4 * This is free software; see Copyright file in the source
5 * distribution for preciese wording.
7 * Copyrigth (C) 2003 Cordys R&D BV, All rights reserved.
8 * Copyright (C) 2003 Aleksey Sanin <aleksey@aleksey.com>
17 #include <xmlsec/xmlsec.h>
18 #include <xmlsec/keys.h>
19 #include <xmlsec/transforms.h>
20 #include <xmlsec/errors.h>
22 #include <xmlsec/mscrypto/app.h>
23 #include <xmlsec/mscrypto/crypto.h>
24 #include <xmlsec/mscrypto/certkeys.h>
25 #include <xmlsec/mscrypto/keysstore.h>
26 #include <xmlsec/mscrypto/x509.h>
28 #if defined(__MINGW32__)
29 # include "xmlsec-mingw.h"
32 /* I don't see any other way then to use a global var to get the
33 * config info to the mscrypto keysstore :( WK
35 static char *gXmlSecMSCryptoAppCertStoreName = NULL;
38 * xmlSecMSCryptoAppInit:
39 * @config: the name of another then the default ms certificate store.
41 * General crypto engine initialization. This function is used
42 * by XMLSec command line utility and called before
43 * @xmlSecInit function.
45 * Returns: 0 on success or a negative value otherwise.
48 xmlSecMSCryptoAppInit(const char* config) {
49 /* initialize MSCrypto crypto engine */
51 /* config parameter can contain *another* ms certs store name
52 * then the default (MY)
54 if (NULL != config && strlen(config) > 0) {
55 if (gXmlSecMSCryptoAppCertStoreName) {
56 /* This should not happen, initialize twice */
57 xmlSecError(XMLSEC_ERRORS_HERE,
60 XMLSEC_ERRORS_R_CRYPTO_FAILED,
61 "config=%s, config already set",
62 xmlSecErrorsSafeString(config));
65 gXmlSecMSCryptoAppCertStoreName = xmlStrdup(config);
72 * xmlSecMSCryptoAppShutdown:
74 * General crypto engine shutdown. This function is used
75 * by XMLSec command line utility and called after
76 * @xmlSecShutdown function.
78 * Returns: 0 on success or a negative value otherwise.
81 xmlSecMSCryptoAppShutdown(void) {
82 /* shutdown MSCrypto crypto engine */
83 if (NULL != gXmlSecMSCryptoAppCertStoreName) {
84 xmlFree(gXmlSecMSCryptoAppCertStoreName);
85 gXmlSecMSCryptoAppCertStoreName = NULL;
91 * xmlSecMSCryptoAppGetCertStoreName:
93 * Gets the MS Crypto certs store name set by @xmlSecMSCryptoAppInit function.
95 * Returns: the MS Crypto certs name used by xmlsec-mscrypto.
98 xmlSecMSCryptoAppGetCertStoreName(void) {
99 return(gXmlSecMSCryptoAppCertStoreName);
102 /*************************************************************************************
104 *************************************************************************************/
107 * xmlSecMSCryptoAppKeyLoad:
108 * @filename: the key filename.
109 * @format: the key file format.
110 * @pwd: the key file password.
111 * @pwdCallback: the key password callback.
112 * @pwdCallbackCtx: the user context for password callback.
114 * Reads key from the a file.
116 * Returns: pointer to the key or NULL if an error occurs.
119 xmlSecMSCryptoAppKeyLoad(const char *filename, xmlSecKeyDataFormat format,
120 const char *pwd, void* pwdCallback, void* pwdCallbackCtx) {
122 xmlSecKeyPtr key = NULL;
125 xmlSecAssert2(filename != NULL, NULL);
126 xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
129 case xmlSecKeyDataFormatPkcs12:
130 key = xmlSecMSCryptoAppPkcs12Load(filename, pwd, pwdCallback, pwdCallbackCtx);
132 xmlSecError(XMLSEC_ERRORS_HERE,
134 "xmlSecMSCryptoAppPkcs12Load",
135 XMLSEC_ERRORS_R_XMLSEC_FAILED,
136 XMLSEC_ERRORS_NO_MESSAGE);
140 case xmlSecKeyDataFormatCertDer:
141 ret = xmlSecBufferInitialize(&buffer, 0);
143 xmlSecError(XMLSEC_ERRORS_HERE,
145 "xmlSecBufferInitialize",
146 XMLSEC_ERRORS_R_XMLSEC_FAILED,
147 XMLSEC_ERRORS_NO_MESSAGE);
151 ret = xmlSecBufferReadFile(&buffer, filename);
153 xmlSecError(XMLSEC_ERRORS_HERE,
155 "xmlSecBufferReadFile",
156 XMLSEC_ERRORS_R_XMLSEC_FAILED,
158 xmlSecErrorsSafeString(filename));
159 xmlSecBufferFinalize(&buffer);
163 key = xmlSecMSCryptoAppKeyLoadMemory(xmlSecBufferGetData(&buffer),
164 xmlSecBufferGetSize(&buffer), format,
165 pwd, pwdCallback, pwdCallbackCtx);
167 xmlSecError(XMLSEC_ERRORS_HERE,
169 "xmlSecMSCryptoAppKeyLoadMemory",
170 XMLSEC_ERRORS_R_XMLSEC_FAILED,
171 XMLSEC_ERRORS_NO_MESSAGE);
172 xmlSecBufferFinalize(&buffer);
175 xmlSecBufferFinalize(&buffer);
178 /* Any other format like PEM keys is currently not supported */
179 xmlSecError(XMLSEC_ERRORS_HERE,
182 XMLSEC_ERRORS_R_INVALID_FORMAT,
183 "format=%d", format);
191 * xmlSecMSCryptoAppKeyLoadMemory:
192 * @data: the key binary data.
