[xmlsec] xmlsec-mscrypto: convert cert names to unicode
- From: Aleksey Sanin <aleksey src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [xmlsec] xmlsec-mscrypto: convert cert names to unicode
- Date: Wed, 28 Apr 2010 02:15:19 +0000 (UTC)
commit d36eed69302a1aa6e5364608a81b957d05697718
Author: Aleksey Sanin <aleksey aleksey com>
Date: Tue Apr 27 11:23:34 2010 -0700
xmlsec-mscrypto: convert cert names to unicode
include/xmlsec/mscrypto/crypto.h | 190 +++++++++++++++++++-------------------
src/mscrypto/crypto.c | 117 ++++++++++++++++-------
src/mscrypto/hmac.c | 32 +++---
src/mscrypto/mingw-crypt32.def | 2 +
src/mscrypto/x509.c | 66 ++++++--------
src/mscrypto/x509vfy.c | 100 +++++++++-----------
src/mscrypto/xmlsec-mingw.h | 10 ++
7 files changed, 278 insertions(+), 239 deletions(-)
---
diff --git a/include/xmlsec/mscrypto/crypto.h b/include/xmlsec/mscrypto/crypto.h
index cf6c17b..1f8ea3a 100644
--- a/include/xmlsec/mscrypto/crypto.h
+++ b/include/xmlsec/mscrypto/crypto.h
@@ -47,6 +47,8 @@ XMLSEC_CRYPTO_EXPORT void xmlSecMSCryptoErrorsDefaultCallback(cons
XMLSEC_CRYPTO_EXPORT LPWSTR xmlSecMSCryptoConvertUtf8ToUnicode (const xmlChar* str);
XMLSEC_CRYPTO_EXPORT LPWSTR xmlSecMSCryptoConvertLocaleToUnicode(const char* str);
+XMLSEC_CRYPTO_EXPORT xmlChar* xmlSecMSCryptoConvertUnicodeToUtf8 (LPCWSTR str);
+
/**
* Crypto Providers
@@ -227,22 +229,22 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformRsaOaepGetKlass(vo
*/
#endif /* XMLSEC_NO_RSA */
-/********************************************************************
- *
- * Md5 transforms
- *
- *******************************************************************/
-#ifndef XMLSEC_NO_MD5
-/**
- * xmlSecMSCryptoTransformMd5Id:
- *
- * The MD5 digest transform klass.
- */
-#define xmlSecMSCryptoTransformMd5Id \
- xmlSecMSCryptoTransformMd5GetKlass()
-XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformMd5GetKlass(void);
-#endif /* XMLSEC_NO_MD5 */
-
+/********************************************************************
+ *
+ * Md5 transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_MD5
+/**
+ * xmlSecMSCryptoTransformMd5Id:
+ *
+ * The MD5 digest transform klass.
+ */
+#define xmlSecMSCryptoTransformMd5Id \
+ xmlSecMSCryptoTransformMd5GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformMd5GetKlass(void);
+#endif /* XMLSEC_NO_MD5 */
+
/********************************************************************
*
@@ -404,84 +406,84 @@ XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformDes3CbcGetKlass(vo
#endif /* XMLSEC_NO_DES */
-/********************************************************************
- *
- * HMAC transforms
- *
- *******************************************************************/
-#ifndef XMLSEC_NO_HMAC
-
-XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoHmacGetMinOutputLength(void);
-XMLSEC_CRYPTO_EXPORT void xmlSecMSCryptoHmacSetMinOutputLength(int min_length);
-
-/**
- * xmlSecMSCryptoKeyDataHmacId:
- *
- * The DHMAC key klass.
- */
-#define xmlSecMSCryptoKeyDataHmacId \
- xmlSecMSCryptoKeyDataHmacGetKlass()
-XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecMSCryptoKeyDataHmacGetKlass(void);
-XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoKeyDataHmacSet (xmlSecKeyDataPtr data,
- const xmlSecByte* buf,
- xmlSecSize bufSize);
-
-#ifndef XMLSEC_NO_MD5
-/**
- * xmlSecMSCryptoTransformHmacMd5Id:
- *
- * The HMAC with MD5 signature transform klass.
- */
-#define xmlSecMSCryptoTransformHmacMd5Id \
- xmlSecMSCryptoTransformHmacMd5GetKlass()
-XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformHmacMd5GetKlass(void);
-#endif /* XMLSEC_NO_MD5 */
-
-#ifndef XMLSEC_NO_SHA1
-/**
- * xmlSecMSCryptoTransformHmacSha1Id:
- *
- * The HMAC with SHA1 signature transform klass.
