diff options
Diffstat (limited to 'src/xmldsig.c')
-rw-r--r-- | src/xmldsig.c | 171 |
1 files changed, 160 insertions, 11 deletions
diff --git a/src/xmldsig.c b/src/xmldsig.c index 619e725a..73b6171a 100644 --- a/src/xmldsig.c +++ b/src/xmldsig.c @@ -55,6 +55,15 @@ static int xmlSecDSigCtxProcessManifestNode (xmlSecDSigCtxPtr dsigCt static int xmlSecDSigCtxProcessReferences (xmlSecDSigCtxPtr dsigCtx, xmlNodePtr firstReferenceNode); +/* TIZEN CUSTOMIZED */ +static int xmlSecHexToInt (char a); +static int xmlSecDecodeCmp (const xmlChar* encoded, + const xmlChar* plain); +#define xmlSecTizenError(...) do {\ + xmlSecError(XMLSEC_ERRORS_HERE,NULL,NULL,\ + XMLSEC_ERRORS_MAX_NUMBER,\ + __VA_ARGS__);\ + } while (0) /* The ID attribute in XMLDSig is 'Id' */ static const xmlChar* xmlSecDSigIds[] = { xmlSecAttrId, NULL }; @@ -193,6 +202,41 @@ xmlSecDSigCtxFinalize(xmlSecDSigCtxPtr dsigCtx) { memset(dsigCtx, 0, sizeof(xmlSecDSigCtx)); } +/* TIZEN CUSTOMIZED */ +int +xmlSecProxyCtxAdd(xmlSecProxyCtxPtr* proxyCtxPtrPtr, const xmlChar* uri) { + xmlSecProxyCtxPtr pc = (xmlSecProxyCtxPtr)xmlMalloc(sizeof(xmlSecProxyCtx)); + if(pc == NULL) { + xmlSecMallocError(sizeof(xmlSecProxyCtx), NULL); + return(-1); + } + + pc->cache = xmlStrdup(uri); + if(pc->cache == NULL) { + xmlSecStrdupError(uri, NULL); + xmlFree(pc); + return(-1); + } + pc->next = NULL; + + while(*proxyCtxPtrPtr != NULL) + proxyCtxPtrPtr = &((*proxyCtxPtrPtr)->next); + + *proxyCtxPtrPtr = pc; + return(0); +} + +void xmlSecProxyCtxDestroy(xmlSecProxyCtxPtr proxyCtxPtr) { + while(proxyCtxPtr != NULL) { + if(proxyCtxPtr->cache != NULL) + xmlFree(proxyCtxPtr->cache); + + xmlSecProxyCtxPtr next = proxyCtxPtr->next; + xmlFree(proxyCtxPtr); + proxyCtxPtr = next; + } +} + /** * xmlSecDSigCtxEnableReferenceTransform: * @dsigCtx: the pointer to <dsig:Signature/> processing context. @@ -511,15 +555,21 @@ xmlSecDSigCtxProcessSignatureNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) { /* as the result, we should have a key */ xmlSecAssert2(dsigCtx->signKey != NULL, -1); - /* now actually process references and calculate digests */ - ret = xmlSecDSigCtxProcessReferences(dsigCtx, firstReferenceNode); - if(ret < 0) { - xmlSecInternalError("xmlSecDSigCtxProcessReferences", NULL); - return(-1); - } - /* references processing might change the status */ - if(dsigCtx->status != xmlSecDSigStatusUnknown) { - return(0); + /* TIZEN CUSTOMIZED : if no-hash mode, skip processing references */ + if((dsigCtx->flags & XMLSEC_DSIG_FLAGS_IGNORE_REFERENCES) != 0) { + xmlSecTizenError("Skip processing references. no-hash mode."); + dsigCtx->status = xmlSecDSigStatusSucceeded; + } else { + /* now actually process references and calculate digests */ + ret = xmlSecDSigCtxProcessReferences(dsigCtx, firstReferenceNode); + if(ret < 0) { + xmlSecInternalError("xmlSecDSigCtxProcessReferences", NULL); + return(-1); + } + /* references processing might change the status */ + if(dsigCtx->status != xmlSecDSigStatusUnknown) { + return(0); + } } /* if we need to write result to xml node then we need base64 encode result */ @@ -710,6 +760,44 @@ xmlSecDSigCtxProcessSignedInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node, xm return(0); } +static int +xmlSecHexToInt(char a) +{ + if (a >= '0' && a <= '9') return(a - '0'); + if (a >= 'A' && a <= 'F') return(a - 'A' + 10); + if (a >= 'a' && a <= 'f') return(a - 