pax_global_header00006660000000000000000000000064151014773150014516gustar00rootroot0000000000000052 comment=10ff3e4e08e77d634872a43ef3e1040b24f5077c xmlsec-1.3.9/000077500000000000000000000000001510147731500130235ustar00rootroot00000000000000xmlsec-1.3.9/.github/000077500000000000000000000000001510147731500143635ustar00rootroot00000000000000xmlsec-1.3.9/.github/workflows/000077500000000000000000000000001510147731500164205ustar00rootroot00000000000000xmlsec-1.3.9/.github/workflows/codeql.yml000066400000000000000000000110701510147731500204110ustar00rootroot00000000000000# For most projects, this workflow file will not need changing; you simply need # to commit it to your repository. # # You may wish to alter this file to override the set of languages analyzed, # or to provide custom queries or build logic. # # ******** NOTE ******** # We have attempted to detect the languages in your repository. Please check # the `language` matrix defined below to confirm you have the correct set of # supported CodeQL languages. # name: "CodeQL Advanced" on: push: branches: [ "master" ] pull_request: branches: [ "master" ] schedule: - cron: '25 14 * * 2' jobs: analyze: name: Analyze (${{ matrix.language }}) # Runner size impacts CodeQL analysis time. To learn more, please see: # - https://gh.io/recommended-hardware-resources-for-running-codeql # - https://gh.io/supported-runners-and-hardware-resources # - https://gh.io/using-larger-runners (GitHub.com only) # Consider using larger runners or machines with greater resources for possible analysis time improvements. runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} permissions: # required for all workflows security-events: write # required to fetch internal or private CodeQL packs packages: read # only required for workflows in private repositories actions: read contents: read strategy: fail-fast: false matrix: include: - language: c-cpp build-mode: manual - language: javascript-typescript build-mode: none # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' # Use `c-cpp` to analyze code written in C, C++ or both # Use 'java-kotlin' to analyze code written in Java, Kotlin or both # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages steps: - name: install dependencies run: | sudo apt update sudo apt install automake autoconf libtool libtool-bin libltdl-dev libltdl7 sudo apt install libxml2 libxml2-dev libxslt1.1 libxslt1-dev sudo apt install libssl3 libssl-dev libnspr4 libnspr4-dev libnss3 libnss3-dev libnss3-tools libgcrypt20 libgcrypt20-dev libgnutls28-dev - name: Checkout repository uses: actions/checkout@v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} # If you wish to specify custom queries, you can do so here or in a config file. # By default, queries listed here will override any specified in a config file. # Prefix the list here with "+" to use these queries and those in the config file. # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs # queries: security-extended,security-and-quality # If the analyze step fails for one of the languages you are analyzing with # "We were unable to automatically build your code", modify the matrix above # to set the build mode to "manual" for that language. Then modify this step # to build your code. # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - if: matrix.build-mode == 'manual' shell: bash run: | mkdir install.dir ./autogen.sh --prefix=${GITHUB_WORKSPACE}/install.dir --enable-werror --enable-pedantic --enable-legacy-features --enable-ftp --enable-http make - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 with: category: "/language:${{matrix.language}}" xmlsec-1.3.9/.github/workflows/make-check.yml000077500000000000000000000263171510147731500211470ustar00rootroot00000000000000name: Make Check on: push: branches: - master - xmlsec-1_2_x pull_request: branches: - master - xmlsec-1_2_x jobs: # linux: check against latest versions of everything check-ubuntu: runs-on: ubuntu-latest strategy: fail-fast: false matrix: include: # default build - config_flags: # default build with all legacy features - config_flags: --enable-legacy-features --enable-ftp --enable-http # static openssl build - config_flags: --enable-static --enable-static-linking --disable-openssl3-engines --without-nss --without-gnutls --without-gcrypt --enable-legacy-features # static gnutls build with GOST - config_flags: --enable-static --enable-static-linking --without-openssl --without-nss --without-gcrypt --enable-gost --enable-gost2012 --enable-legacy-features steps: - name: install dependencies run: | sudo apt update sudo apt install automake autoconf libtool libtool-bin libltdl-dev libltdl7 sudo apt install libxml2 libxml2-dev libxslt1.1 libxslt1-dev sudo apt install libssl3 libssl-dev libnspr4 libnspr4-dev libnss3 libnss3-dev libnss3-tools libgcrypt20 libgcrypt20-dev libgnutls28-dev - uses: actions/checkout@v2 - name: create-build-dirs run: | mkdir build.dir install.dir - name: configure working-directory: build.dir run: | ../autogen.sh --prefix=${GITHUB_WORKSPACE}/install.dir --enable-werror --enable-pedantic ${{ matrix.config_flags }} - name: make working-directory: build.dir run: | make - name: make check working-directory: build.dir run: | make check - name: make install working-directory: build.dir run: | make install # linux: check AWS-LC check-ubuntu_aws_lc: runs-on: ubuntu-latest strategy: fail-fast: false matrix: include: # default static build - config_flags: --enable-static --enable-static-linking env: AWS_LC_VERSION: "1.63.0" steps: - name: install dependencies run: | sudo apt update sudo apt install cmake ninja-build clang perl golang wget sudo apt install automake autoconf libtool libtool-bin libltdl-dev libltdl7 sudo apt install libxml2 libxml2-dev libxslt1.1 libxslt1-dev - name: build aws lc working-directory: run: | mkdir ../aws-lc && cd ../aws-lc wget "https://github.com/aws/aws-lc/archive/refs/tags/v${{ env.AWS_LC_VERSION }}.zip" unzip "v${{ env.AWS_LC_VERSION }}.zip" mkdir build && cd build cmake -GNinja -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_INSTALL_PREFIX=${GITHUB_WORKSPACE}/../aws-lc/install ../aws-lc-${{ env.AWS_LC_VERSION }} ninja install - uses: actions/checkout@v2 - name: create-build-dirs run: | mkdir build.dir install.dir - name: configure working-directory: build.dir run: | ../autogen.sh --prefix=${GITHUB_WORKSPACE}/install.dir ${{ matrix.config_flags }} \ --enable-werror --enable-pedantic \ --with-openssl=${GITHUB_WORKSPACE}/../aws-lc/install \ --without-gnutls --without-nss --without-gcrypt - name: make working-directory: build.dir run: | make - name: make check working-directory: build.dir run: | make check - name: make install working-directory: build.dir run: | make install # macosx check-osx: runs-on: macos-latest strategy: fail-fast: false matrix: include: # default build - config_flags: # default build with all legacy features -- not possible because MacOSX disables RIPEMD160 in OpenSSL # - config_flags: --enable-legacy-features --enable-ftp --enable-http steps: - name: Set up Homebrew id: set-up-homebrew uses: Homebrew/actions/setup-homebrew@master - name: install dependencies run: | HOMEBREW_NO_AUTO_UPDATE=1 HOMEBREW_NO_INSTALLED_DEPENDENTS_CHECK=1 brew install autoconf HOMEBREW_NO_AUTO_UPDATE=1 HOMEBREW_NO_INSTALLED_DEPENDENTS_CHECK=1 brew install automake HOMEBREW_NO_AUTO_UPDATE=1 HOMEBREW_NO_INSTALLED_DEPENDENTS_CHECK=1 brew install pkg-config libtool HOMEBREW_NO_AUTO_UPDATE=1 HOMEBREW_NO_INSTALLED_DEPENDENTS_CHECK=1 brew install libxml2 libxslt HOMEBREW_NO_AUTO_UPDATE=1 HOMEBREW_NO_INSTALLED_DEPENDENTS_CHECK=1 brew install openssl nspr nss gnutls libgcrypt - uses: actions/checkout@v2 - name: create-build-dirs run: | mkdir build.dir install.dir - name: configure working-directory: build.dir # NSS build is disabled because of header errors, try to re-enable in 2026 to see if it is fixed # --with-nspr=`brew --prefix nspr` \ # --with-nss=`brew --prefix nss` \ run: | ../autogen.sh --prefix=${GITHUB_WORKSPACE}/install.dir --enable-werror --enable-pedantic \ --with-openssl=`brew --prefix openssl` \ --without-nss \ --with-gnutls=`brew --prefix gnutls` \ --with-gcrypt=`brew --prefix libgcrypt` \ ${{ matrix.config_flags }} - name: make working-directory: build.dir run: | make - name: make check working-directory: build.dir run: | export PATH=`brew --prefix openssl`/bin:$PATH export LD_LIBRARY_PATH=`brew --prefix openssl`/lib:$LD_LIBRARY_PATH export LD_LIBRARY_PATH=`brew --prefix nspr`/lib:$LD_LIBRARY_PATH export LD_LIBRARY_PATH=`brew --prefix nss`/lib:$LD_LIBRARY_PATH export LD_LIBRARY_PATH=`brew --prefix libgcrypt`/lib:$LD_LIBRARY_PATH export LD_LIBRARY_PATH=`brew --prefix gnutls`/lib:$LD_LIBRARY_PATH make check - name: make install working-directory: build.dir run: | make install # mingw check-mingw: runs-on: windows-latest strategy: fail-fast: false matrix: include: # default build - msystem: MINGW64 arch: x86_64 config_flags: --without-openssl --without-nss --without-gnutls --without-gcrypt # no unicode static build for mscng - msystem: MINGW64 arch: x86_64 config_flags: --enable-static --enable-static-linking --enable-unicode=no --without-openssl --without-nss --without-gnutls --without-gcrypt --disable-mscrypto defaults: run: shell: msys2 {0} steps: - uses: msys2/setup-msys2@v2 with: msystem: ${{ matrix.msystem }} release: false update: false install: >- autoconf automake base-devel git libtool mingw-w64-${{ matrix.arch }}-toolchain mingw-w64-${{ matrix.arch }}-libxml2 mingw-w64-${{ matrix.arch }}-libxslt mingw-w64-${{ matrix.arch }}-libltdl mingw-w64-${{ matrix.arch }}-openssl mingw-w64-${{ matrix.arch }}-libgcrypt mingw-w64-${{ matrix.arch }}-gnutls - name: configure-git run: | git config --global core.autocrlf input shell: bash - uses: actions/checkout@v2 - name: create-dirs run: | mkdir build.dir install.dir shell: bash - name: configure working-directory: build.dir run: | ../autogen.sh --prefix=`cygpath -u "${GITHUB_WORKSPACE}/install.dir"` --enable-werror --enable-pedantic \ --enable-mscrypto --enable-mscng ${{ matrix.config_flags }} \ --build="${{ matrix.arch }}-w64-mingw32" \ --host="${{ matrix.arch }}-w64-mingw32" - name: make working-directory: build.dir run: | make - name: make check working-directory: build.dir run: | make check - name: make install working-directory: build.dir run: | make install # msvc check-msvc: runs-on: windows-latest strategy: fail-fast: false matrix: include: # mscng: default build - crypto: mscng config_flags: unicode=yes # mscng: no unicode, legacy crypto - crypto: mscng config_flags: unicode=no legacy-features=yes # mscrypto: default build - crypto: mscrypto config_flags: # mscrypto: no unicode, legacy crypto - crypto: mscrypto config_flags: unicode=no legacy-features=yes # mscng: default build - crypto: openssl-300 config_flags: # mscng: no unicode, legacy crypto - crypto: openssl-300 config_flags: unicode=no env: VISUAL_STUDIO_ROOT: "C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise" INSTALL_FOLDER: c:\install.dir LIBS_VERSION: 1.3.8 steps: - name: create-dirs run: | mkdir ${{ env.INSTALL_FOLDER }} - name: install dependencies shell: pwsh working-directory: ${{ env.INSTALL_FOLDER }} env: LIBS_URL: "https://github.com/lsh123/xmlsec/releases/download/${{ env.LIBS_VERSION }}/xmlsec1-${{ env.LIBS_VERSION }}-win64.zip" LIBS_FILE: "xmlsec1-${{ env.LIBS_VERSION }}-win64.zip" run: | Invoke-WebRequest ${{ env.LIBS_URL }} -OutFile ${{ env.LIBS_FILE }} Expand-Archive -Path ${{ env.LIBS_FILE }} -DestinationPath "." - name: configure-git shell: bash run: | git config --global core.autocrlf input - uses: actions/checkout@v2 - name: configure working-directory: win32 shell: cmd run: | call "${{ env.VISUAL_STUDIO_ROOT }}\VC\Auxiliary\Build\vcvars64.bat" cscript configure.js pedantic=yes werror=yes static=no ^ crypto=${{ matrix.crypto }} ${{ matrix.config_flags }} ^ prefix=${{ env.INSTALL_FOLDER }}\xmlsec.build ^ include=${{ env.INSTALL_FOLDER }}\libxml2\include;${{ env.INSTALL_FOLDER }}\libxml2\include\libxml2;${{ env.INSTALL_FOLDER }}\libxslt\include;${{ env.INSTALL_FOLDER }}\openssl\include;%MSSDK_INCLUDE% ^ lib=${{ env.INSTALL_FOLDER }}\libxml2\lib;${{ env.INSTALL_FOLDER }}\libxslt\lib;${{ env.INSTALL_FOLDER }}\openssl\lib;%MSSDK_LIB% - name: make working-directory: win32 shell: cmd run: | call "${{ env.VISUAL_STUDIO_ROOT }}\VC\Auxiliary\Build\vcvars64.bat" set PATH=${{ env.INSTALL_FOLDER }}\libxml2\bin;${{ env.INSTALL_FOLDER }}\libxslt\bin;${{ env.INSTALL_FOLDER }}\openssl\bin;%PATH% nmake - name: make check working-directory: win32 shell: cmd run: | call "${{ env.VISUAL_STUDIO_ROOT }}\VC\Auxiliary\Build\vcvars64.bat" set PATH=${{ env.INSTALL_FOLDER }}\libxml2\bin;${{ env.INSTALL_FOLDER }}\libxslt\bin;${{ env.INSTALL_FOLDER }}\openssl\bin;%PATH% set OPENSSL_MODULES=${{ env.INSTALL_FOLDER }}\lib\ossl-modules nmake check - name: make install working-directory: win32 shell: cmd run: | call "${{ env.VISUAL_STUDIO_ROOT }}\VC\Auxiliary\Build\vcvars64.bat" nmake install xmlsec-1.3.9/.gitignore000066400000000000000000000020501510147731500150100ustar00rootroot00000000000000*~ *.orig .deps/ .libs/ .cproject .project compile clean depcomp install-sh missing *.o *.lo *.la .settings/ m4/ apps/xmlsec1 autom4te.cache/ config.guess config.sub aclocal.m4 config.h config.log config.status configure ltmain.sh stamp-h1 xmlsec1-config xmlsec1-gcrypt.pc xmlsec1-gnutls.pc xmlsec1-nss.pc xmlsec1-openssl.pc xmlsec1.pc xmlsec1.spec xmlsec1Conf.sh Makefile.in Makefile apps/Makefile docs/Makefile docs/api/Makefile include/Makefile include/xmlsec/Makefile include/xmlsec/gcrypt/Makefile include/xmlsec/gnutls/Makefile include/xmlsec/nss/Makefile include/xmlsec/openssl/Makefile include/xmlsec/private/Makefile include/xmlsec/version.h libtool man/Makefile src/Makefile src/gcrypt/Makefile src/gnutls/Makefile src/nss/Makefile src/openssl/Makefile win32/apps_a.int/ win32/binaries/ win32/configure.txt win32/libxmlsec.int/ win32/libxmlsec_a.int/ win32/libxmlsec_mscrypto.int/ win32/libxmlsec_mscrypto_a.int/ win32/tmp docs/api/code docs/api/sgml.tmp docs/api/xmlsec-*.txt docs/api/*.bak docs/api/*.types docs/api/sgml.stamp docs/html.stamp .vscode/ xmlsec-1.3.9/AUTHORS000066400000000000000000000006531510147731500140770ustar00rootroot00000000000000Aleksey Sanin Windows port: Igor Zlatkovic Debian port: John Belmonte xmlsec-nss: Tej Arora , AOL Inc. xmlsec-mscrypto: Wouter Ketting , Cordys R&D BV xmlsec-mscng: Miklos Vajna GOST support: Dmitry Belyavsky , Cryptocom LTD (http://www.cryptocom.ru) xmlsec-1.3.9/COPYING000066400000000000000000000000671510147731500140610ustar00rootroot00000000000000See Copyright file for information about the copyright xmlsec-1.3.9/ChangeLog000066400000000000000000000003061510147731500145740ustar00rootroot00000000000000The changelog file is obsolete, please view the commits log on github: https://github.com/lsh123/xmlsec/commits/master Or News section on XMLSec website: https://www.aleksey.com/xmlsec/news.html xmlsec-1.3.9/Copyright000066400000000000000000000150261510147731500147220ustar00rootroot00000000000000xmlsec, xmlsec-openssl, xmlsec-gnutls, xmlsec-gcrypt libraries ------------------------------------------------------------------------------ Copyright (C) 2002-2024 Aleksey Sanin . All Rights Reserved. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is fur- nished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FIT- NESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ALEKSEY SANIN BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CON- NECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name of Aleksey Sanin shall not be used in advertising or otherwise to promote the sale, use or other deal- ings in this Software without prior written authorization from him. xmlsec-nss library ------------------------------------------------------------------------------ Copyright (C) 2002-2024 Aleksey Sanin . All Rights Reserved. Copyright (c) 2003 America Online, Inc. All rights reserved. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is fur- nished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. Portions of the Software were created using source code and/or APIs governed by the Mozilla Public License (MPL). The MPL is available at http://www.mozilla.org/MPL/MPL-1.1.html. The MPL permits such portions to be distributed with code not governed by MPL, as long as the requirements of MPL are fulfilled for such portions. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FIT- NESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ALEKSEY SANIN BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CON- NECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name of Aleksey Sanin shall not be used in advertising or otherwise to promote the sale, use or other deal- ings in this Software without prior written authorization from him. xmlsec-mscrypto library ------------------------------------------------------------------------------ Copyright (C) 2002-2024 Aleksey Sanin . All Rights Reserved. Copyright (C) 2003 Cordys R&D BV, All rights reserved. Copyright (C) 2007 Roumen Petrov. Copyright (c) 2005-2006 Cryptocom LTD (http://www.cryptocom.ru). Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is fur- nished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FIT- NESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ALEKSEY SANIN BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CON- NECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name of Aleksey Sanin shall not be used in advertising or otherwise to promote the sale, use or other deal- ings in this Software without prior written authorization from him. xmlsec-mscng library ------------------------------------------------------------------------------ Copyright (C) 2018-2024 Aleksey Sanin. All Rights Reserved. Copyright (C) 2018 Miklos Vajna. All Rights Reserved. Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is fur- nished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FIT- NESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ALEKSEY SANIN BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CON- NECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name of Aleksey Sanin shall not be used in advertising or otherwise to promote the sale, use or other deal- ings in this Software without prior written authorization from him. References ------------------------------------------------------------------------------ * AOL http://www.aleksey.com/pipermail/xmlsec/2003/005488.html http://www.aleksey.com/pipermail/xmlsec/attachments/20030729/0e25648e/attachment.htm * Cordys R&D BV http://www.aleksey.com/pipermail/xmlsec/2003/005581.html * Cryptocom LTD http://www.aleksey.com/pipermail/xmlsec/2006/007410.html xmlsec-1.3.9/HACKING000066400000000000000000000001731510147731500140130ustar00rootroot00000000000000If you are interesting in contributing to XMLSec, then consider sending a PR on github: https://github.com/lsh123/xmlsec xmlsec-1.3.9/INSTALL000066400000000000000000000000171510147731500140520ustar00rootroot00000000000000See README.md xmlsec-1.3.9/MAINTAINERS000066400000000000000000000003031510147731500145140ustar00rootroot00000000000000Aleksey Sanin Source code: https://github.com/lsh123/xmlsec/ Bugs: https://github.com/lsh123/xmlsec/issues Announcements, etc: https://github.com/lsh123/xmlsec/discussions xmlsec-1.3.9/Makefile.am000066400000000000000000000121701510147731500150600ustar00rootroot00000000000000NULL = SAFE_VERSION = @XMLSEC_VERSION_SAFE@ SUBDIRS = include src if XMLSEC_APPS SUBDIRS += apps endif if XMLSEC_MANS SUBDIRS += man endif if XMLSEC_DOCS SUBDIRS += docs endif TEST_APP = apps/xmlsec1$(EXEEXT) UNIT_TEST_APP = apps/xmlsec_unit_tests$(EXEEXT) DEFAULT_CRYPTO = @XMLSEC_DEFAULT_CRYPTO@ bin_SCRIPTS = xmlsec1-config pkgconfig_DATA = xmlsec1.pc @XMLSEC_CRYPTO_PC_FILES_LIST@ pkgconfigdir = $(libdir)/pkgconfig confexecdir = $(libdir) confexec_DATA = xmlsec1Conf.sh m4datadir = $(datadir)/aclocal m4data_DATA = xmlsec1.m4 ACLOCAL_AMFLAGS = -I m4 DISTCLEANFILES = \ xmlsec1Conf.sh \ xmlsec1.pc \ xmlsec1-openssl.pc \ xmlsec1-nss.pc \ xmlsec1-gnutls.pc \ xmlsec1-gcrypt.pc \ xmlsec1-config \ xmlsec1.spec \ stamp-h2 \ stamp-h3 \ stamp-h4 \ stamp-h5 \ $NULL EXTRA_DIST = \ m4 \ examples \ scripts \ tests \ win32 \ NEWS \ ChangeLog \ Copyright \ HACKING \ README.md \ xmlsec-openssl.pc.in \ xmlsec-nss.pc.in\ xmlsec-gnutls.pc.in \ xmlsec-gcrypt.pc.in \ xmlsec-config.in \ xmlsecConf.sh.in \ xmlsec.spec.in \ xmlsec1Conf.sh \ xmlsec1.pc @XMLSEC_CRYPTO_PC_FILES_LIST@ \ xmlsec1-config \ xmlsec1.spec \ xmlsec1.m4 \ $(NULL) EXTRA_CLEAN = \ examples \ $(NULL) ABS_SRCDIR=@abs_srcdir@ ABS_BUILDDIR=@abs_builddir@ XMLSEC_OPENSSL_TEST_CONFIG=@OPENSSL_TEST_CONFIG@ XMLSEC_OPENSSL_VERSION=@OPENSSL_VERSION@ if XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING PRECHECK_COMMANDS = \ export XMLSEC_OPENSSL_TEST_CONFIG="$(XMLSEC_OPENSSL_TEST_CONFIG)" && \ export XMLSEC_OPENSSL_VERSION="$(XMLSEC_OPENSSL_VERSION)" && \ cd $(ABS_SRCDIR) \ $(NULL) else PRECHECK_COMMANDS= \ export XMLSEC_OPENSSL_TEST_CONFIG="$(XMLSEC_OPENSSL_TEST_CONFIG)" && \ export XMLSEC_OPENSSL_VERSION="$(XMLSEC_OPENSSL_VERSION)" && \ export LD_LIBRARY_PATH="$(ABS_BUILDDIR)/src/.libs:$$LD_LIBRARY_PATH" && \ for i in $(XMLSEC_CHECK_CRYPTO_LIST) ; do \ export LTDL_LIBRARY_PATH="$(ABS_BUILDDIR)/src/$$i/.libs:$$LTDL_LIBRARY_PATH" ; \ done && \ cd $(ABS_SRCDIR) \ $(NULL) endif CHECK_CRYPTO_LIST = \ $(XMLSEC_CHECK_CRYPTO_LIST) \ $(NULL) docs: docs-man @(cd docs && $(MAKE) docs) docs-clean: @(cd docs && $(MAKE) clean) docs-man: @(cd man && $(MAKE) docs) check: check-all check-info check-unit-tests: $(UNIT_TEST_APP) @($(PRECHECK_COMMANDS) && $(ABS_BUILDDIR)/$(UNIT_TEST_APP)) check-all: $(TEST_APP) check-unit-tests for crypto in $(CHECK_CRYPTO_LIST) ; do \ make check-crypto-$$crypto || exit 1 ; \ done check-crypto-%: $(TEST_APP) @($(PRECHECK_COMMANDS) && \ echo "=================== Checking xmlsec-$* =================================" && \ $(SHELL) ./tests/testrun.sh \ $(ABS_SRCDIR)/tests/testKeys.sh \ $* \ $(ABS_SRCDIR)/tests \ $(ABS_BUILDDIR)/$(TEST_APP) der \ && \ $(SHELL) ./tests/testrun.sh \ $(ABS_SRCDIR)/tests/testDSig.sh \ $* \ $(ABS_SRCDIR)/tests \ $(ABS_BUILDDIR)/$(TEST_APP) \ der \ && \ $(SHELL) ./tests/testrun.sh \ $(ABS_SRCDIR)/tests/testEnc.sh \ $* \ $(ABS_SRCDIR)/tests \ $(ABS_BUILDDIR)/$(TEST_APP) \ der \ ; \ ) check-info: @echo "---------------------------- ATTENTION -----------------------------------" @echo "--- Some of the tests use resources located on external HTTP servers. ---" @echo "--- If you have no Internet connection or the external resource is not ---" @echo "--- responding then the test will fail. ---" @echo "---------------------------- ATTENTION -----------------------------------" check-keys: $(TEST_APP) @($(PRECHECK_COMMANDS) && \ $(SHELL) ./tests/testrun.sh \ $(ABS_SRCDIR)/tests/testKeys.sh \ $(DEFAULT_CRYPTO) \ $(ABS_SRCDIR)/tests \ $(ABS_BUILDDIR)/$(TEST_APP) \ der \ ) check-dsig: $(TEST_APP) @($(PRECHECK_COMMANDS) && \ $(SHELL) ./tests/testrun.sh \ $(ABS_SRCDIR)/tests/testDSig.sh \ $(DEFAULT_CRYPTO) \ $(ABS_SRCDIR)/tests \ $(ABS_BUILDDIR)/$(TEST_APP) \ der \ ) check-enc: $(TEST_APP) @($(PRECHECK_COMMANDS) && \ $(SHELL) ./tests/testrun.sh \ $(ABS_SRCDIR)/tests/testEnc.sh \ $(DEFAULT_CRYPTO) \ $(ABS_SRCDIR)/tests \ $(ABS_BUILDDIR)/$(TEST_APP) \ der \ ) memcheck-res: @grep -i 'ERROR SUMMARY' /tmp/xmlsec-test*/*.log | sed 's/.*==.*== *//' | sort -u @grep -i 'in use at exit' /tmp/xmlsec-test*/*.log | sed 's/.*==.*== *//' | sort -u @grep -i 'definitely lost:' /tmp/xmlsec-test*/*.log | sed 's/.*==.*== *//' | sort -u @grep -i 'indirectly lost:' /tmp/xmlsec-test*/*.log | sed 's/.*==.*== *//' | sort -u @grep -i 'possibly lost:' /tmp/xmlsec-test*/*.log | sed 's/.*==.*== *//' | sort -u @grep -i 'still reachable:' /tmp/xmlsec-test*/*.log | sed 's/.*==.*== *//' | sort -u @grep -i 'used_suppression:' /tmp/xmlsec-test*/*.log | sed 's/.*--.*-- *//' | sort -u memcheck: $(TEST_APP) @(export DEBUG_MEMORY=1 && $(MAKE) check && $(MAKE) memcheck-res) memcheck-crypto-%: $(TEST_APP) @(export DEBUG_MEMORY=1 && $(MAKE) check-crypto-$* && $(MAKE) memcheck-res) perfcheck: $(TEST_APP) @(export PERF_TEST=10 && $(MAKE) check) dist-hook: cleantar: @($(RM) -f xmlsec*.tar.gz COPYING.LIB) tar-release: clean cleantar @(unset CDPATH && $(MAKE) dist) rpm: cleantar tar-release @(unset CDPATH && rpmbuild -ta $(distdir).tar.gz) rpm-release: clean cleantar rpm xmlsec-1.3.9/NEWS000066400000000000000000000000551510147731500135220ustar00rootroot00000000000000See https://www.aleksey.com/xmlsec/news.html xmlsec-1.3.9/README.md000066400000000000000000000047151510147731500143110ustar00rootroot00000000000000# XMLSec Library XMLSec library provides C based implementation for major XML Security standards: - [XML Signature Syntax and Processing](https://www.w3.org/TR/xmldsig-core) - [XML Encryption Syntax and Processing](https://www.w3.org/TR/xmlenc-core/) Detailed information about supported features and algorithms can be found in the [XMLDsig](https://www.aleksey.com/xmlsec/xmldsig.html) and the [XMLEnc](https://www.aleksey.com/xmlsec/xmlenc.html) interoperability reports. ## Documentation Complete XMLSec library documentation is published on [XMLSec website](https://www.aleksey.com/xmlsec/). ## License XMLSec library is released under the MIT Licence (see the [Copyright file](Copyright)). ## Building and installing XMLSec ### Prerequisites XMLSec requires the following libraries: - [LibXML2](http://xmlsoft.org) - [LibXSLT](http://xmlsoft.org/XSLT/) And at least one of the following cryptographic libraries: - [OpenSSL](http://www.openssl.org) - [NSS](https://firefox-source-docs.mozilla.org/security/nss/index.html) - [GCrypt/GnuTLS](https://www.gnutls.org/) - MS Crypto API (Windows only) - MS Crypto API NG (Windows only) For example, the following packages need to be installed on Ubuntu to build XMLSec library: ``` # common build tools apt install automake autoconf libtool libtool-bin gcc # ltdl is required to support dynamic crypto libs loading apt install libltdl7 libltdl-dev # core libxml2 and libxslt libraries apt install libxml2 libxml2-dev libxslt1.1 libxslt1-dev # openssl libraries apt install openssl libssl3 libssl-dev # nspr/nss libraries apt install libnspr4 libnspr4-dev libnss3 libnss3-dev libnss3-tools # gnutls libraries apt install libgnutls30 # gnutls libraries apt install libgcrypt20 libgcrypt20-dev # required for building man pages and docs apt install help2man man2html gtk-doc-tools ``` ### Building XMLSec on Linux, Unix, MacOSX, MinGW, Cygwin, etc To build and install XMLSec library on Unix-like systems from a release tarball, run the following commands: ``` gunzip -c xmlsec1-.tar.gz | tar xvf - cd xmlsec1- ./configure [possible configure options] make make check make install ``` To see the configuration options, run: ``` ./configure --help ``` To build from