- */
-#define xmlSecMSCryptoTransformHmacSha1Id \
- xmlSecMSCryptoTransformHmacSha1GetKlass()
-XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformHmacSha1GetKlass(void);
-#endif /* XMLSEC_NO_SHA1 */
-
-#ifndef XMLSEC_NO_SHA256
-/**
- * xmlSecMSCryptoTransformHmacSha256Id:
- *
- * The HMAC with SHA256 signature transform klass.
- */
-#define xmlSecMSCryptoTransformHmacSha256Id \
- xmlSecMSCryptoTransformHmacSha256GetKlass()
-XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformHmacSha256GetKlass(void);
-#endif /* XMLSEC_NO_SHA256 */
-
-#ifndef XMLSEC_NO_SHA384
-/**
- * xmlSecMSCryptoTransformHmacSha384Id:
- *
- * The HMAC with SHA384 signature transform klass.
- */
-#define xmlSecMSCryptoTransformHmacSha384Id \
- xmlSecMSCryptoTransformHmacSha384GetKlass()
-XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformHmacSha384GetKlass(void);
-#endif /* XMLSEC_NO_SHA384 */
-
-#ifndef XMLSEC_NO_SHA512
-/**
- * xmlSecMSCryptoTransformHmacSha512Id:
- *
- * The HMAC with SHA512 signature transform klass.
- */
-#define xmlSecMSCryptoTransformHmacSha512Id \
- xmlSecMSCryptoTransformHmacSha512GetKlass()
-XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformHmacSha512GetKlass(void);
-#endif /* XMLSEC_NO_SHA512 */
-
-#endif /* XMLSEC_NO_HMAC */
+/********************************************************************
+ *
+ * HMAC transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_HMAC
+
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoHmacGetMinOutputLength(void);
+XMLSEC_CRYPTO_EXPORT void xmlSecMSCryptoHmacSetMinOutputLength(int min_length);
+
+/**
+ * xmlSecMSCryptoKeyDataHmacId:
+ *
+ * The DHMAC key klass.
+ */
+#define xmlSecMSCryptoKeyDataHmacId \
+ xmlSecMSCryptoKeyDataHmacGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecMSCryptoKeyDataHmacGetKlass(void);
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoKeyDataHmacSet (xmlSecKeyDataPtr data,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize);
+
+#ifndef XMLSEC_NO_MD5
+/**
+ * xmlSecMSCryptoTransformHmacMd5Id:
+ *
+ * The HMAC with MD5 signature transform klass.
+ */
+#define xmlSecMSCryptoTransformHmacMd5Id \
+ xmlSecMSCryptoTransformHmacMd5GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformHmacMd5GetKlass(void);
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecMSCryptoTransformHmacSha1Id:
+ *
+ * The HMAC with SHA1 signature transform klass.
+ */
+#define xmlSecMSCryptoTransformHmacSha1Id \
+ xmlSecMSCryptoTransformHmacSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformHmacSha1GetKlass(void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecMSCryptoTransformHmacSha256Id:
+ *
+ * The HMAC with SHA256 signature transform klass.
+ */
+#define xmlSecMSCryptoTransformHmacSha256Id \
+ xmlSecMSCryptoTransformHmacSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformHmacSha256GetKlass(void);
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/**
+ * xmlSecMSCryptoTransformHmacSha384Id:
+ *
+ * The HMAC with SHA384 signature transform klass.
+ */
+#define xmlSecMSCryptoTransformHmacSha384Id \
+ xmlSecMSCryptoTransformHmacSha384GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformHmacSha384GetKlass(void);
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecMSCryptoTransformHmacSha512Id:
+ *
+ * The HMAC with SHA512 signature transform klass.
