diff options
Diffstat (limited to 'external/libxmlsec/src/akmngr_nss.c')
-rw-r--r-- | external/libxmlsec/src/akmngr_nss.c | 384 |
1 files changed, 384 insertions, 0 deletions
diff --git a/external/libxmlsec/src/akmngr_nss.c b/external/libxmlsec/src/akmngr_nss.c new file mode 100644 index 000000000000..0eddf86ef931 --- /dev/null +++ b/external/libxmlsec/src/akmngr_nss.c @@ -0,0 +1,384 @@ +/** + * XMLSec library + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright......................... + */ +#include "globals.h" + +#include <nspr.h> +#include <nss.h> +#include <pk11func.h> +#include <cert.h> +#include <keyhi.h> + +#include <xmlsec/xmlsec.h> +#include <xmlsec/keys.h> +#include <xmlsec/transforms.h> +#include <xmlsec/errors.h> + +#include <xmlsec/nss/crypto.h> +#include <xmlsec/nss/tokens.h> +#include <xmlsec/nss/akmngr.h> +#include <xmlsec/nss/pkikeys.h> +#include <xmlsec/nss/ciphers.h> +#include <xmlsec/nss/keysstore.h> + +/** + * xmlSecNssAppliedKeysMngrCreate: + * @slot: array of pointers to NSS PKCS#11 slot information. + * @cSlots: number of slots in the array + * @handler: the pointer to NSS certificate database. + * + * Create and load NSS crypto slot and certificate database into keys manager + * + * Returns keys manager pointer on success or NULL otherwise. + */ +xmlSecKeysMngrPtr +xmlSecNssAppliedKeysMngrCreate( + PK11SlotInfo** slots, + int cSlots, + CERTCertDBHandle* handler +) { + xmlSecKeyDataStorePtr certStore = NULL ; + xmlSecKeysMngrPtr keyMngr = NULL ; + xmlSecKeyStorePtr keyStore = NULL ; + int islot = 0; + keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ; + if( keyStore == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeyStoreCreate" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return NULL ; + } + + for (islot = 0; islot < cSlots; islot++) + { + xmlSecNssKeySlotPtr keySlot ; + + /* Create a key slot */ + keySlot = xmlSecNssKeySlotCreate() ; + if( keySlot == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , + "xmlSecNssKeySlotCreate" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeyStoreDestroy( keyStore ) ; + return NULL ; + } + + /* Set slot */ + if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , + "xmlSecNssKeySlotSetSlot" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeyStoreDestroy( keyStore ) ; + xmlSecNssKeySlotDestroy( keySlot ) ; + return NULL ; + } + + /* Adopt keySlot */ + if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , + "xmlSecNssKeysStoreAdoptKeySlot" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeyStoreDestroy( keyStore ) ; + xmlSecNssKeySlotDestroy( keySlot ) ; + return NULL ; + } + } + + keyMngr = xmlSecKeysMngrCreate() ; + if( keyMngr == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeysMngrCreate" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeyStoreDestroy( keyStore ) ; + return NULL ; + } + + /*- + * Add key store to manager, from now on keys manager destroys the store if + * needed + */ + if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , + "xmlSecKeysMngrAdoptKeyStore" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeyStoreDestroy( keyStore ) ; + xmlSecKeysMngrDestroy( keyMngr ) ; + return NULL ; + } + + /*- + * Initialize crypto library specific data in keys manager + */ + if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeysMngrCreate" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeysMngrDestroy( keyMngr ) ; + return NULL ; + } + + /*- + * Set certificate databse to X509 key data store + */ + /** + * Because Tej's implementation of certDB use the default DB, so I ignore + * the certDB handler at present. I'll modify the cert store sources to + * accept particular certDB instead of default ones. + certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ; + if( certStore == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , + "xmlSecKeysMngrGetDataStore" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeysMngrDestroy( keyMngr ) ; + return NULL ; + } + + if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , + "xmlSecNssKeyDataStoreX509SetCertDb" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + + xmlSecKeysMngrDestroy( keyMngr ) ; + return NULL ; + } + */ + + /*- + * Set the getKey callback + */ + keyMngr->getKey = xmlSecKeysMngrGetKey ; + + return keyMngr ; +} + +int +xmlSecNssAppliedKeysMngrSymKeyLoad( + xmlSecKeysMngrPtr mngr , + PK11SymKey* symKey +) { + xmlSecKeyPtr key ; + xmlSecKeyDataPtr data ; + xmlSecKeyStorePtr keyStore ; + + xmlSecAssert2( mngr != NULL , -1 ) ; + xmlSecAssert2( symKey != NULL , -1 ) ; + + keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; + if( keyStore == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeysMngrGetKeysStore" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1) ; + } + xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; + + data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ; + if( data == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataKeyAdopt" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1) ; + } + + key = xmlSecKeyCreate() ; + if( key == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataKeyAdopt" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecKeyDataDestroy( data ) ; + return(-1) ; + } + + if( xmlSecKeySetValue( key , data ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataKeyAdopt" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecKeyDataDestroy( data ) ; + return(-1) ; + } + + if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataKeyAdopt" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecKeyDestroy( key ) ; + return(-1) ; + } + + return(0) ; +} + +int +xmlSecNssAppliedKeysMngrPubKeyLoad( + xmlSecKeysMngrPtr mngr , + SECKEYPublicKey* pubKey +) { + xmlSecKeyPtr key ; + xmlSecKeyDataPtr data ; + xmlSecKeyStorePtr keyStore ; + + xmlSecAssert2( mngr != NULL , -1 ) ; + xmlSecAssert2( pubKey != NULL , -1 ) ; + + keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; + if( keyStore == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeysMngrGetKeysStore" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1) ; + } + xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; + + data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ; + if( data == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssPKIAdoptKey" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1) ; + } + + key = xmlSecKeyCreate() ; + if( key == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataKeyAdopt" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecKeyDataDestroy( data ) ; + return(-1) ; + } + + if( xmlSecKeySetValue( key , data ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataKeyAdopt" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecKeyDataDestroy( data ) ; + return(-1) ; + } + + if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataKeyAdopt" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecKeyDestroy( key ) ; + return(-1) ; + } + + return(0) ; +} + +int +xmlSecNssAppliedKeysMngrPriKeyLoad( + xmlSecKeysMngrPtr mngr , + SECKEYPrivateKey* priKey +) { + xmlSecKeyPtr key ; + xmlSecKeyDataPtr data ; + xmlSecKeyStorePtr keyStore ; + + xmlSecAssert2( mngr != NULL , -1 ) ; + xmlSecAssert2( priKey != NULL , -1 ) ; + + keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; + if( keyStore == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecKeysMngrGetKeysStore" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1) ; + } + xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; + + data = xmlSecNssPKIAdoptKey( priKey, NULL ) ; + if( data == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssPKIAdoptKey" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1) ; + } + + key = xmlSecKeyCreate() ; + if( key == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataKeyAdopt" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecKeyDataDestroy( data ) ; + return(-1) ; + } + + if( xmlSecKeySetValue( key , data ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataKeyAdopt" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecKeyDataDestroy( data ) ; + return(-1) ; + } + + if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSymKeyDataKeyAdopt" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecKeyDestroy( key ) ; + return(-1) ; + } + + return(0) ; +} + |