GitHub, run the following commands: ``` git clone https://github.com/lsh123/xmlsec.git cd xmlsec ./autogen.sh [possible configure options] make make check make install ``` ### Building XMLSec on Windows See [win32/README.md](win32/README.md) for details. xmlsec-1.3.9/SECURITY.md000066400000000000000000000037271510147731500146250ustar00rootroot00000000000000# Security Policy ## Supported Versions The XMLSec library WILL provide security updates / fixes for the released versions for 5 years since [the day of the release](https://www.aleksey.com/xmlsec/news.html). After 5 years, the support MIGHT be provided on case-by-case basis. ### 1.3.x (master) | Component/Version | Version | Release date | Full Support | Security Support | | ------------------|-----------| -------------------|-----------------------|---------------------| | xmlsec-core | >= 1.3.0 | April 12, 2023 | :white_check_mark: | :white_check_mark: | | xmlsec-openssl | >= 1.3.0 | April 12, 2023 | :white_check_mark: | :white_check_mark: | | xmlsec-nss | >= 1.3.0 | April 12, 2023 | :white_check_mark: | :white_check_mark: | | xmlsec-gnutls | >= 1.3.0 | April 12, 2023 | :white_check_mark: | :white_check_mark: | | xmlsec-mscng | >= 1.3.0 | April 12, 2023 | :white_check_mark: | :white_check_mark: | | xmlsec-gcrypt | >= 1.3.0 | April 12, 2023 | :x: | :white_check_mark: | | xmlsec-mscrypto | >= 1.3.0 | April 12, 2023 | :x: | :white_check_mark: | ### 1.2.x (mainanance mode from April 2023, planned End-Of-Life in April 2028) | Component/Version | Version | Release date | Full Support | Security Support | | ------------------|-----------| -------------------|-----------------------|---------------------| | all | >= 1.2.38 | July 5, 2023 | :x: | :white_check_mark: | | all | < 1.2.38 | October 15, 2019 | :x: | :x: | ## Reporting a Vulnerability Please use [GitHub private vulnerability reporting tool](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability) to report any security issues or vulnerabilities. xmlsec-1.3.9/TODO000066400000000000000000000000541510147731500135120ustar00rootroot00000000000000See https://github.com/lsh123/xmlsec/issues xmlsec-1.3.9/apps/000077500000000000000000000000001510147731500137665ustar00rootroot00000000000000xmlsec-1.3.9/apps/Makefile.am000066400000000000000000000034131510147731500160230ustar00rootroot00000000000000NULL = bin_PROGRAMS = xmlsec1 xmlsec_unit_tests XMLSEC_LIBS = $(top_builddir)/src/libxmlsec1.la # check if we use dynamic loading for xmlsec-crypto or not if XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING CRYPTO_DEPS = \ $(top_builddir)/src/@XMLSEC_DEFAULT_CRYPTO@/lib$(XMLSEC_CRYPTO_LIB).la \ $(NULL) CRYPTO_INCLUDES = \ $(XMLSEC_CRYPTO_CFLAGS) \ $(NULL) CRYPTO_LD_FLAGS = \ $(NULL) CRYPTO_LD_ADD = \ $(XMLSEC_CRYPTO_LIBS) \ $(CRYPTO_DEPS) \ $(NULL) else CRYPTO_DEPS = \ $(NULL) CRYPTO_INCLUDES = \ -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1 $(NULL) CRYPTO_LD_FLAGS = \ $(NULL) CRYPTO_LD_ADD = \ $(CRYPTO_DEPS) \ $(NULL) endif AM_CFLAGS = \ -DPACKAGE=\"@PACKAGE@\" \ -I../include \ -I$(top_srcdir)/include \ $(XMLSEC_DEFINES) \ $(XMLSEC_APP_DEFINES) \ $(CRYPTO_INCLUDES) \ $(LIBXSLT_CFLAGS) \ $(LIBXML_CFLAGS) \ $(LIBLTDL_CFLAGS) \ $(NULL) # xmlsec command line utility xmlsec1_SOURCES = \ xmlsec.c \ crypto.c crypto.h \ cmdline.c cmdline.h \ $(NULL) xmlsec1_LDFLAGS = \ @XMLSEC_STATIC_BINARIES@ \ @XMLSEC_EXTRA_LDFLAGS@ \ $(CRYPTO_LD_FLAGS) \ $(NULL) xmlsec1_LDADD = \ $(LIBXSLT_LIBS) \ $(LIBXML_LIBS) \ $(CRYPTO_LD_ADD) \ $(XMLSEC_LIBS) \ $(LIBLTDL_LIBS) \ $(NULL) xmlsec1_DEPENDENCIES = \ $(CRYPTO_DEPS) \ $(XMLSEC_LIBS) \ $(NULL) # xmlsec unit tests xmlsec_unit_tests_SOURCES = \ unit_tests/base64_unit_tests.c \ unit_tests/x509_unit_tests.c \ unit_tests/xmlsec_unit_tests.h \ unit_tests/xmlsec_unit_tests.c \ $(NULL) xmlsec_unit_tests_LDFLAGS = \ @XMLSEC_STATIC_BINARIES@ \ @XMLSEC_EXTRA_LDFLAGS@ \ $(CRYPTO_LD_FLAGS) \ $(NULL) xmlsec_unit_tests_LDADD = \ $(LIBXSLT_LIBS) \ $(LIBXML_LIBS) \ $(CRYPTO_LD_ADD) \ $(XMLSEC_LIBS) \ $(LIBLTDL_LIBS) \ $(NULL) xmlsec_unit_tests_DEPENDENCIES = \ $(CRYPTO_DEPS) \ $(XMLSEC_LIBS) \ $(NULL) xmlsec-1.3.9/apps/cmdline.c000066400000000000000000000330271510147731500155520ustar00rootroot00000000000000/** * * XMLSec library * * * See Copyright for the status of this software. * * Copyright (C) 2002-2024 Aleksey Sanin . All Rights Reserved. */ #if defined(_MSC_VER) && _MSC_VER < 1900 #define snprintf _snprintf #endif #include #include #include #include #include #include #include "cmdline.h" static int xmlSecAppCmdLineMatchParam (const char* argvParam, const char* paramName, int canHaveNameString); static xmlSecAppCmdLineParamPtr xmlSecAppCmdLineParamsListFind (xmlSecAppCmdLineParamPtr* params, xmlSecAppCmdLineParamTopic topics, const char* name); static int xmlSecAppCmdLineParamRead (xmlSecAppCmdLineParamPtr param, const char** argv, int argc, int pos); static int xmlSecAppCmdLineTimeParamRead (const char* str, time_t* t, int is_gmt_time); #if defined(_MSC_VER) #define XMLSEC_SCANF sscanf_s #define XMLSEC_MKGMTIME _mkgmtime #else /* defined(_MSC_VER) */ #define XMLSEC_SCANF sscanf #define XMLSEC_MKGMTIME xmlSecAppGetGmtTime static time_t xmlSecAppGetGmtTime (struct tm* timeptr); #endif /* defined(_MSC_VER) */ int xmlSecAppCmdLineParamIsSet(xmlSecAppCmdLineParamPtr param) { return(((param != NULL) && (param->value != NULL)) ? 1 : 0); } const char* xmlSecAppCmdLineParamGetString(xmlSecAppCmdLineParamPtr param) { if(param->type != xmlSecAppCmdLineParamTypeString) { fprintf(stderr, "Error: parameter \"%s\" is not string.\n", param->fullName); return(NULL); } return((param->value != NULL) ? param->value->strValue : NULL); } const char* xmlSecAppCmdLineParamGetStringList(xmlSecAppCmdLineParamPtr param) { if(param->type != xmlSecAppCmdLineParamTypeStringList) { fprintf(stderr, "Error: parameter \"%s\" is not string list.\n", param->fullName); return(NULL); } return((param->value != NULL) ? param->value->strListValue : NULL); } int xmlSecAppCmdLineParamGetInt(xmlSecAppCmdLineParamPtr param, int def) { if(param->type != xmlSecAppCmdLineParamTypeNumber) { fprintf(stderr, "Error: parameter \"%s\" is not integer.\n", param->fullName); return(def); } return((param->value != NULL) ? param->value->intValue : def); } time_t xmlSecAppCmdLineParamGetTime(xmlSecAppCmdLineParamPtr param, time_t def) { if((param->type != xmlSecAppCmdLineParamTypeTime) && (param->type != xmlSecAppCmdLineParamTypeGmtTime)) { fprintf(stderr, "Error: parameter \"%s\" is not time.\n", param->fullName); return(def); } return((param->value != NULL) ? param->value->timeValue : def); } int xmlSecAppCmdLineParamsListParse(xmlSecAppCmdLineParamPtr* params, xmlSecAppCmdLineParamTopic topics, const char** argv, int argc, int pos) { xmlSecAppCmdLineParamPtr param; int ii; int ret; assert(params != NULL); assert(argv != NULL); while((pos < argc) && (argv[pos][0] == '-') && (strcmp(argv[pos], XMLSEC_STDOUT_FILENAME) != 0)) { param = xmlSecAppCmdLineParamsListFind(params, topics, argv[pos]); if(param == NULL) { fprintf(stderr, "Error: parameter \"%s\" is not supported or the requested\nfeature might have been disabled during compilation.\n", argv[pos]); return(-1); } ret = xmlSecAppCmdLineParamRead(param, argv, argc, pos); if(ret < pos) { fprintf(stderr, "Error: failed to parse parameter \"%s\".\n", argv[pos]); return(-1); } pos = ret + 1; } /* check that all parameters at the end are filenames */ for(ii = pos; (ii < argc); ++ii) { if((argv[ii][0] == '-') && (strcmp(argv[pos], XMLSEC_STDOUT_FILENAME) != 0)) { fprintf(stderr, "Error: filename is expected instead of parameter \"%s\".\n", argv[ii]); return(-1); } } /* done */ return(pos); } void xmlSecAppCmdLineParamsListClean(xmlSecAppCmdLineParamPtr* params) { xmlSecAppCmdLineValuePtr tmp; size_t i; assert(params != NULL); for(i = 0; params[i] != NULL; ++i) { while(params[i]->value != NULL) { tmp = params[i]->value; params[i]->value = params[i]->value->next; xmlSecAppCmdLineValueDestroy(tmp); } } } void xmlSecAppCmdLineParamsListPrint(xmlSecAppCmdLineParamPtr* params, xmlSecAppCmdLineParamTopic topics, FILE* output) { size_t i; assert(params != NULL); assert(output != NULL); for(i = 0; params[i] != NULL; ++i) { if(((params[i]->topics & topics) != 0) && (params[i]->help != NULL)) { fprintf(output, " %s\n", params[i]->help); } } } xmlSecAppCmdLineValuePtr xmlSecAppCmdLineValueCreate(xmlSecAppCmdLineParamPtr param, int pos) { xmlSecAppCmdLineValuePtr value; assert(param != NULL); value = (xmlSecAppCmdLineValuePtr) malloc(sizeof(xmlSecAppCmdLineValue)); if(value == NULL) { fprintf(stderr, "Error: malloc failed (" XMLSEC_SIZE_T_FMT " bytes).\n", sizeof(xmlSecAppCmdLineValue)); return(NULL); } memset(value, 0, sizeof(xmlSecAppCmdLineValue)); value->param = param; value->pos = pos; return(value); } void xmlSecAppCmdLineValueDestroy(xmlSecAppCmdLineValuePtr value) { assert(value != NULL); if(value->strListValue != NULL) { free((void*)value->strListValue); } free(value); } static int xmlSecAppCmdLineMatchParam(const char* argvParam, const char* paramName, int canHaveNameString) { assert(argvParam != NULL); assert(paramName != NULL); if(canHaveNameString != 0) { size_t len = strlen(paramName); if(strncmp(argvParam, paramName, len) != 0) { return(0); } if((argvParam[len] != '\0') && (argvParam[len] != ':')) { return(0); } return(1); } else if(strcmp(argvParam, paramName) == 0) { return(1); } return(0); } static xmlSecAppCmdLineParamPtr xmlSecAppCmdLineParamsListFind(xmlSecAppCmdLineParamPtr* params, xmlSecAppCmdLineParamTopic topics, const char* name) { size_t i; int canHaveNameString; assert(params != NULL); assert(name != NULL); for(i = 0; params[i] != NULL; ++i) { if((params[i]->topics & topics) == 0) { continue; } canHaveNameString = ((params[i]->flags & xmlSecAppCmdLineParamFlagParamNameValue) != 0) ? 1 : 0; if(params[i]->fullName != NULL) { if(xmlSecAppCmdLineMatchParam(name, params[i]->fullName, canHaveNameString) == 1) { return(params[i]); } } if(params[i]->shortName != NULL) { if(xmlSecAppCmdLineMatchParam(name, params[i]->shortName, canHaveNameString) == 1) { return(params[i]); } } } return(NULL); } static int xmlSecAppCmdLineParamRead(xmlSecAppCmdLineParamPtr param, const char** argv, int argc, int pos) { xmlSecAppCmdLineValuePtr value; xmlSecAppCmdLineValuePtr prev = NULL; char* buf; assert(param != NULL); assert(argv != NULL); assert(pos < argc); /* first find the previous value in the list */ if((param->flags & xmlSecAppCmdLineParamFlagMultipleValues) != 0) { prev = param->value; while((prev != NULL) && (prev->next != NULL)) { prev = prev->next; } } else if(param->value != NULL) { fprintf(stderr, "Error: only one parameter \"%s\" is allowed.\n", argv[pos]); return(-1); } /* create new value and add to the list */ value = xmlSecAppCmdLineValueCreate(param, pos); if(value == NULL) { fprintf(stderr, "Error: failed to create value for parameter \"%s\".\n", argv[pos]); return(-1); } if(prev != NULL) { assert(prev->next == NULL); prev->next = value; } else { param->value = value; } /* if we can have a string value after the name, parse it */ if((param->flags & xmlSecAppCmdLineParamFlagParamNameValue) != 0) { value->paramNameValue = strchr(argv[pos], ':'); if(value->paramNameValue != NULL) { ++value->paramNameValue; } } switch(param->type) { case xmlSecAppCmdLineParamTypeFlag: /* do nothing */ break; case xmlSecAppCmdLineParamTypeString: if(pos + 1 >= argc) { fprintf(stderr, "Error: string argument expected for parameter \"%s\".\n", argv[pos]); return(-1); } value->strValue = argv[++pos]; break; case xmlSecAppCmdLineParamTypeStringList: if(pos + 1 >= argc) { fprintf(stderr, "Error: string list argument expected for parameter \"%s\".\n", argv[pos]); return(-1); } value->strValue = argv[++pos]; buf = (char*)malloc(strlen(value->strValue) + 2); if(buf == NULL) { fprintf(stderr, "Error: failed to allocate memory (" XMLSEC_SIZE_T_FMT " bytes).\n", strlen(value->strValue) + 2); return(-1); } memset(buf, 0, strlen(value->strValue) + 2); memcpy(buf, value->strValue, strlen(value->strValue)); value->strListValue = buf; while((*buf) != '\0') { if((*buf) == ',') { (*buf) = '\0'; } ++buf; } break; case xmlSecAppCmdLineParamTypeNumber: if(pos + 1 >= argc) { fprintf(stderr, "Error: integer argument expected for parameter \"%s\".\n", argv[pos]); return(-1); } value->strValue = argv[++pos]; if(XMLSEC_SCANF(value->strValue, "%d", &(value->intValue)) != 1) { fprintf(stderr, "Error: integer argument \"%s\" is invalid.\n", value->strValue); return(-1); } break; case xmlSecAppCmdLineParamTypeTime: if(pos + 1 >= argc) { fprintf(stderr, "Error: time argument expected for parameter \"%s\".\n", argv[pos]); return(-1); } value->strValue = argv[++pos]; if(xmlSecAppCmdLineTimeParamRead(value->strValue, &(value->timeValue), 0) < 0) { fprintf(stderr, "Error: time argument \"%s\" is invalid, expected format is \"YYYY-MM-DD HH:MM:SS\").\n", value->strValue); return(-1); } break; case xmlSecAppCmdLineParamTypeGmtTime: if(pos + 1 >= argc) { fprintf(stderr, "Error: gmt time argument expected for parameter \"%s\".\n", argv[pos]); return(-1); } value->strValue = argv[++pos]; if(xmlSecAppCmdLineTimeParamRead(value->strValue, &(value->timeValue), 1) < 0) { fprintf(stderr, "Error: gmt time argument \"%s\" is invalid, expected format is \"YYYY-MM-DD HH:MM:SS\").