+ */
+#define xmlSecMSCryptoTransformHmacSha512Id \
+ xmlSecMSCryptoTransformHmacSha512GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformHmacSha512GetKlass(void);
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_HMAC */
#ifdef __cplusplus
}
diff --git a/src/mscrypto/crypto.c b/src/mscrypto/crypto.c
index 5b44e18..a9b3854 100644
--- a/src/mscrypto/crypto.c
+++ b/src/mscrypto/crypto.c
@@ -72,9 +72,9 @@ xmlSecCryptoGetFunctions_mscrypto(void) {
gXmlSecMSCryptoFunctions->keyDataRsaGetKlass = xmlSecMSCryptoKeyDataRsaGetKlass;
#endif /* XMLSEC_NO_RSA */
-#ifndef XMLSEC_NO_HMAC
- gXmlSecMSCryptoFunctions->keyDataHmacGetKlass = xmlSecMSCryptoKeyDataHmacGetKlass;
-#endif /* XMLSEC_NO_HMAC */
+#ifndef XMLSEC_NO_HMAC
+ gXmlSecMSCryptoFunctions->keyDataHmacGetKlass = xmlSecMSCryptoKeyDataHmacGetKlass;
+#endif /* XMLSEC_NO_HMAC */
#ifndef XMLSEC_NO_DSA
gXmlSecMSCryptoFunctions->keyDataDsaGetKlass = xmlSecMSCryptoKeyDataDsaGetKlass;
@@ -155,35 +155,35 @@ xmlSecCryptoGetFunctions_mscrypto(void) {
gXmlSecMSCryptoFunctions->transformSha512GetKlass = xmlSecMSCryptoTransformSha512GetKlass;
#endif /* XMLSEC_NO_SHA512 */
-
- /******************************* MD5 ********************************/
-#ifndef XMLSEC_NO_MD5
- gXmlSecMSCryptoFunctions->transformMd5GetKlass = xmlSecMSCryptoTransformMd5GetKlass;
-#endif /* XMLSEC_NO_MD5 */
-
- /******************************* HMAC ********************************/
-#ifndef XMLSEC_NO_HMAC
-#ifndef XMLSEC_NO_MD5
- gXmlSecMSCryptoFunctions->transformHmacMd5GetKlass = xmlSecMSCryptoTransformHmacMd5GetKlass;
-#endif /* XMLSEC_NO_MD5 */
-
-#ifndef XMLSEC_NO_SHA1
- gXmlSecMSCryptoFunctions->transformHmacSha1GetKlass = xmlSecMSCryptoTransformHmacSha1GetKlass;
-#endif /* XMLSEC_NO_SHA1 */
-
-#ifndef XMLSEC_NO_SHA256
- gXmlSecMSCryptoFunctions->transformHmacSha256GetKlass = xmlSecMSCryptoTransformHmacSha256GetKlass;
-#endif /* XMLSEC_NO_SHA256 */
-
-#ifndef XMLSEC_NO_SHA384
- gXmlSecMSCryptoFunctions->transformHmacSha384GetKlass = xmlSecMSCryptoTransformHmacSha384GetKlass;
-#endif /* XMLSEC_NO_SHA384 */
-
-#ifndef XMLSEC_NO_SHA512
- gXmlSecMSCryptoFunctions->transformHmacSha512GetKlass = xmlSecMSCryptoTransformHmacSha512GetKlass;
-#endif /* XMLSEC_NO_SHA512 */
-
-#endif /* XMLSEC_NO_HMAC */
+
+ /******************************* MD5 ********************************/
+#ifndef XMLSEC_NO_MD5
+ gXmlSecMSCryptoFunctions->transformMd5GetKlass = xmlSecMSCryptoTransformMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+ /******************************* HMAC ********************************/
+#ifndef XMLSEC_NO_HMAC
+#ifndef XMLSEC_NO_MD5
+ gXmlSecMSCryptoFunctions->transformHmacMd5GetKlass = xmlSecMSCryptoTransformHmacMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecMSCryptoFunctions->transformHmacSha1GetKlass = xmlSecMSCryptoTransformHmacSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecMSCryptoFunctions->transformHmacSha256GetKlass = xmlSecMSCryptoTransformHmacSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecMSCryptoFunctions->transformHmacSha384GetKlass = xmlSecMSCryptoTransformHmacSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecMSCryptoFunctions->transformHmacSha512GetKlass = xmlSecMSCryptoTransformHmacSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_HMAC */
#ifndef XMLSEC_NO_GOST
gXmlSecMSCryptoFunctions->transformGostR3411_94GetKlass = xmlSecMSCryptoTransformGostR3411_94GetKlass;
@@ -426,7 +426,7 @@ xmlSecMSCryptoConvertUtf8ToUnicode(const xmlChar* str) {
if(ret <= 0) {
return(NULL);
}
- len = ret;
+ len = ret + 1;
/* allocate buffer */
res = (LPWSTR)xmlMalloc(sizeof(WCHAR) * len);
@@ -435,15 +435,60 @@ xmlSecMSCryptoConvertUtf8ToUnicode(const xmlChar* str) {
NULL,
NULL,
XMLSEC_ERRORS_R_MALLOC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ "size=%d", sizeof(WCHAR) * len);
return(NULL);
}
/* convert */
ret = MultiByteToWideChar(CP_UTF8, 0, str, -1, res, len);
if(ret <= 0) {
- xmlFree(res);
- return(NULL);
+ xmlFree(res);
+ return(NULL);
+ }
+
+ /* done */
+ return(res);
+}
+
+/**
+ * xmlSecMSCryptoConvertUnicodeToUtf8:
+ * @str: the string to convert.
