summaryrefslogtreecommitdiff
path: root/src/mscrypto/keysstore.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/mscrypto/keysstore.c')
-rw-r--r--src/mscrypto/keysstore.c189
1 files changed, 63 insertions, 126 deletions
diff --git a/src/mscrypto/keysstore.c b/src/mscrypto/keysstore.c
index 8ead554c..afc4b33f 100644
--- a/src/mscrypto/keysstore.c
+++ b/src/mscrypto/keysstore.c
@@ -1,5 +1,17 @@
+/*
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for precise wording.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
+ * Copyright (C) 2003-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved.
+ */
/**
- * XMLSec library
+ * SECTION:keysstore
+ * @Short_description: Keys store implementation for Microsoft Crypto API.
+ * @Stability: Private
*
* MSCrypto keys store that uses Simple Keys Store under the hood. Uses the
* MS Certificate store as a backing store for the finding keys, but the
@@ -7,14 +19,9 @@
* So, if store->findkey is done and the key is not found in the simple
* keys store, the MS Certificate store is looked up.
* Thus, the MS Certificate store can be used to pre-load keys and becomes
- * an alternate source of keys for xmlsec
- *
- * This is free software; see Copyright file in the source
- * distribution for precise wording.
- *
- * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
- * Copyright (C) 2003-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved.
+ * an alternate source of keys for xmlsec.
*/
+
#include "globals.h"
#include <stdlib.h>
@@ -143,25 +150,18 @@ xmlSecMSCryptoKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCryptoKeysStoreId), -1);
xmlSecAssert2((uri != NULL), -1);
+ UNREFERENCED_PARAMETER(keysMngr);
doc = xmlParseFile(uri);
if(doc == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlParseFile",
- XMLSEC_ERRORS_R_XML_FAILED,
- "uri=%s",
- xmlSecErrorsSafeString(uri));
+ xmlSecXmlError2("xmlParseFile", xmlSecKeyStoreGetName(store),
+ "uri=%s", xmlSecErrorsSafeString(uri));
return(-1);
}
root = xmlDocGetRootElement(doc);
if(!xmlSecCheckNodeName(root, BAD_CAST "Keys", xmlSecNs)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(root)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "expected-node=<xmlsec:Keys>");
+ xmlSecInvalidNodeError(root, BAD_CAST "Keys", xmlSecKeyStoreGetName(store));
xmlFreeDoc(doc);
return(-1);
}
@@ -170,30 +170,23 @@ xmlSecMSCryptoKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs)) {
key = xmlSecKeyCreate();
if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE,
- "expected-node=%s",
- xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
+ xmlSecInternalError("xmlSecKeyCreate",
+ xmlSecKeyStoreGetName(store));
xmlFreeDoc(doc);
return(-1);
}
ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlSecKeyInfoCtxInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecKeyInfoCtxInitialize",
+ xmlSecKeyStoreGetName(store));
xmlSecKeyDestroy(key);
xmlFreeDoc(doc);
return(-1);
}
keyInfoCtx.mode = xmlSecKeyInfoModeRead;
- keyInfoCtx.keysMngr = keysMngr;
+ keyInfoCtx.keysMngr = NULL;
keyInfoCtx.flags = XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND |
XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
@@ -202,11 +195,8 @@ xmlSecMSCryptoKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
ret = xmlSecKeyInfoNodeRead(cur, key, &keyInfoCtx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlSecKeyInfoNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecKeyInfoNodeRead",
+ xmlSecKeyStoreGetName(store));
xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
xmlSecKeyDestroy(key);
xmlFreeDoc(doc);
@@ -217,11 +207,8 @@ xmlSecMSCryptoKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
if(xmlSecKeyIsValid(key)) {
ret = xmlSecMSCryptoKeysStoreAdoptKey(store, key);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlSecMSCryptoKeysStoreAdoptKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecMSCryptoKeysStoreAdoptKey",
+ xmlSecKeyStoreGetName(store));
xmlSecKeyDestroy(key);
xmlFreeDoc(doc);
return(-1);
@@ -234,11 +221,7 @@ xmlSecMSCryptoKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
}
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecUnexpectedNodeError(cur, xmlSecKeyStoreGetName(store));
xmlFreeDoc(doc);
return(-1);
}
@@ -282,11 +265,8 @@ xmlSecMSCryptoKeysStoreInitialize(xmlSecKeyStorePtr store) {
*ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
if(*ss == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlSecKeyStoreCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecSimpleKeysStoreId");
+ xmlSecInternalError("xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId)",
+ xmlSecKeyStoreGetName(store));
return(-1);
}
@@ -324,23 +304,18 @@ xmlSecMSCryptoKeysStoreFindCert(xmlSecKeyStorePtr store, const xmlChar* name,
hStoreHandle = CertOpenSystemStore(0, storeName);
