diff options
Diffstat (limited to 'src/gnutls/x509.c')
-rw-r--r-- | src/gnutls/x509.c | 705 |
1 files changed, 241 insertions, 464 deletions
diff --git a/src/gnutls/x509.c b/src/gnutls/x509.c index d043bc72..d9503d34 100644 --- a/src/gnutls/x509.c +++ b/src/gnutls/x509.c @@ -1,7 +1,6 @@ -/** - * XMLSec library - * - * X509 support + +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * * * This is free software; see Copyright file in the source @@ -9,6 +8,13 @@ * * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:x509 + * @Short_description: X509 certificates implementation for GnuTLS. + * @Stability: Stable + * + */ + #include "globals.h" #ifndef XMLSEC_NO_X509 @@ -328,11 +334,8 @@ xmlSecGnuTLSKeyDataX509AdoptCert(xmlSecKeyDataPtr data, gnutls_x509_crt_t cert) ret = xmlSecPtrListAdd(&(ctx->certsList), cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecPtrListAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListAdd", + xmlSecKeyDataGetName(data)); return(-1); } @@ -403,11 +406,8 @@ xmlSecGnuTLSKeyDataX509AdoptCrl(xmlSecKeyDataPtr data, gnutls_x509_crl_t crl) { ret = xmlSecPtrListAdd(&(ctx->crlsList), crl); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecPtrListAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListAdd", + xmlSecKeyDataGetName(data)); return(-1); } @@ -471,21 +471,15 @@ xmlSecGnuTLSKeyDataX509Initialize(xmlSecKeyDataPtr data) { ret = xmlSecPtrListInitialize(&(ctx->certsList), xmlSecGnuTLSX509CrtListId); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecPtrListInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "certsList"); + xmlSecInternalError("xmlSecPtrListInitialize(certsList)", + xmlSecKeyDataGetName(data)); return(-1); } ret = xmlSecPtrListInitialize(&(ctx->crlsList), xmlSecGnuTLSX509CrlListId); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecPtrListInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "crlsList"); + xmlSecInternalError("xmlSecPtrListInitialize(crlsList)", + xmlSecKeyDataGetName(data)); return(-1); } @@ -514,11 +508,8 @@ xmlSecGnuTLSKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { if(ctxSrc->keyCert != NULL) { ctxDst->keyCert = xmlSecGnuTLSX509CertDup(ctxSrc->keyCert); if(ctxDst->keyCert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)), - "xmlSecGnuTLSX509CertDup", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertDup", + xmlSecKeyDataGetName(src)); return(-1); } } @@ -527,11 +518,8 @@ xmlSecGnuTLSKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { xmlSecPtrListEmpty(&(ctxDst->certsList)); ret = xmlSecPtrListCopy(&(ctxDst->certsList), &(ctxSrc->certsList)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)), - "xmlSecPtrListCopy", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "certsList"); + xmlSecInternalError("xmlSecPtrListCopy(certsList)", + xmlSecKeyDataGetName(src)); return(-1); } @@ -539,13 +527,11 @@ xmlSecGnuTLSKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { xmlSecPtrListEmpty(&(ctxDst->crlsList)); ret = xmlSecPtrListCopy(&(ctxDst->crlsList), &(ctxSrc->crlsList)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)), - "xmlSecPtrListCopy", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "crlsList"); + xmlSecInternalError("xmlSecPtrListCopy(crlsList)", + xmlSecKeyDataGetName(src)); return(-1); } + /* done */ return(0); } @@ -580,34 +566,23 @@ xmlSecGnuTLSKeyDataX509XmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, data = xmlSecKeyEnsureData(key, id); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyEnsureData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyEnsureData", + xmlSecKeyDataKlassGetName(id)); return(-1); } ret = xmlSecGnuTLSX509DataNodeRead(data, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGnuTLSX509DataNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509DataNodeRead", + xmlSecKeyDataKlassGetName(id)); return(-1); } - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS) == 0) { - ret = xmlSecGnuTLSKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGnuTLSKeyDataX509VerifyAndExtractKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } + ret = xmlSecGnuTLSKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecGnuTLSKeyDataX509VerifyAndExtractKey", + xmlSecKeyDataKlassGetName(id)); + return(-1); } return(0); } @@ -627,13 +602,11 @@ xmlSecGnuTLSKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlSecAssert2(node != NULL, -1); xmlSecAssert2(keyInfoCtx != NULL, -1); - content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx); + content = xmlSecX509DataGetNodeContent (node, keyInfoCtx); if (content < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecX509DataGetNodeContent", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "content=%d", content); + xmlSecInternalError2("xmlSecX509DataGetNodeContent", + xmlSecKeyDataKlassGetName(id), + "content=%d", content); return(-1); } else