summaryrefslogtreecommitdiff
path: root/src/nss/x509.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/nss/x509.c')
-rw-r--r--src/nss/x509.c730
1 files changed, 230 insertions, 500 deletions
diff --git a/src/nss/x509.c b/src/nss/x509.c
index 887c77cf..933e5bfe 100644
--- a/src/nss/x509.c
+++ b/src/nss/x509.c
@@ -1,7 +1,5 @@
-/**
- * XMLSec library
- *
- * X509 support
+/*
+ * XML Security Library (http://www.aleksey.com/xmlsec).
*
*
* This is free software; see Copyright file in the source
@@ -9,6 +7,13 @@
*
* Copyright (c) 2003 America Online, Inc. All rights reserved.
*/
+/**
+ * SECTION:x509
+ * @Short_description: X509 certificates implementation for NSS.
+ * @Stability: Stable
+ *
+ */
+
#include "globals.h"
#ifndef XMLSEC_NO_X509
@@ -374,22 +379,14 @@ xmlSecNssKeyDataX509AdoptCert(xmlSecKeyDataPtr data, CERTCertificate* cert) {
if(ctx->certsList == NULL) {
ctx->certsList = CERT_NewCertList();
if(ctx->certsList == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "CERT_NewCertList",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
+ xmlSecNssError("CERT_NewCertList", xmlSecKeyDataGetName(data));
return(-1);
}
}
ret = CERT_AddCertToListTail(ctx->certsList, cert);
if(ret != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "CERT_AddCertToListTail",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
+ xmlSecNssError("CERT_AddCertToListTail", xmlSecKeyDataGetName(data));
return(-1);
}
ctx->numCerts++;
@@ -470,13 +467,8 @@ xmlSecNssKeyDataX509AdoptCrl(xmlSecKeyDataPtr data, CERTSignedCrl* crl) {
xmlSecAssert2(ctx != NULL, -1);
crlnode = (xmlSecNssX509CrlNodePtr)PR_Malloc(sizeof(xmlSecNssX509CrlNode));
-
if(crlnode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "PR_Malloc",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecNssError("PR_Malloc", xmlSecKeyDataGetName(data));
return(-1);
}
@@ -574,31 +566,22 @@ xmlSecNssKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
*/
certSrc = xmlSecNssKeyDataX509GetCert(src, pos);
if(certSrc == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)),
- "xmlSecNssKeyDataX509GetCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
+ xmlSecInternalError2("xmlSecNssKeyDataX509GetCert",
+ xmlSecKeyDataGetName(src),
+ "pos=%d", pos);
return(-1);
}
certDst = CERT_DupCertificate(certSrc);
if(certDst == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "CERT_DupCertificate",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
+ xmlSecNssError("CERT_DupCertificate", xmlSecKeyDataGetName(dst));
return(-1);
}
ret = xmlSecNssKeyDataX509AdoptCert(dst, certDst);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "xmlSecNssKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert",
+ xmlSecKeyDataGetName(dst));
CERT_DestroyCertificate(certDst);
return(-1);
}
@@ -609,31 +592,22 @@ xmlSecNssKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
for(pos = 0; pos < size; ++pos) {
crlSrc = xmlSecNssKeyDataX509GetCrl(src, pos);
if(crlSrc == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)),
- "xmlSecNssKeyDataX509GetCrl",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
+ xmlSecInternalError2("xmlSecNssKeyDataX509GetCrl",
+ xmlSecKeyDataGetName(src),
+ "pos=%d", pos);
return(-1);
}
crlDst = SEC_DupCrl(crlSrc);
if(crlDst == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "SEC_DupCrl",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
+ xmlSecNssError("SEC_DupCrl", xmlSecKeyDataGetName(dst));
return(-1);
}
ret = xmlSecNssKeyDataX509AdoptCrl(dst, crlDst);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "xmlSecNssKeyDataX509AdoptCrl",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecNssKeyDataX509AdoptCrl",
+ xmlSecKeyDataGetName(dst));
SEC_DestroyCrl(crlDst);
return(-1);
}
@@ -644,20 +618,14 @@ xmlSecNssKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
if(certSrc != NULL) {
certDst = CERT_DupCertificate(certSrc);
if(certDst == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "CERT_DupCertificate",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
+ xmlSecNssError("CERT_DupCertificate",
+ xmlSecKeyDataGetName(dst));
return(-1);
}
ret = xmlSecNssKeyDataX509AdoptKeyCert(dst, certDst);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
- "xmlSecNssKeyDataX509AdoptKeyCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecNssKeyDataX509AdoptKeyCert",
+ xmlSecKeyDataGetName(dst));
CERT_DestroyCertificate(certDst);
return(-1);
}
@@ -701,7 +669,7 @@ xmlSecNssKeyDataX509Finalize(xmlSecKeyDataPtr data) {
static int
xmlSecNssKeyDataX509XmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyDataPtr data;
int ret;
@@ -712,34 +680,23 @@ xmlSecNssKeyDataX509XmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
