/**
* verify_file:
* @mngr: the pointer to keys manager.
* @xml_file: the signed XML file name.
*
* Verifies XML signature in #xml_file.
*
* Returns 0 on success or a negative value if an error occurs.
*/
int
verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file) {
xmlDocPtr doc = NULL;
xmlNodePtr node = NULL;
xmlSecDSigCtxPtr dsigCtx = NULL;
int res = -1;
assert(mngr);
assert(xml_file);
/* load file */
doc = xmlParseFile(xml_file);
if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
goto done;
}
/* find start node */
node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
if(node == NULL) {
fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file);
goto done;
}
/* create signature context */
dsigCtx = xmlSecDSigCtxCreate(mngr);
if(dsigCtx == NULL) {
fprintf(stderr,"Error: failed to create signature context\n");
goto done;
}
/* Verify signature */
if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
fprintf(stderr,"Error: signature verify\n");
goto done;
}
/* print verification result to stdout */
if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
fprintf(stdout, "Signature is OK\n");
} else {
fprintf(stdout, "Signature is INVALID\n");
}
/* success */
res = 0;
done:
/* cleanup */
if(dsigCtx != NULL) {
xmlSecDSigCtxDestroy(dsigCtx);
}
if(doc != NULL) {
xmlFreeDoc(doc);
}
return(res);
}
VALUE xmlsec_is_valid_by_key(VALUE self, xmlDocPtr doc, VALUE key_file ) {
xmlNodePtr node = NULL;
xmlSecDSigCtxPtr dsigCtx = NULL;
/* find start node */
node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
if(node == NULL) {
if(doc != NULL) xmlFreeDoc(doc);
rb_raise(rb_eRuntimeError, "Error: start node not found\n");
return Qnil;
}
/* create signature context*/
dsigCtx = xmlSecDSigCtxCreate(NULL);
if(dsigCtx == NULL) {
if(doc != NULL) xmlFreeDoc(doc);
rb_raise(rb_eRuntimeError, "Error: failed to create signature context\n");
return Qnil;
}
dsigCtx->enabledReferenceUris = xmlSecTransformUriTypeEmpty;
/* load public key */
dsigCtx->signKey = xmlSecCryptoAppKeyLoad(StringValuePtr(key_file), xmlSecKeyDataFormatPem, NULL, NULL, NULL);
if(dsigCtx->signKey == NULL) {
if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
if(doc != NULL) xmlFreeDoc(doc);
rb_raise(rb_eRuntimeError, "Error: failed to load public pem key from \"%s\"\n", StringValuePtr(key_file));
return Qnil;
}
/* set key name to the file name*/
if(xmlSecKeySetName(dsigCtx->signKey, StringValuePtr(key_file)) < 0) {
if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
if(doc != NULL) xmlFreeDoc(doc);
rb_raise(rb_eRuntimeError, "Error: failed to set key name for key from \"%s\"\n", StringValuePtr(key_file));
return Qnil;
}
/* Verify signature */
if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
if(doc != NULL) xmlFreeDoc(doc);
rb_raise(rb_eRuntimeError, "Error: signature verify \"%s\"\n");
return Qnil;
}
/* verification result*/
if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
if(doc != NULL) xmlFreeDoc(doc);
return Qtrue;
} else {
if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
if(doc != NULL) xmlFreeDoc(doc);
return Qfalse;
}
}
int
verify_xml(xmlSecKeysMngrPtr mngr, const char* xml_string, const char* id_attr_name, const char* id_node_name) {
xmlDocPtr doc = NULL;
xmlNodePtr node = NULL;
xmlSecDSigCtxPtr dsigCtx = NULL;
int res = -1;
assert(mngr);
assert(xml_string);
/* load template */
doc = xmlParseDoc((xmlChar*)xml_string);
if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
fprintf(stderr, "XmlSecError: unable to parse xml string\n");
goto done2;
}
/* add id */
if (id_attr_name && id_node_name)
