*/
#define XMLSEC_DSIG_FLAGS_USE_VISA3D_HACK 0x00000010
+/** TIZEN CUSTOMIZED
+ * XMLSEC_DSIG_FLAGS_IGNORE_REFERENCES:
+ *
+ * If this flag is set then <dsig:Reference/> nodes will not be processed.
+ */
+#define XMLSEC_DSIG_FLAGS_IGNORE_REFERENCES 0x00000020
+
+/** TIZEN CUSTOMIZED
+ * XMLSEC_DSIG_FLAGS_CHECK_PROXY:
+ *
+ * If this flag is set then xmlSecProxyCtx will be processed.
+ */
+#define XMLSEC_DSIG_FLAGS_CHECK_PROXY 0x00000040
+
+/** TIZEN CUSTOMIZED
+ * XMLSEC_DSIG_FLAGS_SKIP_PROXY:
+ *
+ * If this flag is set then xmlSecProxyCtx will not be processed.
+ */
+#define XMLSEC_DSIG_FLAGS_SKIP_PROXY 0x00000080
+
+/** TIZEN CUSTOMIZED
+ * @cache: the cache include reference uri for supporting partial mode.
+ * cache represented uri will be check on processing references.
+ * @next: the pointer to indicate linked node (xmlSecProxyCtx).
+ */
+struct _xmlSecProxyCtx {
+ xmlChar* cache;
+ struct _xmlSecProxyCtx* next;
+};
+
+typedef struct _xmlSecProxyCtx xmlSecProxyCtx,
+ *xmlSecProxyCtxPtr;
+
/**
* xmlSecDSigCtx:
* @userData: the pointer to user data (xmlsec and xmlsec-crypto libraries
xmlSecTransformId defC14NMethodId;
xmlSecTransformId defDigestMethodId;
+ /* TIZEN CUSTOMIZED: these data user can set before performing the operation */
+ xmlSecProxyCtxPtr skipReferences;
+ xmlSecProxyCtxPtr checkReferences;
+
/* these data are returned */
xmlSecKeyPtr signKey;
xmlSecTransformOperation operation;
XMLSEC_EXPORT void xmlSecDSigCtxDebugXmlDump (xmlSecDSigCtxPtr dsigCtx,
FILE* output);
+/* TIZEN CUSTOMIZED: xmlSecProxyCtx operator */
+XMLSEC_EXPORT int xmlSecProxyCtxAdd (xmlSecProxyCtxPtr* proxyCtxPtrPtr,
+ const xmlChar* uri);
+XMLSEC_EXPORT void xmlSecProxyCtxDestroy (xmlSecProxyCtxPtr proxyCtxPtr);
/**************************************************************************
*
static int xmlSecDSigCtxProcessReferences (xmlSecDSigCtxPtr dsigCtx,
xmlNodePtr firstReferenceNode);
+/* TIZEN CUSTOMIZED */
+static int xmlSecHexToInt (char a);
+static int xmlSecDecodeCmp (const xmlChar* encoded,
+ const xmlChar* plain);
+#define xmlSecTizenError(...) do {\
+ xmlSecError(XMLSEC_ERRORS_HERE,NULL,NULL,\
+ XMLSEC_ERRORS_MAX_NUMBER,\
+ __VA_ARGS__);\
+ } while (0)
+
/* The ID attribute in XMLDSig is 'Id' */
static const xmlChar* xmlSecDSigIds[] = { xmlSecAttrId, NULL };
memset(dsigCtx, 0, sizeof(xmlSecDSigCtx));
}
+/* TIZEN CUSTOMIZED */
+int
+xmlSecProxyCtxAdd(xmlSecProxyCtxPtr* proxyCtxPtrPtr, const xmlChar* uri) {
+ xmlSecProxyCtxPtr pc = (xmlSecProxyCtxPtr)xmlMalloc(sizeof(xmlSecProxyCtx));
+ if(pc == NULL) {
+ xmlSecMallocError(sizeof(xmlSecProxyCtx), NULL);
+ return(-1);
+ }
+
+ pc->cache = xmlStrdup(uri);
+ if(pc->cache == NULL) {
+ xmlSecStrdupError(uri, NULL);
+ xmlFree(pc);
+ return(-1);
+ }
+ pc->next = NULL;
+
+ while(*proxyCtxPtrPtr != NULL)
+ proxyCtxPtrPtr = &((*proxyCtxPtrPtr)->next);
+
+ *proxyCtxPtrPtr = pc;
+ return(0);
+}
+
+void xmlSecProxyCtxDestroy(xmlSecProxyCtxPtr proxyCtxPtr) {
+ while(proxyCtxPtr != NULL) {
+ if(proxyCtxPtr->cache != NULL)
+ xmlFree(proxyCtxPtr->cache);
+
+ xmlSecProxyCtxPtr next = proxyCtxPtr->next;
+ xmlFree(proxyCtxPtr);
+ proxyCtxPtr = next;
+ }
+}
+
/**
* xmlSecDSigCtxEnableReferenceTransform:
* @dsigCtx: the pointer to <dsig:Signature/> processing context.