+ *
+ * Converts input string from Unicode to UTF8.
+ *
+ * Returns: a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs.
+ */
+xmlChar*
+xmlSecMSCryptoConvertUnicodeToUtf8(LPCWSTR str) {
+ xmlChar * res = NULL;
+ int len;
+ int ret;
+
+ xmlSecAssert2(str != NULL, NULL);
+
+ /* call WideCharToMultiByte first to get the buffer size */
+ ret = WideCharToMultiByte(CP_UTF8, 0, str, -1, NULL, 0, NULL, NULL);
+ if(ret <= 0) {
+ return(NULL);
+ }
+ len = ret + 1;
+
+ /* allocate buffer */
+ res = (xmlChar*)xmlMalloc(sizeof(xmlChar) * len);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", sizeof(xmlChar) * len);
+ return(NULL);
+ }
+
+ /* convert */
+ ret = WideCharToMultiByte(CP_UTF8, 0, str, -1, res, len, NULL, NULL);
+ if(ret <= 0) {
+ xmlFree(res);
+ return(NULL);
}
/* done */
diff --git a/src/mscrypto/hmac.c b/src/mscrypto/hmac.c
index edb3e66..f269c9c 100755
--- a/src/mscrypto/hmac.c
+++ b/src/mscrypto/hmac.c
@@ -82,7 +82,7 @@ struct _xmlSecMSCryptoHmacCtx {
HCRYPTHASH mscHash;
unsigned char dgst[XMLSEC_MSCRYPTO_MAX_HMAC_SIZE];
size_t dgstSize; /* dgst size in bytes */
- int ctxInitialized;
+ int ctxInitialized;
};
/**************************************************************************
@@ -425,7 +425,7 @@ xmlSecMSCryptoHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
/* set parameters */
memset(&hmacInfo, 0, sizeof(hmacInfo));
hmacInfo.HashAlgid = ctx->alg_id;
- ret = CryptSetHashParam(ctx->mscHash, HP_HMAC_INFO, (BYTE*)&hmacInfo, 0);
+ ret = CryptSetHashParam(ctx->mscHash, HP_HMAC_INFO, (BYTE*)&hmacInfo, 0);
if(ret == 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
@@ -584,20 +584,20 @@ xmlSecMSCryptoHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor
}
xmlSecAssert2(retLen > 0, -1);
- /* check/set the result digest size */
- if(ctx->dgstSize == 0) {
- ctx->dgstSize = retLen * 8; /* no dgst size specified, use all we have */
- } else if(ctx->dgstSize <= 8 * retLen) {
- retLen = ((ctx->dgstSize + 7) / 8); /* we need to truncate result digest */
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
- NULL,
- XMLSEC_ERRORS_R_INVALID_SIZE,
- "result-bits=%d;required-bits=%d",
- 8 * retLen, ctx->dgstSize);
- return(-1);
- }
+ /* check/set the result digest size */
+ if(ctx->dgstSize == 0) {
+ ctx->dgstSize = retLen * 8; /* no dgst size specified, use all we have */
+ } else if(ctx->dgstSize <= 8 * retLen) {
+ retLen = ((ctx->dgstSize + 7) / 8); /* we need to truncate result digest */
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "result-bits=%d;required-bits=%d",
+ 8 * retLen, ctx->dgstSize);
+ return(-1);
+ }
/* copy result to output */
if(transform->operation == xmlSecTransformOperationSign) {
diff --git a/src/mscrypto/mingw-crypt32.def b/src/mscrypto/mingw-crypt32.def
index 0857d55..e299115 100644
--- a/src/mscrypto/mingw-crypt32.def
+++ b/src/mscrypto/mingw-crypt32.def
@@ -21,9 +21,11 @@ IMPORTS
CertGetNameStringA 24 = crypt32.CertGetNameStringA
CertGetPublicKeyLength 8 = crypt32.CertGetPublicKeyLength
CertNameToStrA 20 = crypt32.CertNameToStrA
+ CertNameToStrW 20 = crypt32.CertNameToStrW
CertOpenStore 20 = crypt32.CertOpenStore
CertOpenSystemStoreA 8 = crypt32.CertOpenSystemStoreA
CertStrToNameA 28 = crypt32.CertStrToNameA
+ CertStrToNameW 28 = crypt32.CertStrToNameW
CertVerifySubjectCertificateContext 12 = crypt32.CertVerifySubjectCertificateContext