193 * @dataSize: the key data size.
194 * @format: the key format.
195 * @pwd: the key password.
196 * @pwdCallback: the key password callback.
197 * @pwdCallbackCtx: the user context for password callback.
199 * Reads key from the a file.
201 * Returns: pointer to the key or NULL if an error occurs.
204 xmlSecMSCryptoAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize, xmlSecKeyDataFormat format,
205 const char *pwd, void* pwdCallback, void* pwdCallbackCtx) {
206 PCCERT_CONTEXT pCert = NULL;
207 PCCERT_CONTEXT tmpcert = NULL;
208 xmlSecKeyDataPtr x509Data = NULL;
209 xmlSecKeyDataPtr keyData = NULL;
210 xmlSecKeyPtr key = NULL;
211 xmlSecKeyPtr res = NULL;
214 xmlSecAssert2(data != NULL, NULL);
215 xmlSecAssert2(dataSize > 0, NULL);
216 xmlSecAssert2(format == xmlSecKeyDataFormatCertDer, NULL);
218 pCert = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, data, dataSize);
220 xmlSecError(XMLSEC_ERRORS_HERE,
222 "CertCreateCertificateContext",
223 XMLSEC_ERRORS_R_IO_FAILED,
224 XMLSEC_ERRORS_NO_MESSAGE);
228 x509Data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataX509Id);
229 if(x509Data == NULL) {
230 xmlSecError(XMLSEC_ERRORS_HERE,
232 "xmlSecKeyDataCreate",
233 XMLSEC_ERRORS_R_XMLSEC_FAILED,
235 xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecMSCryptoKeyDataX509Id)));
239 tmpcert = CertDuplicateCertificateContext(pCert);
240 if(tmpcert == NULL) {
241 xmlSecError(XMLSEC_ERRORS_HERE,
243 "CertDuplicateCertificateContext",
244 XMLSEC_ERRORS_R_CRYPTO_FAILED,
246 xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
250 ret = xmlSecMSCryptoKeyDataX509AdoptKeyCert(x509Data, tmpcert);
252 xmlSecError(XMLSEC_ERRORS_HERE,
254 "xmlSecMSCryptoKeyDataX509AdoptKeyCert",
255 XMLSEC_ERRORS_R_XMLSEC_FAILED,
257 xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
258 CertFreeCertificateContext(tmpcert);
263 keyData = xmlSecMSCryptoCertAdopt(pCert, xmlSecKeyDataTypePublic);
264 if(keyData == NULL) {
265 xmlSecError(XMLSEC_ERRORS_HERE,
267 "xmlSecMSCryptoCertAdopt",
268 XMLSEC_ERRORS_R_XMLSEC_FAILED,
269 XMLSEC_ERRORS_NO_MESSAGE);
274 key = xmlSecKeyCreate();
276 xmlSecError(XMLSEC_ERRORS_HERE,
279 XMLSEC_ERRORS_R_XMLSEC_FAILED,
280 XMLSEC_ERRORS_NO_MESSAGE);
284 ret = xmlSecKeySetValue(key, keyData);
286 xmlSecError(XMLSEC_ERRORS_HERE,
289 XMLSEC_ERRORS_R_XMLSEC_FAILED,
291 xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
296 ret = xmlSecKeyAdoptData(key, x509Data);
298 xmlSecError(XMLSEC_ERRORS_HERE,
300 "xmlSecKeyAdoptData",
301 XMLSEC_ERRORS_R_XMLSEC_FAILED,
303 xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
313 CertFreeCertificateContext(pCert);
315 if(tmpcert != NULL) {
316 CertFreeCertificateContext(tmpcert);
318 if(x509Data != NULL) {
319 xmlSecKeyDataDestroy(x509Data);
321 if(keyData != NULL) {
322 xmlSecKeyDataDestroy(keyData);
325 xmlSecKeyDestroy(key);
331 /**********************************************************************************
333 **********************************************************************************/
335 #ifndef XMLSEC_NO_X509
338 * xmlSecMSCryptoAppKeyCertLoad:
339 * @key: the pointer to key.
