From 1af6414dc1225672179959d379818e68cf2187f0 Mon Sep 17 00:00:00 2001 From: Valery Febvre Date: Mon, 20 Sep 2004 13:33:22 +0000 Subject: Added lasso_get_public_key_from_pem_cert_file() and lasso_get_pem_file_type() functions --- lasso/xml/tools.c | 105 +++++++++++++++++++++++++++++++++++++++++++++++++++--- lasso/xml/tools.h | 50 ++++++++++++++++---------- 2 files changed, 131 insertions(+), 24 deletions(-) (limited to 'lasso/xml') diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c index 20b3f2d6..a2445a25 100644 --- a/lasso/xml/tools.c +++ b/lasso/xml/tools.c @@ -33,7 +33,6 @@ #include #include #include -#include #include @@ -164,6 +163,102 @@ lasso_get_current_time() return ret; } +/** + * lasso_get_pubkey_from_pem_certificate: + * @pem_cert_file: an X509 pem certificate file + * + * Gets the public key in an X509 pem certificate file. + * + * Return value: a public key or NULL if an error occurs. + **/ +xmlSecKeyPtr +lasso_get_public_key_from_pem_cert_file(const gchar *pem_cert_file) +{ + FILE *fd; + X509 *pem_cert; + xmlSecKeyDataPtr data; + xmlSecKeyPtr key = NULL; + + /* load pem certificate from file */ + fd = fopen(pem_cert_file, "r"); + if (fd == NULL) { + message(G_LOG_LEVEL_CRITICAL, "Failed to open %s pem certificate file\n", + pem_cert_file); + return NULL; + } + /* read the pem X509 certificate */ + pem_cert = PEM_read_X509(fd, NULL, NULL, NULL); + fclose(fd); + if (pem_cert == NULL) { + message(G_LOG_LEVEL_CRITICAL, "Failed to read X509 certificate\n"); + return NULL; + } + + /* get public key value in certificate */ + data = xmlSecOpenSSLX509CertGetKey(pem_cert); + if (data != NULL) { + /* create key and set key value */ + key = xmlSecKeyCreate(); + xmlSecKeySetValue(key, data); + } + else { + message(G_LOG_LEVEL_CRITICAL, + "Failed to get the public key in the X509 certificate\n"); + } + X509_free(pem_cert); + + return key; +} + +/** + * lasso_get_pem_file_type: + * @pem_file: a pem file + * + * Gets the type of the pem file. + * + * Return value: the pem file type + **/ +lassoPemFileType +lasso_get_pem_file_type(const gchar *pem_file) +{ + BIO* bio; + EVP_PKEY *pkey; + X509 *cert; + guint type = lassoPemFileTypeUnknown; + + bio = BIO_new_file(pem_file, "rb"); + if (bio == NULL) { + message(G_LOG_LEVEL_CRITICAL, "Failed to open %s pem file\n", + pem_file); + return -1; + } + + pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL); + if (pkey != NULL) { + type = lassoPemFileTypePubKey; + EVP_PKEY_free(pkey); + } + else { + BIO_reset(bio); + pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL); + if (pkey != NULL) { + type = lassoPemFileTypePrivateKey; + EVP_PKEY_free(pkey); + } + else { + BIO_reset(bio); + cert = PEM_read_bio_X509(bio, NULL, NULL, NULL); + if (cert != NULL) { + type = lassoPemFileTypeCert; + X509_free(cert); + } + } + } + BIO_free(bio); + + return type; +} + /** * lasso_query_get_value: * @query: a query (an url-encoded node) @@ -305,8 +400,8 @@ lasso_query_verify_signature(const gchar *query, lassoSignatureMethodRsaSha1, recipient_private_key_file); sigValNode = xmlSecFindNode(xmlDocGetRootElement(doc), - xmlSecNodeSignatureValue, - xmlSecDSigNs); + xmlSecNodeSignatureValue, + xmlSecDSigNs); /* set SignatureValue content */ str_unescaped = lasso_str_unescape(str_split[1]); xmlNodeSetContent(sigValNode, str_unescaped); @@ -336,9 +431,9 @@ lasso_query_verify_signature(const gchar *query, goto done; } - /* Verify signature */ + /* verify signature */ if(xmlSecDSigCtxVerify(dsigCtx, sigNode) < 0) { - message(G_LOG_LEVEL_CRITICAL, "Signature verify failed\n"); + message(G_LOG_LEVEL_CRITICAL, "Failed to verify signature\n"); ret = 0; goto done; } diff --git a/lasso/xml/tools.h b/lasso/xml/tools.h index 4d721108..7a52fe7a 100644 --- a/lasso/xml/tools.h +++ b/lasso/xml/tools.h @@ -33,6 +33,7 @@ extern "C" { #include #include +#include #include #include @@ -42,36 +43,47 @@ typedef enum { lassoSignatureMethodDsaSha1 } lassoSignatureMethod; -LASSO_EXPORT xmlChar* lasso_build_random_sequence (guint8 size); +typedef enum { + lassoPemFileTypeUnknown = 0, + lassoPemFileTypePubKey, + lassoPemFileTypePrivateKey, + lassoPemFileTypeCert +} lassoPemFileType; + +LASSO_EXPORT xmlChar* lasso_build_random_sequence (guint8 size); + +LASSO_EXPORT xmlChar* lasso_build_unique_id (guint8 size); + +LASSO_EXPORT xmlChar* lasso_doc_get_node_content (xmlDocPtr doc, + const xmlChar *name); -LASSO_EXPORT xmlChar* lasso_build_unique_id (guint8 size); +LASSO_EXPORT xmlChar* lasso_g_ptr_array_index (GPtrArray *a, + guint i); -LASSO_EXPORT xmlChar* lasso_doc_get_node_content (xmlDocPtr doc, - const xmlChar *name); +LASSO_EXPORT gchar* lasso_get_current_time (void); -LASSO_EXPORT xmlChar* lasso_g_ptr_array_index (GPtrArray *a, - guint i); +LASSO_EXPORT GPtrArray* lasso_query_get_value (const gchar *query, + const xmlChar *param); -LASSO_EXPORT gchar* lasso_get_current_time (void); +LASSO_EXPORT xmlSecKeyPtr lasso_get_public_key_from_pem_cert_file (const gchar *pem_cert_file); -LASSO_EXPORT GPtrArray* lasso_query_get_value (const gchar *query, - const xmlChar *param); +LASSO_EXPORT lassoPemFileType lasso_get_pem_file_type (const gchar *pem_file); -LASSO_EXPORT GData* lasso_query_to_dict (const gchar *query); +LASSO_EXPORT GData* lasso_query_to_dict (const gchar *query); -LASSO_EXPORT int lasso_query_verify_signature (const gchar *query, - const xmlChar *sender_public_key_file, - const xmlChar *recipient_private_key_file); +LASSO_EXPORT int lasso_query_verify_signature (const gchar *query, + const xmlChar *sender_public_key_file, + const xmlChar *recipient_private_key_file); -LASSO_EXPORT xmlChar* lasso_sha1 (xmlChar *str); +LASSO_EXPORT xmlChar* lasso_sha1 (xmlChar *str); -LASSO_EXPORT xmlChar* lasso_str_escape (xmlChar *str); +LASSO_EXPORT xmlChar* lasso_str_escape (xmlChar *str); -LASSO_EXPORT xmlDocPtr lasso_str_sign (xmlChar *str, - lassoSignatureMethod sign_method, - const char *private_key_file); +LASSO_EXPORT xmlDocPtr lasso_str_sign (xmlChar *str, + lassoSignatureMethod sign_method, + const char *private_key_file); -LASSO_EXPORT xmlChar* lasso_str_unescape (xmlChar *str); +LASSO_EXPORT xmlChar* lasso_str_unescape (xmlChar *str); #ifdef __cplusplus } -- cgit