xmlSecAppAddIDAttr(xmlDocGetRootElement(doc), (xmlChar*)id_attr_name, (xmlChar*)id_node_name, NULL);
/* find start node */
node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
if(node == NULL) {
fprintf(stderr, "XmlSecError: start node not found in xml string\n");
goto done2;
}
/* create signature context */
dsigCtx = xmlSecDSigCtxCreate(mngr);
if(dsigCtx == NULL) {
fprintf(stderr,"XmlSecError: failed to create signature context\n");
goto done2;
}
/* Verify signature */
if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
fprintf(stderr,"XmlSecError: signature verify\n");
goto done2;
}
res = (dsigCtx->status == xmlSecDSigStatusSucceeded);
done2:
/* cleanup */
if(dsigCtx != NULL) {
xmlSecDSigCtxDestroy(dsigCtx);
}
if(doc != NULL) {
xmlFreeDoc(doc);
}
return(res);
}
VALUE verify_signature_with_certificates(VALUE self, VALUE rb_certs) {
xmlDocPtr doc;
xmlNodePtr node = NULL;
xmlSecDSigCtxPtr dsigCtx = NULL;
xmlSecKeysMngrPtr keyManager = NULL;
VALUE result = Qfalse;
Check_Type(rb_certs, T_ARRAY);
Data_Get_Struct(self, xmlDoc, doc);
// find start node
node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
if(node == NULL) {
rb_raise(rb_eVerificationError, "start node not found");
goto done;
}
keyManager = getKeyManager(rb_certs);
if (keyManager == NULL) {
rb_raise(rb_eKeystoreError, "failed to create key manager");
goto done;
}
// create signature context, we don't need keys manager in this example
dsigCtx = xmlSecDSigCtxCreate(keyManager);
if(dsigCtx == NULL) {
rb_raise(rb_eVerificationError, "failed to create signature context");
goto done;
}
// verify signature
if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
rb_raise(rb_eVerificationError, "error occurred during signature verification");
goto done;
}
if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
result = Qtrue;
}
done:
if(dsigCtx != NULL) {
xmlSecDSigCtxDestroy(dsigCtx);
}
if (keyManager != NULL) {
xmlSecKeysMngrDestroy(keyManager);
}
return result;
}
int verify_document(xmlDocPtr doc, const char* key) {
initialize();
xmlNodePtr node = NULL;
xmlSecDSigCtxPtr dsigCtx = NULL;
int res = 0;
if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
rb_raise(rb_eRuntimeError, "unable to parse XML document");
}
/* find start node */
node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
if(node == NULL) {
rb_raise(rb_eRuntimeError, "could not find start node in XML document");
}
if(assign_id_attributes(doc) < 0) {
rb_raise(rb_eRuntimeError, "Could not find ID attribute in document");
}
/* create signature context */
dsigCtx = xmlSecDSigCtxCreate(NULL);
if(dsigCtx == NULL) {
cleanup(dsigCtx);
rb_raise(rb_eRuntimeError, "could not create signature context");
}
/* load public key */
dsigCtx->signKey = xmlSecCryptoAppKeyLoadMemory(key, strlen(key), xmlSecKeyDataFormatCertPem, NULL, NULL, NULL);
if(dsigCtx->signKey == NULL) {
cleanup(dsigCtx);
rb_raise(rb_eRuntimeError, "could not read public pem key %s", key);
}
/* Verify signature */
if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
cleanup(dsigCtx);
rb_raise(rb_eRuntimeError, "Document does not seem to be in an XMLDsig format");
}
/* print verification result to stdout */
if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
res = 1;
} else {
res = 0;
}
cleanup(dsigCtx);
return res;
}
PyObject *xmlsec_DSigCtxVerify(PyObject *self, PyObject *args) {
PyObject *dsigCtx_obj, *node_obj;
xmlSecDSigCtxPtr dsigCtx;
xmlNodePtr node;
if (CheckArgs(args, "OO:dsigCtxVerify")) {
if (!PyArg_ParseTuple(args, "OO:dsigCtxVerify", &dsigCtx_obj, &node_obj))
return NULL;
}
else return NULL;
dsigCtx = xmlSecDSigCtxPtr_get(dsigCtx_obj);