\n", value->strValue); return(-1); } break; } return(pos); } #if !defined(_MSC_VER) static time_t xmlSecAppGetGmtTime(struct tm* timeptr) { time_t t1, t2; struct tm * tm1; if(timeptr == NULL) { return(0); } /* t1 is gmt time "mapped" to localtime as-is */ t1 = mktime(timeptr); if(t1 == -1) { fprintf(stderr, "Error: mktime(timeptr) failed"); return(0); } tm1 = gmtime(&t1); if(tm1 == NULL) { fprintf(stderr, "Error: gmtime() failed for time=%lld.\n", (long long)t1); return(0); } /* t2 is "mapped" gmt time converted to gmt */ t2 = mktime(tm1); if(t2 == -1) { fprintf(stderr, "Error: mktime(tm1) failed"); return(0); } /* shift t1 back by the (t2 - t1) delta */ return(t1 - (t2 - t1)); } #endif /* !defined(_MSC_VER) */ static int xmlSecAppCmdLineTimeParamRead(const char* str, time_t* t, int is_gmt_time) { struct tm tm; int n; if((str == NULL) || (t == NULL)) { return(-1); } memset(&tm, 0, sizeof(tm)); tm.tm_isdst = -1; n = XMLSEC_SCANF(str, "%4d-%2d-%2d%*c%2d:%2d:%2d", &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec); if(n != 6) { return(-1); } if((tm.tm_year < 1900) || (tm.tm_mon < 1) || (tm.tm_mon > 12) || (tm.tm_mday < 1) || (tm.tm_mday > 31) || (tm.tm_hour < 0) || (tm.tm_hour > 23) || (tm.tm_min < 0) || (tm.tm_min > 59) || (tm.tm_sec < 0) || (tm.tm_sec > 61)) { return(-1); } tm.tm_year -= 1900; /* tm relative format year */ tm.tm_mon -= 1; /* tm relative format month */ if(is_gmt_time != 0) { (*t) = XMLSEC_MKGMTIME(&tm); } else { (*t) = mktime(&tm); } return(0); } xmlsec-1.3.9/apps/cmdline.h000066400000000000000000000070021510147731500155510ustar00rootroot00000000000000/** * XMLSec library * * Command line parsing routines * * See Copyright for the status of this software. * * Copyright (C) 2002-2024 Aleksey Sanin . All Rights Reserved. */ #ifndef __XMLSEC_APPS_CMDLINE_H__ #define __XMLSEC_APPS_CMDLINE_H__ #include #ifdef __cplusplus extern "C" { #endif /* __cplusplus */ typedef struct _xmlSecAppCmdLineParam xmlSecAppCmdLineParam, *xmlSecAppCmdLineParamPtr; typedef struct _xmlSecAppCmdLineValue xmlSecAppCmdLineValue, *xmlSecAppCmdLineValuePtr; typedef unsigned int xmlSecAppCmdLineParamTopic; #define xmlSecAppCmdLineParamFlagNone 0x0000 #define xmlSecAppCmdLineParamFlagParamNameValue 0x0001 #define xmlSecAppCmdLineParamFlagMultipleValues 0x0002 #define XMLSEC_STDOUT_FILENAME "-" typedef enum { xmlSecAppCmdLineParamTypeFlag, xmlSecAppCmdLineParamTypeString, xmlSecAppCmdLineParamTypeStringList, xmlSecAppCmdLineParamTypeNumber, xmlSecAppCmdLineParamTypeTime, xmlSecAppCmdLineParamTypeGmtTime } xmlSecAppCmdLineParamType; struct _xmlSecAppCmdLineParam { xmlSecAppCmdLineParamTopic topics; const char* fullName; const char* shortName; const char* help; xmlSecAppCmdLineParamType type; int flags; xmlSecAppCmdLineValuePtr value; }; int xmlSecAppCmdLineParamIsSet (xmlSecAppCmdLineParamPtr param); const char* xmlSecAppCmdLineParamGetString (xmlSecAppCmdLineParamPtr param); const char* xmlSecAppCmdLineParamGetStringList (xmlSecAppCmdLineParamPtr param); int xmlSecAppCmdLineParamGetInt (xmlSecAppCmdLineParamPtr param, int def); time_t xmlSecAppCmdLineParamGetTime (xmlSecAppCmdLineParamPtr param, time_t def); int xmlSecAppCmdLineParamsListParse (xmlSecAppCmdLineParamPtr* params, xmlSecAppCmdLineParamTopic topics, const char** argv, int argc, int pos); void xmlSecAppCmdLineParamsListClean (xmlSecAppCmdLineParamPtr* params); void xmlSecAppCmdLineParamsListPrint (xmlSecAppCmdLineParamPtr* params, xmlSecAppCmdLineParamTopic topic, FILE* output); struct _xmlSecAppCmdLineValue { xmlSecAppCmdLineParamPtr param; int pos; const char* paramNameValue; const char* strValue; const char* strListValue; int intValue; time_t timeValue; xmlSecAppCmdLineValuePtr next; }; xmlSecAppCmdLineValuePtr xmlSecAppCmdLineValueCreate (xmlSecAppCmdLineParamPtr param, int pos); void xmlSecAppCmdLineValueDestroy (xmlSecAppCmdLineValuePtr value); #ifdef __cplusplus } #endif /* __cplusplus */ #endif /* __XMLSEC_APPS_CMDLINE_H__ */ xmlsec-1.3.9/apps/crypto.c000066400000000000000000000332721510147731500154610ustar00rootroot00000000000000/** * * XMLSec library * * * See Copyright for the status of this software. * * Copyright (C) 2002-2024 Aleksey Sanin . All Rights Reserved. */ #if defined(_MSC_VER) && _MSC_VER < 1900 #define snprintf _snprintf #endif #include #include #include #include #include #include #include "crypto.h" #ifndef UNREFERENCED_PARAMETER #define UNREFERENCED_PARAMETER(param) ((void)(param)) #endif /* UNREFERENCED_PARAMETER */ int xmlSecAppCryptoInit(const char* config) { if(xmlSecCryptoAppInit(config) < 0) { fprintf(stderr, "Error: xmlSecCryptoAppInit failed\n"); return(-1); } if(xmlSecCryptoInit() < 0) { fprintf(stderr, "Error: xmlSecCryptoInit failed\n"); return(-1); } return(0); } int xmlSecAppCryptoShutdown(void) { if(xmlSecCryptoShutdown() < 0) { fprintf(stderr, "Error: xmlSecCryptoShutdown failed\n"); return(-1); } if(xmlSecCryptoAppShutdown() < 0) { fprintf(stderr, "Error: xmlSecCryptoAppShutdown failed\n"); return(-1); } return(0); } int xmlSecAppCryptoSimpleKeysMngrInit(xmlSecKeysMngrPtr mngr) { xmlSecAssert2(mngr != NULL, -1); return(xmlSecCryptoAppDefaultKeysMngrInit(mngr)); } int xmlSecAppCryptoSimpleKeysMngrLoad(xmlSecKeysMngrPtr mngr, const char *filename) { xmlSecAssert2(mngr != NULL, -1); xmlSecAssert2(filename != NULL, -1); return(xmlSecCryptoAppDefaultKeysMngrLoad(mngr, filename)); } int xmlSecAppCryptoSimpleKeysMngrSave(xmlSecKeysMngrPtr mngr, const char *filename, xmlSecKeyDataType type) { xmlSecAssert2(mngr != NULL, -1); xmlSecAssert2(filename != NULL, -1); return(xmlSecCryptoAppDefaultKeysMngrSave(mngr, filename, type)); } int xmlSecAppCryptoSimpleKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename, xmlSecKeyDataFormat format, xmlSecKeyDataType type) { xmlSecAssert2(mngr != NULL, -1); xmlSecAssert2(filename != NULL, -1); #ifndef XMLSEC_NO_X509 return(xmlSecCryptoAppKeysMngrCertLoad(mngr, filename, format, type)); #else /* XMLSEC_NO_X509 */ UNREFERENCED_PARAMETER(format); UNREFERENCED_PARAMETER(type); fprintf(stderr, "Error: X509 support is disabled\n"); return(-1); #endif /* XMLSEC_NO_X509 */ } int xmlSecAppCryptoSimpleKeysMngrCrlLoad(xmlSecKeysMngrPtr mngr, const char *filename, xmlSecKeyDataFormat format) { xmlSecAssert2(mngr != NULL, -1); xmlSecAssert2(filename != NULL, -1); #ifndef XMLSEC_NO_X509 return(xmlSecCryptoAppKeysMngrCrlLoad(mngr, filename, format)); #else /* XMLSEC_NO_X509 */ UNREFERENCED_PARAMETER(format); fprintf(stderr, "Error: X509 support is disabled\n"); return(-1); #endif /* XMLSEC_NO_X509 */ } int xmlSecAppCryptoSimpleKeysMngrKeyAndCertsLoad(xmlSecKeysMngrPtr mngr, const char* files, const char* pwd, const char* name, xmlSecKeyDataType type, xmlSecKeyDataFormat format, xmlSecKeyInfoCtxPtr keyInfoCtx, int verifyKey ) { const char* cert_file; xmlSecKeyPtr key; int ret; xmlSecAssert2(mngr != NULL, -1); xmlSecAssert2(files != NULL, -1); xmlSecAssert2(keyInfoCtx != NULL, -1); /* first is the key file */ key = xmlSecCryptoAppKeyLoadEx(files, type, format, pwd, xmlSecCryptoAppGetDefaultPwdCallback(), (void*)files); if(key == NULL) { fprintf(stderr, "Error: xmlSecCryptoAppKeyLoadEx failed: file=%s\n", xmlSecErrorsSafeString(files)); return(-1); } if(name != NULL) { ret = xmlSecKeySetName(key, BAD_CAST name); if(ret < 0) { fprintf(stderr, "Error: xmlSecKeySetName failed: name=%s\n", xmlSecErrorsSafeString(name)); xmlSecKeyDestroy(key); return(-1); } } #ifndef XMLSEC_NO_X509 for(cert_file = files + strlen(files) + 1; (cert_file[0] != '\0'); cert_file += strlen(cert_file) + 1) { ret = xmlSecCryptoAppKeyCertLoad(key, cert_file, format); if(ret < 0) { fprintf(stderr, "Error: xmlSecCryptoAppKeyCertLoad failed: file=%s\n", xmlSecErrorsSafeString(cert_file)); xmlSecKeyDestroy(key); return(-1); } } #else /* XMLSEC_NO_X509 */ cert_file = files + strlen(files) + 1; if(cert_file[0] != '\0') { fprintf(stderr, "Error: X509 support is disabled\n"); return(-1); } #endif /* XMLSEC_NO_X509 */ if(verifyKey != 0) { ret = xmlSecCryptoAppDefaultKeysMngrVerifyKey(mngr, key, keyInfoCtx); if(ret < 0) { fprintf(stderr, "Error: xmlSecCryptoAppDefaultKeysMngrVerifyKey failed: filename='%s'\n", xmlSecErrorsSafeString(files)); xmlSecKeyDestroy(key); return(-1); } else if(ret != 1) { fprintf(stderr, "Error: key cannot be verified: filename='%s'\n", xmlSecErrorsSafeString(files)); xmlSecKeyDestroy(key); return(-1); } } ret = xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key); if(ret < 0) { fprintf(stderr, "Error: xmlSecCryptoAppDefaultKeysMngrAdoptKey failed\n"); xmlSecKeyDestroy(key); return(-1); } return(0); } int xmlSecAppCryptoSimpleKeysMngrEngineKeyAndCertsLoad(xmlSecKeysMngrPtr mngr, const char* engineAndKeyId, const char* certFiles, const char* pwd, const char* name, xmlSecKeyDataType type, xmlSecKeyDataFormat keyFormat, xmlSecKeyDataFormat certFormat, xmlSecKeyInfoCtxPtr keyInfoCtx, int verifyKey ) { xmlSecKeyPtr key; int ret; xmlSecAssert2(mngr != NULL, -1); xmlSecAssert2(engineAndKeyId != NULL, -1); xmlSecAssert2(certFiles != NULL, -1); xmlSecAssert2(keyInfoCtx != NULL, -1); /* load key */ key = xmlSecCryptoAppKeyLoadEx(engineAndKeyId, type, keyFormat, pwd, xmlSecCryptoAppGetDefaultPwdCallback(), (void*)engineAndKeyId); if(key == NULL) { fprintf(stderr, "Error: xmlSecCryptoAppKeyLoadEx failed: engineAndKeyId=%s\n", xmlSecErrorsSafeString(engineAndKeyId)); return(-1); } if(name != NULL) { ret = xmlSecKeySetName(key, BAD_CAST name); if(ret < 0) { fprintf(stderr, "Error: xmlSecKeySetName failed: name=%s\n", xmlSecErrorsSafeString(name)); xmlSecKeyDestroy(key); return(-1); } } /* load certs (if any) */ #ifndef XMLSEC_NO_X509 for(const char *file = certFiles; (file[0] != '\0'); file += strlen(file) + 1) { ret = xmlSecCryptoAppKeyCertLoad(key, file, certFormat); if(ret < 0) { fprintf(stderr, "Error: xmlSecCryptoAppKeyCertLoad failed: file=%s\n", xmlSecErrorsSafeString(file)); xmlSecKeyDestroy(key); return(-1); } } #else /* XMLSEC_NO_X509 */ UNREFERENCED_PARAMETER(certFormat); if(certFiles[0] != '\0') { fprintf(stderr, "Error: X509 support is disabled\n"); xmlSecKeyDestroy(key); return(-1); } #endif /* XMLSEC_NO_X509 */ if(verifyKey != 0) { ret = xmlSecCryptoAppDefaultKeysMngrVerifyKey(mngr, key, keyInfoCtx); if(ret < 0) { fprintf(stderr, "Error: xmlSecCryptoAppDefaultKeysMngrVerifyKey failed: engineAndKeyId='%s'\n", xmlSecErrorsSafeString(engineAndKeyId)); xmlSecKeyDestroy(key); return(-1); } else if(ret != 1) { fprintf(stderr, "Error: key cannot be verified: engineAndKeyId='%s'\n", xmlSecErrorsSafeString(engineAndKeyId)); xmlSecKeyDestroy(key); return(-1); } } /* add key to KM */ ret = xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key); if(ret < 0) { fprintf(stderr, "Error: xmlSecCryptoAppDefaultKeysMngrAdoptKey failed\n"); xmlSecKeyDestroy(key); return(-1); } return(0); } int xmlSecAppCryptoSimpleKeysMngrPkcs12KeyLoad(xmlSecKeysMngrPtr mngr, const char *filename, const char* pwd, const char *name, xmlSecKeyInfoCtxPtr keyInfoCtx, int verifyKey ) { #ifndef XMLSEC_NO_X509 xmlSecKeyPtr key; int ret; xmlSecAssert2(mngr != NULL, -1); xmlSecAssert2(filename != NULL, -1); xmlSecAssert2(keyInfoCtx != NULL, -1); key = xmlSecCryptoAppKeyLoadEx(filename, xmlSecKeyDataTypePrivate, xmlSecKeyDataFormatPkcs12, pwd, xmlSecCryptoAppGetDefaultPwdCallback(), (void*)filename); if(key == NULL) { fprintf(stderr, "Error: xmlSecCryptoAppKeyLoadEx failed: filename='%s'\n", xmlSecErrorsSafeString(filename)); return(-1); } if(name != NULL) { ret = xmlSecKeySetName(key, BAD_CAST name); if(ret < 0) { fprintf(stderr, "Error: xmlSecKeySetName failed: name='%s'\n", xmlSecErrorsSafeString(name)); xmlSecKeyDestroy(key); return(-1); } } if(verifyKey != 0) { ret = xmlSecCryptoAppDefaultKeysMngrVerifyKey(mngr, key, keyInfoCtx); if(ret < 0) { fprintf(stderr, "Error: xmlSecCryptoAppDefaultKeysMngrVerifyKey failed: filename='%s'\n", xmlSecErrorsSafeString(filename)); xmlSecKeyDestroy(key); return(-1); } else if(ret != 1) { fprintf(stderr, "Error: key cannot be verified: filename='%s'\n", xmlSecErrorsSafeString(filename)); xmlSecKeyDestroy(key); return(-1); } } ret = xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key); if(ret < 0) { fprintf(stderr, "Error: xmlSecCryptoAppDefaultKeysMngrAdoptKey failed\n"); xmlSecKeyDestroy(key); return(-1); } return(0); #else /* XMLSEC_NO_X509 */ xmlSecAssert2(mngr != NULL, -1); xmlSecAssert2(filename != NULL, -1); xmlSecAssert2(keyInfoCtx != NULL, -1); UNREFERENCED_PARAMETER(pwd); UNREFERENCED_PARAMETER(name); UNREFERENCED_PARAMETER(verifyKey); fprintf(stderr, "Error: X509 support is disabled\n"); return(-1); #endif /* XMLSEC_NO_X509 */ } int xmlSecAppCryptoSimpleKeysMngrBinaryKeyLoad(xmlSecKeysMngrPtr mngr, const char* keyKlass, const char *filename, const char *name) { xmlSecKeyPtr key; xmlSecKeyDataId dataId; int ret; xmlSecAssert2(mngr != NULL, -1); xmlSecAssert2(keyKlass != NULL, -1); xmlSecAssert2(filename != NULL, -1); /* find requested data */ dataId = xmlSecKeyDataIdListFindByName(xmlSecKeyDataIdsGet(), BAD_CAST keyKlass, xmlSecKeyDataUsageReadFromFile); if(dataId == xmlSecKeyDataIdUnknown) { fprintf(stderr, "Error: xmlSecKeyDataIdListFindByName failed keyKlass=%s\n", xmlSecErrorsSafeString(keyKlass)); return(-1); } key = xmlSecKeyReadBinaryFile(dataId, filename); if(key == NULL) { fprintf(stderr, "Error: xmlSecKeyReadBinaryFile failed filename=%s\n", xmlSecErrorsSafeString(filename)); return(-1); } ret = xmlSecKeySetName(key, BAD_CAST name); if(ret < 0) { fprintf(stderr, "Error: xmlSecKeySetName failed: name=%s\n", xmlSecErrorsSafeString(name)); xmlSecKeyDestroy(key); return(-1); } /* finally add it to keys manager */ ret = xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key); if(ret < 0) { fprintf(stderr, "Error: xmlSecCryptoAppDefaultKeysMngrAdoptKey failed\n"); xmlSecKeyDestroy(key); return(-1); } return(0); } int xmlSecAppCryptoSimpleKeysMngrKeyGenerate(xmlSecKeysMngrPtr mngr, const char* keyKlassAndSize, const char* name) { xmlSecKeyPtr key; int ret; xmlSecAssert2(mngr != NULL, -1); xmlSecAssert2(keyKlassAndSize != NULL, -1); key = xmlSecAppCryptoKeyGenerate(keyKlassAndSize, name, xmlSecKeyDataTypePermanent); if(key == NULL) { fprintf(stderr, "Error: xmlSecAppCryptoSimpleKeysMngrKeyGenerate failed: name=%s\n", xmlSecErrorsSafeString(name)); return(-1); } ret = xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key); if(ret < 0) { fprintf(stderr, "Error: xmlSecCryptoAppDefaultKeysMngrAdoptKey failed\n"); xmlSecKeyDestroy(key); return(-1); } return(0); } xmlSecKeyPtr xmlSecAppCryptoKeyGenerate(const char* keyKlassAndSize, const char* name, xmlSecKeyDataType type) { xmlSecKeyPtr key; char* buf; char* p; int size; int ret; xmlSecAssert2(keyKlassAndSize != NULL, NULL); buf = (char*) xmlStrdup(BAD_CAST keyKlassAndSize); if(buf == NULL) { fprintf(stderr, "Error: xmlSecStrdupError(keyKlassAndSize) failed\n"); return(NULL); } /* separate key klass and size */ p = strchr(buf, '-'); if(p == NULL) { fprintf(stderr, "Error: key size is not specified in the key definition \"%s\"\n", xmlSecErrorsSafeString(buf)); xmlFree(buf); return(NULL); } *(p++) = '\0'; size = atoi(p); if(size <= 0) { fprintf(stderr, "Error: key size should be greater than zero \"%s\"\n", xmlSecErrorsSafeString(buf)); xmlFree(buf); return(NULL); } key = xmlSecKeyGenerateByName(BAD_CAST buf, (xmlSecSize)size, type); if(key == NULL) { fprintf(stderr, "Error: xmlSecKeyGenerateByName() failed: name=%s;size=%d;type=%u\n", xmlSecErrorsSafeString(buf), size, type); xmlFree(buf); return(NULL); } ret = xmlSecKeySetName(key, BAD_CAST name); if(ret < 0) { fprintf(stderr, "Error: xmlSecKeySetName failed: name=%s\n", xmlSecErrorsSafeString(name)); xmlSecKeyDestroy(key); xmlFree(buf); return(NULL); } xmlFree(buf); return(key); } xmlsec-1.3.9/apps/crypto.h000066400000000000000000000116661510147731500154710ustar00rootroot00000000000000/** * XMLSec library * * * See Copyright for the status of this software. * * Copyright (C) 2002-2024 Aleksey Sanin . All Rights Reserved. */ #ifndef __XMLSEC_APPS_CRYPTO_H__ #define __XMLSEC_APPS_CRYPTO_H__ #include #include #include #include #include #include #ifdef __cplusplus extern "C" { #endif /* __cplusplus */ int xmlSecAppCryptoInit (const char* config); int xmlSecAppCryptoShutdown (void); xmlSecKeyPtr xmlSecAppCryptoKeyGenerate (const char* keyKlassAndSize, const char* name, xmlSecKeyDataType type); /***************************************************************************** * * Simple keys manager * ****************************************************************************/ int xmlSecAppCryptoSimpleKeysMngrInit (xmlSecKeysMngrPtr mngr); int xmlSecAppCryptoSimpleKeysMngrLoad (xmlSecKeysMngrPtr mngr, const char* filename); int xmlSecAppCryptoSimpleKeysMngrSave (xmlSecKeysMngrPtr mngr, const char* filename, xmlSecKeyDataType type); int xmlSecAppCryptoSimpleKeysMngrCertLoad (xmlSecKeysMngrPtr mngr, const char* filename, xmlSecKeyDataFormat format, xmlSecKeyDataType type); int xmlSecAppCryptoSimpleKeysMngrCrlLoad (xmlSecKeysMngrPtr mngr, const char* filename, xmlSecKeyDataFormat format); int xmlSecAppCryptoSimpleKeysMngrKeyAndCertsLoad (xmlSecKeysMngrPtr mngr, const char* files, const char* pwd, const char* name, xmlSecKeyDataType type, xmlSecKeyDataFormat format, xmlSecKeyInfoCtxPtr keyInfoCtx, int verifyKey); int xmlSecAppCryptoSimpleKeysMngrEngineKeyAndCertsLoad (xmlSecKeysMngrPtr mngr, const char* engineAndKeyId, const char* certFiles, const char* pwd, const char* name, xmlSecKeyDataType type, xmlSecKeyDataFormat keyFormat, xmlSecKeyDataFormat certFormat, xmlSecKeyInfoCtxPtr keyInfoCtx, int verifyKey); int xmlSecAppCryptoSimpleKeysMngrPkcs12KeyLoad (xmlSecKeysMngrPtr mngr, const char* filename, const char* pwd, const char* name, xmlSecKeyInfoCtxPtr keyInfoCtx, int verifyKey); int xmlSecAppCryptoSimpleKeysMngrBinaryKeyLoad (xmlSecKeysMngrPtr mngr, const char* keyKlass, const char* filename, const char* name); int xmlSecAppCryptoSimpleKeysMngrKeyGenerate (xmlSecKeysMngrPtr mngr, const char* keyKlassAndSize, const char* name); #ifdef __cplusplus } #endif /* __cplusplus */ #endif /* __XMLSEC_APPS_CRYPTO_H__ */ xmlsec-1.3.9/apps/unit_tests/000077500000000000000000000000001510147731500161675ustar00rootroot00000000000000xmlsec-1.3.9/apps/unit_tests/base64_unit_tests.c000066400000000000000000000074551510147731500217130ustar00rootroot00000000000000/** * XML Security Library (http://www.aleksey.com/xmlsec). * * base64 util unit tests * * See Copyright for the status of this software. * * Copyright (C) 2002-2024 Aleksey Sanin . All Rights Reserved. */ #include #include #include #include /* must be included before any other xmlsec header */ #include "xmlsec_unit_tests.h" #include /* XMLSEC_EXPORT xmlChar* xmlSecBase64Encode (const xmlSecByte* in, xmlSecSize inSize, int columns); XMLSEC_EXPORT int xmlSecBase64Decode_ex (const xmlChar* str, xmlSecByte* out, xmlSecSize outSize, xmlSecSize* outWritten); */ static void test_base64_success( const char * name, const char * str, int columns, const char * expected ) { xmlSecByte decoded[256]; xmlSecSize decodedSize = 0; xmlChar * encoded; int ret; xmlSecAssert(name != NULL); xmlSecAssert(str != NULL); testStart(name); ret = xmlSecBase64Decode_ex(BAD_CAST str, decoded, sizeof(decoded), &decodedSize); if(ret < 0) { fprintf(stderr, "Error: base64 decode failed for '%s'\n", str); testFinishedFailure(); return; } encoded = xmlSecBase64Encode(decoded, decodedSize, columns); if(encoded == NULL) { fprintf(stderr, "Error: base64 encode failed for '%s'\n", str); testFinishedFailure(); return; } /* check results */ if(xmlStrcmp(encoded, (expected != NULL) ? BAD_CAST expected: BAD_CAST str) != 0) { fprintf(stderr, "Error: base64 encode returned in='%s' (expected: '%s')\n", (const char*)encoded, (expected != NULL) ? expected : str); testFinishedFailure(); return; } /* DONE */ testFinishedSuccess(); } static void test_base64_failure( const char * name, const char * str ) { xmlSecByte decoded[16]; xmlSecSize decodedSize = 0; int ret; xmlSecAssert(name != NULL); testStart(name); ret = xmlSecBase64Decode_ex(BAD_CAST str, decoded, sizeof(decoded), &decodedSize); if(ret >= 0) { fprintf(stderr, "Error: base64 decode expected to fail for '%s'\n", (str != NULL) ? str : "NULL"); testFinishedFailure(); return; } /* DONE */ testFinishedSuccess(); } int test_base64(void) { /* start */ testGroupStart("base64"); /* positive tests */ test_base64_success("check 1 char", "Rg==", 0, NULL); test_base64_success("check 2 chars", "Rm8=", 0, NULL); test_base64_success("check 3 chars", "Rm9v", 0, NULL); test_base64_success("check 4 chars", "Rm9vQg==", 0, NULL); test_base64_success("check 5 chars", "Rm9vQmE=", 0, NULL); test_base64_success("check 6 chars", "Rm9vQmFy", 0, NULL); test_base64_success("check multiline", "Rm9vQmFyIE\nZvb0JhciBG\nb29CYXI=", 10, NULL); test_base64_success("check multiline with space characters", "Rm9vQmFyIE\n Zvb0JhciBG\n b29CYXI=", 10, "Rm9vQmFyIE\nZvb0JhciBG\nb29CYXI="); /* negative tests */ test_base64_failure("check NULL", NULL); test_base64_failure("check missing both '='", "Rg"); test_base64_failure("check missing second '='", "Rg="); test_base64_failure("check missing first '='", "Rm8"); test_base64_failure("check output buffer too small", "Rm9vQmFyIEZvb0JhciBGb29CYXIgRm9vQmFyIEZvb0JhciBGb29CYXIgRm9vQmFyIEZvb0JhciBGb29CYXIgRm9vQmFyIA=="); test_base64_failure("check non base64 chars", "Rm9v;g=="); /* done */ return (testGroupFinished()); } xmlsec-1.3.9/apps/unit_tests/x509_unit_tests.c000066400000000000000000000431471510147731500213320ustar00rootroot00000000000000/** * XML Security Library (http://www.aleksey.com/xmlsec). * * x509 utils unit tests * * See Copyright for the status of this software. * * Copyright (C) 2002-2024 Aleksey Sanin . All Rights Reserved. */ #include #include #include #include /* must be included before any other xmlsec header */ #include "xmlsec_unit_tests.h" #include "../src/x509_helpers.h" /*********************************** test_xmlSecX509EscapedStringRead ***********************************/ static void test_xmlSecX509EscapedStringRead_success( const char * name, const char * str, const char delim, int ingoreTrailingSpaces, const char* expectedIn, const char* expectedOut ) { const xmlChar *inStr; xmlSecSize size, inSize; int len; xmlChar out[256]; xmlSecSize outSize; int ret; xmlSecAssert(name != NULL); xmlSecAssert(str != NULL); testStart(name); len = xmlStrlen(BAD_CAST str); XMLSEC_SAFE_CAST_INT_TO_SIZE(len, size, return, NULL); inStr = BAD_CAST str; inSize = size; outSize = 0; ret = xmlSecX509EscapedStringRead(&inStr, &inSize, out, sizeof(out) - 1, &outSize, (xmlChar)delim, ingoreTrailingSpaces); if(ret < 0) { fprintf(stderr, "Error: xmlSecX509EscapedStringRead failed for '%s'\n", str); testFinishedFailure(); return; } out[outSize] = '\0'; /* check results */ if(xmlStrcmp(inStr, BAD_CAST expectedIn) != 0) { fprintf(stderr, "Error: xmlSecX509EscapedStringRead returned in='%s' (expected: '%s')\n", (const char*)inStr, expectedIn); testFinishedFailure(); return; } if(xmlStrcmp(out, BAD_CAST expectedOut) != 0) { fprintf(stderr, "Error: xmlSecX509EscapedStringRead returned out='%s' (expected: '%s')\n", (const char*)out, expectedOut); testFinishedFailure(); return; } /* DONE */ testFinishedSuccess(); } static void test_xmlSecX509EscapedStringRead_failure( const char * name, const char * str, const char delim, int ingoreTrailingSpaces ) { const xmlChar *inStr; xmlSecSize size, inSize; int len; xmlChar out[16]; xmlSecSize outSize; int ret; xmlSecAssert(name != NULL); testStart(name); len = xmlStrlen(BAD_CAST str); XMLSEC_SAFE_CAST_INT_TO_SIZE(len, size, return, NULL); inStr = BAD_CAST str; inSize = size; outSize = 0; ret = xmlSecX509EscapedStringRead(&inStr, &inSize, out, sizeof(out) - 1, &outSize, (xmlChar)delim, ingoreTrailingSpaces); if(ret >= 0) { fprintf(stderr, "Error: xmlSecX509EscapedStringRead expected to fail for '%s'\n", (str != NULL) ? str : "NULL"); testFinishedFailure(); return; } /* DONE */ testFinishedSuccess(); } int test_xmlSecX509EscapedStringRead(void) { /* start */ testGroupStart("xmlSecX509EscapedStringRead"); /* positive tests */ test_xmlSecX509EscapedStringRead_success("check empty string", "=", '=', 0, "=", ""); test_xmlSecX509EscapedStringRead_success("check end of line with trailing spaces", "Foo Bar ", '=', 0, "", "Foo Bar "); test_xmlSecX509EscapedStringRead_success("check end of line without trailing spaces", "Foo Bar ", '=', 1, "", "Foo Bar"); test_xmlSecX509EscapedStringRead_success("check with trailing spaces", "Foo Bar =Value", '=', 0, "=Value", "Foo Bar "); test_xmlSecX509EscapedStringRead_success("check without trailing spaces", "Foo Bar =Value", '=', 1, "=Value", "Foo Bar"); test_xmlSecX509EscapedStringRead_success("check \\ converted to ", "Fo\\o Bar=Value", '=', 0, "=Value", "Foo Bar"); test_xmlSecX509EscapedStringRead_success("check \\XXX converted to ", "Fo\\6F Bar=Value", '=', 0, "=Value", "Foo Bar"); /* negative tests */ test_xmlSecX509EscapedStringRead_failure("check NULL", NULL, '=', 0); test_xmlSecX509EscapedStringRead_failure("check bad hex char", "Foo\\6XBar", '=', 0); test_xmlSecX509EscapedStringRead_failure("check output buffer too small", "FooBarFooBarFooBarFooBarFooBarFooBarFooBarFooBarFooBar=Value", '=', 0); /* done */ return (testGroupFinished()); } /*********************************** test_xmlSecX509AttrValueStringRead ***********************************/ static void test_xmlSecX509AttrValueStringRead_success( const char * name, const char * str, const char delim, int ingoreTrailingSpaces, const char* expectedIn, const char* expectedOut, int expectedType ) { const xmlChar *inStr; xmlSecSize size, inSize; int len; xmlChar out[256]; xmlSecSize outSize; int type = -1; int ret; xmlSecAssert(name != NULL); xmlSecAssert(str != NULL); testStart(name); len = xmlStrlen(BAD_CAST str); XMLSEC_SAFE_CAST_INT_TO_SIZE(len, size, return, NULL); inStr = BAD_CAST str; inSize = size; outSize = 0; ret = xmlSecX509AttrValueStringRead(&inStr, &inSize, out, sizeof(out) - 1, &outSize, &type, (xmlChar)delim, ingoreTrailingSpaces); if(ret < 0) { fprintf(stderr, "Error: xmlSecX509AttrValueStringRead failed for '%s'\n", str); testFinishedFailure(); return; } out[outSize] = '\0'; /* check results */ if(xmlStrcmp(inStr, BAD_CAST expectedIn) != 0) { fprintf(stderr, "Error: xmlSecX509AttrValueStringRead returned in='%s' (expected: '%s')\n", (const char*)inStr, expectedIn); testFinishedFailure(); return; } if(xmlStrcmp(out, BAD_CAST expectedOut) != 0) { fprintf(stderr, "Error: xmlSecX509AttrValueStringRead returned out='%s' (expected: '%s')\n", (const char*)out, expectedOut); testFinishedFailure(); return; } if(type != expectedType) { fprintf(stderr, "Error: xmlSecX509AttrValueStringRead returned type='%d' (expected: '%d')\n", type, expectedType); testFinishedFailure(); return; } /* DONE */ testFinishedSuccess(); } static void test_xmlSecX509AttrValueStringRead_failure( const char * name, const char * str, const char delim, int ingoreTrailingSpaces ) { const xmlChar *inStr; xmlSecSize size, inSize; int len; xmlChar