @flags: the XML Encryption processing flags. + * @flags2: the XML Encryption processing flags. + * @keyInfoReadCtx: the reading key context. + * @keyInfoWriteCtx: the writing key context (not used for signature verification). + * @reserved0: reserved for the future. + * @reserved1: reserved for the future. + * + * XKMS context. + */ +struct _xmlSecXkmsCtx { + /* these data user can set before performing the operation */ + void* userData; + unsigned int flags; + unsigned int flags2; + xmlSecKeyInfoCtx keyInfoReadCtx; + xmlSecKeyInfoCtx keyInfoWriteCtx; + + /* reserved for future */ + void* reserved0; + void* reserved1; +}; + +XMLSEC_EXPORT xmlSecXkmsCtxPtr xmlSecXkmsCtxCreate (xmlSecKeysMngrPtr keysMngr); +XMLSEC_EXPORT void xmlSecXkmsCtxDestroy (xmlSecXkmsCtxPtr xkmsCtx); +XMLSEC_EXPORT int xmlSecXkmsCtxInitialize (xmlSecXkmsCtxPtr xkmsCtx, + xmlSecKeysMngrPtr keysMngr); +XMLSEC_EXPORT void xmlSecXkmsCtxFinalize (xmlSecXkmsCtxPtr xkmsCtx); +XMLSEC_EXPORT int xmlSecXkmsCtxCopyUserPref (xmlSecXkmsCtxPtr dst, + xmlSecXkmsCtxPtr src); +XMLSEC_EXPORT void xmlSecXkmsCtxReset (xmlSecXkmsCtxPtr xkmsCtx); +XMLSEC_EXPORT void xmlSecXkmsCtxDebugDump (xmlSecXkmsCtxPtr xkmsCtx, + FILE* output); +XMLSEC_EXPORT void xmlSecXkmsCtxDebugXmlDump (xmlSecXkmsCtxPtr xkmsCtx, + FILE* output); +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif /* XMLSEC_NO_XKMS */ + +#endif /* __XMLSEC_XKMS_H__ */ + diff --git a/include/xmlsec/xmlsec.h b/include/xmlsec/xmlsec.h index 5455f945..3a01c932 100644 --- a/include/xmlsec/xmlsec.h +++ b/include/xmlsec/xmlsec.h @@ -76,6 +76,10 @@ typedef struct _xmlSecDSigCtx xmlSecDSigCtx, *xmlSecDSigCtxPtr; typedef struct _xmlSecEncCtx xmlSecEncCtx, *xmlSecEncCtxPtr; #endif /* XMLSEC_NO_XMLENC */ +#ifndef XMLSEC_NO_XKMS +typedef struct _xmlSecXkmsCtx xmlSecXkmsCtx, *xmlSecXkmsCtxPtr; +#endif /* XMLSEC_NO_XKMS */ + XMLSEC_EXPORT int xmlSecInit (void); XMLSEC_EXPORT int xmlSecShutdown (void); diff --git a/src/Makefile.am b/src/Makefile.am index 5c0c5f04..48adafba 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -38,6 +38,7 @@ libxmlsec1_la_SOURCES =\ strings.c \ templates.c \ transforms.c \ + xkms.c \ xmldsig.c \ xmlenc.c \ xmlsec.c \ diff --git a/src/strings.c b/src/strings.c index dc01f7bf..8f7347b0 100644 --- a/src/strings.c +++ b/src/strings.c @@ -22,6 +22,7 @@ const xmlChar xmlSecNs[] = "http://www.aleksey.com/xmlsec/2002"; const xmlChar xmlSecDSigNs[] = "http://www.w3.org/2000/09/xmldsig#"; const xmlChar xmlSecEncNs[] = "http://www.w3.org/2001/04/xmlenc#"; +const xmlChar xmlSecXkmsNs[] = "http://www.w3.org/2002/03/xkms#"; const xmlChar xmlSecXPathNs[] = "http://www.w3.org/TR/1999/REC-xpath-19991116"; const xmlChar xmlSecXPath2Ns[] = "http://www.w3.org/2002/06/xmldsig-filter2"; const xmlChar xmlSecXPointerNs[] = "http://www.w3.org/2001/04/xmldsig-more/xptr"; @@ -62,6 +63,14 @@ const xmlChar xmlSecTypeEncElement[] = "http://www.w3.org/2001/04/xmlenc#Elemen /************************************************************************* * + * XKMS Nodes + * + ************************************************************************/ +const xmlChar xmlSecNodeLocateRequest[] = "LocateRequest"; +const xmlChar xmlSecNodeValidateRequest[] = "ValidateRequest"; + +/************************************************************************* + * * KeyInfo Nodes * ************************************************************************/ diff --git a/src/xkms.c b/src/xkms.c new file mode 100644 index 00000000..72329e3c --- /dev/null +++ b/src/xkms.c @@ -0,0 +1,261 @@ +/** + * XML Security Library (http://www.aleksey.com/xmlsec). + * + * "XML Key Management Specification v 2.0" implementation + * http://www.w3.org/TR/xkms2/ + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyrigth (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + */ +#include "globals.h" + +#ifndef XMLSEC_NO_XKMS + +#include <stdlib.h> +#include <stdio.h> +#include <string.h> + +#include <libxml/tree.h> +#include <libxml/parser.h> + +#include <xmlsec/xmlsec.h> +#include <xmlsec/buffer.h> +#include <xmlsec/xmltree.h> +#include <xmlsec/keys.h> +#include <xmlsec/keysmngr.h> +#include <xmlsec/transforms.h> +#include <xmlsec/keyinfo.h> +#include <xmlsec/xkms.h> +#include <xmlsec/errors.h> + +/* The ID attribute in XKMS is 'Id' */ +static const xmlChar* xmlSecXkmsIds[] = { BAD_CAST "Id", NULL }; + + +/** + * xmlSecXkmsCtxCreate: + * @keysMngr: the pointer to keys manager. + * + * Creates XKMS processing context. + * The caller is responsible for destroying returend object by calling + * #xmlSecXkmsCtxDestroy function. + * + * Returns pointer to newly allocated context object or NULL if an error + * occurs. + */ +xmlSecXkmsCtxPtr +xmlSecXkmsCtxCreate(xmlSecKeysMngrPtr keysMngr) { + xmlSecXkmsCtxPtr xkmsCtx; + int ret; + + xkmsCtx = (xmlSecXkmsCtxPtr) xmlMalloc(sizeof(xmlSecXkmsCtx)); + if(xkmsCtx == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + NULL, + XMLSEC_ERRORS_R_MALLOC_FAILED, + "sizeof(xmlSecXkmsCtx)=%d", + sizeof(xmlSecXkmsCtx)); + return(NULL); + } + + ret = xmlSecXkmsCtxInitialize(xkmsCtx, keysMngr); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecXkmsCtxInitialize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXkmsCtxDestroy(xkmsCtx); + return(NULL); + } + return(xkmsCtx); +} + +/** + * xmlSecXkmsCtxDestroy: + * @xkmsCtx: the pointer to XKMS processing context. + * + * Destroy context object created with #xmlSecXkmsCtxCreate function. + */ +void +xmlSecXkmsCtxDestroy(xmlSecXkmsCtxPtr xkmsCtx) { + xmlSecAssert(xkmsCtx != NULL); + + xmlSecXkmsCtxFinalize(xkmsCtx); + xmlFree(xkmsCtx); +} + +/** + * xmlSecXkmsCtxInitialize: + * @xkmsCtx: the pointer to XKMS processing context. + * @keysMngr: the pointer to keys manager. + * + * Initializes XKMS element processing context. + * The caller is responsible for cleaing up returend object by calling + * #xmlSecXkmsCtxFinalize function. + * + * Returns 0 on success or a negative value if an error occurs. + */ +int +xmlSecXkmsCtxInitialize(xmlSecXkmsCtxPtr xkmsCtx, xmlSecKeysMngrPtr keysMngr) { + int ret; + + xmlSecAssert2(xkmsCtx != NULL, -1); + + memset(xkmsCtx, 0, sizeof(xmlSecXkmsCtx)); + + /* initialize key info */ + ret = xmlSecKeyInfoCtxInitialize(&(xkmsCtx->keyInfoReadCtx), keysMngr); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecKeyInfoCtxInitialize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + xkmsCtx->keyInfoReadCtx.mode = xmlSecKeyInfoModeRead; + + ret = xmlSecKeyInfoCtxInitialize(&(xkmsCtx->keyInfoWriteCtx), keysMngr); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecKeyInfoCtxInitialize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + xkmsCtx->keyInfoWriteCtx.mode = xmlSecKeyInfoModeWrite; + + return(0); +} + +/** + * xmlSecXkmsCtxFinalize: + * @xkmsCtx: the pointer to XKMS processing context. + * + * Cleans up @xkmsCtx object. + */ +void +xmlSecXkmsCtxFinalize(xmlSecXkmsCtxPtr xkmsCtx) { + xmlSecAssert(xkmsCtx != NULL); + + xmlSecXkmsCtxReset(xkmsCtx); + + xmlSecKeyInfoCtxFinalize(&(xkmsCtx->keyInfoReadCtx)); + xmlSecKeyInfoCtxFinalize(&(xkmsCtx->keyInfoWriteCtx)); + + memset(xkmsCtx, 0, sizeof(xmlSecXkmsCtx)); +} + +/** + * xmlSecXkmsCtxReset: + * @xkmsCtx: the pointer to XKMS processing context. + * + * Resets @xkmsCtx object, user settings are not touched. + */ +void +xmlSecXkmsCtxReset(xmlSecXkmsCtxPtr xkmsCtx) { + xmlSecAssert(xkmsCtx != NULL); + + xmlSecKeyInfoCtxReset(&(xkmsCtx->keyInfoReadCtx)); + xmlSecKeyInfoCtxReset(&(xkmsCtx->keyInfoWriteCtx)); +} + +/** + * xmlSecXkmsCtxCopyUserPref: + * @dst: the pointer to destination context. + * @src: the pointer to source context. + * + * Copies user preference from @src context to @dst. + * + * Returns 0 on success or a negative value if an error occurs. + */ +int +xmlSecXkmsCtxCopyUserPref(xmlSecXkmsCtxPtr dst, xmlSecXkmsCtxPtr src) { + int ret; + + xmlSecAssert2(dst != NULL, -1); + xmlSecAssert2(src != NULL, -1); + + dst->userData = src->userData; + dst->flags = src->flags; + dst->flags2 = src->flags2; + + ret = xmlSecKeyInfoCtxCopyUserPref(&(dst->keyInfoReadCtx), &(src->keyInfoReadCtx)); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecKeyInfoCtxCopyUserPref", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + ret = xmlSecKeyInfoCtxCopyUserPref(&(dst->keyInfoWriteCtx), &(src->keyInfoWriteCtx)); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecKeyInfoCtxCopyUserPref", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + return(0); +} + +/** + * xmlSecXkmsCtxDebugDump: + * @xkmsCtx: the pointer to XKMS processing context. + * @output: the pointer to output FILE. + * + * Prints the debug information about @xkmsCtx to @output. + */ +void +xmlSecXkmsCtxDebugDump(xmlSecXkmsCtxPtr xkmsCtx, FILE* output) { + xmlSecAssert(xkmsCtx != NULL); + + fprintf(output, "= XKMS CONTEXT\n"); + fprintf(output, "== flags: 0x%08x\n", xkmsCtx->flags); + fprintf(output, "== flags2: 0x%08x\n", xkmsCtx->flags2); + + fprintf(output, "== Key Info Read Ctx:\n"); + xmlSecKeyInfoCtxDebugDump(&(xkmsCtx->keyInfoReadCtx), output); + + fprintf(output, "== Key Info Write Ctx:\n"); + xmlSecKeyInfoCtxDebugDump(&(xkmsCtx->keyInfoWriteCtx), output); +} + +/** + * xmlSecXkmsCtxDebugXmlDump: + * @xkmsCtx: the pointer to XKMS processing context. + * @output: the pointer to output FILE. + * + * Prints the debug information about @xkmsCtx to @output in XML format. + */ +void +xmlSecXkmsCtxDebugXmlDump(xmlSecXkmsCtxPtr xkmsCtx, FILE* output) { + xmlSecAssert(xkmsCtx != NULL); + + fprintf(output, "<DataEncryptionContext>\n"); + fprintf(output, "<Flags>%08x</Flags>\n", xkmsCtx->flags); + fprintf(output, "<Flags2>%08x</Flags2>\n", xkmsCtx->flags2); + + fprintf(output, "<KeyInfoReadCtx>\n"); + xmlSecKeyInfoCtxDebugXmlDump(&(xkmsCtx->keyInfoReadCtx), output); + fprintf(output, "</KeyInfoReadCtx>\n"); + + fprintf(output, "<KeyInfoWriteCtx>\n"); + xmlSecKeyInfoCtxDebugXmlDump(&(xkmsCtx->keyInfoWriteCtx), output); + fprintf(output, "</KeyInfoWriteCtx>\n"); + + + fprintf(output, "</DataEncryptionContext>\n"); +} + +#endif /* XMLSEC_NO_XKMS */ + |