340 * @filename: the certificate filename.
341 * @format: the certificate file format.
343 * Reads the certificate from $@filename and adds it to key.
345 * Returns: 0 on success or a negative value otherwise.
349 xmlSecMSCryptoAppKeyCertLoad(xmlSecKeyPtr key, const char* filename,
350 xmlSecKeyDataFormat format) {
354 xmlSecAssert2(key != NULL, -1);
355 xmlSecAssert2(filename != NULL, -1);
356 xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
358 ret = xmlSecBufferInitialize(&buffer, 0);
360 xmlSecError(XMLSEC_ERRORS_HERE,
362 "xmlSecBufferInitialize",
363 XMLSEC_ERRORS_R_XMLSEC_FAILED,
364 XMLSEC_ERRORS_NO_MESSAGE);
368 ret = xmlSecBufferReadFile(&buffer, filename);
370 xmlSecError(XMLSEC_ERRORS_HERE,
372 "xmlSecBufferReadFile",
373 XMLSEC_ERRORS_R_XMLSEC_FAILED,
375 xmlSecErrorsSafeString(filename));
376 xmlSecBufferFinalize(&buffer);
380 ret = xmlSecMSCryptoAppKeyCertLoadMemory(key, xmlSecBufferGetData(&buffer),
381 xmlSecBufferGetSize(&buffer), format);
383 xmlSecError(XMLSEC_ERRORS_HERE,
385 "xmlSecMSCryptoAppKeyCertLoadMemory",
386 XMLSEC_ERRORS_R_XMLSEC_FAILED,
387 XMLSEC_ERRORS_NO_MESSAGE);
388 xmlSecBufferFinalize(&buffer);
392 xmlSecBufferFinalize(&buffer);
397 * xmlSecMSCryptoAppKeyCertLoadMemory:
398 * @key: the pointer to key.
399 * @data: the binary certificate.
400 * @dataSize: size of certificate binary (data)
401 * @format: the certificate file format.
403 * Reads the certificate from $@data and adds it to key.
405 * Returns: 0 on success or a negative value otherwise.
408 xmlSecMSCryptoAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xmlSecSize dataSize,
409 xmlSecKeyDataFormat format) {
410 PCCERT_CONTEXT pCert;
411 xmlSecKeyDataPtr kdata;
414 xmlSecAssert2(key != NULL, -1);
415 xmlSecAssert2(data != NULL, -1);
416 xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
418 kdata = xmlSecKeyEnsureData(key, xmlSecMSCryptoKeyDataX509Id);
420 xmlSecError(XMLSEC_ERRORS_HERE,
422 "xmlSecKeyEnsureData",
423 XMLSEC_ERRORS_R_XMLSEC_FAILED,
425 xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecMSCryptoKeyDataX509Id)));
429 /* For now only DER certificates are supported */
430 /* adjust cert format */
432 case xmlSecKeyDataFormatDer:
433 case xmlSecKeyDataFormatCertDer:
434 pCert = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, data, dataSize);
436 xmlSecError(XMLSEC_ERRORS_HERE,
438 "CertCreateCertificateContext",
439 XMLSEC_ERRORS_R_XMLSEC_FAILED,
440 "format=%d", format);
444 ret = xmlSecMSCryptoKeyDataX509AdoptCert(kdata, pCert);
446 xmlSecError(XMLSEC_ERRORS_HERE,
448 "xmlSecMSCryptoKeyDataX509AdoptCert",
449 XMLSEC_ERRORS_R_XMLSEC_FAILED,
451 xmlSecErrorsSafeString(xmlSecKeyDataGetName(kdata)));
452 CertFreeCertificateContext(pCert);
457 xmlSecError(XMLSEC_ERRORS_HERE,
460 XMLSEC_ERRORS_R_INVALID_FORMAT,
461 "format=%d", (int)format);
469 * xmlSecMSCryptoAppPkcs12Load:
470 * @filename: the PKCS12 key filename.
471 * @pwd: the PKCS12 file password.
472 * @pwdCallback: the password callback.
473 * @pwdCallbackCtx: the user context for password callback.
475 * Reads key and all associated certificates from the PKCS12 file
477 * Returns: pointer to the key or NULL if an error occurs.