out[16]; xmlSecSize outSize; int type = -1; int ret; xmlSecAssert(name != NULL); testStart(name); len = xmlStrlen(BAD_CAST str); XMLSEC_SAFE_CAST_INT_TO_SIZE(len, size, return, NULL); inStr = BAD_CAST str; inSize = size; outSize = 0; ret = xmlSecX509AttrValueStringRead(&inStr, &inSize, out, sizeof(out) - 1, &outSize, &type, (xmlChar)delim, ingoreTrailingSpaces); if(ret >= 0) { fprintf(stderr, "Error: xmlSecX509AttrValueStringRead expected to fail for '%s'\n", (str != NULL) ? str : "NULL"); testFinishedFailure(); return; } /* DONE */ testFinishedSuccess(); } int test_xmlSecX509AttrValueStringRead(void) { /* start */ testGroupStart("xmlSecX509AttrValueStringRead"); /* positive tests */ test_xmlSecX509AttrValueStringRead_success("check empty string", ",", ',', 0, ",", "", XMLSEC_X509_VALUE_TYPE_UF8_STRING); test_xmlSecX509AttrValueStringRead_success("check end of line with trailing spaces", "Foo Bar ", ',', 0, "", "Foo Bar ", XMLSEC_X509_VALUE_TYPE_UF8_STRING); test_xmlSecX509AttrValueStringRead_success("check end of line without trailing spaces", "Foo Bar ", ',', 1, "", "Foo Bar", XMLSEC_X509_VALUE_TYPE_UF8_STRING); test_xmlSecX509AttrValueStringRead_success("check with trailing spaces", "Foo Bar ,name=value", ',', 0, ",name=value", "Foo Bar ", XMLSEC_X509_VALUE_TYPE_UF8_STRING); test_xmlSecX509AttrValueStringRead_success("check without trailing spaces", "Foo Bar ,name=value", ',', 1, ",name=value", "Foo Bar", XMLSEC_X509_VALUE_TYPE_UF8_STRING); test_xmlSecX509AttrValueStringRead_success("check quoted end of line", "\"Foo Bar \"", ',', 0, "", "Foo Bar ", XMLSEC_X509_VALUE_TYPE_UF8_STRING); test_xmlSecX509AttrValueStringRead_success("check quoted with trailing spaces inside quotes", "\"Foo Bar \",name=value", ',', 0, ",name=value", "Foo Bar ", XMLSEC_X509_VALUE_TYPE_UF8_STRING); test_xmlSecX509AttrValueStringRead_success("check quoted without trailing spaces inside quotes", "\"Foo Bar \",name=value", ',', 1, ",name=value", "Foo Bar", XMLSEC_X509_VALUE_TYPE_UF8_STRING); test_xmlSecX509AttrValueStringRead_success("check quoted with trailing spaces outside quotes", "\"Foo Bar \" ,name=value", ',', 0, " ,name=value", "Foo Bar ", XMLSEC_X509_VALUE_TYPE_UF8_STRING); test_xmlSecX509AttrValueStringRead_success("check quoted without trailing spaces outside quotes", "\"Foo Bar \" ,name=value", ',', 1, ",name=value", "Foo Bar", XMLSEC_X509_VALUE_TYPE_UF8_STRING); test_xmlSecX509AttrValueStringRead_success("check octet/hex", "#466F6F20426172,name=value", ',', 1, ",name=value", "Foo Bar", XMLSEC_X509_VALUE_TYPE_OCTET_STRING); test_xmlSecX509AttrValueStringRead_success("check octet/hex end of line", "#466F6F20426172", ',', 1, "", "Foo Bar", XMLSEC_X509_VALUE_TYPE_OCTET_STRING); test_xmlSecX509AttrValueStringRead_success("check octet/hex with trailing spaces", "#466F6F20426172 ,name=value", ',', 0, " ,name=value", "Foo Bar", XMLSEC_X509_VALUE_TYPE_OCTET_STRING); test_xmlSecX509AttrValueStringRead_success("check octet/hex without trailing spaces", "#466F6F20426172 ,name=value", ',', 1, ",name=value", "Foo Bar", XMLSEC_X509_VALUE_TYPE_OCTET_STRING); /* negative tests */ test_xmlSecX509AttrValueStringRead_failure("check NULL", NULL, ',', 0); test_xmlSecX509AttrValueStringRead_failure("check bad escaping", "\"Foo\6XBar ,name=value", ',', 0); test_xmlSecX509AttrValueStringRead_failure("check missing closing quote", "\"Foo Bar ,name=value", ',', 0); test_xmlSecX509AttrValueStringRead_failure("check output buffer too small", "FooBarFooBarFooBarFooBarFooBarFooBarFooBarFooBarFooBar=Value", ',', 0); test_xmlSecX509AttrValueStringRead_failure("check octet/hex with missing char end of line", "#4", ',', 0); test_xmlSecX509AttrValueStringRead_failure("check octet/hex with missing chars", "#4,name=value", ',', 0); test_xmlSecX509AttrValueStringRead_failure("check octet/hex with non-hex chars", "#4X,name=value", ',', 0); /* done */ return (testGroupFinished()); } /*********************************** test_xmlSecX509NameRead ***********************************/ #define TEST_X509_NAME_MAX_COUNT 16 typedef struct test_X509Name { xmlChar names[256][TEST_X509_NAME_MAX_COUNT]; xmlChar values[256][TEST_X509_NAME_MAX_COUNT]; xmlSecSize valueSizes[TEST_X509_NAME_MAX_COUNT]; int types[TEST_X509_NAME_MAX_COUNT]; int pos; } test_X509Name; static int test_xmlSecX509NameReadCallback( const xmlChar * name, const xmlChar * value, xmlSecSize valueSize, int type, void * context ) { test_X509Name * nm; xmlSecAssert2(name != NULL, -1); xmlSecAssert2(value != NULL, -1); xmlSecAssert2(context != NULL, -1); nm = (test_X509Name*)context; xmlSecAssert2(0 <= nm->pos && nm->pos < TEST_X509_NAME_MAX_COUNT, -1); #if defined(_MSC_VER) strcpy_s((char*)nm->names[nm->pos], sizeof(nm->names[nm->pos]), (const char*)name); strcpy_s((char*)nm->values[nm->pos], sizeof(nm->values[nm->pos]), (const char*)value); #else /* defined(_MSC_VER) */ strncpy((char*)nm->names[nm->pos], (const char*)name, sizeof(nm->names[nm->pos])); nm->names[nm->pos][sizeof(nm->names[nm->pos]) - 1] = '\0'; /* ensure \0 terminated */ strncpy((char*)nm->values[nm->pos], (const char*)value, sizeof(nm->values[nm->pos])); nm->values[nm->pos][sizeof(nm->values[nm->pos]) - 1] = '\0'; /* ensure \0 terminated */ #endif /* defined(_MSC_VER) */ nm->valueSizes[nm->pos] = valueSize; nm->types[nm->pos] = type; nm->pos += 1; return(0); } static void test_xmlSecX509NameRead_success( const char * name, const char * str, xmlSecx509NameReplacements * replacements, int expectedCount, const char * name0, const char * value0, int type0, const char * name1, const char * value1, int type1 ) { test_X509Name nms; int ret; xmlSecAssert(name != NULL); xmlSecAssert(str != NULL); testStart(name); memset(&nms, 0, sizeof(nms)); ret = xmlSecX509NameRead(BAD_CAST str, replacements, test_xmlSecX509NameReadCallback, &nms); if(ret < 0) { fprintf(stderr, "Error: xmlSecX509NameRead failed for '%s'\n", str); testFinishedFailure(); return; } /* check results */ if(nms.pos != expectedCount) { fprintf(stderr, "Error: xmlSecX509NameRead returned type='%d' (expected: '%d')\n", nms.pos , expectedCount); testFinishedFailure(); return; } if(nms.pos > 0 && xmlStrcmp(nms.names[0], BAD_CAST name0) != 0) { fprintf(stderr, "Error: xmlSecX509NameRead returned nms.names[0]='%s' (expected: '%s')\n", (const char*)nms.names[0], name0); testFinishedFailure(); return; } if(nms.pos > 0 && xmlStrcmp(nms.values[0], BAD_CAST value0) != 0) { fprintf(stderr, "Error: xmlSecX509NameRead returned nms.value[0]='%s' (expected: '%s')\n", (const char*)nms.values[0], value0); testFinishedFailure(); return; } if(nms.pos > 0 && (int)(nms.valueSizes[0]) != xmlStrlen(BAD_CAST value0)) { fprintf(stderr, "Error: xmlSecX509NameRead returned nms.valueSizes[0]='%d' (expected: '%d')\n", (int)(nms.valueSizes[0]), xmlStrlen(BAD_CAST value0)); testFinishedFailure(); return; } if(nms.pos > 0 && nms.types[0] != type0) { fprintf(stderr, "Error: xmlSecX509NameRead returned nms.types[0]='%d' (expected: '%d')\n", nms.types[0], type0); testFinishedFailure(); return; } if(nms.pos > 1 && xmlStrcmp(nms.names[1], BAD_CAST name1) != 0) { fprintf(stderr, "Error: xmlSecX509NameRead returned nms.names[1]='%s' (expected: '%s')\n", (const char*)nms.names[1], name1); testFinishedFailure(); return; } if(nms.pos > 1 && xmlStrcmp(nms.values[1], BAD_CAST value1) != 0) { fprintf(stderr, "Error: xmlSecX509NameRead returned nms.value[1]='%s' (expected: '%s')\n", (const char*)nms.values[1], value1); testFinishedFailure(); return; } if(nms.pos > 1 && (int)(nms.valueSizes[1]) != xmlStrlen(BAD_CAST value1)) { fprintf(stderr, "Error: xmlSecX509NameRead returned nms.valueSizes[0]='%d' (expected: '%d')\n", (int)(nms.valueSizes[1]), xmlStrlen(BAD_CAST value1)); testFinishedFailure(); return; } if(nms.pos > 1 && nms.types[1] != type1) { fprintf(stderr, "Error: xmlSecX509NameRead returned nms.types[1]='%d' (expected: '%d')\n", nms.types[1], type1); testFinishedFailure(); return; } /* DONE */ testFinishedSuccess(); } static void test_xmlSecX509NameRead_failure( const char * name, const char * str, xmlSecx509NameReplacements *replacements, int fail_callback ) { test_X509Name names; int ret; xmlSecAssert(name != NULL); testStart(name); memset(&names, 0, sizeof(names)); if (fail_callback != 0) { names.pos = -1; } ret = xmlSecX509NameRead(BAD_CAST str, replacements, test_xmlSecX509NameReadCallback, &names); if(ret >= 0) { fprintf(stderr, "Error: xmlSecX509NameRead expected to fail for '%s'\n", (str != NULL) ? str : "NULL"); testFinishedFailure(); return; } /* DONE */ testFinishedSuccess(); } static xmlSecx509NameReplacements test_X509NameReplacements[] = { { BAD_CAST "E", BAD_CAST "emailAddress"}, { NULL, NULL } }; int test_xmlSecX509NameRead(void) { /* start */ testGroupStart("xmlSecX509NameRead"); /* positive tests */ test_xmlSecX509NameRead_success("check empty string", "", NULL, 0, NULL, NULL, -1, NULL, NULL, -1); test_xmlSecX509NameRead_success("check one value", "Foo=Bar", NULL, 1, "Foo", "Bar", XMLSEC_X509_VALUE_TYPE_UF8_STRING, NULL, NULL, -1); test_xmlSecX509NameRead_success("check empty value", "Foo=", NULL, 1, "Foo", "", XMLSEC_X509_VALUE_TYPE_UF8_STRING, NULL, NULL, -1); test_xmlSecX509NameRead_success("check two values", "Foo=Bar,emailAddress=Value", NULL, 2, "Foo", "Bar", XMLSEC_X509_VALUE_TYPE_UF8_STRING, "emailAddress", "Value", XMLSEC_X509_VALUE_TYPE_UF8_STRING); test_xmlSecX509NameRead_success("check two values with empty value", "Foo=,emailAddress=Value", NULL, 2, "Foo", "", XMLSEC_X509_VALUE_TYPE_UF8_STRING, "emailAddress", "Value", XMLSEC_X509_VALUE_TYPE_UF8_STRING); test_xmlSecX509NameRead_success("check octet string", "Foo=Bar,emailAddress=#56616c7565", NULL, 2, "Foo", "Bar", XMLSEC_X509_VALUE_TYPE_UF8_STRING, "emailAddress", "Value", XMLSEC_X509_VALUE_TYPE_OCTET_STRING); test_xmlSecX509NameRead_success("check spaces", "Foo = Bar, emailAddress = Value", NULL, 2, "Foo", "Bar", XMLSEC_X509_VALUE_TYPE_UF8_STRING, "emailAddress", "Value", XMLSEC_X509_VALUE_TYPE_UF8_STRING); test_xmlSecX509NameRead_success("check end comma", "Foo=Bar,emailAddress=Value,", NULL, 2, "Foo", "Bar", XMLSEC_X509_VALUE_TYPE_UF8_STRING, "emailAddress", "Value", XMLSEC_X509_VALUE_TYPE_UF8_STRING); test_xmlSecX509NameRead_success("check email address", "Foo=Bar,E=Value,", test_X509NameReplacements, 2, "Foo", "Bar", XMLSEC_X509_VALUE_TYPE_UF8_STRING, "emailAddress", "Value", XMLSEC_X509_VALUE_TYPE_UF8_STRING); /* negative tests */ test_xmlSecX509NameRead_failure("check NULL", NULL, NULL, 0); test_xmlSecX509NameRead_failure("check missing =", "Foo", NULL, 0); test_xmlSecX509NameRead_failure("check bad value", "Foo=#1Q", NULL, 0); test_xmlSecX509NameRead_failure("check missing name value pair", "Foo=Bar,,", NULL, 0); test_xmlSecX509NameRead_failure("check bad callback", "Foo=Bar", NULL, 1); /* done */ return (testGroupFinished()); } xmlsec-1.3.9/apps/unit_tests/xmlsec_unit_tests.c000066400000000000000000000071621510147731500221150ustar00rootroot00000000000000/** * XML Security Library (http://www.aleksey.com/xmlsec). * * Unit tests * * See Copyright for the status of this software. * * Copyright (C) 2002-2024 Aleksey Sanin . All Rights Reserved. */ #include #include #include #if !defined(_MSC_VER) #include #endif /* defined(_MSC_VER) */ /* must be included before any other xmlsec header */ #include "xmlsec_unit_tests.h" #include "../src/x509_helpers.h" #if defined(XMLSEC_WINDOWS) && defined(UNICODE) && defined(__MINGW32__) int wmain(int argc, wchar_t* argv[]); #endif /* defined(XMLSEC_WINDOWS) && defined(UNICODE) && defined(__MINGW32__) */ #if defined(XMLSEC_WINDOWS) && defined(UNICODE) int wmain(int argc, wchar_t *argv[]) { #else /* defined(XMLSEC_WINDOWS) && defined(UNICODE) */ int main(int argc, const char **argv) { #endif /* defined(XMLSEC_WINDOWS) && defined(UNICODE) */ int success = 1; int res = 1; /* check command line params */ if((argc > 1) || (argv == NULL)) { fprintf(stderr, "Error: no command line parameters expected\n"); goto done; } /* run tests */ fprintf(stdout, "=================== Checking xmlsec-core =================================\n"); if (test_base64() != 1) { success = 0; } if (test_xmlSecX509EscapedStringRead() != 1) { success = 0; } if (test_xmlSecX509AttrValueStringRead() != 1) { success = 0; } if (test_xmlSecX509NameRead() != 1) { success = 0; } if(success == 1) { /* sucecss! */ fprintf(stdout, "=================== Checking xmlsec-core: SUCCESS =================================\n"); res = 0; } else { fprintf(stdout, "=================== Checking xmlsec-core: FAILURE =================================\n"); res = 1; } done: #if defined(_MSC_VER) && defined(_CRTDBG_MAP_ALLOC) _CrtSetReportMode(_CRT_WARN, _CRTDBG_MODE_FILE); _CrtSetReportMode(_CRT_ERROR, _CRTDBG_MODE_FILE); _CrtSetReportMode(_CRT_ASSERT, _CRTDBG_MODE_FILE); _CrtSetReportFile(_CRT_WARN, _CRTDBG_FILE_STDERR); _CrtSetReportFile(_CRT_ERROR, _CRTDBG_FILE_STDERR); _CrtSetReportFile(_CRT_ASSERT, _CRTDBG_FILE_STDERR); _CrtDumpMemoryLeaks(); #endif /* defined(_MSC_VER) && defined(_CRTDBG_MAP_ALLOC) */ return(res); } static const char * testsGroupName = NULL; static const char * testsName = NULL; static int testsStarted = 0; static int testsFinishedSuccess = 0; static int testFinishedFailed = 0; void testGroupStart(const char * name) { xmlSecAssert(name != NULL); testsGroupName = name; testsStarted = 0; testsFinishedSuccess = 0; testFinishedFailed = 0; fprintf(stdout, "=== STARTED TESTS FOR '%s'\n", testsGroupName); } int testGroupFinished(void) { xmlSecAssert2(testsGroupName != NULL, 0); fprintf(stdout, "=== FINSIHED TESTS FOR '%s': TOTAL=%d, SUCCESS=%d, FAILURE=%d, NOT FIISHED=%d\n", testsGroupName, testsStarted, testsFinishedSuccess, testFinishedFailed, (testsStarted - (testsFinishedSuccess + testFinishedFailed)) ); testsGroupName = NULL; return testsStarted == testsFinishedSuccess ? 