node = xmlNodePtr_get(node_obj);
return (wrap_int(xmlSecDSigCtxVerify(dsigCtx, node)));
}
VALUE xmlsec_is_valid(VALUE self, xmlDocPtr doc) {
xmlNodePtr node = NULL;
xmlSecDSigCtxPtr dsigCtx = NULL;
/* find start node */
node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
if(node == NULL) {
if(doc != NULL) xmlFreeDoc(doc);
rb_raise(rb_eRuntimeError, "Error: start node not found\n");
return Qnil;
}
/* create signature context*/
dsigCtx = xmlSecDSigCtxCreate(NULL);
if(dsigCtx == NULL) {
if(doc != NULL) xmlFreeDoc(doc);
rb_raise(rb_eRuntimeError, "Error: failed to create signature context\n");
return Qnil;
}
dsigCtx->enabledReferenceUris = xmlSecTransformUriTypeEmpty;
/* Verify signature */
if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
if(doc != NULL) xmlFreeDoc(doc);
rb_raise(rb_eRuntimeError, "Error: signature verify \"%s\"\n");
return Qnil;
}
/* verification result*/
if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
if(doc != NULL) xmlFreeDoc(doc);
return Qtrue;
} else {
if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
if(doc != NULL) xmlFreeDoc(doc);
return Qfalse;
}
}
int xml_verify(char *filename) {
xmlSecDSigCtxPtr dsig_ctx = NULL;
xmlDocPtr doc = NULL;
xmlNodePtr root_node;
xmlNodePtr sign_node;
xmlNodePtr cert_node;
xmlNodePtr x509d_node;
xmlNodePtr cur_node;
int result = DCP_FATAL;
xmlSecKeysMngrPtr key_manager;
char cert[5000];
int cert_l;
xmlsec_verify_init();
/* load doc file */
doc = xmlParseFile(filename);
if (doc == NULL) {
dcp_log(LOG_ERROR, "unable to parse file %s", filename);
goto done;
}
/* find root node */
root_node = xmlDocGetRootElement(doc);
if (root_node == NULL){
dcp_log(LOG_ERROR, "unable to find root node");
goto done;
}
/* find signature node */
sign_node = xmlSecFindNode(root_node, xmlSecNodeSignature, xmlSecDSigNs);
if(sign_node == NULL) {
dcp_log(LOG_ERROR, "signature node not found");
goto done;
}
/* create keys manager */
key_manager = load_certificates();
if (key_manager == NULL) {
dcp_log(LOG_ERROR,"create key manager failed");
goto done;
}
/* find certificates */
cur_node = sign_node;
while (x509d_node = xmlSecFindNode(cur_node, xmlSecNodeX509Data, xmlSecDSigNs)) {
cert_node = xmlSecFindNode(x509d_node, xmlSecNodeX509Certificate, xmlSecDSigNs);
if(cert_node == NULL) {
dcp_log(LOG_ERROR, "X509certficate node not found");
goto done;
}
sprintf(cert,"-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----\n",xmlNodeGetContent(cert_node));
cert_l = strlen(cert);
if (xmlSecCryptoAppKeysMngrCertLoadMemory(key_manager, cert, cert_l, xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
dcp_log(LOG_ERROR, "could read X509certificate node value");
goto done;
}
cur_node = xmlNextElementSibling(x509d_node);
}
/* create signature context */
dsig_ctx = xmlSecDSigCtxCreate(key_manager);
if (dsig_ctx == NULL) {
dcp_log(LOG_ERROR,"create signature opendcp failed");
goto done;
}
/* sign the template */
if (xmlSecDSigCtxVerify(dsig_ctx, sign_node) < 0) {
dcp_log(LOG_ERROR,"signature verify failed");
goto done;
}
if (dsig_ctx->status != xmlSecDSigStatusSucceeded) {
dcp_log(LOG_ERROR,"signature validation failed");
goto done;
}
/* success */
result = 0;
done:
/* destroy keys manager */
xmlSecKeysMngrDestroy(key_manager);
/* destroy signature context */
if(dsig_ctx != NULL) {
xmlSecDSigCtxDestroy(dsig_ctx);
}
/* destroy xml doc */
if(doc != NULL) {
xmlFreeDoc(doc);
}
xmlsec_close();
return(result);
}
/**
* verify_request:
* @mng: the keys manager
*
* Verifies XML signature in the request (stdin).
*
* Returns 0 on success or a negative value if an error occurs.