480 xmlSecMSCryptoAppPkcs12Load(const char *filename,
482 void* pwdCallback ATTRIBUTE_UNUSED,
483 void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
488 xmlSecAssert2(filename != NULL, NULL);
489 xmlSecAssert2(pwd != NULL, NULL);
491 ret = xmlSecBufferInitialize(&buffer, 0);
493 xmlSecError(XMLSEC_ERRORS_HERE,
495 "xmlSecBufferInitialize",
496 XMLSEC_ERRORS_R_XMLSEC_FAILED,
497 XMLSEC_ERRORS_NO_MESSAGE);
501 ret = xmlSecBufferReadFile(&buffer, filename);
503 xmlSecError(XMLSEC_ERRORS_HERE,
505 "xmlSecBufferReadFile",
506 XMLSEC_ERRORS_R_XMLSEC_FAILED,
508 xmlSecErrorsSafeString(filename));
509 xmlSecBufferFinalize(&buffer);
512 if(xmlSecBufferGetData(&buffer) == NULL) {
513 xmlSecError(XMLSEC_ERRORS_HERE,
516 XMLSEC_ERRORS_R_INVALID_DATA,
517 XMLSEC_ERRORS_NO_MESSAGE);
518 xmlSecBufferFinalize(&buffer);
522 key = xmlSecMSCryptoAppPkcs12LoadMemory(xmlSecBufferGetData(&buffer),
523 xmlSecBufferGetSize(&buffer), pwd,
524 pwdCallback, pwdCallbackCtx);
526 xmlSecError(XMLSEC_ERRORS_HERE,
528 "xmlSecMSCryptoAppPkcs12LoadMemory",
529 XMLSEC_ERRORS_R_XMLSEC_FAILED,
530 XMLSEC_ERRORS_NO_MESSAGE);
531 xmlSecBufferFinalize(&buffer);
535 xmlSecBufferFinalize(&buffer);
540 * xmlSecMSCryptoAppPkcs12LoadMemory:
541 * @data: the binary PKCS12 key in data.
542 * @dataSize: size of binary pkcs12 data
543 * @pwd: the PKCS12 file password.
544 * @pwdCallback: the password callback.
545 * @pwdCallbackCtx: the user context for password callback.
547 * Reads key and all associated certificates from the PKCS12 binary
549 * Returns: pointer to the key or NULL if an error occurs.
552 xmlSecMSCryptoAppPkcs12LoadMemory(const xmlSecByte* data,
555 void* pwdCallback ATTRIBUTE_UNUSED,
556 void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
559 HCERTSTORE hCertStore = NULL;
560 PCCERT_CONTEXT tmpcert = NULL;
561 PCCERT_CONTEXT pCert = NULL;
563 xmlSecKeyDataPtr x509Data = NULL;
564 xmlSecKeyDataPtr keyData = NULL;
565 xmlSecKeyPtr key = NULL;
567 xmlSecAssert2(data != NULL, NULL);
568 xmlSecAssert2(dataSize > 1, NULL);
569 xmlSecAssert2(pwd != NULL, NULL);
571 memset(&pfx, 0, sizeof(pfx));
572 pfx.pbData = (BYTE *)data;
573 pfx.cbData = dataSize;
575 if(FALSE == PFXIsPFXBlob(&pfx)) {
576 xmlSecError(XMLSEC_ERRORS_HERE,
579 XMLSEC_ERRORS_R_CRYPTO_FAILED,
585 len = MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, pwd, -1, NULL, 0);
587 xmlSecError(XMLSEC_ERRORS_HERE,
589 "MultiByteToWideChar",
590 XMLSEC_ERRORS_R_CRYPTO_FAILED,
591 XMLSEC_ERRORS_NO_MESSAGE);
595 wcPwd = (WCHAR *)xmlMalloc((len + 1) * sizeof(WCHAR));
597 xmlSecError(XMLSEC_ERRORS_HERE,
600 XMLSEC_ERRORS_R_MALLOC_FAILED,
605 ret = MultiByteToWideChar(CP_ACP, MB_PRECOMPOSED, pwd, -1, wcPwd, len);
607 xmlSecError(XMLSEC_ERRORS_HERE,
609 "MultiByteToWideChar",
610 XMLSEC_ERRORS_R_CRYPTO_FAILED,
611 XMLSEC_ERRORS_NO_MESSAGE);
615 if (FALSE == PFXVerifyPassword(&pfx, wcPwd, 0)) {
616 xmlSecError(XMLSEC_ERRORS_HERE,
619 XMLSEC_ERRORS_R_CRYPTO_FAILED,
620 XMLSEC_ERRORS_NO_MESSAGE);
624 hCertStore = PFXImportCertStore(&pfx, wcPwd, CRYPT_EXPORTABLE);
625 if (NULL == hCertStore) {
626 xmlSecError(XMLSEC_ERRORS_HERE,
628 "PFXImportCertStore",
629 XMLSEC_ERRORS_R_CRYPTO_FAILED,
630 XMLSEC_ERRORS_NO_MESSAGE);
634 x509Data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataX509Id);
635 if(x509Data == NULL) {
636 xmlSecError(XMLSEC_ERRORS_HERE,