data = xmlSecKeyEnsureData(key, id);
if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyEnsureData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecKeyEnsureData",
+ xmlSecKeyDataKlassGetName(id));
return(-1);
}
ret = xmlSecNssX509DataNodeRead(data, node, keyInfoCtx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssX509DataNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecNssX509DataNodeRead",
+ xmlSecKeyDataKlassGetName(id));
return(-1);
}
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS) == 0) {
- ret = xmlSecNssKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssKeyDataX509VerifyAndExtractKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ ret = xmlSecNssKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecInternalError("xmlSecNssKeyDataX509VerifyAndExtractKey",
+ xmlSecKeyDataKlassGetName(id));
+ return(-1);
}
return(0);
}
@@ -759,13 +716,11 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
- content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx);
+ content = xmlSecX509DataGetNodeContent (node, keyInfoCtx);
if (content < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecX509DataGetNodeContent",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "content=%d", content);
+ xmlSecInternalError2("xmlSecX509DataGetNodeContent",
+ xmlSecKeyDataKlassGetName(id),
+ "content=%d", content);
return(-1);
} else if(content == 0) {
/* by default we are writing certificates and crls */
@@ -784,22 +739,18 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
for(pos = 0; pos < size; ++pos) {
cert = xmlSecNssKeyDataX509GetCert(data, pos);
if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssKeyDataX509GetCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
+ xmlSecInternalError2("xmlSecNssKeyDataX509GetCert",
+ xmlSecKeyDataKlassGetName(id),
+ "pos=%d", pos);
return(-1);
}
if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) {
ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssX509CertificateNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
+ xmlSecInternalError2("xmlSecNssX509CertificateNodeWrite",
+ xmlSecKeyDataKlassGetName(id),
+ "pos=%d", pos);
return(-1);
}
}
@@ -807,11 +758,9 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) {
ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssX509SubjectNameNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
+ xmlSecInternalError2("xmlSecNssX509SubjectNameNodeWrite",
+ xmlSecKeyDataKlassGetName(id),
+ "pos=%d", pos);
return(-1);
}
}
@@ -819,11 +768,9 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) {
ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssX509IssuerSerialNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
+ xmlSecInternalError2("xmlSecNssX509IssuerSerialNodeWrite",
+ xmlSecKeyDataKlassGetName(id),
+ "pos=%d", pos);
return(-1);
}
}
@@ -831,11 +778,9 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
if((content & XMLSEC_X509DATA_SKI_NODE) != 0) {
ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssX509SKINodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
+ xmlSecInternalError2("xmlSecNssX509SKINodeWrite",
+ xmlSecKeyDataKlassGetName(id),
+ "pos=%d", pos);
return(-1);
}
}
@@ -847,21 +792,17 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
for(pos = 0; pos < size; ++pos) {
crl = xmlSecNssKeyDataX509GetCrl(data, pos);
if(crl == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssKeyDataX509GetCrl",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
+ xmlSecInternalError2("xmlSecNssKeyDataX509GetCrl",
+ xmlSecKeyDataKlassGetName(id),
+ "pos=%d", pos);
return(-1);
}
ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssX509CRLNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
+ xmlSecInternalError2("xmlSecNssX509CRLNodeWrite",
+ xmlSecKeyDataKlassGetName(id),
+ "pos=%d", pos);
return(-1);
}
}
@@ -905,11 +846,9 @@ xmlSecNssKeyDataX509DebugDump(xmlSecKeyDataPtr data, FILE* output) {
for(pos = 0; pos < size; ++pos) {
cert = xmlSecNssKeyDataX509GetCert(data, pos);
if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecNssKeyDataX509GetCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
+ xmlSecInternalError2("xmlSecNssKeyDataX509GetCert",
+ xmlSecKeyDataGetName(data),
+ "pos=%d", pos);
return;
}
fprintf(output, "==== Certificate:\n");
@@ -939,11 +878,9 @@ xmlSecNssKeyDataX509DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
for(pos = 0; pos < size; ++pos) {
cert = xmlSecNssKeyDataX509GetCert(data, pos);
if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecNssKeyDataX509GetCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