CryptAcquireCertificatePrivateKey 24 = crypt32.CryptAcquireCertificatePrivateKey
CryptImportPublicKeyInfo 16 = crypt32.CryptImportPublicKeyInfo
diff --git a/src/mscrypto/x509.c b/src/mscrypto/x509.c
index 3f6d8a5..19adfb7 100644
--- a/src/mscrypto/x509.c
+++ b/src/mscrypto/x509.c
@@ -1881,68 +1881,56 @@ xmlSecMSCryptoX509CrlBase64DerWrite(PCCRL_CONTEXT crl, int base64LineWrap) {
static xmlChar*
xmlSecMSCryptoX509NameWrite(PCERT_NAME_BLOB nm) {
+ LPWSTR resW = NULL;
xmlChar *res = NULL;
- char *str;
DWORD csz;
xmlSecAssert2(nm->pbData != NULL, NULL);
xmlSecAssert2(nm->cbData > 0, NULL);
- csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, NULL, 0);
- str = (char *)xmlMalloc(csz);
- if (NULL == str) {
+ csz = CertNameToStrW(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, NULL, 0);
+ if(csz <= 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertNameToStr",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ resW = (LPWSTR)xmlMalloc(sizeof(WCHAR) * (csz + 1));
+ if (NULL == resW) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"xmlMalloc",
XMLSEC_ERRORS_R_MALLOC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
+ "size=%d", sizeof(WCHAR) * (csz + 1));
return (NULL);
}
- csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, str, csz);
- if (csz < 1) {
+ csz = CertNameToStrW(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, resW, csz + 1);
+ if (csz <= 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"CertNameToStr",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(str);
+ xmlFree(resW);
return(NULL);
}
- /* aleksey: this is a hack, but mscrypto can not read E= flag and wants Email= instead.
- * don't ask me how is it possible not to read something you wrote yourself but also
- * see comment in the xmlSecMSCryptoX509FindCert function.
- */
- if(strncmp(str, "E=", 2) == 0) {
- res = xmlMalloc(strlen(str) + 13 + 1);
- if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlMalloc",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d",
- strlen(str) + 13 + 1);
- xmlFree(str);
- return(NULL);
- }
-
- memcpy(res, "emailAddress=", 13);
- strcpy(res + 13, BAD_CAST (str + 2));
- } else {
- res = xmlStrdup(BAD_CAST str);
- if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlStrdup",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(str);
- return(NULL);
- }
+ res = xmlSecMSCryptoConvertUnicodeToUtf8(resW);
+ if (NULL == res) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoConvertUnicodeToUtf8",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(resW);
+ return(NULL);
}
- xmlFree(str);
+
return(res);
}
diff --git a/src/mscrypto/x509vfy.c b/src/mscrypto/x509vfy.c
index 32eea80..368dc3a 100644
--- a/src/mscrypto/x509vfy.c
+++ b/src/mscrypto/x509vfy.c
@@ -1155,6 +1155,48 @@ xmlSecMSCryptoX509FindCertByIssuer(HCERTSTORE store, const LPWSTR wcIssuer,
return (res);
}
+static LPWSTR
+xmlSecMSCryptoX509GetCertName(const xmlChar * name) {
+ xmlChar *name2 = NULL;
+ xmlChar *p = NULL;
+ LPWSTR res = NULL;
+
+ xmlSecAssert2(name != 0, NULL);
+
+ /* MSCrypto doesn't support "emailAddress" attribute (see NSS as well).
+ * This code is not bullet proof and may produce incorrect results if someone has
+ * "emailAddress=" string in one of the fields, but it is best I can suggest to fix
+ * this problem.