638 "xmlSecKeyDataCreate",
639 XMLSEC_ERRORS_R_XMLSEC_FAILED,
641 xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecMSCryptoKeyDataX509Id)));
645 while (pCert = CertEnumCertificatesInStore(hCertStore, pCert)) {
647 DWORD dwDataLen = sizeof(DWORD);
649 /* Find the certificate that has the private key */
650 if((TRUE == CertGetCertificateContextProperty(pCert, CERT_KEY_SPEC_PROP_ID, &dwData, &dwDataLen)) && (dwData > 0)) {
651 tmpcert = CertDuplicateCertificateContext(pCert);
652 if(tmpcert == NULL) {
653 xmlSecError(XMLSEC_ERRORS_HERE,
655 "CertDuplicateCertificateContext",
656 XMLSEC_ERRORS_R_CRYPTO_FAILED,
658 xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
662 keyData = xmlSecMSCryptoCertAdopt(tmpcert, xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
663 if(keyData == NULL) {
664 xmlSecError(XMLSEC_ERRORS_HERE,
666 "xmlSecMSCryptoCertAdopt",
667 XMLSEC_ERRORS_R_XMLSEC_FAILED,
668 XMLSEC_ERRORS_NO_MESSAGE);
673 tmpcert = CertDuplicateCertificateContext(pCert);
674 if(tmpcert == NULL) {
675 xmlSecError(XMLSEC_ERRORS_HERE,
677 "CertDuplicateCertificateContext",
678 XMLSEC_ERRORS_R_CRYPTO_FAILED,
680 xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
684 ret = xmlSecMSCryptoKeyDataX509AdoptKeyCert(x509Data, tmpcert);
686 xmlSecError(XMLSEC_ERRORS_HERE,
688 "xmlSecMSCryptoKeyDataX509AdoptKeyCert",
689 XMLSEC_ERRORS_R_XMLSEC_FAILED,
691 xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
697 /* load certificate in the x509 key data */
698 tmpcert = CertDuplicateCertificateContext(pCert);
699 if(tmpcert == NULL) {
700 xmlSecError(XMLSEC_ERRORS_HERE,
702 "CertDuplicateCertificateContext",
703 XMLSEC_ERRORS_R_CRYPTO_FAILED,
705 xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
709 ret = xmlSecMSCryptoKeyDataX509AdoptCert(x509Data, tmpcert);
711 xmlSecError(XMLSEC_ERRORS_HERE,
713 "xmlSecMSCryptoKeyDataX509AdoptCert",
714 XMLSEC_ERRORS_R_XMLSEC_FAILED,
716 xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
722 if (keyData == NULL) {
723 xmlSecError(XMLSEC_ERRORS_HERE,
725 "xmlSecMSCryptoAppPkcs12Load",
726 XMLSEC_ERRORS_R_XMLSEC_FAILED,
727 "private key not found in PKCS12 file");
731 key = xmlSecKeyCreate();
733 xmlSecError(XMLSEC_ERRORS_HERE,
736 XMLSEC_ERRORS_R_XMLSEC_FAILED,
737 XMLSEC_ERRORS_NO_MESSAGE);
741 ret = xmlSecKeySetValue(key, keyData);
743 xmlSecError(XMLSEC_ERRORS_HERE,
746 XMLSEC_ERRORS_R_XMLSEC_FAILED,
748 xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
749 xmlSecKeyDestroy(key);
755 ret = xmlSecKeyAdoptData(key, x509Data);
757 xmlSecError(XMLSEC_ERRORS_HERE,
759 "xmlSecKeyAdoptData",
760 XMLSEC_ERRORS_R_XMLSEC_FAILED,
762 xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
763 xmlSecKeyDestroy(key);
770 if(hCertStore != NULL) {
771 CertCloseStore(hCertStore, 0);
776 if(x509Data != NULL) {
777 xmlSecKeyDataDestroy(x509Data);
779 if(keyData != NULL) {
780 xmlSecKeyDataDestroy(keyData);
782 if(tmpcert != NULL) {
783 CertFreeCertificateContext(tmpcert);
789 * xmlSecMSCryptoAppKeysMngrCertLoad:
790 * @mngr: the keys manager.
791 * @filename: the certificate file.
792 * @format: the certificate file format.
793 * @type: the flag that indicates is the certificate in @filename
796 * Reads cert from @filename and adds to the list of trusted or known
797 * untrusted certs in @store (not implemented yet).
799 * Returns: 0 on success or a negative value otherwise.