/* as the result, we should have a key */
xmlSecAssert2(dsigCtx->signKey != NULL, -1);
- /* now actually process references and calculate digests */
- ret = xmlSecDSigCtxProcessReferences(dsigCtx, firstReferenceNode);
- if(ret < 0) {
- xmlSecInternalError("xmlSecDSigCtxProcessReferences", NULL);
- return(-1);
- }
- /* references processing might change the status */
- if(dsigCtx->status != xmlSecDSigStatusUnknown) {
- return(0);
+ /* TIZEN CUSTOMIZED : if no-hash mode, skip processing references */
+ if((dsigCtx->flags & XMLSEC_DSIG_FLAGS_IGNORE_REFERENCES) != 0) {
+ xmlSecTizenError("Skip processing references. no-hash mode.");
+ dsigCtx->status = xmlSecDSigStatusSucceeded;
+ } else {
+ /* now actually process references and calculate digests */
+ ret = xmlSecDSigCtxProcessReferences(dsigCtx, firstReferenceNode);
+ if(ret < 0) {
+ xmlSecInternalError("xmlSecDSigCtxProcessReferences", NULL);
+ return(-1);
+ }
+ /* references processing might change the status */
+ if(dsigCtx->status != xmlSecDSigStatusUnknown) {
+ return(0);
+ }
}
/* if we need to write result to xml node then we need base64 encode result */
return(0);
}
+static int
+xmlSecHexToInt(char a)
+{
+ if (a >= '0' && a <= '9') return(a - '0');
+ if (a >= 'A' && a <= 'F') return(a - 'A' + 10);
+ if (a >= 'a' && a <= 'f') return(a - 'a' + 10);
+
+ return(-1);
+}
+
+static int
+xmlSecDecodeCmp(const xmlChar* encoded, const xmlChar* plain) {
+
+ xmlSecAssert2(encoded != NULL, -1);
+ xmlSecAssert2(plain != NULL, -1);
+
+ while(*plain != '\0') {
+ if(*encoded == '\0')
+ return(-1);
+
+ /* check encoded char is same with plain char */
+ if(*encoded == '%') {
+ if(*(encoded + 1) == '\0' &&*(encoded + 2) == '\0')
+ return(-1);
+
+ if((int)*plain !=
+ xmlSecHexToInt(*(encoded + 1)) * 16 + xmlSecHexToInt(*(encoded + 2)))
+ return(-1);
+
+ encoded += 3;
+ plain++;
+ } else {
+ if(*(encoded++) != *(plain++))
+ return(-1);
+ }
+ }
+ return(0);
+}
static int
xmlSecDSigCtxProcessReferences(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr firstReferenceNode) {
return(-1);
}
+ /* TIZEN CUSTOMIZED : skip uri in proxy caches for proxy mode */
+ if((dsigCtx->flags & XMLSEC_DSIG_FLAGS_SKIP_PROXY) != 0) {
+
+ int isInProxy = 0;
+ if(dsigCtx->skipReferences != NULL) {
+ xmlChar* refUri = xmlGetProp(cur, xmlSecAttrURI);
+ if(refUri == NULL) {
+ xmlSecInvalidNodeAttributeError(cur, NULL, NULL, "empty");
+ return(-1);
+ }
+
+ xmlSecProxyCtxPtr pc = dsigCtx->skipReferences;
+ while(pc != NULL) {
+ if(strncmp((char*)refUri, (char*)pc->cache, xmlStrlen(refUri)) == 0) {
+ isInProxy = 1;
+ xmlSecTizenError("[%s] is already checked by singature-validator.", refUri);
+ break;
+ }
+ pc = pc->next;
+ }
+ xmlFree(refUri);
+ } else {
+ /* if proxy is not exist, process references */
+ xmlSecTizenError("Proxy doesn't exist.");
+ }
+
+ if(isInProxy)
+ continue;
+ }
+
+ /* TIZEN CUSTOMIZED : check uri only in proxy caches for partial mode */
+ if((dsigCtx->flags & XMLSEC_DSIG_FLAGS_CHECK_PROXY) != 0) {
+
+ int isInProxy = 0;
+ if(dsigCtx->checkReferences != NULL) {
+ xmlChar* refUri = xmlGetProp(cur, xmlSecAttrURI);
+ if(refUri == NULL) {
+ xmlSecInvalidNodeAttributeError(cur, NULL, NULL, "empty");
+ return(-1);
+ }
+
+ xmlSecProxyCtxPtr pc = dsigCtx->checkReferences;
+ while(pc != NULL) {
+ if(xmlSecDecodeCmp(refUri, pc->cache) == 0) {
+ isInProxy = 1;
+ xmlSecTizenError("Check [%s] on processing references.", refUri);
+ break;
+ }
+ pc = pc->next;
+ }
+ xmlFree(refUri);
+ } else {
+ /* if proxy is not exist, process references */
+ xmlSecTizenError("Proxy doesn't exist.");
+ }
+
+ /* if not exist on proxy, skip on processing references */
+ if(isInProxy == 0)
+ continue;
+ }
+
/* create reference */
dsigRefCtx = xmlSecDSigReferenceCtxCreate(dsigCtx, xmlSecDSigReferenceOriginSignedInfo);
if(dsigRefCtx == NULL) {
/* finally get transforms results */
ret = xmlSecTransformCtxExecute(transformCtx, node->doc);
if(ret < 0) {
- xmlSecInternalError("xmlSecTransformCtxExecute", NULL);
+ xmlSecInternalError("xmlSecTransformCtxExecute", dsigRefCtx->uri);
return(-1);
}
dsigRefCtx->result = transformCtx->result;
ret = xmlSecTransformVerifyNodeContent(dsigRefCtx->digestMethod,
digestValueNode, transformCtx);
if(ret < 0) {
- xmlSecInternalError("xmlSecTransformVerifyNodeContent", NULL);
+ xmlSecInternalError("xmlSecTransformVerifyNodeContent", dsigRefCtx->uri);
return(-1);
}
projects / platform / upstream / xmlsec1.git / commitdiff