if(content == 0) { /* by default we are writing certificates and crls */ @@ -652,22 +625,18 @@ xmlSecGnuTLSKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, for(pos = 0; pos < size; ++pos) { cert = xmlSecGnuTLSKeyDataX509GetCert(data, pos); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGnuTLSKeyDataX509GetCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecGnuTLSKeyDataX509GetCert", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) { ret = xmlSecGnuTLSX509CertificateNodeWrite(cert, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGnuTLSX509CertificateNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecGnuTLSX509CertificateNodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -675,11 +644,9 @@ xmlSecGnuTLSKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) { ret = xmlSecGnuTLSX509SubjectNameNodeWrite(cert, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGnuTLSX509SubjectNameNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecGnuTLSX509SubjectNameNodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -687,11 +654,9 @@ xmlSecGnuTLSKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) { ret = xmlSecGnuTLSX509IssuerSerialNodeWrite(cert, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGnuTLSX509IssuerSerialNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecGnuTLSX509IssuerSerialNodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -699,11 +664,9 @@ xmlSecGnuTLSKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, if((content & XMLSEC_X509DATA_SKI_NODE) != 0) { ret = xmlSecGnuTLSX509SKINodeWrite(cert, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGnuTLSX509SKINodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecGnuTLSX509SKINodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -715,21 +678,17 @@ xmlSecGnuTLSKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, for(pos = 0; pos < size; ++pos) { crl = xmlSecGnuTLSKeyDataX509GetCrl(data, pos); if(crl == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGnuTLSKeyDataX509GetCrl", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecGnuTLSKeyDataX509GetCrl", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } ret = xmlSecGnuTLSX509CRLNodeWrite(crl, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGnuTLSX509CRLNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecGnuTLSX509CRLNodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -783,11 +742,9 @@ xmlSecGnuTLSKeyDataX509DebugDump(xmlSecKeyDataPtr data, FILE* output) { cert = xmlSecGnuTLSKeyDataX509GetCert(data, pos); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSKeyDataX509GetCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecGnuTLSKeyDataX509GetCert", + xmlSecKeyDataGetName(data), + "pos=%d", pos); return; } fprintf(output, "==== Certificate:\n"); @@ -801,11 +758,9 @@ xmlSecGnuTLSKeyDataX509DebugDump(xmlSecKeyDataPtr data, FILE* output) { crl = xmlSecGnuTLSKeyDataX509GetCrl(data, pos); if(crl == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSKeyDataX509GetCrl", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecGnuTLSKeyDataX509GetCrl", + xmlSecKeyDataGetName(data), + "pos=%d", pos); return; } fprintf(output, "==== Crl:\n"); @@ -841,11 +796,9 @@ xmlSecGnuTLSKeyDataX509DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { cert = xmlSecGnuTLSKeyDataX509GetCert(data, pos); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSKeyDataX509GetCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecGnuTLSKeyDataX509GetCert", + xmlSecKeyDataGetName(data), + "pos=%d", pos); return; } fprintf(output, "<Certificate>\n"); @@ -860,11 +813,9 @@ xmlSecGnuTLSKeyDataX509DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { crl = xmlSecGnuTLSKeyDataX509GetCrl(data, pos); if(crl == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSKeyDataX509GetCrl", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecGnuTLSKeyDataX509GetCrl", + xmlSecKeyDataGetName(data), + "pos=%d", pos); return; } fprintf(output, "<CRL>\n"); @@ -892,29 +843,42 @@ xmlSecGnuTLSX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyIn ret = 0; if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) { ret = xmlSecGnuTLSX509CertificateNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecGnuTLSX509CertificateNodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) { ret = xmlSecGnuTLSX509SubjectNameNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecGnuTLSX509SubjectNameNodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) { ret = xmlSecGnuTLSX509IssuerSerialNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecGnuTLSX509IssuerSerialNodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) { ret = xmlSecGnuTLSX509SKINodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecGnuTLSX509SKINodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) { ret = xmlSecGnuTLSX509CRLNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecGnuTLSX509CRLNodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD) != 0) { /* laxi schema validation: ignore unknown nodes */ - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "read node failed"); + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataGetName(data)); return(-1); } } @@ -937,11 +901,7 @@ xmlSecGnuTLSX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlS xmlFree(content); } if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty"); return(-1); } return(0); @@ -949,22 +909,16 @@ xmlSecGnuTLSX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlS cert = xmlSecGnuTLSX509CertBase64DerRead(content); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSX509CertBase64DerRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertBase64DerRead", + xmlSecKeyDataGetName(data)); xmlFree(content); return(-1); } ret = xmlSecGnuTLSKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); gnutls_x509_crt_deinit(cert); xmlFree(content); return(-1); @@ -986,29 +940,20 @@ xmlSecGnuTLSX509CertificateNodeWrite(gnutls_x509_crt_t cert, xmlNodePtr node, xm /* set base64 lines size from context */ buf = xmlSecGnuTLSX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CertBase64DerWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertBase64DerWrite", NULL); return(-1); } - cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509Certificate)", NULL); xmlFree(buf); return(-1); } /* todo: add \n around base64 data - from context */ /* todo: add errors check */ - xmlNodeSetContent(cur, xmlSecStringCR); + xmlNodeSetContent(cur, xmlSecGetDefaultLineFeed()); xmlNodeSetContent(cur, buf); xmlFree(buf); return(0); @@ -1027,7 +972,9 @@ xmlSecGnuTLSX509Trim(xmlChar * str) { /* skip spaces from the beggining */ p = str; - while(XMLSEC_GNUTLS_IS_SPACE(*p) && ((*p) != '\0')) ++p; + while(XMLSEC_GNUTLS_IS_SPACE(*p) && ((*p) != '\0')) { + ++p; + } if(p != str) { for(q = str; ; ++q, ++p) { (*q) = (*p); @@ -1038,8 +985,12 @@ xmlSecGnuTLSX509Trim(xmlChar * str) { } /* skip spaces from the end */ - for(p = str; (*p) != '\0'; ++p); - while((p > str) && (XMLSEC_GNUTLS_IS_SPACE(*(p - 1)))) *(--p) = '\0'; + for(p = str; (*p) != '\0'; ++p) { + ; + } + while((p > str) && (XMLSEC_GNUTLS_IS_SPACE(*(p - 1)))) { + *(--p) = '\0'; + } } static int @@ -1057,11 +1008,8 @@ xmlSecGnuTLSX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlS x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecGnuTLSX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); return(-1); } @@ -1071,11 +1019,7 @@ xmlSecGnuTLSX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlS xmlFree(subject); } if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty"); return(-1); } return(0); @@ -1086,12 +1030,8 @@ xmlSecGnuTLSX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlS if(cert == NULL){ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - "subject=%s", - xmlSecErrorsSafeString(subject)); + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data), + "subject=%s", xmlSecErrorsSafeString(subject)); xmlFree(subject); return(-1); } @@ -1102,23 +1042,16 @@ xmlSecGnuTLSX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlS cert2 = xmlSecGnuTLSX509CertDup(cert); if(cert2 == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSX509CertDup", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - + xmlSecInternalError("xmlSecGnuTLSX509CertDup", + xmlSecKeyDataGetName(data)); xmlFree(subject); return(-1); } ret = xmlSecGnuTLSKeyDataX509AdoptCert(data, cert2); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); gnutls_x509_crt_deinit(cert2); xmlFree(subject); return(-1); @@ -1132,35 +1065,32 @@ static int xmlSecGnuTLSX509SubjectNameNodeWrite(gnutls_x509_crt_t cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { xmlChar* buf = NULL; xmlNodePtr cur = NULL; + int ret; xmlSecAssert2(cert != NULL, -1); xmlSecAssert2(node != NULL, -1); /* add node */ - cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SubjectName)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509SubjectName)", NULL); return(-1); } /* get subject */ buf = xmlSecGnuTLSX509CertGetSubjectDN(cert); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CertGetSubjectDN", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertGetSubjectDN", NULL); return(-1); } /* set value */ - xmlSecNodeEncodeAndSetContent(cur, buf); + ret = xmlSecNodeEncodeAndSetContent(cur, buf); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent", NULL); + xmlFree(buf); + return(-1); + } /* done */ xmlFree(buf); @@ -1184,23 +1114,16 @@ xmlSecGnuTLSX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xml x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecGnuTLSX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); return(-1); } cur = xmlSecGetNextElementNode(node->children); if(cur == NULL) { if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecNodeNotFoundError("xmlSecGetNextElementNode", node, NULL, + xmlSecKeyDataGetName(data)); return(-1); } return(0); @@ -1208,56 +1131,32 @@ xmlSecGnuTLSX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xml /* the first is required node X509IssuerName */ if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInvalidNodeError(cur, xmlSecNodeX509IssuerName, xmlSecKeyDataGetName(data)); return(-1); } issuerName = xmlNodeGetContent(cur); if(issuerName == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); + xmlSecInvalidNodeContentError(cur, xmlSecKeyDataGetName(data), "empty"); return(-1); } cur = xmlSecGetNextElementNode(cur->next); /* next is required node X509SerialNumber */ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); + xmlSecInvalidNodeError(cur, xmlSecNodeX509SerialNumber, xmlSecKeyDataGetName(data)); xmlFree(issuerName); return(-1); } issuerSerial = xmlNodeGetContent(cur); if(issuerSerial == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInvalidNodeContentError(cur, xmlSecKeyDataGetName(data), "empty"); xmlFree(issuerName); return(-1); } cur = xmlSecGetNextElementNode(cur->next); if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataGetName(data)); xmlFree(issuerSerial); xmlFree(issuerName); return(-1); @@ -1269,13 +1168,10 @@ xmlSecGnuTLSX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xml if(cert == NULL){ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - "issuerName=%s;issuerSerial=%s", - xmlSecErrorsSafeString(issuerName), - xmlSecErrorsSafeString(issuerSerial)); + xmlSecOtherError3(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data), + "issuerName=%s;issuerSerial=%s", + xmlSecErrorsSafeString(issuerName), + xmlSecErrorsSafeString(issuerSerial)); xmlFree(issuerSerial); xmlFree(issuerName); return(-1); @@ -1287,11 +1183,8 @@ xmlSecGnuTLSX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xml cert2 = xmlSecGnuTLSX509CertDup(cert); if(cert2 == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSX509CertDup", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertDup", + xmlSecKeyDataGetName(data)); xmlFree(issuerSerial); xmlFree(issuerName); return(-1); @@ -1299,11 +1192,8 @@ xmlSecGnuTLSX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xml ret = xmlSecGnuTLSKeyDataX509AdoptCert(data, cert2); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); gnutls_x509_crt_deinit(cert2); xmlFree(issuerSerial); xmlFree(issuerName); @@ -1321,69 +1211,60 @@ xmlSecGnuTLSX509IssuerSerialNodeWrite(gnutls_x509_crt_t cert, xmlNodePtr node, x xmlNodePtr issuerNameNode; xmlNodePtr issuerNumberNode; xmlChar* buf; + int ret; xmlSecAssert2(cert != NULL, -1); xmlSecAssert2(node != NULL, -1); /* create xml nodes */ - cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509IssuerSerial)", NULL); return(-1); } - issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs); + issuerNameNode = xmlSecEnsureEmptyChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs); if(issuerNameNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509IssuerName)", NULL); return(-1); } - issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs); + issuerNumberNode = xmlSecEnsureEmptyChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs); if(issuerNumberNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509SerialNumber)", NULL); return(-1); } /* write data */ buf = xmlSecGnuTLSX509CertGetIssuerDN(cert); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CertGetIssuerDN", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertGetIssuerDN", NULL); + return(-1); + } + + ret = xmlSecNodeEncodeAndSetContent(issuerNameNode, buf); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent(issuerNameNode)", NULL); + xmlFree(buf); return(-1); } - xmlSecNodeEncodeAndSetContent(issuerNameNode, buf); xmlFree(buf); buf = xmlSecGnuTLSX509CertGetIssuerSerial(cert); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CertGetIssuerSerial", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertGetIssuerSerial", NULL); return(-1); } - xmlSecNodeEncodeAndSetContent(issuerNumberNode, buf); - xmlFree(buf); + ret = xmlSecNodeEncodeAndSetContent(issuerNumberNode, buf); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent(issuerNumberNode)", NULL); + xmlFree(buf); + return(-1); + } + + /* done */ + xmlFree(buf); return(0); } @@ -1403,11 +1284,8 @@ xmlSecGnuTLSX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInf x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecGnuTLSX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); return(-1); } @@ -1417,12 +1295,7 @@ xmlSecGnuTLSX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInf xmlFree(ski); } if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SKI)); + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty"); return(-1); } return(0); @@ -1434,12 +1307,9 @@ xmlSecGnuTLSX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInf xmlFree(ski); if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - "ski=%s", - xmlSecErrorsSafeString(ski)); + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data), + "ski=%s", + xmlSecErrorsSafeString(ski)); return(-1); } return(0); @@ -1447,22 +1317,16 @@ xmlSecGnuTLSX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInf cert2 = xmlSecGnuTLSX509CertDup(cert); if(cert2 == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSX509CertDup", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertDup", + xmlSecKeyDataGetName(data)); xmlFree(ski); return(-1); } ret = xmlSecGnuTLSKeyDataX509AdoptCert(data, cert2); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); gnutls_x509_crt_deinit(cert2); xmlFree(ski); return(-1); @@ -1476,36 +1340,34 @@ static int xmlSecGnuTLSX509SKINodeWrite(gnutls_x509_crt_t cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { xmlChar *buf = NULL; xmlNodePtr cur = NULL; + int ret; xmlSecAssert2(cert != NULL, -1); xmlSecAssert2(node != NULL, -1); /* add node */ - cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509SKI, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "new_node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SKI)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509SKI)", NULL); return(-1); } /* write value */ buf = xmlSecGnuTLSX509CertGetSKI(cert); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CertGetSKI", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertGetSKI", NULL); return(-1); } - xmlSecNodeEncodeAndSetContent(cur, buf); - xmlFree(buf); + ret = xmlSecNodeEncodeAndSetContent(cur, buf); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent", NULL); + xmlFree(buf); + return(-1); + } + /* done */ + xmlFree(buf); return(0); } @@ -1525,11 +1387,7 @@ xmlSecGnuTLSX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInf xmlFree(content); } if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty"); return(-1); } return(0); @@ -1537,22 +1395,16 @@ xmlSecGnuTLSX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInf crl = xmlSecGnuTLSX509CrlBase64DerRead(content); if(crl == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSX509CrlBase64DerRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CrlBase64DerRead", + xmlSecKeyDataGetName(data)); xmlFree(content); return(-1); } ret = xmlSecGnuTLSKeyDataX509AdoptCrl(data, crl); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSKeyDataX509AdoptCrl", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSKeyDataX509AdoptCrl", + xmlSecKeyDataGetName(data)); gnutls_x509_crl_deinit(crl); xmlFree(content); return(-1); @@ -1574,28 +1426,19 @@ xmlSecGnuTLSX509CRLNodeWrite(gnutls_x509_crl_t crl, xmlNodePtr node, xmlSecKeyIn /* set base64 lines size from context */ buf = xmlSecGnuTLSX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CrlBase64DerWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CrlBase64DerWrite", NULL); return(-1); } - cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "new_node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509CRL)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509CRL)", NULL); xmlFree(buf); return(-1); } /* todo: add \n around base64 data - from context */ /* todo: add errors check */ - xmlNodeSetContent(cur, xmlSecStringCR); + xmlNodeSetContent(cur, xmlSecGetDefaultLineFeed()); xmlNodeSetContent(cur, buf); xmlFree(buf); @@ -1620,11 +1463,8 @@ xmlSecGnuTLSKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr k x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecGnuTLSX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); return(-1); } @@ -1637,42 +1477,30 @@ xmlSecGnuTLSKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr k ctx->keyCert = xmlSecGnuTLSX509CertDup(cert); if(ctx->keyCert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSX509CertDup", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertDup", + xmlSecKeyDataGetName(data)); return(-1); } keyValue = xmlSecGnuTLSX509CertGetKey(ctx->keyCert); if(keyValue == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSX509CertGetKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertGetKey", + xmlSecKeyDataGetName(data)); return(-1); } /* verify that the key matches our expectations */ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeyReqMatchKeyValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyReqMatchKeyValue", + xmlSecKeyDataGetName(data)); xmlSecKeyDataDestroy(keyValue); return(-1); } ret = xmlSecKeySetValue(key, keyValue); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(data)); xmlSecKeyDataDestroy(keyValue); return(-1); } @@ -1680,28 +1508,22 @@ xmlSecGnuTLSKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr k /* get expiration time */ key->notValidBefore = gnutls_x509_crt_get_activation_time(ctx->keyCert); if(key->notValidBefore == (time_t)-1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "gnutls_x509_crt_get_activation_time", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecGnuTLSError2("gnutls_x509_crt_get_activation_time", GNUTLS_E_SUCCESS, + xmlSecKeyDataGetName(data), + "cert activation time is invalid: %ld", + (unsigned long)key->notValidBefore); return(-1); } key->notValidAfter = gnutls_x509_crt_get_expiration_time(ctx->keyCert); if(key->notValidAfter == (time_t)-1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "gnutls_x509_crt_get_expiration_time", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecGnuTLSError2("gnutls_x509_crt_get_expiration_time", GNUTLS_E_SUCCESS, + xmlSecKeyDataGetName(data), + "cert expiration time is invalid: %ld", + (unsigned long)key->notValidAfter); return(-1); } } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data), NULL); return(-1); } } @@ -1728,11 +1550,7 @@ xmlSecGnuTLSX509CertGetKey(gnutls_x509_crt_t cert) { alg = gnutls_x509_crt_get_pk_algorithm(cert, &bits); if(alg < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crt_get_pk_algorithm", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(alg)); + xmlSecGnuTLSError("gnutls_x509_crt_get_pk_algorithm", alg, NULL); return(NULL); } @@ -1744,31 +1562,19 @@ xmlSecGnuTLSX509CertGetKey(gnutls_x509_crt_t cert) { data = xmlSecKeyDataCreate(xmlSecGnuTLSKeyDataRsaId); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecGnuTLSKeyDataRsaId"); + xmlSecInternalError("xmlSecKeyDataCreate(KeyDataRsaId)", NULL); return(NULL); } err = gnutls_x509_crt_get_pk_rsa_raw(cert, &m, &e); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crt_get_pk_rsa_raw", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_crt_get_pk_rsa_raw", err, NULL); return(NULL); } ret = xmlSecGnuTLSKeyDataRsaAdoptPublicKey(data, &m, &e); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSKeyDataRsaAdoptPublicKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSKeyDataRsaAdoptPublicKey", NULL); gnutls_free(m.data); gnutls_free(e.data); return(NULL); @@ -1785,31 +1591,19 @@ xmlSecGnuTLSX509CertGetKey(gnutls_x509_crt_t cert) { data = xmlSecKeyDataCreate(xmlSecGnuTLSKeyDataDsaId); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecGnuTLSKeyDataDsaId"); + xmlSecInternalError("xmlSecKeyDataCreate(KeyDataDsaId)", NULL); return(NULL); } err = gnutls_x509_crt_get_pk_dsa_raw(cert, &p, &q, &g, &y); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crt_get_pk_dsa_raw", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_crt_get_pk_dsa_raw", err, NULL); return(NULL); } ret = xmlSecGnuTLSKeyDataDsaAdoptPublicKey(data, &p, &q, &g, &y); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSKeyDataDsaAdoptPublicKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSKeyDataDsaAdoptPublicKey", NULL); gnutls_free(p.data); gnutls_free(q.data); gnutls_free(g.data); @@ -1823,11 +1617,7 @@ xmlSecGnuTLSX509CertGetKey(gnutls_x509_crt_t cert) { default: { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crt_get_pk_algorithm", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "Unsupported algorithm %d", (int)alg); + xmlSecInvalidIntegerTypeError("key_alg", alg, "supported algorithm", NULL); return(NULL); } } @@ -1915,43 +1705,30 @@ xmlSecGnuTLSKeyDataRawX509CertBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, cert = xmlSecGnuTLSX509CertRead(buf, bufSize, xmlSecKeyDataFormatCertDer); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CertRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertRead", NULL); return(-1); } data = xmlSecKeyEnsureData(key, xmlSecGnuTLSKeyDataX509Id); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyEnsureData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyEnsureData", + xmlSecKeyDataKlassGetName(id)); gnutls_x509_crt_deinit(cert); return(-1); } ret = xmlSecGnuTLSKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGnuTLSKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSKeyDataX509AdoptCert", + xmlSecKeyDataKlassGetName(id)); gnutls_x509_crt_deinit(cert); return(-1); } ret = xmlSecGnuTLSKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGnuTLSKeyDataX509VerifyAndExtractKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSKeyDataX509VerifyAndExtractKey", + xmlSecKeyDataKlassGetName(id)); return(-1); } return(0); |