if (NULL == hStoreHandle) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CertOpenSystemStore",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "storeName=%s",
- xmlSecErrorsSafeString(storeName));
+ xmlSecMSCryptoError2("CertOpenSystemStore",
+ xmlSecKeyStoreGetName(store),
+ "storeName=%s",
+ xmlSecErrorsSafeString(storeName));
return(NULL);
}
/* convert name to unicode */
- wcName = xmlSecMSCryptoConvertUtf8ToTstr(name);
+ wcName = xmlSecWin32ConvertUtf8ToTstr(name);
if(wcName == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlSecMSCryptoConvertUtf8ToUnicode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "wcName");
+ xmlSecInternalError("xmlSecWin32ConvertUtf8ToTstr(name)",
+ xmlSecKeyStoreGetName(store));
CertCloseStore(hStoreHandle, 0);
return(NULL);
}
@@ -362,7 +337,12 @@ xmlSecMSCryptoKeysStoreFindCert(xmlSecKeyStorePtr store, const xmlChar* name,
PCCERT_CONTEXT pCertCtxIter = NULL;
- while (pCertCtxIter = CertEnumCertificatesInStore(hStoreHandle, pCertCtxIter)) {
+ while (1) {
+ pCertCtxIter = CertEnumCertificatesInStore(hStoreHandle, pCertCtxIter);
+ if(pCertCtxIter == NULL) {
+ break;
+ }
+
if (TRUE != CertGetCertificateContextProperty(pCertCtxIter,
CERT_FRIENDLY_NAME_PROP_ID,
NULL,
@@ -372,11 +352,7 @@ xmlSecMSCryptoKeysStoreFindCert(xmlSecKeyStorePtr store, const xmlChar* name,
pbFriendlyName = xmlMalloc(dwPropSize);
if(pbFriendlyName == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecMallocError(dwPropSize, xmlSecKeyStoreGetName(store));
xmlFree(wcName);
CertCloseStore(hStoreHandle, 0);
return(NULL);
@@ -478,57 +454,37 @@ xmlSecMSCryptoKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
/* set cert in x509 data */
x509Data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataX509Id);
if(x509Data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ xmlSecInternalError("xmlSecKeyDataCreate",
+ xmlSecKeyDataGetName(x509Data));
goto done;
}
pCertContext2 = CertDuplicateCertificateContext(pCertContext);
if (NULL == pCertContext2) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CertDuplicateCertificateContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ xmlSecMSCryptoError("CertDuplicateCertificateContext",
+ xmlSecKeyDataGetName(x509Data));
goto done;
}
ret = xmlSecMSCryptoKeyDataX509AdoptCert(x509Data, pCertContext2);
if (ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ xmlSecInternalError("xmlSecMSCryptoKeyDataX509AdoptCert",
+ xmlSecKeyDataGetName(x509Data));
goto done;
}
pCertContext2 = NULL;
pCertContext2 = CertDuplicateCertificateContext(pCertContext);
if (NULL == pCertContext2) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CertDuplicateCertificateContext",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ xmlSecMSCryptoError("CertDuplicateCertificateContext",
+ xmlSecKeyDataGetName(x509Data));
goto done;
}
ret = xmlSecMSCryptoKeyDataX509AdoptKeyCert(x509Data, pCertContext2);
if (ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoKeyDataX509AdoptKeyCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ xmlSecInternalError("xmlSecMSCryptoKeyDataX509AdoptKeyCert",
+ xmlSecKeyDataGetName(x509Data));
goto done;
}
pCertContext2 = NULL;
@@ -536,11 +492,7 @@ xmlSecMSCryptoKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
/* set cert in key data */
data = xmlSecMSCryptoCertAdopt(pCertContext, keyReq->keyType);
if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoCertAdopt",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecMSCryptoCertAdopt", NULL);
goto done;
}
pCertContext = NULL;
@@ -548,34 +500,22 @@ xmlSecMSCryptoKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
/* create key and add key data and x509 data to it */
key = xmlSecKeyCreate();
if (key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecKeyCreate", NULL);
goto done;
}
ret = xmlSecKeySetValue(key, data);
if (ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeySetValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
+ xmlSecInternalError("xmlSecKeySetValue",
+ xmlSecKeyDataGetName(data));
goto done;
}
data = NULL;
ret = xmlSecKeyAdoptData(key, x509Data);
if (ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyAdoptData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ xmlSecInternalError("xmlSecKeyAdoptData",
+ xmlSecKeyDataGetName(x509Data));
goto done;
}
x509Data = NULL;
@@ -583,11 +523,8 @@ xmlSecMSCryptoKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
/* Set the name of the key to the given name */
ret = xmlSecKeySetName(key, name);
if (ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
- "xmlSecKeySetName",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecKeySetName",
+ xmlSecKeyStoreGetName(store));
goto done;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-29 01:11:05 +0000