*/
int
verify_request(xmlSecKeysMngrPtr mngr) {
xmlBufferPtr buffer = NULL;
char buf[256];
xmlDocPtr doc = NULL;
xmlNodePtr node = NULL;
xmlSecDSigCtxPtr dsigCtx = NULL;
int ret;
int res = -1;
assert(mngr);
/* load request in the buffer */
buffer = xmlBufferCreate();
if(buffer == NULL) {
fprintf(stdout,"Error: failed to create buffer\n");
goto done;
}
while(!feof(stdin)) {
ret = fread(buf, 1, sizeof(buf), stdin);
if(ret < 0) {
fprintf(stdout,"Error: read failed\n");
goto done;
}
xmlBufferAdd(buffer, buf, ret);
}
/* is the document subbmitted from the form? */
if(strncmp((char*)xmlBufferContent(buffer), "_xmldoc=", 8) == 0) {
xmlBufferShrink(buffer, 8);
buffer->use = url_decode((char*)xmlBufferContent(buffer), xmlBufferLength(buffer));
}
/**
* Load doc
*/
doc = xmlReadMemory(xmlBufferContent(buffer), xmlBufferLength(buffer),
NULL, NULL,
XML_PARSE_NOENT | XML_PARSE_NOCDATA |
XML_PARSE_PEDANTIC | XML_PARSE_NOCDATA);
if (doc == NULL) {
fprintf(stdout, "Error: unable to parse xml document (syntax error)\n");
goto done;
}
/*
* Check the document is of the right kind
*/
if(xmlDocGetRootElement(doc) == NULL) {
fprintf(stdout,"Error: empty document\n");
goto done;
}
/* find start node */
node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
if(node == NULL) {
fprintf(stdout, "Error: start <dsig:Signature/> node not found\n");
goto done;
}
/* create signature context */
dsigCtx = xmlSecDSigCtxCreate(mngr);
if(dsigCtx == NULL) {
fprintf(stdout,"Error: failed to create signature context\n");
goto done;
}
/* we would like to store and print out everything */
/* actually we would not because it opens a security hole
dsigCtx->flags = XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES |
XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES |
XMLSEC_DSIG_FLAGS_STORE_SIGNATURE;
*/
/* Verify signature */
if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
fprintf(stdout,"Error: signature verification failed\n");
goto done;
}
/* print verification result to stdout */
if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
fprintf(stdout, "RESULT: Signature is OK\n");
} else {
fprintf(stdout, "RESULT: Signature is INVALID\n");
}
fprintf(stdout, "---------------------------------------------------\n");
xmlSecDSigCtxDebugDump(dsigCtx, stdout);
/* success */
res = 0;
done:
/* cleanup */
if(dsigCtx != NULL) {
xmlSecDSigCtxDestroy(dsigCtx);
}
if(doc != NULL) {
xmlFreeDoc(doc);
}
if(buffer != NULL) {
xmlBufferFree(buffer);
}
return(res);
}
/**
* Funkcja dokonuje weryfikacji poprawności złożonego podpisu pod formularzem.
* \param[in] mngr Zainicjalizowany menedżer kluczy.
* \param[in] buffer Formularz do zweryfikowania.
* \param[in] buffer_len Długość weryfikowanego formularza.
*
* \retval 0 Podpis poprawny.
* \retval 1 Podpis niepoprawny.
* \retval -1 Nie można przeparsować dokumentu.
* \retval -2 Nie znaleziono startowego węzła.
* \retval -3 Nie dało się utworzyć kontekstu podpisu.
* \retval -4 Nie dało rady zweryfikować podpisu.
* */
static long verify_memory(xmlSecKeysMngrPtr mngr, const char* buffer, const long buffer_len) {
xmlDocPtr doc = NULL;
xmlNodePtr node = NULL;
xmlSecDSigCtxPtr dsigCtx = NULL;
long ret = -99;
assert(mngr);
/* load file */
doc = xmlParseMemory(buffer,buffer_len);
if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
PRINT_DEBUG("UNABLE TO PARSE DOCUMENT\n");
ret = -1;
goto done;
}
/* find start node */
node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
if(node == NULL) {
PRINT_DEBUG("Start node %s not found\n",xmlSecNodeSignature);
ret = -2;
goto done;
}
/* create signature context */
dsigCtx = xmlSecDSigCtxCreate(mngr);
if(dsigCtx == NULL) {
PRINT_DEBUG("Failed to create signature context\n");
ret = -3;
goto done;
}
/* Verify signature */
if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
PRINT_DEBUG("Error: signature verify failed\n");
ret = -4;
goto done;
}
/* print verification result to stdout */
if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
ret = 0;
PRINT_DEBUG("XAdES: Signature is OK\n");
} else {
ret = 1;
PRINT_DEBUG("XAdES: Signature is INVALID\n");
}
done:
/* cleanup */
if(dsigCtx != NULL) {
xmlSecDSigCtxDestroy(dsigCtx);
}
if(doc != NULL) {
xmlFreeDoc(doc);
}
return(ret);
}
/**
* verify_file:
* @mngr: the pointer to keys manager.
* @xml_file: the signed XML file name.
*
* Verifies XML signature in #xml_file.
*
* Returns 0 on success or a negative value if an error occurs.