+ xmlSecInternalError2("xmlSecNssKeyDataX509GetCert",
+ xmlSecKeyDataGetName(data),
+ "pos=%d", pos);
return;
}
fprintf(output, "<Certificate>\n");
@@ -968,32 +905,44 @@ xmlSecNssX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoC
cur != NULL;
cur = xmlSecGetNextElementNode(cur->next)) {
- ret = 0;
if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) {
ret = xmlSecNssX509CertificateNodeRead(data, cur, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecInternalError("xmlSecNssX509CertificateNodeRead",
+ xmlSecKeyDataGetName(data));
+ return(-1);
+ }
} else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) {
ret = xmlSecNssX509SubjectNameNodeRead(data, cur, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecInternalError("xmlSecNssX509SubjectNameNodeRead",
+ xmlSecKeyDataGetName(data));
+ return(-1);
+ }
} else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) {
ret = xmlSecNssX509IssuerSerialNodeRead(data, cur, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecInternalError("xmlSecNssX509IssuerSerialNodeRead",
+ xmlSecKeyDataGetName(data));
+ return(-1);
+ }
} else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) {
ret = xmlSecNssX509SKINodeRead(data, cur, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecInternalError("xmlSecNssX509SKINodeRead",
+ xmlSecKeyDataGetName(data));
+ return(-1);
+ }
} else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) {
ret = xmlSecNssX509CRLNodeRead(data, cur, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecInternalError("xmlSecNssX509CRLNodeRead",
+ xmlSecKeyDataGetName(data));
+ return(-1);
+ }
} else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD) != 0) {
/* laxi schema validation: ignore unknown nodes */
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "read node failed");
+ xmlSecUnexpectedNodeError(cur, xmlSecKeyDataGetName(data));
return(-1);
}
}
@@ -1016,11 +965,7 @@ xmlSecNssX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK
xmlFree(content);
}
if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty");
return(-1);
}
return(0);
@@ -1028,22 +973,16 @@ xmlSecNssX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK
cert = xmlSecNssX509CertBase64DerRead(content);
if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecNssX509CertBase64DerRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecNssX509CertBase64DerRead",
+ xmlSecKeyDataGetName(data));
xmlFree(content);
return(-1);
}
ret = xmlSecNssKeyDataX509AdoptCert(data, cert);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecNssKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert",
+ xmlSecKeyDataGetName(data));
CERT_DestroyCertificate(cert);
xmlFree(content);
return(-1);
@@ -1065,29 +1004,20 @@ xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSec
/* set base64 lines size from context */
buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssX509CertBase64DerWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecNssX509CertBase64DerWrite", NULL);
return(-1);
}
- cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
+ cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
+ xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509Certificate)", NULL);
xmlFree(buf);
return(-1);
}
/* todo: add \n around base64 data - from context */
/* todo: add errors check */
- xmlNodeSetContent(cur, xmlSecStringCR);
+ xmlNodeSetContent(cur, xmlSecGetDefaultLineFeed());
xmlNodeSetContent(cur, buf);
xmlFree(buf);
return(0);
@@ -1107,11 +1037,8 @@ xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK
x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecNssX509StoreId);
if(x509Store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeysMngrGetDataStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecKeysMngrGetDataStore",
+ xmlSecKeyDataGetName(data));
return(-1);
}
@@ -1121,11 +1048,7 @@ xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK
xmlFree(subject);
}
if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty");
return(-1);
}
return(0);
@@ -1135,12 +1058,8 @@ xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK
if(cert == NULL){
if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- NULL,
- XMLSEC_ERRORS_R_CERT_NOT_FOUND,
- "subject=%s",
- xmlSecErrorsSafeString(subject));
+ xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data),
+ "subject=%s", xmlSecErrorsSafeString(subject));
xmlFree(subject);
return(-1);
}
@@ -1151,11 +1070,8 @@ xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK
ret = xmlSecNssKeyDataX509AdoptCert(data, cert);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecNssKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert",