802 xmlSecMSCryptoAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename,
803 xmlSecKeyDataFormat format,
804 xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
808 xmlSecAssert2(mngr != NULL, -1);
809 xmlSecAssert2(filename != NULL, -1);
810 xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
812 ret = xmlSecBufferInitialize(&buffer, 0);
814 xmlSecError(XMLSEC_ERRORS_HERE,
816 "xmlSecBufferInitialize",
817 XMLSEC_ERRORS_R_XMLSEC_FAILED,
818 XMLSEC_ERRORS_NO_MESSAGE);
822 ret = xmlSecBufferReadFile(&buffer, filename);
824 xmlSecError(XMLSEC_ERRORS_HERE,
826 "xmlSecBufferReadFile",
827 XMLSEC_ERRORS_R_XMLSEC_FAILED,
829 xmlSecErrorsSafeString(filename));
830 xmlSecBufferFinalize(&buffer);
834 ret = xmlSecMSCryptoAppKeysMngrCertLoadMemory(mngr, xmlSecBufferGetData(&buffer),
835 xmlSecBufferGetSize(&buffer), format, type);
837 xmlSecError(XMLSEC_ERRORS_HERE,
839 "xmlSecMSCryptoAppKeysMngrCertLoadMemory",
840 XMLSEC_ERRORS_R_XMLSEC_FAILED,
842 xmlSecErrorsSafeString(filename));
843 xmlSecBufferFinalize(&buffer);
847 xmlSecBufferFinalize(&buffer);
852 * xmlSecMSCryptoAppKeysMngrCertLoadMemory:
853 * @mngr: the keys manager.
854 * @data: the binary certificate.
855 * @dataSize: size of binary certificate (data)
856 * @format: the certificate file format.
857 * @type: the flag that indicates is the certificate in @filename
860 * Reads cert from @data and adds to the list of trusted or known
861 * untrusted certs in @store.
863 * Returns: 0 on success or a negative value otherwise.
866 xmlSecMSCryptoAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte* data,
867 xmlSecSize dataSize, xmlSecKeyDataFormat format,
868 xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
869 xmlSecKeyDataStorePtr x509Store;
870 PCCERT_CONTEXT pCert = NULL;
873 xmlSecAssert2(mngr != NULL, -1);
874 xmlSecAssert2(data != NULL, -1);
875 xmlSecAssert2(dataSize > 0, -1);
876 xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
878 x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCryptoX509StoreId);
879 if(x509Store == NULL) {
880 xmlSecError(XMLSEC_ERRORS_HERE,
882 "xmlSecKeysMngrGetDataStore",
883 XMLSEC_ERRORS_R_XMLSEC_FAILED,
884 "xmlSecMSCryptoX509StoreId");
889 case xmlSecKeyDataFormatDer:
890 case xmlSecKeyDataFormatCertDer:
891 pCert = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
894 xmlSecError(XMLSEC_ERRORS_HERE,
896 "CertCreateCertificateContext",
897 XMLSEC_ERRORS_R_CRYPTO_FAILED,
898 XMLSEC_ERRORS_NO_MESSAGE);
903 xmlSecError(XMLSEC_ERRORS_HERE,
906 XMLSEC_ERRORS_R_INVALID_FORMAT,
907 "format=%d", format);
911 xmlSecAssert2(pCert != NULL, -1);
912 ret = xmlSecMSCryptoX509StoreAdoptCert(x509Store, pCert, type);
914 xmlSecError(XMLSEC_ERRORS_HERE,
916 "xmlSecMSCryptoX509StoreAdoptCert",
917 XMLSEC_ERRORS_R_XMLSEC_FAILED,
918 XMLSEC_ERRORS_NO_MESSAGE);
919 CertFreeCertificateContext(pCert);
927 * xmlSecMSCryptoAppDefaultKeysMngrAdoptKeyStore:
928 * @mngr: the keys manager.
929 * @keyStore: the pointer to keys store.
931 * Adds @keyStore to the list of key stores in the keys manager @mngr.
933 * Returns: 0 on success or a negative value if an error occurs.
936 xmlSecMSCryptoAppDefaultKeysMngrAdoptKeyStore(xmlSecKeysMngrPtr mngr, HCERTSTORE keyStore)
938 xmlSecKeyDataStorePtr x509Store ;
940 xmlSecAssert2( mngr != NULL, -1 ) ;
941 xmlSecAssert2( keyStore != NULL, -1 ) ;
943 x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId) ;
944 if( x509Store == NULL ) {
945 xmlSecError( XMLSEC_ERRORS_HERE ,
947 "xmlSecKeysMngrGetDataStore" ,
948 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
949 XMLSEC_ERRORS_NO_MESSAGE ) ;
953 if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) {
954 xmlSecError( XMLSEC_ERRORS_HERE ,
955 xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
956 "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
957 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
958 XMLSEC_ERRORS_NO_MESSAGE ) ;
966 * xmlSecMSCryptoAppDefaultKeysMngrAdoptTrustedStore:
967 * @mngr: the keys manager.
968 * @trustedStore: the pointer to certs store.
970 * Adds @trustedStore to the list of trusted cert stores in the keys manager @mngr.
972 * Returns: 0 on success or a negative value if an error occurs.
