diff options
Diffstat (limited to 'src/mscrypto/keysstore.c')
-rw-r--r-- | src/mscrypto/keysstore.c | 189 |
1 files changed, 63 insertions, 126 deletions
diff --git a/src/mscrypto/keysstore.c b/src/mscrypto/keysstore.c index 8ead554c..afc4b33f 100644 --- a/src/mscrypto/keysstore.c +++ b/src/mscrypto/keysstore.c @@ -1,5 +1,17 @@ +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * + * + * This is free software; see Copyright file in the source + * distribution for precise wording. + * + * Copyright (C) 2003 Cordys R&D BV, All rights reserved. + * Copyright (C) 2003-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. + */ /** - * XMLSec library + * SECTION:keysstore + * @Short_description: Keys store implementation for Microsoft Crypto API. + * @Stability: Private * * MSCrypto keys store that uses Simple Keys Store under the hood. Uses the * MS Certificate store as a backing store for the finding keys, but the @@ -7,14 +19,9 @@ * So, if store->findkey is done and the key is not found in the simple * keys store, the MS Certificate store is looked up. * Thus, the MS Certificate store can be used to pre-load keys and becomes - * an alternate source of keys for xmlsec - * - * This is free software; see Copyright file in the source - * distribution for precise wording. - * - * Copyright (C) 2003 Cordys R&D BV, All rights reserved. - * Copyright (C) 2003-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. + * an alternate source of keys for xmlsec. */ + #include "globals.h" #include <stdlib.h> @@ -143,25 +150,18 @@ xmlSecMSCryptoKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCryptoKeysStoreId), -1); xmlSecAssert2((uri != NULL), -1); + UNREFERENCED_PARAMETER(keysMngr); doc = xmlParseFile(uri); if(doc == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlParseFile", - XMLSEC_ERRORS_R_XML_FAILED, - "uri=%s", - xmlSecErrorsSafeString(uri)); + xmlSecXmlError2("xmlParseFile", xmlSecKeyStoreGetName(store), + "uri=%s", xmlSecErrorsSafeString(uri)); return(-1); } root = xmlDocGetRootElement(doc); if(!xmlSecCheckNodeName(root, BAD_CAST "Keys", xmlSecNs)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - xmlSecErrorsSafeString(xmlSecNodeGetName(root)), - XMLSEC_ERRORS_R_INVALID_NODE, - "expected-node=<xmlsec:Keys>"); + xmlSecInvalidNodeError(root, BAD_CAST "Keys", xmlSecKeyStoreGetName(store)); xmlFreeDoc(doc); return(-1); } @@ -170,30 +170,23 @@ xmlSecMSCryptoKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs)) { key = xmlSecKeyCreate(); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "expected-node=%s", - xmlSecErrorsSafeString(xmlSecNodeKeyInfo)); + xmlSecInternalError("xmlSecKeyCreate", + xmlSecKeyStoreGetName(store)); xmlFreeDoc(doc); return(-1); } ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecKeyInfoCtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyInfoCtxInitialize", + xmlSecKeyStoreGetName(store)); xmlSecKeyDestroy(key); xmlFreeDoc(doc); return(-1); } keyInfoCtx.mode = xmlSecKeyInfoModeRead; - keyInfoCtx.keysMngr = keysMngr; + keyInfoCtx.keysMngr = NULL; keyInfoCtx.flags = XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND | XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS; keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown; @@ -202,11 +195,8 @@ xmlSecMSCryptoKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, ret = xmlSecKeyInfoNodeRead(cur, key, &keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecKeyInfoNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyInfoNodeRead", + xmlSecKeyStoreGetName(store)); xmlSecKeyInfoCtxFinalize(&keyInfoCtx); xmlSecKeyDestroy(key); xmlFreeDoc(doc); @@ -217,11 +207,8 @@ xmlSecMSCryptoKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, if(xmlSecKeyIsValid(key)) { ret = xmlSecMSCryptoKeysStoreAdoptKey(store, key); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecMSCryptoKeysStoreAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoKeysStoreAdoptKey", + xmlSecKeyStoreGetName(store)); xmlSecKeyDestroy(key); xmlFreeDoc(doc); return(-1); @@ -234,11 +221,7 @@ xmlSecMSCryptoKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, } if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, xmlSecKeyStoreGetName(store)); xmlFreeDoc(doc); return(-1); } @@ -282,11 +265,8 @@ xmlSecMSCryptoKeysStoreInitialize(xmlSecKeyStorePtr store) { *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId); if(*ss == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecKeyStoreCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecSimpleKeysStoreId"); + xmlSecInternalError("xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId)", + xmlSecKeyStoreGetName(store)); return(-1); } @@ -324,23 +304,18 @@ xmlSecMSCryptoKeysStoreFindCert(xmlSecKeyStorePtr store, const xmlChar* name, hStoreHandle = CertOpenSystemStore(0, storeName); if (NULL == hStoreHandle) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CertOpenSystemStore", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "storeName=%s", - xmlSecErrorsSafeString(storeName)); + xmlSecMSCryptoError2("CertOpenSystemStore", + xmlSecKeyStoreGetName(store), + "storeName=%s", + xmlSecErrorsSafeString(storeName)); return(NULL); } /* convert name to unicode */ - wcName = xmlSecMSCryptoConvertUtf8ToTstr(name); + wcName = xmlSecWin32ConvertUtf8ToTstr(name); if(wcName == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecMSCryptoConvertUtf8ToUnicode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "wcName"); + xmlSecInternalError("xmlSecWin32ConvertUtf8ToTstr(name)", + xmlSecKeyStoreGetName(store)); CertCloseStore(hStoreHandle, 0); return(NULL); } @@ -362,7 +337,12 @@ xmlSecMSCryptoKeysStoreFindCert(xmlSecKeyStorePtr store, const xmlChar* name, PCCERT_CONTEXT pCertCtxIter = NULL; - while (pCertCtxIter = CertEnumCertificatesInStore(hStoreHandle, pCertCtxIter)) { + while (1) { + pCertCtxIter = CertEnumCertificatesInStore(hStoreHandle, pCertCtxIter); + if(pCertCtxIter == NULL) { + break; + } + if (TRUE != CertGetCertificateContextProperty(pCertCtxIter, CERT_FRIENDLY_NAME_PROP_ID, NULL, @@ -372,11 +352,7 @@ xmlSecMSCryptoKeysStoreFindCert(xmlSecKeyStorePtr store, const xmlChar* name, pbFriendlyName = xmlMalloc(dwPropSize); if(pbFriendlyName == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMallocError(dwPropSize, xmlSecKeyStoreGetName(store)); xmlFree(wcName); CertCloseStore(hStoreHandle, 0); return(NULL); @@ -478,57 +454,37 @@ xmlSecMSCryptoKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, /* set cert in x509 data */ x509Data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataX509Id); if(x509Data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecKeyDataCreate", + xmlSecKeyDataGetName(x509Data)); goto done; } pCertContext2 = CertDuplicateCertificateContext(pCertContext); if (NULL == pCertContext2) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CertDuplicateCertificateContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecMSCryptoError("CertDuplicateCertificateContext", + xmlSecKeyDataGetName(x509Data)); goto done; } ret = xmlSecMSCryptoKeyDataX509AdoptCert(x509Data, pCertContext2); if (ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecMSCryptoKeyDataX509AdoptCert", + xmlSecKeyDataGetName(x509Data)); goto done; } pCertContext2 = NULL; pCertContext2 = CertDuplicateCertificateContext(pCertContext); if (NULL == pCertContext2) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CertDuplicateCertificateContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecMSCryptoError("CertDuplicateCertificateContext", + xmlSecKeyDataGetName(x509Data)); goto done; } ret = xmlSecMSCryptoKeyDataX509AdoptKeyCert(x509Data, pCertContext2); if (ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoKeyDataX509AdoptKeyCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecMSCryptoKeyDataX509AdoptKeyCert", + xmlSecKeyDataGetName(x509Data)); goto done; } pCertContext2 = NULL; @@ -536,11 +492,7 @@ xmlSecMSCryptoKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, /* set cert in key data */ data = xmlSecMSCryptoCertAdopt(pCertContext, keyReq->keyType); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoCertAdopt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoCertAdopt", NULL); goto done; } pCertContext = NULL; @@ -548,34 +500,22 @@ xmlSecMSCryptoKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, /* create key and add key data and x509 data to it */ key = xmlSecKeyCreate(); if (key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyCreate", NULL); goto done; } ret = xmlSecKeySetValue(key, data); if (ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(data)); goto done; } data = NULL; ret = xmlSecKeyAdoptData(key, x509Data); if (ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyAdoptData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecKeyAdoptData", + xmlSecKeyDataGetName(x509Data)); goto done; } x509Data = NULL; @@ -583,11 +523,8 @@ xmlSecMSCryptoKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, /* Set the name of the key to the given name */ ret = xmlSecKeySetName(key, name); if (ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecKeySetName", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeySetName", + xmlSecKeyStoreGetName(store)); goto done; } |