diff options
Diffstat (limited to 'src/nss/x509.c')
-rw-r--r-- | src/nss/x509.c | 730 |
1 files changed, 230 insertions, 500 deletions
diff --git a/src/nss/x509.c b/src/nss/x509.c index 887c77cf..933e5bfe 100644 --- a/src/nss/x509.c +++ b/src/nss/x509.c @@ -1,7 +1,5 @@ -/** - * XMLSec library - * - * X509 support +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * * * This is free software; see Copyright file in the source @@ -9,6 +7,13 @@ * * Copyright (c) 2003 America Online, Inc. All rights reserved. */ +/** + * SECTION:x509 + * @Short_description: X509 certificates implementation for NSS. + * @Stability: Stable + * + */ + #include "globals.h" #ifndef XMLSEC_NO_X509 @@ -374,22 +379,14 @@ xmlSecNssKeyDataX509AdoptCert(xmlSecKeyDataPtr data, CERTCertificate* cert) { if(ctx->certsList == NULL) { ctx->certsList = CERT_NewCertList(); if(ctx->certsList == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CERT_NewCertList", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("CERT_NewCertList", xmlSecKeyDataGetName(data)); return(-1); } } ret = CERT_AddCertToListTail(ctx->certsList, cert); if(ret != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CERT_AddCertToListTail", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("CERT_AddCertToListTail", xmlSecKeyDataGetName(data)); return(-1); } ctx->numCerts++; @@ -470,13 +467,8 @@ xmlSecNssKeyDataX509AdoptCrl(xmlSecKeyDataPtr data, CERTSignedCrl* crl) { xmlSecAssert2(ctx != NULL, -1); crlnode = (xmlSecNssX509CrlNodePtr)PR_Malloc(sizeof(xmlSecNssX509CrlNode)); - if(crlnode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PR_Malloc", - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PR_Malloc", xmlSecKeyDataGetName(data)); return(-1); } @@ -574,31 +566,22 @@ xmlSecNssKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { */ certSrc = xmlSecNssKeyDataX509GetCert(src, pos); if(certSrc == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)), - "xmlSecNssKeyDataX509GetCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssKeyDataX509GetCert", + xmlSecKeyDataGetName(src), + "pos=%d", pos); return(-1); } certDst = CERT_DupCertificate(certSrc); if(certDst == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "CERT_DupCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("CERT_DupCertificate", xmlSecKeyDataGetName(dst)); return(-1); } ret = xmlSecNssKeyDataX509AdoptCert(dst, certDst); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecNssKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert", + xmlSecKeyDataGetName(dst)); CERT_DestroyCertificate(certDst); return(-1); } @@ -609,31 +592,22 @@ xmlSecNssKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { for(pos = 0; pos < size; ++pos) { crlSrc = xmlSecNssKeyDataX509GetCrl(src, pos); if(crlSrc == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)), - "xmlSecNssKeyDataX509GetCrl", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssKeyDataX509GetCrl", + xmlSecKeyDataGetName(src), + "pos=%d", pos); return(-1); } crlDst = SEC_DupCrl(crlSrc); if(crlDst == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "SEC_DupCrl", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("SEC_DupCrl", xmlSecKeyDataGetName(dst)); return(-1); } ret = xmlSecNssKeyDataX509AdoptCrl(dst, crlDst); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecNssKeyDataX509AdoptCrl", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptCrl", + xmlSecKeyDataGetName(dst)); SEC_DestroyCrl(crlDst); return(-1); } @@ -644,20 +618,14 @@ xmlSecNssKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { if(certSrc != NULL) { certDst = CERT_DupCertificate(certSrc); if(certDst == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "CERT_DupCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("CERT_DupCertificate", + xmlSecKeyDataGetName(dst)); return(-1); } ret = xmlSecNssKeyDataX509AdoptKeyCert(dst, certDst); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecNssKeyDataX509AdoptKeyCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptKeyCert", + xmlSecKeyDataGetName(dst)); CERT_DestroyCertificate(certDst); return(-1); } @@ -701,7 +669,7 @@ xmlSecNssKeyDataX509Finalize(xmlSecKeyDataPtr data) { static int xmlSecNssKeyDataX509XmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, - xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyDataPtr data; int ret; @@ -712,34 +680,23 @@ xmlSecNssKeyDataX509XmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, data = xmlSecKeyEnsureData(key, id); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyEnsureData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyEnsureData", + xmlSecKeyDataKlassGetName(id)); return(-1); } ret = xmlSecNssX509DataNodeRead(data, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssX509DataNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509DataNodeRead", + xmlSecKeyDataKlassGetName(id)); return(-1); } - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS) == 0) { - ret = xmlSecNssKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssKeyDataX509VerifyAndExtractKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } + ret = xmlSecNssKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecNssKeyDataX509VerifyAndExtractKey", + xmlSecKeyDataKlassGetName(id)); + return(-1); } return(0); } @@ -759,13 +716,11 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlSecAssert2(node != NULL, -1); xmlSecAssert2(keyInfoCtx != NULL, -1); - content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx); + content = xmlSecX509DataGetNodeContent (node, keyInfoCtx); if (content < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecX509DataGetNodeContent", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "content=%d", content); + xmlSecInternalError2("xmlSecX509DataGetNodeContent", + xmlSecKeyDataKlassGetName(id), + "content=%d", content); return(-1); } else if(content == 0) { /* by default we are writing certificates and crls */ @@ -784,22 +739,18 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, for(pos = 0; pos < size; ++pos) { cert = xmlSecNssKeyDataX509GetCert(data, pos); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssKeyDataX509GetCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssKeyDataX509GetCert", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) { ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssX509CertificateNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssX509CertificateNodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -807,11 +758,9 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) { ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssX509SubjectNameNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssX509SubjectNameNodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -819,11 +768,9 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) { ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssX509IssuerSerialNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssX509IssuerSerialNodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -831,11 +778,9 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, if((content & XMLSEC_X509DATA_SKI_NODE) != 0) { ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssX509SKINodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssX509SKINodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -847,21 +792,17 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, for(pos = 0; pos < size; ++pos) { crl = xmlSecNssKeyDataX509GetCrl(data, pos); if(crl == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssKeyDataX509GetCrl", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssKeyDataX509GetCrl", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssX509CRLNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssX509CRLNodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -905,11 +846,9 @@ xmlSecNssKeyDataX509DebugDump(xmlSecKeyDataPtr data, FILE* output) { for(pos = 0; pos < size; ++pos) { cert = xmlSecNssKeyDataX509GetCert(data, pos); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssKeyDataX509GetCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssKeyDataX509GetCert", + xmlSecKeyDataGetName(data), + "pos=%d", pos); return; } fprintf(output, "==== Certificate:\n"); @@ -939,11 +878,9 @@ xmlSecNssKeyDataX509DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { for(pos = 0; pos < size; ++pos) { cert = xmlSecNssKeyDataX509GetCert(data, pos); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssKeyDataX509GetCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssKeyDataX509GetCert", + xmlSecKeyDataGetName(data), + "pos=%d", pos); return; } fprintf(output, "<Certificate>\n"); @@ -968,32 +905,44 @@ xmlSecNssX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoC cur != NULL; cur = xmlSecGetNextElementNode(cur->next)) { - ret = 0; if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) { ret = xmlSecNssX509CertificateNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecNssX509CertificateNodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) { ret = xmlSecNssX509SubjectNameNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecNssX509SubjectNameNodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) { ret = xmlSecNssX509IssuerSerialNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecNssX509IssuerSerialNodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) { ret = xmlSecNssX509SKINodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecNssX509SKINodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) { ret = xmlSecNssX509CRLNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecNssX509CRLNodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD) != 0) { /* laxi schema validation: ignore unknown nodes */ - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "read node failed"); + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataGetName(data)); return(-1); } } @@ -1016,11 +965,7 @@ xmlSecNssX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK xmlFree(content); } if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty"); return(-1); } return(0); @@ -1028,22 +973,16 @@ xmlSecNssX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK cert = xmlSecNssX509CertBase64DerRead(content); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssX509CertBase64DerRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509CertBase64DerRead", + xmlSecKeyDataGetName(data)); xmlFree(content); return(-1); } ret = xmlSecNssKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); CERT_DestroyCertificate(cert); xmlFree(content); return(-1); @@ -1065,29 +1004,20 @@ xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSec /* set base64 lines size from context */ buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509CertBase64DerWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509CertBase64DerWrite", NULL); return(-1); } - cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509Certificate)", NULL); xmlFree(buf); return(-1); } /* todo: add \n around base64 data - from context */ /* todo: add errors check */ - xmlNodeSetContent(cur, xmlSecStringCR); + xmlNodeSetContent(cur, xmlSecGetDefaultLineFeed()); xmlNodeSetContent(cur, buf); xmlFree(buf); return(0); @@ -1107,11 +1037,8 @@ xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecNssX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); return(-1); } @@ -1121,11 +1048,7 @@ xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK xmlFree(subject); } if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty"); return(-1); } return(0); @@ -1135,12 +1058,8 @@ xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK if(cert == NULL){ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - "subject=%s", - xmlSecErrorsSafeString(subject)); + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data), + "subject=%s", xmlSecErrorsSafeString(subject)); xmlFree(subject); return(-1); } @@ -1151,11 +1070,8 @@ xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK ret = xmlSecNssKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); CERT_DestroyCertificate(cert); xmlFree(subject); return(-1); @@ -1169,32 +1085,32 @@ static int xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { xmlChar* buf = NULL; xmlNodePtr cur = NULL; + int ret; xmlSecAssert2(cert != NULL, -1); xmlSecAssert2(node != NULL, -1); buf = xmlSecNssX509NameWrite(&(cert->subject)); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509NameWrite(&(cert->subject))", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509NameWrite(&(cert->subject))", NULL); return(-1); } - cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SubjectName)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509SubjectName)", NULL); + xmlFree(buf); + return(-1); + } + + ret = xmlSecNodeEncodeAndSetContent(cur, buf); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent", NULL); xmlFree(buf); return(-1); } - xmlSecNodeEncodeAndSetContent(cur, buf); + + /* done */ xmlFree(buf); return(0); } @@ -1215,23 +1131,16 @@ xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSec x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecNssX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); return(-1); } cur = xmlSecGetNextElementNode(node->children); if(cur == NULL) { if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecNodeNotFoundError("xmlSecGetNextElementNode", node, NULL, + xmlSecKeyDataGetName(data)); return(-1); } return(0); @@ -1239,56 +1148,32 @@ xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSec /* the first is required node X509IssuerName */ if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInvalidNodeError(cur, xmlSecNodeX509IssuerName, xmlSecKeyDataGetName(data)); return(-1); } issuerName = xmlNodeGetContent(cur); if(issuerName == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); + xmlSecInvalidNodeContentError(cur, xmlSecKeyDataGetName(data), "empty"); return(-1); } cur = xmlSecGetNextElementNode(cur->next); /* next is required node X509SerialNumber */ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); + xmlSecInvalidNodeError(cur, xmlSecNodeX509SerialNumber, xmlSecKeyDataGetName(data)); xmlFree(issuerName); return(-1); } issuerSerial = xmlNodeGetContent(cur); if(issuerSerial == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInvalidNodeContentError(cur, xmlSecKeyDataGetName(data), "empty"); xmlFree(issuerName); return(-1); } cur = xmlSecGetNextElementNode(cur->next); if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataGetName(data)); xmlFree(issuerSerial); xmlFree(issuerName); return(-1); @@ -1297,13 +1182,10 @@ xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSec cert = xmlSecNssX509StoreFindCert(x509Store, NULL, issuerName, issuerSerial, NULL, keyInfoCtx); if(cert == NULL){ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - "issuerName=%s;issuerSerial=%s", - xmlSecErrorsSafeString(issuerName), - xmlSecErrorsSafeString(issuerSerial)); + xmlSecOtherError3(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data), + "issuerName=%s;issuerSerial=%s", + xmlSecErrorsSafeString(issuerName), + xmlSecErrorsSafeString(issuerSerial)); xmlFree(issuerSerial); xmlFree(issuerName); return(-1); @@ -1316,11 +1198,8 @@ xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSec ret = xmlSecNssKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); CERT_DestroyCertificate(cert); xmlFree(issuerSerial); xmlFree(issuerName); @@ -1338,64 +1217,48 @@ xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSe xmlNodePtr issuerNameNode; xmlNodePtr issuerNumberNode; xmlChar* buf; + int ret; xmlSecAssert2(cert != NULL, -1); xmlSecAssert2(node != NULL, -1); /* create xml nodes */ - cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509IssuerSerial)", NULL); return(-1); } - issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs); + issuerNameNode = xmlSecEnsureEmptyChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs); if(issuerNameNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509IssuerName)", NULL); return(-1); } - issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs); + issuerNumberNode = xmlSecEnsureEmptyChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs); if(issuerNumberNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509SerialNumber)", NULL); return(-1); } /* write data */ buf = xmlSecNssX509NameWrite(&(cert->issuer)); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509NameWrite(&(cert->issuer))", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509NameWrite(&(cert->issuer))", NULL); + return(-1); + } + + ret = xmlSecNodeEncodeAndSetContent(issuerNameNode, buf); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent(issuerNameNode)", NULL); + xmlFree(buf); return(-1); } - xmlSecNodeEncodeAndSetContent(issuerNameNode, buf); xmlFree(buf); buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber)); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssASN1IntegerWrite(&(cert->serialNumber))", NULL); return(-1); } xmlNodeSetContent(issuerNumberNode, buf); @@ -1418,11 +1281,8 @@ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecNssX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); return(-1); } @@ -1432,12 +1292,7 @@ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt xmlFree(ski); } if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SKI)); + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty"); return(-1); } return(0); @@ -1448,12 +1303,8 @@ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt xmlFree(ski); if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - "ski=%s", - xmlSecErrorsSafeString(ski)); + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data), + "ski=%s", xmlSecErrorsSafeString(ski)); return(-1); } return(0); @@ -1461,11 +1312,8 @@ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt ret = xmlSecNssKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); CERT_DestroyCertificate(cert); xmlFree(ski); return(-1); @@ -1479,34 +1327,33 @@ static int xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { xmlChar *buf = NULL; xmlNodePtr cur = NULL; + int ret; xmlSecAssert2(cert != NULL, -1); xmlSecAssert2(node != NULL, -1); buf = xmlSecNssX509SKIWrite(cert); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509SKIWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509SKIWrite", NULL); return(-1); } - cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509SKI, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "new_node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SKI)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509SKI)", NULL); xmlFree(buf); return(-1); } - xmlSecNodeEncodeAndSetContent(cur, buf); - xmlFree(buf); + ret = xmlSecNodeEncodeAndSetContent(cur, buf); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent", NULL); + xmlFree(buf); + return(-1); + } + + /* done */ + xmlFree(buf); return(0); } @@ -1525,11 +1372,7 @@ xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt xmlFree(content); } if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty"); return(-1); } return(0); @@ -1537,11 +1380,8 @@ xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx); if(crl == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssX509CrlBase64DerRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509CrlBase64DerRead", + xmlSecKeyDataGetName(data)); xmlFree(content); return(-1); } @@ -1563,28 +1403,19 @@ xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxP /* set base64 lines size from context */ buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509CrlBase64DerWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509CrlBase64DerWrite", NULL); return(-1); } - cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "new_node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509CRL)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509CRL)", NULL); xmlFree(buf); return(-1); } /* todo: add \n around base64 data - from context */ /* todo: add errors check */ - xmlNodeSetContent(cur, xmlSecStringCR); + xmlNodeSetContent(cur, xmlSecGetDefaultLineFeed()); xmlNodeSetContent(cur, buf); xmlFree(buf); @@ -1611,11 +1442,8 @@ xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecNssX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); return(-1); } @@ -1628,42 +1456,30 @@ xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, ctx->keyCert = CERT_DupCertificate(cert); if(ctx->keyCert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CERT_DupCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("CERT_DupCertificate", + xmlSecKeyDataGetName(data)); return(-1); } keyValue = xmlSecNssX509CertGetKey(ctx->keyCert); if(keyValue == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssX509CertGetKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509CertGetKey", + xmlSecKeyDataGetName(data)); return(-1); } /* verify that the key matches our expectations */ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeyReqMatchKeyValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyReqMatchKeyValue", + xmlSecKeyDataGetName(data)); xmlSecKeyDataDestroy(keyValue); return(-1); } ret = xmlSecKeySetValue(key, keyValue); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(data)); xmlSecKeyDataDestroy(keyValue); return(-1); } @@ -1672,31 +1488,21 @@ xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, if (status == SECSuccess) { ret = xmlSecNssX509CertGetTime(¬Before, &(key->notValidBefore)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssX509CertGetTime", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "notValidBefore"); + xmlSecInternalError("xmlSecNssX509CertGetTime(notValidBefore)", + xmlSecKeyDataGetName(data)); return(-1); } ret = xmlSecNssX509CertGetTime(¬After, &(key->notValidAfter)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssX509CertGetTime", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "notValidAfter"); + xmlSecInternalError("xmlSecNssX509CertGetTime(notValidAfter)", + xmlSecKeyDataGetName(data)); return(-1); } } else { key->notValidBefore = key->notValidAfter = 0; } } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data), NULL); return(-1); } } @@ -1742,21 +1548,13 @@ xmlSecNssX509CertGetKey(CERTCertificate* cert) { pubkey = CERT_ExtractPublicKey(cert); if(pubkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_ExtractPublicKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("CERT_ExtractPublicKey", NULL); return(NULL); } data = xmlSecNssPKIAdoptKey(NULL, pubkey); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssPKIAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIAdoptKey", NULL); SECKEY_DestroyPublicKey(pubkey); return(NULL); } @@ -1773,11 +1571,7 @@ xmlSecNssX509CertBase64DerRead(xmlChar* buf) { /* usual trick with base64 decoding "in-place" */ ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Decode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Decode", NULL); return(NULL); } @@ -1800,11 +1594,7 @@ xmlSecNssX509CertDerRead(const xmlSecByte* buf, xmlSecSize size) { cert = __CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &derCert, NULL, PR_FALSE, PR_TRUE); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "__CERT_NewTempCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("__CERT_NewTempCertificate", NULL); return(NULL); } @@ -1821,23 +1611,14 @@ xmlSecNssX509CertBase64DerWrite(CERTCertificate* cert, int base64LineWrap) { xmlSecAssert2(cert != NULL, NULL); p = cert->derCert.data; + xmlSecAssert2(p != NULL, NULL); + size = cert->derCert.len; - if((size <= 0) || (p == NULL)){ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "cert->derCert", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); - return(NULL); - } + xmlSecAssert2(size > 0, NULL); res = xmlSecBase64Encode(p, size, base64LineWrap); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Encode", NULL); return(NULL); } @@ -1854,11 +1635,7 @@ xmlSecNssX509CrlBase64DerRead(xmlChar* buf, /* usual trick with base64 decoding "in-place" */ ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Decode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Decode", NULL); return(NULL); } @@ -1886,26 +1663,19 @@ xmlSecNssX509CrlDerRead(xmlSecByte* buf, xmlSecSize size, */ slot = xmlSecNssGetInternalKeySlot(); if (slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssGetInternalKeySlot", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssGetInternalKeySlot", NULL); return NULL; } - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS) != 0) + if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS) != 0) { importOptions |= CRL_IMPORT_BYPASS_CHECKS; + } crl = PK11_ImportCRL(slot, &derCrl, NULL, SEC_CRL_TYPE, NULL, importOptions, NULL, CRL_DECODE_DEFAULT_OPTIONS); if(crl == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_ImportCRL", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PK11_ImportCRL", NULL); PK11_FreeSlot(slot); return(NULL); } @@ -1923,23 +1693,14 @@ xmlSecNssX509CrlBase64DerWrite(CERTSignedCrl* crl, int base64LineWrap) { xmlSecAssert2(crl != NULL && crl->derCrl != NULL, NULL); p = crl->derCrl->data; + xmlSecAssert2(p != NULL, NULL); + size = crl->derCrl->len; - if((size <= 0) || (p == NULL)){ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "crl->derCrl", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); - return(NULL); - } + xmlSecAssert2(size > 0, NULL); res = xmlSecBase64Encode(p, size, base64LineWrap); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Encode", NULL); return(NULL); } @@ -1955,21 +1716,13 @@ xmlSecNssX509NameWrite(CERTName* nm) { str = CERT_NameToAscii(nm); if (str == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_NameToAscii", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("CERT_NameToAscii", NULL); return(NULL); } res = xmlStrdup(BAD_CAST str); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlStrdup", - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecStrdupError(BAD_CAST str, NULL); PORT_Free(str); return(NULL); } @@ -1987,23 +1740,21 @@ xmlSecNssASN1IntegerWrite(SECItem *num) { xmlSecAssert2(num != NULL, NULL); xmlSecAssert2(num->type == siBuffer, NULL); - xmlSecAssert2(num->len <= 9, NULL); xmlSecAssert2(num->data != NULL, NULL); /* HACK : to be fixed after * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed */ for(ii = num->len; ii > 0; --ii, shift += 8) { - val |= ((PRUint64)num->data[ii - 1]) << shift; + xmlSecAssert2(shift < 64 || num->data[ii - 1] == 0, NULL); + if(num->data[ii - 1] != 0) { + val |= ((PRUint64)num->data[ii - 1]) << shift; + } } res = (xmlChar*)xmlMalloc(resLen + 1); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlStrdup", - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMallocError(resLen + 1, NULL); return (NULL); } @@ -2023,22 +1774,14 @@ xmlSecNssX509SKIWrite(CERTCertificate* cert) { rv = CERT_FindSubjectKeyIDExtension(cert, &ski); if (rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_FindSubjectKeyIDExtension", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("CERT_FindSubjectKeyIDExtension", NULL); SECITEM_FreeItem(&ski, PR_FALSE); return(NULL); } res = xmlSecBase64Encode(ski.data, ski.len, 0); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Encode", NULL); SECITEM_FreeItem(&ski, PR_FALSE); return(NULL); } @@ -2178,43 +1921,30 @@ xmlSecNssKeyDataRawX509CertBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, cert = xmlSecNssX509CertDerRead(buf, bufSize); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509CertDerRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509CertDerRead", NULL); return(-1); } data = xmlSecKeyEnsureData(key, xmlSecNssKeyDataX509Id); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyEnsureData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyEnsureData", + xmlSecKeyDataKlassGetName(id)); CERT_DestroyCertificate(cert); return(-1); } ret = xmlSecNssKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert", + xmlSecKeyDataKlassGetName(id)); CERT_DestroyCertificate(cert); return(-1); } ret = xmlSecNssKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssKeyDataX509VerifyAndExtractKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeyDataX509VerifyAndExtractKey", + xmlSecKeyDataKlassGetName(id)); return(-1); } return(0); |