975 xmlSecMSCryptoAppDefaultKeysMngrAdoptTrustedStore(xmlSecKeysMngrPtr mngr, HCERTSTORE trustedStore)
977 xmlSecKeyDataStorePtr x509Store ;
979 xmlSecAssert2( mngr != NULL, -1 ) ;
980 xmlSecAssert2( trustedStore != NULL, -1 ) ;
982 x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
983 if( x509Store == NULL ) {
984 xmlSecError( XMLSEC_ERRORS_HERE ,
986 "xmlSecKeysMngrGetDataStore" ,
987 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
988 XMLSEC_ERRORS_NO_MESSAGE ) ;
992 if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) {
993 xmlSecError( XMLSEC_ERRORS_HERE ,
994 xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
995 "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
996 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
997 XMLSEC_ERRORS_NO_MESSAGE ) ;
1005 * xmlSecMSCryptoAppDefaultKeysMngrAdoptUntrustedStore:
1006 * @mngr: the keys manager.
1007 * @untrustedStore: the pointer to certs store.
1009 * Adds @trustedStore to the list of un-trusted cert stores in the keys manager @mngr.
1011 * Returns: 0 on success or a negative value if an error occurs.
1014 xmlSecMSCryptoAppDefaultKeysMngrAdoptUntrustedStore(xmlSecKeysMngrPtr mngr, HCERTSTORE untrustedStore)
1016 xmlSecKeyDataStorePtr x509Store ;
1018 xmlSecAssert2( mngr != NULL, -1 ) ;
1019 xmlSecAssert2( untrustedStore != NULL, -1 ) ;
1021 x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId);
1022 if( x509Store == NULL ) {
1023 xmlSecError( XMLSEC_ERRORS_HERE ,
1025 "xmlSecKeysMngrGetDataStore" ,
1026 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1027 XMLSEC_ERRORS_NO_MESSAGE ) ;
1031 if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0) {
1032 xmlSecError( XMLSEC_ERRORS_HERE ,
1033 xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
1034 "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
1035 XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1036 XMLSEC_ERRORS_NO_MESSAGE ) ;
1043 #endif /* XMLSEC_NO_X509 */
1046 * xmlSecMSCryptoAppDefaultKeysMngrInit:
1047 * @mngr: the pointer to keys manager.
1049 * Initializes @mngr with simple keys store #xmlSecSimpleKeysStoreId
1050 * and a default MSCrypto crypto key data stores.
1052 * Returns: 0 on success or a negative value otherwise.
1055 xmlSecMSCryptoAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) {
1058 xmlSecAssert2(mngr != NULL, -1);
1060 /* create MSCrypto keys store if needed */
1061 if(xmlSecKeysMngrGetKeysStore(mngr) == NULL) {
1062 xmlSecKeyStorePtr keysStore;
1064 keysStore = xmlSecKeyStoreCreate(xmlSecMSCryptoKeysStoreId);
1065 if(keysStore == NULL) {
1066 xmlSecError(XMLSEC_ERRORS_HERE,
1068 "xmlSecKeyStoreCreate",
1069 XMLSEC_ERRORS_R_XMLSEC_FAILED,
1070 "xmlSecMSCryptoKeysStoreId");
1074 ret = xmlSecKeysMngrAdoptKeysStore(mngr, keysStore);
1076 xmlSecError(XMLSEC_ERRORS_HERE,
1078 "xmlSecKeysMngrAdoptKeysStore",
1079 XMLSEC_ERRORS_R_XMLSEC_FAILED,
1080 XMLSEC_ERRORS_NO_MESSAGE);
1081 xmlSecKeyStoreDestroy(keysStore);
1086 ret = xmlSecMSCryptoKeysMngrInit(mngr);
1088 xmlSecError(XMLSEC_ERRORS_HERE,
1090 "xmlSecMSCryptoKeysMngrInit",
1091 XMLSEC_ERRORS_R_XMLSEC_FAILED,
1092 XMLSEC_ERRORS_NO_MESSAGE);
1096 mngr->getKey = xmlSecKeysMngrGetKey;
1101 * xmlSecMSCryptoAppDefaultKeysMngrAdoptKey:
1102 * @mngr: the pointer to keys manager.
1103 * @key: the pointer to key.
1105 * Adds @key to the keys manager @mngr created with #xmlSecMSCryptoAppDefaultKeysMngrInit
1108 * Returns: 0 on success or a negative value otherwise.
1111 xmlSecMSCryptoAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr key) {
1112 xmlSecKeyStorePtr store;
1115 xmlSecAssert2(mngr != NULL, -1);
1116 xmlSecAssert2(key != NULL, -1);
1118 store = xmlSecKeysMngrGetKeysStore(mngr);
1120 xmlSecError(XMLSEC_ERRORS_HERE,
1122 "xmlSecKeysMngrGetKeysStore",
1123 XMLSEC_ERRORS_R_XMLSEC_FAILED,
1124 XMLSEC_ERRORS_NO_MESSAGE);
1128 ret = xmlSecMSCryptoKeysStoreAdoptKey(store, key);
1130 xmlSecError(XMLSEC_ERRORS_HERE,
1132 "xmlSecMSCryptoKeysStoreAdoptKey",
1133 XMLSEC_ERRORS_R_XMLSEC_FAILED,
1134 XMLSEC_ERRORS_NO_MESSAGE);
1142 * xmlSecMSCryptoAppDefaultKeysMngrLoad:
1143 * @mngr: the pointer to keys manager.