+ xmlSecKeyDataGetName(data));
CERT_DestroyCertificate(cert);
xmlFree(subject);
return(-1);
@@ -1169,32 +1085,32 @@ static int
xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
xmlChar* buf = NULL;
xmlNodePtr cur = NULL;
+ int ret;
xmlSecAssert2(cert != NULL, -1);
xmlSecAssert2(node != NULL, -1);
buf = xmlSecNssX509NameWrite(&(cert->subject));
if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssX509NameWrite(&(cert->subject))",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecNssX509NameWrite(&(cert->subject))", NULL);
return(-1);
}
- cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs);
+ cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SubjectName));
+ xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509SubjectName)", NULL);
+ xmlFree(buf);
+ return(-1);
+ }
+
+ ret = xmlSecNodeEncodeAndSetContent(cur, buf);
+ if(ret < 0) {
+ xmlSecInternalError("xmlSecNodeEncodeAndSetContent", NULL);
xmlFree(buf);
return(-1);
}
- xmlSecNodeEncodeAndSetContent(cur, buf);
+
+ /* done */
xmlFree(buf);
return(0);
}
@@ -1215,23 +1131,16 @@ xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSec
x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecNssX509StoreId);
if(x509Store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeysMngrGetDataStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecKeysMngrGetDataStore",
+ xmlSecKeyDataGetName(data));
return(-1);
}
cur = xmlSecGetNextElementNode(node->children);
if(cur == NULL) {
if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ xmlSecNodeNotFoundError("xmlSecGetNextElementNode", node, NULL,
+ xmlSecKeyDataGetName(data));
return(-1);
}
return(0);
@@ -1239,56 +1148,32 @@ xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSec
/* the first is required node X509IssuerName */
if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ xmlSecInvalidNodeError(cur, xmlSecNodeX509IssuerName, xmlSecKeyDataGetName(data));
return(-1);
}
issuerName = xmlNodeGetContent(cur);
if(issuerName == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
+ xmlSecInvalidNodeContentError(cur, xmlSecKeyDataGetName(data), "empty");
return(-1);
}
cur = xmlSecGetNextElementNode(cur->next);
/* next is required node X509SerialNumber */
if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
+ xmlSecInvalidNodeError(cur, xmlSecNodeX509SerialNumber, xmlSecKeyDataGetName(data));
xmlFree(issuerName);
return(-1);
}
issuerSerial = xmlNodeGetContent(cur);
if(issuerSerial == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ xmlSecInvalidNodeContentError(cur, xmlSecKeyDataGetName(data), "empty");
xmlFree(issuerName);
return(-1);
}
cur = xmlSecGetNextElementNode(cur->next);
if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecUnexpectedNodeError(cur, xmlSecKeyDataGetName(data));
xmlFree(issuerSerial);
xmlFree(issuerName);
return(-1);
@@ -1297,13 +1182,10 @@ xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSec
cert = xmlSecNssX509StoreFindCert(x509Store, NULL, issuerName, issuerSerial, NULL, keyInfoCtx);
if(cert == NULL){
if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- NULL,
- XMLSEC_ERRORS_R_CERT_NOT_FOUND,
- "issuerName=%s;issuerSerial=%s",
- xmlSecErrorsSafeString(issuerName),
- xmlSecErrorsSafeString(issuerSerial));
+ xmlSecOtherError3(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data),
+ "issuerName=%s;issuerSerial=%s",
+ xmlSecErrorsSafeString(issuerName),
+ xmlSecErrorsSafeString(issuerSerial));
xmlFree(issuerSerial);
xmlFree(issuerName);
return(-1);
@@ -1316,11 +1198,8 @@ xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSec
ret = xmlSecNssKeyDataX509AdoptCert(data, cert);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecNssKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert",
+ xmlSecKeyDataGetName(data));
CERT_DestroyCertificate(cert);
xmlFree(issuerSerial);
xmlFree(issuerName);
@@ -1338,64 +1217,48 @@ xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSe
xmlNodePtr issuerNameNode;
xmlNodePtr issuerNumberNode;
xmlChar* buf;
+ int ret;
xmlSecAssert2(cert != NULL, -1);
xmlSecAssert2(node != NULL, -1);
/* create xml nodes */
- cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs);
+ cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial));
+ xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509IssuerSerial)", NULL);
return(-1);
}
- issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs);
+ issuerNameNode = xmlSecEnsureEmptyChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs);
if(issuerNameNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
+ xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509IssuerName)", NULL);
return(-1);
}
- issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs);
+ issuerNumberNode = xmlSecEnsureEmptyChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs);
if(issuerNumberNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
+ xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509SerialNumber)", NULL);
return(-1);
}
/* write data */
buf = xmlSecNssX509NameWrite(&(cert->issuer));
if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssX509NameWrite(&(cert->issuer))",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecNssX509NameWrite(&(cert->issuer))", NULL);
+ return(-1);
+ }
+
+ ret = xmlSecNodeEncodeAndSetContent(issuerNameNode, buf);
+ if(ret < 0) {
+ xmlSecInternalError("xmlSecNodeEncodeAndSetContent(issuerNameNode)", NULL);
+ xmlFree(buf);
return(-1);
}
- xmlSecNodeEncodeAndSetContent(issuerNameNode, buf);
xmlFree(buf);
buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber));
if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecNssASN1IntegerWrite(&(cert->serialNumber))", NULL);
return(-1);
}
xmlNodeSetContent(issuerNumberNode, buf);
@@ -1418,11 +1281,8 @@ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt
x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecNssX509StoreId);
if(x509Store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeysMngrGetDataStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecKeysMngrGetDataStore",
+ xmlSecKeyDataGetName(data));
return(-1);
}
@@ -1432,12 +1292,7 @@ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt
xmlFree(ski);
}
if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SKI));
+ xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty");
return(-1);
}
return(0);
@@ -1448,12 +1303,8 @@ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt
xmlFree(ski);
if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- NULL,
- XMLSEC_ERRORS_R_CERT_NOT_FOUND,
- "ski=%s",
- xmlSecErrorsSafeString(ski));
+ xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data),
+ "ski=%s", xmlSecErrorsSafeString(ski));
return(-1);
}
return(0);
@@ -1461,11 +1312,8 @@ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt
ret = xmlSecNssKeyDataX509AdoptCert(data, cert);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecNssKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert",
+ xmlSecKeyDataGetName(data));
CERT_DestroyCertificate(cert);
xmlFree(ski);
return(-1);
@@ -1479,34 +1327,33 @@ static int
xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
xmlChar *buf = NULL;
xmlNodePtr cur = NULL;
+ int ret;
xmlSecAssert2(cert != NULL, -1);
xmlSecAssert2(node != NULL, -1);
buf = xmlSecNssX509SKIWrite(cert);
if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssX509SKIWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecNssX509SKIWrite", NULL);
return(-1);
}
- cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs);
+ cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509SKI, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "new_node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SKI));
+ xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509SKI)", NULL);
xmlFree(buf);
return(-1);
}
- xmlSecNodeEncodeAndSetContent(cur, buf);
- xmlFree(buf);
+ ret = xmlSecNodeEncodeAndSetContent(cur, buf);
+ if(ret < 0) {
+ xmlSecInternalError("xmlSecNodeEncodeAndSetContent", NULL);
+ xmlFree(buf);
+ return(-1);
+ }
+
+ /* done */
+ xmlFree(buf);
return(0);
}
@@ -1525,11 +1372,7 @@ xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt
xmlFree(content);
}
if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty");
return(-1);
}
return(0);
@@ -1537,11 +1380,8 @@ xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt
crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx);
if(crl == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecNssX509CrlBase64DerRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecNssX509CrlBase64DerRead",
+ xmlSecKeyDataGetName(data));
xmlFree(content);
return(-1);
}
@@ -1563,28 +1403,19 @@ xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxP
/* set base64 lines size from context */
buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssX509CrlBase64DerWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecNssX509CrlBase64DerWrite", NULL);
return(-1);
}
- cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
+ cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "new_node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509CRL));
+ xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509CRL)", NULL);
xmlFree(buf);
return(-1);
}
/* todo: add \n around base64 data - from context */
/* todo: add errors check */
- xmlNodeSetContent(cur, xmlSecStringCR);