*/
int
verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file) {
xmlDocPtr doc = NULL;
xmlNodePtr node = NULL;
xmlSecDSigCtxPtr dsigCtx = NULL;
int res = -1;
assert(mngr);
assert(xml_file);
/* load file */
doc = xmlParseFile(xml_file);
if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
goto done;
}
/* find start node */
node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
if(node == NULL) {
fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file);
goto done;
}
/* create signature context */
dsigCtx = xmlSecDSigCtxCreate(mngr);
if(dsigCtx == NULL) {
fprintf(stderr,"Error: failed to create signature context\n");
goto done;
}
/* limit the Reference URI attributes to empty or NULL */
dsigCtx->enabledReferenceUris = xmlSecTransformUriTypeEmpty;
/* limit allowed transforms for signature and reference processing */
if((xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformInclC14NId) < 0) ||
(xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformExclC14NId) < 0) ||
(xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformSha1Id) < 0) ||
(xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformRsaSha1Id) < 0)) {
fprintf(stderr,"Error: failed to limit allowed signature transforms\n");
goto done;
}
if((xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformInclC14NId) < 0) ||
(xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformExclC14NId) < 0) ||
(xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformSha1Id) < 0) ||
(xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformEnvelopedId) < 0)) {
fprintf(stderr,"Error: failed to limit allowed reference transforms\n");
goto done;
}
/* in addition, limit possible key data to valid X509 certificates only */
if(xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecKeyDataX509Id) < 0) {
fprintf(stderr,"Error: failed to limit allowed key data\n");
goto done;
}
/* Verify signature */
if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
fprintf(stderr,"Error: signature verify\n");
goto done;
}
/* check that we have only one Reference */
if((dsigCtx->status == xmlSecDSigStatusSucceeded) &&
(xmlSecPtrListGetSize(&(dsigCtx->signedInfoReferences)) != 1)) {
fprintf(stderr,"Error: only one reference is allowed\n");
goto done;
}
/* print verification result to stdout */
if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
fprintf(stdout, "Signature is OK\n");
} else {
fprintf(stdout, "Signature is INVALID\n");
}
/* success */
res = 0;
done:
/* cleanup */
if(dsigCtx != NULL) {
xmlSecDSigCtxDestroy(dsigCtx);
}
if(doc != NULL) {
xmlFreeDoc(doc);
}
return(res);
}
VALUE xmlsec_is_valid_by_x509_file(VALUE self, xmlDocPtr doc, VALUE x509_file ) {
xmlSecKeysMngrPtr mngr;
VALUE v;
xmlNodePtr node = NULL;
xmlSecDSigCtxPtr dsigCtx = NULL;
long i;
mngr = xmlSecKeysMngrCreate();
if(mngr == NULL) {
if(doc != NULL) xmlFreeDoc(doc);
rb_raise(rb_eRuntimeError, "Error: failed to create keys manager.\n");
return Qnil;
}
if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
if(doc != NULL) xmlFreeDoc(doc);
if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
rb_raise(rb_eRuntimeError, "Error: failed to initialize keys manager.\n");
return Qnil;
}
if (TYPE(x509_file) == T_STRING){
/* load trusted cert */
if(xmlSecCryptoAppKeysMngrCertLoad(mngr, StringValuePtr(x509_file), xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
if(doc != NULL) xmlFreeDoc(doc);
if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
rb_raise(rb_eRuntimeError, "Error: failed to load pem certificate from \"%s\"\n", StringValuePtr(x509_file));
return Qnil;
}
}
if (TYPE(x509_file) == T_ARRAY) {
for (i =0; i < RARRAY_LEN(x509_file); i++) {
v = rb_ary_entry(x509_file, i);
StringValue(v);
if(xmlSecCryptoAppKeysMngrCertLoad(mngr, RSTRING_PTR(v), xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
if(doc != NULL) xmlFreeDoc(doc);
if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
rb_raise(rb_eRuntimeError, "Error: failed to load pem certificate from \"%s\"\n", RSTRING_PTR(v));
return Qnil;
}
}
//rb_ary_entry
}
/* find start node */
node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
if(node == NULL) {
if(doc != NULL) xmlFreeDoc(doc);
rb_raise(rb_eRuntimeError, "Error: start node not found\n");
return Qnil;
}
/* create signature context*/
dsigCtx = xmlSecDSigCtxCreate(mngr);
if(dsigCtx == NULL) {
if(doc != NULL) xmlFreeDoc(doc);
if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
rb_raise(rb_eRuntimeError, "Error: failed to create signature context\n");
return Qnil;
}
/* limit the Reference URI attributes to empty or NULL */
dsigCtx->enabledReferenceUris = xmlSecTransformUriTypeEmpty;
/* Verify signature */
if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
if(doc != NULL) xmlFreeDoc(doc);
if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
rb_raise(rb_eRuntimeError, "Error: signature verify \"%s\"\n");
return Qnil;
}
/* verification result*/
if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
if(doc != NULL) xmlFreeDoc(doc);
if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
return Qtrue;
} else {
if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
if(doc != NULL) xmlFreeDoc(doc);
if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
return Qfalse;
}
}
