/* parse the uri */
u = xmlParseURI(uri);
- if (u == NULL) {
+ if (!u) {
syslog(LOG_ERR, "error while parsing URI %s", uri);
goto error2;
}
+ /* check that unexpected parts are not there */
if (u->scheme || u->opaque || u->authority || u->server || u->user || u->query) {
syslog(LOG_ERR, "unexpected uri component in %s", uri);
goto error3;
}
+ /* check path and fragment */
+ if (!u->path && !u->fragment) {
+ syslog(LOG_ERR, "invalid uri %s", uri);
+ goto error3;
+ }
if (u->path && u->fragment) {
syslog(LOG_ERR, "not allowed to sign foreign fragment in %s", uri);
goto error3;
}
if (u->path) {
+ /* check that the path is valid */
fdesc = file_of_name(u->path);
if (fdesc == NULL) {
syslog(LOG_ERR, "reference to unknown file %s", u->path);
return 0;
}
+/* checks the current document */
static int checkdocument()
{
int rc;
return rc;
}
+/* verify the digital signature of the file described by 'fdesc' */
int verify_digsig(struct filedesc *fdesc)
{
int res;
return res;
}
+/* check all the signature files */
int check_all_signatures()
{
int rc, irc;
rc = 0;
for (i = n ; i-- > 0 ; ) {
fdesc = signature_of_index(i);
- assert ((fdesc->flags & flag_signature) != 0);
irc = verify_digsig(fdesc);
if (!irc)
rc = irc;
return rc;
}
+/* create a signature of 'index' (0 for author, other values for distributors)
+using the private 'key' (filename) and the certificates 'certs' (filenames)
+as trusted chain */
int create_digsig(int index, const char *key, const char **certs)
{
struct filedesc *fdesc;
int rc, len;
rc = -1;
+
+ /* create the doc */
doc = xmlsec_create(index, key, certs);
if (doc == NULL)
goto error;
+ /* instanciate the filename */
fdesc = create_signature(index);
if (fdesc == NULL)
goto error2;
+ /* save the doc as file */
len = xmlSaveFormatFileEnc(fdesc->name, doc, NULL, 0);
if (len < 0) {
syslog(LOG_ERR, "xmlSaveFormatFileEnc to %s failed", fdesc->name);
#define CA_ROOT_DIRECTORY "./ca-certificates"
#endif
+/* checks if a file match uri (should not be a distributor signature) */
static int file_match_cb(const char *uri)
{
struct filedesc *fdesc = file_of_name(uri);
return fdesc != NULL && fdesc->type == type_file && (fdesc->flags & flag_distributor_signature) == 0;
}
+/* open the file of uri */
static void *file_open_cb(const char *file)
{
struct filedesc *fdesc;
return f;
}
+/* read the opened file */
static int file_read_cb(void *context, char *buffer, int len)
{
size_t r = fread(buffer, 1, len, (FILE*)context);
return r ? (int)r : feof((FILE*)context) ? 0 : - 1;
}
+/* close the opened file */
static int file_close_cb(void *context)
{
return (int)fclose((FILE*)context);
}
+/* echo an error message */
static void errors_cb(const char *file, int line, const char *func, const char *errorObject, const char *errorSubject, int reason, const char *msg)
{
syslog(LOG_ERR, "xmlSec error %3d: %s (subject=\"%s\", object=\"%s\")", reason, msg, errorSubject ? errorSubject : "?", errorObject ? errorObject : "?");
}
+/* fills database with trusted keys */
static int fill_trusted_keys()
{
int err;
}
+/* initialisation of access to xmlsec */
int xmlsec_init()
{
return initstatus;
}
-
+/* shuting down accesses to xmlsec */
void xmlsec_shutdown()
{
xmlSecKeysMngrDestroy(keymgr);
xmlSecShutdown();
}
+/* verify a signature */
int xmlsec_verify(xmlNodePtr node)
{
int rc;
return rc;
}
+/* templates for properties of signature files */
static const struct { const char *id; const char *xml; } properties[2] = {
{
- .id = "AuthorSignature",
+ .id = "AuthorSignature", /* template of properties for author signature */
.xml =
"<SignatureProperties xmlns:dsp=\"http://www.w3.org/2009/xmldsig-properties\">"
"<SignatureProperty Id=\"profile\" Target=\"#AuthorSignature\">"
"</SignatureProperties>"
},
{
- .id = "DistributorSignature",
+ .id = "DistributorSignature", /* template of properties for distributor signature */
.xml =
"<SignatureProperties xmlns:dsp=\"http://www.w3.org/2009/xmldsig-properties\">"
"<SignatureProperty Id=\"profile\" Target=\"#DistributorSignature\">"
}
};
+/* create a signature of 'index' (0 for author, other values for distributors)
+using the private 'key' (filename) and the certificates 'certs' (filenames)
+as trusted chain */
xmlDocPtr xmlsec_create(int index, const char *key, const char **certs)
{
unsigned int i, fc, mask;
Code Review / src / app-framework-main.git / commitdiff