+ xmlNodeSetContent(cur, xmlSecGetDefaultLineFeed());
xmlNodeSetContent(cur, buf);
xmlFree(buf);
@@ -1611,11 +1442,8 @@ xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecNssX509StoreId);
if(x509Store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeysMngrGetDataStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecKeysMngrGetDataStore",
+ xmlSecKeyDataGetName(data));
return(-1);
}
@@ -1628,42 +1456,30 @@ xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
ctx->keyCert = CERT_DupCertificate(cert);
if(ctx->keyCert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "CERT_DupCertificate",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecNssError("CERT_DupCertificate",
+ xmlSecKeyDataGetName(data));
return(-1);
}
keyValue = xmlSecNssX509CertGetKey(ctx->keyCert);
if(keyValue == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecNssX509CertGetKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecNssX509CertGetKey",
+ xmlSecKeyDataGetName(data));
return(-1);
}
/* verify that the key matches our expectations */
if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeyReqMatchKeyValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecKeyReqMatchKeyValue",
+ xmlSecKeyDataGetName(data));
xmlSecKeyDataDestroy(keyValue);
return(-1);
}
ret = xmlSecKeySetValue(key, keyValue);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeySetValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecKeySetValue",
+ xmlSecKeyDataGetName(data));
xmlSecKeyDataDestroy(keyValue);
return(-1);
}
@@ -1672,31 +1488,21 @@ xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
if (status == SECSuccess) {
ret = xmlSecNssX509CertGetTime(&notBefore, &(key->notValidBefore));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecNssX509CertGetTime",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "notValidBefore");
+ xmlSecInternalError("xmlSecNssX509CertGetTime(notValidBefore)",
+ xmlSecKeyDataGetName(data));
return(-1);
}
ret = xmlSecNssX509CertGetTime(&notAfter, &(key->notValidAfter));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecNssX509CertGetTime",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "notValidAfter");
+ xmlSecInternalError("xmlSecNssX509CertGetTime(notValidAfter)",
+ xmlSecKeyDataGetName(data));
return(-1);
}
} else {
key->notValidBefore = key->notValidAfter = 0;
}
} else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- NULL,
- XMLSEC_ERRORS_R_CERT_NOT_FOUND,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecOtherError(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data), NULL);
return(-1);
}
}
@@ -1742,21 +1548,13 @@ xmlSecNssX509CertGetKey(CERTCertificate* cert) {
pubkey = CERT_ExtractPublicKey(cert);
if(pubkey == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CERT_ExtractPublicKey",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
+ xmlSecNssError("CERT_ExtractPublicKey", NULL);
return(NULL);
}
data = xmlSecNssPKIAdoptKey(NULL, pubkey);
if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssPKIAdoptKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecNssPKIAdoptKey", NULL);
SECKEY_DestroyPublicKey(pubkey);
return(NULL);
}
@@ -1773,11 +1571,7 @@ xmlSecNssX509CertBase64DerRead(xmlChar* buf) {
/* usual trick with base64 decoding "in-place" */
ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64Decode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecBase64Decode", NULL);
return(NULL);
}
@@ -1800,11 +1594,7 @@ xmlSecNssX509CertDerRead(const xmlSecByte* buf, xmlSecSize size) {
cert = __CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &derCert,
NULL, PR_FALSE, PR_TRUE);
if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "__CERT_NewTempCertificate",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
+ xmlSecNssError("__CERT_NewTempCertificate", NULL);
return(NULL);
}
@@ -1821,23 +1611,14 @@ xmlSecNssX509CertBase64DerWrite(CERTCertificate* cert, int base64LineWrap) {
xmlSecAssert2(cert != NULL, NULL);
p = cert->derCert.data;
+ xmlSecAssert2(p != NULL, NULL);
+
size = cert->derCert.len;
- if((size <= 0) || (p == NULL)){
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "cert->derCert",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
- return(NULL);
- }
+ xmlSecAssert2(size > 0, NULL);
res = xmlSecBase64Encode(p, size, base64LineWrap);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64Encode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecBase64Encode", NULL);
return(NULL);
}
@@ -1854,11 +1635,7 @@ xmlSecNssX509CrlBase64DerRead(xmlChar* buf,
/* usual trick with base64 decoding "in-place" */
ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf));