1 : 0; } void testStart(const char * name) { xmlSecAssert(name != NULL); testsName = name; testsStarted += 1; fprintf(stdout, " %s ...\n", testsName); } void testFinishedSuccess(void) { fprintf(stdout, " %s OK\n", testsName); testsFinishedSuccess += 1; testsName = NULL; } void testFinishedFailure(void) { fprintf(stdout, " %s FAILED\n", testsName); testFinishedFailed += 1; testsName = NULL; } xmlsec-1.3.9/apps/unit_tests/xmlsec_unit_tests.h000066400000000000000000000015411510147731500221150ustar00rootroot00000000000000/** * XMLSec library * * Unit tests * * See Copyright for the status of this software. * * Copyright (C) 2002-2024 Aleksey Sanin . All Rights Reserved. */ #ifndef __XMLSEC_UNIT_TESTS_H__ #define __XMLSEC_UNIT_TESTS_H__ #define XMLSEC_PRIVATE 1 #include #include #include "../src/cast_helpers.h" #ifdef __cplusplus extern "C" { #endif /* __cplusplus */ /* helper functions */ void testGroupStart(const char * name); int testGroupFinished(void); void testStart(const char * name); void testFinishedSuccess(void); void testFinishedFailure(void); /* tests */ int test_base64(void); int test_xmlSecX509EscapedStringRead(void); int test_xmlSecX509AttrValueStringRead(void); int test_xmlSecX509NameRead(void); #ifdef __cplusplus } #endif /* __cplusplus */ #endif /* __XMLSEC_UNIT_TESTS_H__ */ xmlsec-1.3.9/apps/xmlsec.c000066400000000000000000004065401510147731500154360ustar00rootroot00000000000000/** * XML Security Library (http://www.aleksey.com/xmlsec). * * Command line utility. * * See Copyright for the status of this software. * * Copyright (C) 2002-2024 Aleksey Sanin . All Rights Reserved. */ #include #include #include #if !defined(_MSC_VER) #include #endif /* defined(_MSC_VER) */ #if defined(_MSC_VER) && _MSC_VER < 1900 #define snprintf _snprintf #endif /* defined(_MSC_VER) && _MSC_VER < 1900 */ #include #include #include #include #include #include #ifndef XMLSEC_NO_XSLT #include #include #include #include #include #include #endif /* XMLSEC_NO_XSLT */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include "crypto.h" #include "cmdline.h" #if defined(_MSC_VER) && defined(_DEBUG) #include #endif /*defined(_MSC_VER) && defined(_DEBUG) */ static const char copyright[] = "Written by Aleksey Sanin .\n\n" "Copyright (C) 2002-2024 Aleksey Sanin . All Rights Reserved.\n" "This is free software: see the source for copying information.\n"; static const char bugs[] = "Report bugs to http://www.aleksey.com/xmlsec/bugs.html\n"; static const char helpCommands1[] = "Usage: xmlsec [] []\n" "\n" "xmlsec is a command line tool for signing, verifying, encrypting and\n" "decrypting XML documents. The allowed values are:\n" " --help " "\tdisplay this help information and exit\n" " --help-all " "\tdisplay help information for all commands/options and exit\n" " --help-" "\tdisplay help information for command and exit\n" " --version " "\tprint version information and exit\n" " --keys " "\tkeys XML file manipulation\n"; static const char helpCommands2[] = #ifndef XMLSEC_NO_XMLDSIG " --sign " "\tsign data and output XML document\n" " --verify " "\tverify signed document\n" #ifndef XMLSEC_NO_TMPL_TEST " --sign-tmpl " "\tcreate and sign dynamicaly generated signature template\n" #endif /* XMLSEC_NO_TMPL_TEST */ #endif /* XMLSEC_NO_XMLDSIG */ #ifndef XMLSEC_NO_XMLENC " --encrypt " "\tencrypt data and output XML document\n" " --decrypt " "\tdecrypt data from XML document\n" #endif /* XMLSEC_NO_XMLENC */ ; static const char helpVersion[] = "Usage: xmlsec version\n" "Prints version information and exits\n"; static const char helpKeys[] = "Usage: xmlsec keys [] \n" "Creates a new XML keys file \n"; static const char helpSign[] = "Usage: xmlsec sign [] \n" "Calculates XML Digital Signature using template file \n"; static const char helpVerify[] = "Usage: xmlsec verify [] \n" "Verifies XML Digital Signature in the \n"; static const char helpSignTmpl[] = "Usage: xmlsec sign-tmpl []\n" "Creates a simple dynamic template and calculates XML Digital Signature\n" "(for testing only).\n"; static const char helpEncrypt[] = "Usage: xmlsec encrypt [] \n" "Encrypts data and creates XML Encryption using template file \n"; static const char helpEncryptTmpl[] = "Usage: xmlsec encrypt []\n" "Creates a simple dynamic template and calculates XML Encryption\n"; static const char helpDecrypt[] = "Usage: xmlsec decrypt [] \n" "Decrypts XML Encryption data in the \n"; static const char helpListKeyData[] = "Usage: xmlsec list-key-data\n" "Prints the list of known key data klasses\n"; static const char helpCheckKeyData[] = "Usage: xmlsec check-key-data [ ... ]\n" "Checks the given key-data against the list of known key-data klasses\n"; static const char helpListTransforms[] = "Usage: xmlsec list-transforms\n" "Prints the list of known transform klasses\n"; static const char helpCheckTransforms[] = "Usage: xmlsec check-transforms [ ... ]\n" "Checks the given transforms against the list of known transform klasses\n"; #define xmlSecAppCmdLineTopicGeneral 0x0001 #define xmlSecAppCmdLineTopicDSigCommon 0x0002 #define xmlSecAppCmdLineTopicDSigSign 0x0004 #define xmlSecAppCmdLineTopicDSigVerify 0x0008 #define xmlSecAppCmdLineTopicEncCommon 0x0010 #define xmlSecAppCmdLineTopicEncEncrypt 0x0020 #define xmlSecAppCmdLineTopicEncDecrypt 0x0040 /* #define UNUSED 0x0080 */ #define xmlSecAppCmdLineTopicKeysMngr 0x1000 #define xmlSecAppCmdLineTopicX509Certs 0x2000 #define xmlSecAppCmdLineTopicVersion 0x4000 #define xmlSecAppCmdLineTopicCryptoConfig 0x8000 #define xmlSecAppCmdLineTopicAll 0xFFFF /**************************************************************** * * General configuration params * ***************************************************************/ static xmlSecAppCmdLineParam helpParam = { xmlSecAppCmdLineTopicGeneral, "--help", "-h", "--help" "\n\tprint help information about the command", xmlSecAppCmdLineParamTypeFlag, xmlSecAppCmdLineParamFlagNone, NULL }; static xmlSecAppCmdLineParam cryptoParam = { xmlSecAppCmdLineTopicCryptoConfig, "--crypto", NULL, "--crypto " "\n\tthe name of the crypto engine to use from the following" "\n\tlist: openssl, mscrypto, nss, gnutls, gcrypt (if no crypto engine is" "\n\tspecified then the default one is used)", xmlSecAppCmdLineParamTypeString, xmlSecAppCmdLineParamFlagNone, NULL }; static xmlSecAppCmdLineParam cryptoConfigParam = { xmlSecAppCmdLineTopicCryptoConfig, "--crypto-config", NULL, "--crypto-config " "\n\tpath to crypto engine configuration", xmlSecAppCmdLineParamTypeString, xmlSecAppCmdLineParamFlagNone, NULL }; static xmlSecAppCmdLineParam repeatParam = { xmlSecAppCmdLineTopicCryptoConfig, "--repeat", "-r", "--repeat " "\n\trepeat the operation times", xmlSecAppCmdLineParamTypeNumber, xmlSecAppCmdLineParamFlagNone, NULL }; static xmlSecAppCmdLineParam base64LineSizeParam = { xmlSecAppCmdLineTopicCryptoConfig, "--base64-line-size", NULL, "--base64-line-size " "\n\tsets the max line size for base64 encodings to ", xmlSecAppCmdLineParamTypeNumber, xmlSecAppCmdLineParamFlagNone, NULL }; static xmlSecAppCmdLineParam transformBinChunkSizeParam = { xmlSecAppCmdLineTopicCryptoConfig, "--transform-binary-chunk-size", NULL, "--transform-binary-chunk-size " "\n\tsets the transforms binary processing chunk size to ; " "\n\tincreasing chunk size might improve performance at the expense" "\n\tof increased memory usage", xmlSecAppCmdLineParamTypeNumber, xmlSecAppCmdLineParamFlagNone, NULL }; static xmlSecAppCmdLineParam verboseParam = { xmlSecAppCmdLineTopicGeneral, "--verbose", NULL, "--verbose" "\n\tprint detailed error messages", xmlSecAppCmdLineParamTypeFlag, xmlSecAppCmdLineParamFlagNone, NULL }; static xmlSecAppCmdLineParam printCryptoErrorsParam = { xmlSecAppCmdLineTopicGeneral, "--print-crypto-library-errors", NULL, "--print-crypto-library-errors" "\n\tprint errors from crypto library (OpenSSL only)", xmlSecAppCmdLineParamTypeFlag, xmlSecAppCmdLineParamFlagNone, NULL }; /**************************************************************** * * Keys Manager params * ***************************************************************/ static xmlSecAppCmdLineParam genKeyParam = { xmlSecAppCmdLineTopicKeysMngr, "--gen-key", "-g", "--gen-key[:] -" "\n\tgenerate new key of bits size," "\n\tset the key name to and add the result to keys" "\n\tmanager (for example, \"--gen:mykey rsa-1024\" generates" "\n\ta new 1024 bits RSA key and sets it's name to \"mykey\")", xmlSecAppCmdLineParamTypeString, xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues, NULL }; static xmlSecAppCmdLineParam keysFileParam = { xmlSecAppCmdLineTopicKeysMngr, "--keys-file", "-k", "--keys-file " "\n\tload keys from XML file", xmlSecAppCmdLineParamTypeString, xmlSecAppCmdLineParamFlagMultipleValues, NULL }; static xmlSecAppCmdLineParam privkeyParam = { xmlSecAppCmdLineTopicKeysMngr, "--privkey-pem", "--privkey", "--privkey-pem[:] [,[,[...]]]" "\n\tload private key from PEM file and certificates" "\n\tthat verify this key", xmlSecAppCmdLineParamTypeStringList, xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues, NULL }; static xmlSecAppCmdLineParam privkeyDerParam = { xmlSecAppCmdLineTopicKeysMngr, "--privkey-der", NULL, "--privkey-der[:] [,[,[...]]]" "\n\tload private key from DER file and certificates" "\n\tthat verify this key", xmlSecAppCmdLineParamTypeStringList, xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues, NULL }; static xmlSecAppCmdLineParam pkcs8PemParam = { xmlSecAppCmdLineTopicKeysMngr, "--pkcs8-pem", "--privkey-p8-pem", "--pkcs8-pem[:] [,[,[...]]]" "\n\tload private key from PKCS8 PEM file and PEM certificates" "\n\tthat verify this key", xmlSecAppCmdLineParamTypeStringList, xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues, NULL }; static xmlSecAppCmdLineParam pkcs8DerParam = { xmlSecAppCmdLineTopicKeysMngr, "--pkcs8-der", "--privkey-p8-der", "--pkcs8-der[:] [,[,[...]]]" "\n\tload private key from PKCS8 DER file and DER certificates" "\n\tthat verify this key", xmlSecAppCmdLineParamTypeStringList, xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues, NULL }; /* openssl specific privkey options */ static xmlSecAppCmdLineParam privkeyOpensslStoreParam = { xmlSecAppCmdLineTopicKeysMngr, "--privkey-openssl-store", NULL, "--privkey-openssl-store[:] " "\n\tload private key and certs through OpenSSL ossl_store interface (e.g. from HSM)", xmlSecAppCmdLineParamTypeStringList, xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues, NULL }; static xmlSecAppCmdLineParam privkeyOpensslEngineParam = { xmlSecAppCmdLineTopicKeysMngr, "--privkey-openssl-engine", NULL, "--privkey-openssl-engine[:] ;[,[,[...]]]" "\n\tload private key by OpenSSL ENGINE interface; specify the name of engine" "\n\t(like with -engine params), the key specs (like with -inkey or -key params)" "\n\tand optionally certificates that verify this key", xmlSecAppCmdLineParamTypeStringList, xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues, NULL }; static xmlSecAppCmdLineParam pubkeyParam = { xmlSecAppCmdLineTopicKeysMngr, "--pubkey-pem", "--pubkey", "--pubkey-pem[:] " "\n\tload public key from PEM file", xmlSecAppCmdLineParamTypeStringList, xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues, NULL }; static xmlSecAppCmdLineParam pubkeyDerParam = { xmlSecAppCmdLineTopicKeysMngr, "--pubkey-der", NULL, "--pubkey-der[:] " "\n\tload public key from DER file", xmlSecAppCmdLineParamTypeStringList, xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues, NULL }; /* openssl specific pubkey options */ static xmlSecAppCmdLineParam pubkeyOpensslStoreParam = { xmlSecAppCmdLineTopicKeysMngr, "--pubkey-openssl-store", NULL, "--pubkey-openssl-store[:] " "\n\tload pubkey key and certs through OpenSSL ossl_store interface (e.g. from HSM)", xmlSecAppCmdLineParamTypeStringList, xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues, NULL }; static xmlSecAppCmdLineParam pubkeyOpensslEngineParam = { xmlSecAppCmdLineTopicKeysMngr, "--pubkey-openssl-engine", NULL, "--pubkey-openssl-engine[:] ;[,[,[...]]]" "\n\tload public key by OpenSSL ENGINE interface; specify the name of engine" "\n\t(like with -engine params), the key specs (like with -inkey or -key params)" "\n\tand optionally certificates that verify this key", xmlSecAppCmdLineParamTypeStringList, xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues, NULL }; #ifndef XMLSEC_NO_AES static xmlSecAppCmdLineParam aesKeyParam = { xmlSecAppCmdLineTopicKeysMngr, "--aes-key", "--aeskey", "--aes-key[:] " "\n\tload AES key from binary file ", xmlSecAppCmdLineParamTypeString, xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues, NULL }; #endif /* XMLSEC_NO_AES */ #ifndef XMLSEC_NO_CONCATKDF static xmlSecAppCmdLineParam concatKdfKeyParam = { xmlSecAppCmdLineTopicKeysMngr, "--concatkdfkey", "--concatkdf-key", "--concatkdf-key[:] " "\n\tload ConcatKDF key from binary file ", xmlSecAppCmdLineParamTypeString, xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues, NULL }; #endif /* XMLSEC_NO_CONCATKDF */ #ifndef XMLSEC_NO_DES static xmlSecAppCmdLineParam desKeyParam = { xmlSecAppCmdLineTopicKeysMngr, "--des-key", "--deskey", "--des-key[:] " "\n\tload