'a' + 10); + + return(-1); +} + +static int +xmlSecDecodeCmp(const xmlChar* encoded, const xmlChar* plain) { + + xmlSecAssert2(encoded != NULL, -1); + xmlSecAssert2(plain != NULL, -1); + + while(*plain != '\0') { + if(*encoded == '\0') + return(-1); + + /* check encoded char is same with plain char */ + if(*encoded == '%') { + if(*(encoded + 1) == '\0' &&*(encoded + 2) == '\0') + return(-1); + + if((int)*plain != + xmlSecHexToInt(*(encoded + 1)) * 16 + xmlSecHexToInt(*(encoded + 2))) + return(-1); + + encoded += 3; + plain++; + } else { + if(*(encoded++) != *(plain++)) + return(-1); + } + } + return(0); +} static int xmlSecDSigCtxProcessReferences(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr firstReferenceNode) { @@ -731,6 +819,67 @@ xmlSecDSigCtxProcessReferences(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr firstReferen return(-1); } + /* TIZEN CUSTOMIZED : skip uri in proxy caches for proxy mode */ + if((dsigCtx->flags & XMLSEC_DSIG_FLAGS_SKIP_PROXY) != 0) { + + int isInProxy = 0; + if(dsigCtx->skipReferences != NULL) { + xmlChar* refUri = xmlGetProp(cur, xmlSecAttrURI); + if(refUri == NULL) { + xmlSecInvalidNodeAttributeError(cur, NULL, NULL, "empty"); + return(-1); + } + + xmlSecProxyCtxPtr pc = dsigCtx->skipReferences; + while(pc != NULL) { + if(strncmp((char*)refUri, (char*)pc->cache, xmlStrlen(refUri)) == 0) { + isInProxy = 1; + xmlSecTizenError("[%s] is already checked by singature-validator.", refUri); + break; + } + pc = pc->next; + } + xmlFree(refUri); + } else { + /* if proxy is not exist, process references */ + xmlSecTizenError("Proxy doesn't exist."); + } + + if(isInProxy) + continue; + } + + /* TIZEN CUSTOMIZED : check uri only in proxy caches for partial mode */ + if((dsigCtx->flags & XMLSEC_DSIG_FLAGS_CHECK_PROXY) != 0) { + + int isInProxy = 0; + if(dsigCtx->checkReferences != NULL) { + xmlChar* refUri = xmlGetProp(cur, xmlSecAttrURI); + if(refUri == NULL) { + xmlSecInvalidNodeAttributeError(cur, NULL, NULL, "empty"); + return(-1); + } + + xmlSecProxyCtxPtr pc = dsigCtx->checkReferences; + while(pc != NULL) { + if(xmlSecDecodeCmp(refUri, pc->cache) == 0) { + isInProxy = 1; + xmlSecTizenError("Check [%s] on processing references.", refUri); + break; + } + pc = pc->next; + } + xmlFree(refUri); + } else { + /* if proxy is not exist, process references */ + xmlSecTizenError("Proxy doesn't exist."); + } + + /* if not exist on proxy, skip on processing references */ + if(isInProxy == 0) + continue; + } + /* create reference */ dsigRefCtx = xmlSecDSigReferenceCtxCreate(dsigCtx, xmlSecDSigReferenceOriginSignedInfo); if(dsigRefCtx == NULL) { @@ -1405,7 +1554,7 @@ xmlSecDSigReferenceCtxProcessNode(xmlSecDSigReferenceCtxPtr dsigRefCtx, xmlNodeP /* finally get transforms results */ ret = xmlSecTransformCtxExecute(transformCtx, node->doc); if(ret < 0) { - xmlSecInternalError("xmlSecTransformCtxExecute", NULL); + xmlSecInternalError("xmlSecTransformCtxExecute", dsigRefCtx->uri); return(-1); } dsigRefCtx->result = transformCtx->result; @@ -1428,7 +1577,7 @@ xmlSecDSigReferenceCtxProcessNode(xmlSecDSigReferenceCtxPtr dsigRefCtx, xmlNodeP ret = xmlSecTransformVerifyNodeContent(dsigRefCtx->digestMethod, digestValueNode, transformCtx); if(ret < 0) { - xmlSecInternalError("xmlSecTransformVerifyNodeContent", NULL); + xmlSecInternalError("xmlSecTransformVerifyNodeContent", dsigRefCtx->uri); return(-1); } |