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64Decode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecBase64Decode", NULL);
return(NULL);
}
@@ -1886,26 +1663,19 @@ xmlSecNssX509CrlDerRead(xmlSecByte* buf, xmlSecSize size,
*/
slot = xmlSecNssGetInternalKeySlot();
if (slot == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssGetInternalKeySlot",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecNssGetInternalKeySlot", NULL);
return NULL;
}
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS) != 0)
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS) != 0) {
importOptions |= CRL_IMPORT_BYPASS_CHECKS;
+ }
crl = PK11_ImportCRL(slot, &derCrl, NULL, SEC_CRL_TYPE, NULL,
importOptions, NULL, CRL_DECODE_DEFAULT_OPTIONS);
if(crl == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "PK11_ImportCRL",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
+ xmlSecNssError("PK11_ImportCRL", NULL);
PK11_FreeSlot(slot);
return(NULL);
}
@@ -1923,23 +1693,14 @@ xmlSecNssX509CrlBase64DerWrite(CERTSignedCrl* crl, int base64LineWrap) {
xmlSecAssert2(crl != NULL && crl->derCrl != NULL, NULL);
p = crl->derCrl->data;
+ xmlSecAssert2(p != NULL, NULL);
+
size = crl->derCrl->len;
- if((size <= 0) || (p == NULL)){
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "crl->derCrl",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "error code=%d", PORT_GetError());
- return(NULL);
- }
+ xmlSecAssert2(size > 0, NULL);
res = xmlSecBase64Encode(p, size, base64LineWrap);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64Encode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecBase64Encode", NULL);
return(NULL);
}
@@ -1955,21 +1716,13 @@ xmlSecNssX509NameWrite(CERTName* nm) {
str = CERT_NameToAscii(nm);
if (str == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CERT_NameToAscii",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecNssError("CERT_NameToAscii", NULL);
return(NULL);
}
res = xmlStrdup(BAD_CAST str);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlStrdup",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecStrdupError(BAD_CAST str, NULL);
PORT_Free(str);
return(NULL);
}
@@ -1987,23 +1740,21 @@ xmlSecNssASN1IntegerWrite(SECItem *num) {
xmlSecAssert2(num != NULL, NULL);
xmlSecAssert2(num->type == siBuffer, NULL);
- xmlSecAssert2(num->len <= 9, NULL);
xmlSecAssert2(num->data != NULL, NULL);
/* HACK : to be fixed after
* NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed
*/
for(ii = num->len; ii > 0; --ii, shift += 8) {
- val |= ((PRUint64)num->data[ii - 1]) << shift;
+ xmlSecAssert2(shift < 64 || num->data[ii - 1] == 0, NULL);
+ if(num->data[ii - 1] != 0) {
+ val |= ((PRUint64)num->data[ii - 1]) << shift;
+ }
}
res = (xmlChar*)xmlMalloc(resLen + 1);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlStrdup",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecMallocError(resLen + 1, NULL);
return (NULL);
}
@@ -2023,22 +1774,14 @@ xmlSecNssX509SKIWrite(CERTCertificate* cert) {
rv = CERT_FindSubjectKeyIDExtension(cert, &ski);
if (rv != SECSuccess) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "CERT_FindSubjectKeyIDExtension",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecNssError("CERT_FindSubjectKeyIDExtension", NULL);
SECITEM_FreeItem(&ski, PR_FALSE);
return(NULL);
}
res = xmlSecBase64Encode(ski.data, ski.len, 0);
if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64Encode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecBase64Encode", NULL);
SECITEM_FreeItem(&ski, PR_FALSE);
return(NULL);
}
@@ -2178,43 +1921,30 @@ xmlSecNssKeyDataRawX509CertBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
cert = xmlSecNssX509CertDerRead(buf, bufSize);
if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecNssX509CertDerRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecNssX509CertDerRead", NULL);
return(-1);
}
data = xmlSecKeyEnsureData(key, xmlSecNssKeyDataX509Id);
if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyEnsureData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecKeyEnsureData",
+ xmlSecKeyDataKlassGetName(id));
CERT_DestroyCertificate(cert);
return(-1);
}
ret = xmlSecNssKeyDataX509AdoptCert(data, cert);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert",
+ xmlSecKeyDataKlassGetName(id));
CERT_DestroyCertificate(cert);
return(-1);
}
ret = xmlSecNssKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecNssKeyDataX509VerifyAndExtractKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecInternalError("xmlSecNssKeyDataX509VerifyAndExtractKey",
+ xmlSecKeyDataKlassGetName(id));
return(-1);
}
return(0);
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-04 15:05:40 +0000