+ */
+ name2 = xmlStrdup(name);
+ if(name2 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "xmlStrlen(name)=%d",
+ xmlStrlen(name));
+ return(NULL);
+ }
+ while( (p = (xmlChar*)xmlStrstr(name2, BAD_CAST "emailAddress=")) != NULL) {
+ memcpy(p, " E=", 13);
+ }
+
+ /* get unicode name */
+ res = xmlSecMSCryptoConvertUtf8ToUnicode(name2);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoConvertUtf8ToUnicode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ /* done */
+ return(res);
+}
+
static PCCERT_CONTEXT
xmlSecMSCryptoX509FindCert(HCERTSTORE store,
const xmlChar *subjectName,
@@ -1170,11 +1212,11 @@ xmlSecMSCryptoX509FindCert(HCERTSTORE store,
LPWSTR wcSubjectName = NULL;
/* get unicode subject name */
- wcSubjectName = xmlSecMSCryptoConvertUtf8ToUnicode(subjectName);
+ wcSubjectName = xmlSecMSCryptoX509GetCertName(subjectName);
if(wcSubjectName == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
- "xmlSecMSCryptoConvertUtf8ToUnicode",
+ "xmlSecMSCryptoX509GetCertName",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"wcSubjectName");
return(NULL);
@@ -1232,11 +1274,11 @@ xmlSecMSCryptoX509FindCert(HCERTSTORE store,
}
/* get issuer name */
- wcIssuerName = xmlSecMSCryptoConvertUtf8ToUnicode(issuerName);
+ wcIssuerName = xmlSecMSCryptoX509GetCertName(issuerName);
if(wcIssuerName == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
- "xmlSecMSCryptoConvertUtf8ToUnicode",
+ "xmlSecMSCryptoX509GetCertName",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"wcIssuerName");
xmlSecBnFinalize(&issuerSerialBn);
@@ -1251,56 +1293,6 @@ xmlSecMSCryptoX509FindCert(HCERTSTORE store,
xmlFree(wcIssuerName);
- /* aleksey: for some unknown to me reasons, mscrypto wants Email
- * instead of emailAddress. This code is not bullet proof and may
- * produce incorrect results if someone has "emailAddress=" string
- * in one of the fields, but it is best I can suggest to fix this problem.
- * Also see xmlSecMSCryptoX509NameWrite function.
- */
- if(pCert == NULL) {
- xmlChar * issuerName2 = NULL;
- LPWSTR wcIssuerName2 = NULL;
- xmlChar * p;
-
- /* replace "emailAddress=" with "Email" */
- issuerName2 = xmlStrdup(issuerName);
- if(issuerName2 == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "xmlStrlen(issuerName)=%d",
- xmlStrlen(issuerName));
- xmlSecBnFinalize(&issuerSerialBn);
- return(NULL);
- }
- while( (p = (xmlChar*)xmlStrstr(issuerName2, BAD_CAST "emailAddress=")) != NULL) {
- memcpy(p, " Email=", 13);
- }
-
- /* get issuer name */
- wcIssuerName2 = xmlSecMSCryptoConvertUtf8ToUnicode(issuerName2);
- if(wcIssuerName2 == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecMSCryptoConvertUtf8ToUnicode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "wcIssuerName2");
- xmlFree(issuerName2);
- xmlSecBnFinalize(&issuerSerialBn);
- return(NULL);
- }
-
- /* search */
- pCert = xmlSecMSCryptoX509FindCertByIssuer(store,
- wcIssuerName2,
- &issuerSerialBn,
- X509_ASN_ENCODING | PKCS_7_ASN_ENCODING);
-
- xmlFree(issuerName2);
- xmlFree(wcIssuerName2);
- }
-
/* cleanup */
xmlSecBnFinalize(&issuerSerialBn);
}
diff --git a/src/mscrypto/xmlsec-mingw.h b/src/mscrypto/xmlsec-mingw.h
index 99f544b..efd7cbf 100644
--- a/src/mscrypto/xmlsec-mingw.h
+++ b/src/mscrypto/xmlsec-mingw.h
@@ -140,6 +140,16 @@ BOOL WINAPI CertStrToNameW(DWORD,LPCWSTR,DWORD,void*,BYTE*,DWORD*,LPC
#else
#define CertStrToName CertStrToNameA
#endif
+
+DWORD WINAPI CertNameToStrA(DWORD,PCERT_NAME_BLOB,DWORD,LPCSTR,DWORD);
+DWORD WINAPI CertNameToStrW(DWORD,PCERT_NAME_BLOB,DWORD,LPCWSTR,DWORD);
+#ifdef UNICODE
+#define CertNameToStr CertNameToStrA
+#else
+#define CertNameToStr CertNameToStrW
+#endif
+
+
BOOL WINAPI CertCompareCertificateName(DWORD,PCERT_NAME_BLOB,PCERT_NAME_BLOB);
BOOL WINAPI CertAddStoreToCollection(HCERTSTORE,HCERTSTORE,DWORD,DWORD);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