1146 * Loads XML keys file from @uri to the keys manager @mngr created
1147 * with #xmlSecMSCryptoAppDefaultKeysMngrInit function.
1149 * Returns: 0 on success or a negative value otherwise.
1152 xmlSecMSCryptoAppDefaultKeysMngrLoad(xmlSecKeysMngrPtr mngr, const char* uri) {
1153 xmlSecKeyStorePtr store;
1156 xmlSecAssert2(mngr != NULL, -1);
1157 xmlSecAssert2(uri != NULL, -1);
1159 store = xmlSecKeysMngrGetKeysStore(mngr);
1161 xmlSecError(XMLSEC_ERRORS_HERE,
1163 "xmlSecKeysMngrGetKeysStore",
1164 XMLSEC_ERRORS_R_XMLSEC_FAILED,
1165 XMLSEC_ERRORS_NO_MESSAGE);
1169 ret = xmlSecMSCryptoKeysStoreLoad(store, uri, mngr);
1171 xmlSecError(XMLSEC_ERRORS_HERE,
1173 "xmlSecMSCryptoKeysStoreLoad",
1174 XMLSEC_ERRORS_R_XMLSEC_FAILED,
1175 "uri=%s", xmlSecErrorsSafeString(uri));
1183 * xmlSecMSCryptoAppDefaultKeysMngrSave:
1184 * @mngr: the pointer to keys manager.
1185 * @filename: the destination filename.
1186 * @type: the type of keys to save (public/private/symmetric).
1188 * Saves keys from @mngr to XML keys file.
1190 * Returns: 0 on success or a negative value otherwise.
1193 xmlSecMSCryptoAppDefaultKeysMngrSave(xmlSecKeysMngrPtr mngr, const char* filename, xmlSecKeyDataType type) {
1194 xmlSecKeyStorePtr store;
1197 xmlSecAssert2(mngr != NULL, -1);
1198 xmlSecAssert2(filename != NULL, -1);
1200 store = xmlSecKeysMngrGetKeysStore(mngr);
1202 xmlSecError(XMLSEC_ERRORS_HERE,
1204 "xmlSecKeysMngrGetKeysStore",
1205 XMLSEC_ERRORS_R_XMLSEC_FAILED,
1206 XMLSEC_ERRORS_NO_MESSAGE);
1210 ret = xmlSecMSCryptoKeysStoreSave(store, filename, type);
1212 xmlSecError(XMLSEC_ERRORS_HERE,
1214 "xmlSecMSCryptoKeysStoreSave",
1215 XMLSEC_ERRORS_R_XMLSEC_FAILED,
1216 "filename%s", xmlSecErrorsSafeString(filename));
1224 * xmlSecMSCryptoAppDefaultKeysMngrPrivateKeyLoad:
1225 * @mngr: the pointer to keys manager.
1226 * @hKey: the key handle.
1228 * Adds private key @hKey to the keys manager @mngr.
1230 * Returns: 0 on success or a negative value otherwise.
1233 xmlSecMSCryptoAppDefaultKeysMngrPrivateKeyLoad(xmlSecKeysMngrPtr mngr, HCRYPTKEY hKey) {
1234 xmlSecAssert2(mngr != NULL, -1);
1235 xmlSecAssert2(hKey != 0, -1);
1242 * xmlSecMSCryptoAppDefaultKeysMngrPublicKeyLoad:
1243 * @mngr: the pointer to keys manager.
1244 * @hKey: the key handle.
1246 * Adds public key @hKey to the keys manager @mngr.
1248 * Returns: 0 on success or a negative value otherwise.
1251 xmlSecMSCryptoAppDefaultKeysMngrPublicKeyLoad(xmlSecKeysMngrPtr mngr, HCRYPTKEY hKey) {
1252 xmlSecAssert2(mngr != NULL, -1);
1253 xmlSecAssert2(hKey != 0, -1);
1260 * xmlSecMSCryptoAppDefaultKeysMngrSymKeyLoad:
1261 * @mngr: the pointer to keys manager.
1262 * @hKey: the key handle.
1264 * Adds symmetric key @hKey to the keys manager @mngr.
1266 * Returns: 0 on success or a negative value otherwise.
1269 xmlSecMSCryptoAppDefaultKeysMngrSymKeyLoad(xmlSecKeysMngrPtr mngr, HCRYPTKEY hKey) {
1270 xmlSecAssert2(mngr != NULL, -1);
1271 xmlSecAssert2(hKey != 0, -1);
1278 * xmlSecMSCryptoAppGetDefaultPwdCallback:
1280 * Gets default password callback.
1282 * Returns: default password callback.
1285 xmlSecMSCryptoAppGetDefaultPwdCallback(void) {