DES key from binary file ", xmlSecAppCmdLineParamTypeString, xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues, NULL }; #endif /* XMLSEC_NO_DES */ #ifndef XMLSEC_NO_HMAC static xmlSecAppCmdLineParam hmacKeyParam = { xmlSecAppCmdLineTopicKeysMngr, "--hmac-key", "--hmackey", "--hmac-key[:] " "\n\tload HMAC key from binary file ", xmlSecAppCmdLineParamTypeString, xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues, NULL }; static xmlSecAppCmdLineParam hmacMinOutputLenParam = { xmlSecAppCmdLineTopicKeysMngr, "--hmac-min-out-len", NULL, "--hmac-min-out-len " "\n\tsets minimum HMAC output length to ", xmlSecAppCmdLineParamTypeNumber, xmlSecAppCmdLineParamFlagParamNameValue, NULL }; #endif /* XMLSEC_NO_HMAC */ #ifndef XMLSEC_NO_PBKDF2 static xmlSecAppCmdLineParam pbkdf2KeyParam = { xmlSecAppCmdLineTopicKeysMngr, "--pbkdf2key", "--pbkdf2-key", "--pbkdf2-key[:] " "\n\tload Pbkdf2 key from binary file ", xmlSecAppCmdLineParamTypeString, xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues, NULL }; #endif /* XMLSEC_NO_PBKDF2 */ static xmlSecAppCmdLineParam pwdParam = { xmlSecAppCmdLineTopicKeysMngr, "--pwd", NULL, "--pwd " "\n\tthe password to use for reading keys and certs", xmlSecAppCmdLineParamTypeString, xmlSecAppCmdLineParamFlagNone, NULL }; static xmlSecAppCmdLineParam enabledKeyDataParam = { xmlSecAppCmdLineTopicKeysMngr, "--enabled-key-data", NULL, "--enabled-key-data " "\n\tcomma-separated list of key-data types to enable." "\n\tExample:" "\n\t rsa,key-value,x509 -> populates and keeps " "\n\t when and placeholders" "\n\t are present in the template." "\n\tUse \"--list-key-data\" to view full list of registered key data klasses." "\n\tBy default, all registered key data are enabled.", xmlSecAppCmdLineParamTypeStringList, xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues, NULL }; static xmlSecAppCmdLineParam enabledRetrievalMethodUrisParam = { xmlSecAppCmdLineTopicKeysMngr, "--enabled-retrieval-method-uris", NULL, "--enabled-retrieval-method-uris " "\n\tcomma separated list of of the following values:" "\n\t\"empty\", \"same-doc\", \"local\",\"remote\" to restrict possible URI" "\n\tattribute values for the element.", xmlSecAppCmdLineParamTypeStringList, xmlSecAppCmdLineParamFlagNone, NULL }; static xmlSecAppCmdLineParam enabledKeyInfoReferenceUrisParam = { xmlSecAppCmdLineTopicKeysMngr, "--enabled-key-info-reference-uris", NULL, "--enabled-key-info-reference-uris " "\n\tcomma separated list of of the following values:" "\n\t\"empty\", \"same-doc\", \"local\",\"remote\" to restrict possible URI" "\n\tattribute values for the element.", xmlSecAppCmdLineParamTypeStringList, xmlSecAppCmdLineParamFlagNone, NULL }; static xmlSecAppCmdLineParam laxKeySearchParam = { xmlSecAppCmdLineTopicKeysMngr, "--lax-key-search", NULL, "--lax-key-search" "\n\tenable lax key search (e.g. by key type like \"rsa\") vs default strict key search" "\n\tmode using only information from node (e.g. key name)", xmlSecAppCmdLineParamTypeFlag, xmlSecAppCmdLineParamFlagNone, NULL }; static xmlSecAppCmdLineParam verifyKeysParam = { xmlSecAppCmdLineTopicKeysMngr, "--verify-keys", NULL, "--verify-keys" "\n\tforce verification of public/private keys loaded from the command: keys are required" "\n\tto have a key certificate that will be verified against the certificates in the key store", xmlSecAppCmdLineParamTypeFlag, xmlSecAppCmdLineParamFlagNone, NULL }; /**************************************************************** * * Common params * ***************************************************************/ static xmlSecAppCmdLineParam sessionKeyParam = { xmlSecAppCmdLineTopicDSigSign | xmlSecAppCmdLineTopicEncEncrypt, "--session-key", NULL, "--session-key -" "\n\tgenerate new session key of bits size" "\n\t(for example, \"--session des-192\" generates a new 192 bits" "\n\tDES key for DES3 encryption)", xmlSecAppCmdLineParamTypeString, xmlSecAppCmdLineParamFlagNone, NULL }; static xmlSecAppCmdLineParam outputParam = { xmlSecAppCmdLineTopicDSigCommon | xmlSecAppCmdLineTopicEncCommon, "--output", "-o", "--output " "\n\twrite result document to file ; the can" "\n\tbe a template and include '{inputfile}' which will be repaced" "\n\twith the input filename", xmlSecAppCmdLineParamTypeString, xmlSecAppCmdLineParamFlagNone, NULL }; static xmlSecAppCmdLineParam nodeIdParam = { xmlSecAppCmdLineTopicDSigCommon | xmlSecAppCmdLineTopicEncCommon, "--node-id", NULL, "--node-id " "\n\tset the operation start point to the node with given ", xmlSecAppCmdLineParamTypeString, xmlSecAppCmdLineParamFlagNone, NULL }; static xmlSecAppCmdLineParam nodeNameParam = { xmlSecAppCmdLineTopicDSigCommon | xmlSecAppCmdLineTopicEncCommon, "--node-name", NULL, "--node-name [:]" "\n\tset the operation start point to the first node" "\n\twith given and URI", xmlSecAppCmdLineParamTypeString, xmlSecAppCmdLineParamFlagNone, NULL }; static xmlSecAppCmdLineParam nodeXPathParam = { xmlSecAppCmdLineTopicDSigCommon | xmlSecAppCmdLineTopicEncCommon, "--node-xpath", NULL, "--node-xpath " "\n\tset the operation start point to the first node" "\n\tselected by the specified XPath expression", xmlSecAppCmdLineParamTypeString, xmlSecAppCmdLineParamFlagNone, NULL }; static xmlSecAppCmdLineParam dtdFileParam = { xmlSecAppCmdLineTopicDSigCommon | xmlSecAppCmdLineTopicEncCommon, "--dtd-file", NULL, "--dtd-file " "\n\tload the specified file as the DTD", xmlSecAppCmdLineParamTypeString, xmlSecAppCmdLineParamFlagNone, NULL }; static xmlSecAppCmdLineParam printDebugParam = { xmlSecAppCmdLineTopicDSigCommon | xmlSecAppCmdLineTopicEncCommon, "--print-debug", NULL, "--print-debug" "\n\tprint debug information to stdout", xmlSecAppCmdLineParamTypeFlag, xmlSecAppCmdLineParamFlagNone, NULL }; static xmlSecAppCmdLineParam printXmlDebugParam = { xmlSecAppCmdLineTopicDSigCommon | xmlSecAppCmdLineTopicEncCommon, "--print-xml-debug", NULL, "--print-xml-debug" "\n\tprint debug information to stdout in xml format", xmlSecAppCmdLineParamTypeFlag, xmlSecAppCmdLineParamFlagNone, NULL }; static xmlSecAppCmdLineParam idAttrParam = { xmlSecAppCmdLineTopicDSigCommon | xmlSecAppCmdLineTopicEncCommon, "--id-attr", NULL, "--id-attr[:] [:]" "\n\tadds attributes (default value \"id\") from all nodes" "\n\twith and namespace to the list of" "\n\tknown ID attributes; this is a hack and if you can use DTD or schema" "\n\tto declare ID attributes instead (see \"--dtd-file\" option)", xmlSecAppCmdLineParamTypeString, xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues, NULL }; static xmlSecAppCmdLineParam addIdAttrParam = { xmlSecAppCmdLineTopicDSigCommon | xmlSecAppCmdLineTopicEncCommon, "--add-id-attr", NULL, "--add-id-attr " "\n\tadds attribute to all nodes in the document;" "\n\tthis is a hack and if you can use DTD or schema to declare ID attributes" "\n\tinstead (see \"--dtd-file\" option)", xmlSecAppCmdLineParamTypeString, xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues, NULL }; static xmlSecAppCmdLineParam xxeParam = { xmlSecAppCmdLineTopicAll, "--xxe", NULL, "--xxe" "\n\tenable External Entity resolution." "\n\tWARNING: this may allow the reading of arbitrary files and URLs," "\n\tcontrolled by the input XML document. Use with caution!", xmlSecAppCmdLineParamTypeFlag, xmlSecAppCmdLineParamFlagNone, NULL }; static xmlSecAppCmdLineParam urlMapParam = { xmlSecAppCmdLineTopicDSigCommon | xmlSecAppCmdLineTopicEncCommon, "--url-map", NULL, "--url-map: " "\n\tmaps a given to the given for loading external resources", xmlSecAppCmdLineParamTypeString, xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues, NULL }; /**************************************************************** * * Common dsig params * ***************************************************************/ #ifndef XMLSEC_NO_XMLDSIG static xmlSecAppCmdLineParam ignoreManifestsParam = { xmlSecAppCmdLineTopicDSigCommon, "--ignore-manifests", NULL, "--ignore-manifests" "\n\tdo not process elements", xmlSecAppCmdLineParamTypeFlag, xmlSecAppCmdLineParamFlagNone, NULL }; static xmlSecAppCmdLineParam storeReferencesParam = { xmlSecAppCmdLineTopicDSigCommon, "--store-references", NULL, "--store-references" "\n\tstore and print the result of element processing" "\n\tjust before calculating digest", xmlSecAppCmdLineParamTypeFlag, xmlSecAppCmdLineParamFlagNone, NULL }; static xmlSecAppCmdLineParam storeSignaturesParam = { xmlSecAppCmdLineTopicDSigCommon, "--store-signatures", NULL, "--store-signatures" "\n\tstore and print the result of processing" "\n\tjust before calculating signature", xmlSecAppCmdLineParamTypeFlag, xmlSecAppCmdLineParamFlagNone, NULL }; static xmlSecAppCmdLineParam enabledRefUrisParam = { xmlSecAppCmdLineTopicDSigCommon, "--enabled-reference-uris", NULL, "--enabled-reference-uris " "\n\tcomma separated list of of the following values:" "\n\t\"empty\", \"same-doc\", \"local\",\"remote\" to restrict possible URI" "\n\tattribute values for the element", xmlSecAppCmdLineParamTypeStringList, xmlSecAppCmdLineParamFlagNone, NULL }; static xmlSecAppCmdLineParam enableVisa3DHackParam = { xmlSecAppCmdLineTopicDSigCommon, "--enable-visa3d-hack", NULL, "--enable-visa3d-hack" "\n\tenables Visa3D protocol specific hack for URI attributes processing" "\n\twhen we are trying not to use XPath/XPointer engine; this is a hack" "\n\tand I don't know what else might be broken in your application when" "\n\tyou use it (also check \"--id-attr\" option because you might need it)", xmlSecAppCmdLineParamTypeFlag, xmlSecAppCmdLineParamFlagNone, NULL }; #endif /* XMLSEC_NO_XMLDSIG */ /**************************************************************** * * Enc params * ***************************************************************/ #ifndef XMLSEC_NO_XMLENC static xmlSecAppCmdLineParam enabledCipherRefUrisParam = { xmlSecAppCmdLineTopicEncCommon, "--enabled-cipher-reference-uris", NULL, "--enabled-cipher-reference-uris " "\n\tcomma separated list of of the following values:" "\n\t\"empty\", \"same-doc\", \"local\",\"remote\" to restrict possible URI" "\n\tattribute values for the element", xmlSecAppCmdLineParamTypeStringList, xmlSecAppCmdLineParamFlagNone, NULL }; static xmlSecAppCmdLineParam binaryDataParam = { xmlSecAppCmdLineTopicEncEncrypt, "--binary-data", "--binary", "--binary-data " "\n\tbinary to encrypt", xmlSecAppCmdLineParamTypeString, xmlSecAppCmdLineParamFlagNone, NULL }; static xmlSecAppCmdLineParam xmlDataParam = { xmlSecAppCmdLineTopicEncEncrypt, "--xml-data", NULL, "--xml-data " "\n\tXML to encrypt", xmlSecAppCmdLineParamTypeString, xmlSecAppCmdLineParamFlagNone, NULL }; #endif /* XMLSEC_NO_XMLENC */ /**************************************************************** * * X509 params * ***************************************************************/ #ifndef XMLSEC_NO_X509 static xmlSecAppCmdLineParam pkcs12Param = { xmlSecAppCmdLineTopicKeysMngr, "--pkcs12", NULL, "--pkcs12[:] " "\n\tload load private key from pkcs12 file ", xmlSecAppCmdLineParamTypeString, xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues, NULL }; static xmlSecAppCmdLineParam pkcs12PersistParam = { xmlSecAppCmdLineTopicKeysMngr, "--pkcs12-persist", NULL, "--pkcs12-persist" "\n\tpersist loaded private key", xmlSecAppCmdLineParamTypeFlag, xmlSecAppCmdLineParamFlagNone, NULL }; static xmlSecAppCmdLineParam pubkeyCertParam = { xmlSecAppCmdLineTopicKeysMngr, "--pubkey-cert-pem", "--pubkey-cert", "--pubkey-cert-pem[:] " "\n\tload public key from PEM cert file", xmlSecAppCmdLineParamTypeStringList, xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues, NULL }; static xmlSecAppCmdLineParam pubkeyCertDerParam = { xmlSecAppCmdLineTopicKeysMngr, "--pubkey-cert-der", NULL, "--pubkey-cert-der[:] " "\n\tload public key from DER cert file", xmlSecAppCmdLineParamTypeStringList, xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues, NULL }; static xmlSecAppCmdLineParam trustedParam = { xmlSecAppCmdLineTopicX509Certs, "--trusted-pem", "--trusted", "--trusted-pem " "\n\tload trusted (root) certificate from PEM file ", xmlSecAppCmdLineParamTypeString, xmlSecAppCmdLineParamFlagMultipleValues, NULL }; static xmlSecAppCmdLineParam trustedDerParam = { xmlSecAppCmdLineTopicX509Certs, "--trusted-der", NULL, "--trusted-der " "\n\tload trusted (root) certificate from DER file ", xmlSecAppCmdLineParamTypeString, xmlSecAppCmdLineParamFlagMultipleValues, NULL }; static xmlSecAppCmdLineParam untrustedParam = { xmlSecAppCmdLineTopicX509Certs, "--untrusted-pem", "--untrusted", "--untrusted-pem " "\n\tload untrusted certificate from PEM file ", xmlSecAppCmdLineParamTypeString, xmlSecAppCmdLineParamFlagMultipleValues, NULL }; static xmlSecAppCmdLineParam untrustedDerParam = { xmlSecAppCmdLineTopicX509Certs, "--untrusted-der", NULL, "--untrusted-der " "\n\tload untrusted certificate from DER file ", xmlSecAppCmdLineParamTypeString, xmlSecAppCmdLineParamFlagMultipleValues, NULL }; static xmlSecAppCmdLineParam crlPemParam = { xmlSecAppCmdLineTopicX509Certs, "--crl-pem", "--crl", "--crl-pem " "\n\tload CRLs from PEM file ", xmlSecAppCmdLineParamTypeString, xmlSecAppCmdLineParamFlagMultipleValues, NULL }; static xmlSecAppCmdLineParam crlDerParam = { xmlSecAppCmdLineTopicX509Certs, "--crl-der", NULL, "--crl-der " "\n\tload CRLs from DER file ", xmlSecAppCmdLineParamTypeString, xmlSecAppCmdLineParamFlagMultipleValues, NULL }; static xmlSecAppCmdLineParam verificationTimeParam = { xmlSecAppCmdLineTopicX509Certs, "--verification-time", NULL, "--verification-time