axis2_status_t verify(axutil_env_t *env,
axis2_char_t *filename,
openssl_pkey_t *prvkey ,
oxs_x509_cert_t *cert)
{
oxs_sign_ctx_t *sign_ctx = NULL;
axiom_node_t *tmpl = NULL;
axis2_status_t status = AXIS2_FAILURE;
tmpl = load_sample_xml(env , tmpl, filename);
printf("File : \n%s\n", axiom_node_to_string(tmpl, env));
sign_ctx = oxs_sign_ctx_create(env);
if(sign_ctx){
axiom_node_t *sig_node = NULL;
/*Set the operation*/
oxs_sign_ctx_set_operation(sign_ctx, env, OXS_SIGN_OPERATION_VERIFY);
sig_node = oxs_axiom_get_first_child_node_by_name(env, tmpl,
OXS_NODE_SIGNATURE, OXS_DSIG_NS, OXS_DS );
if(!sig_node){
printf("Verification : Cannot find ds:Signature node\n");
return AXIS2_FAILURE;
}
/**If the certificate is not given check key information*/
if(!cert){
axiom_node_t *ki_node = NULL;
axiom_node_t *x509_node = NULL;
ki_node = oxs_axiom_get_first_child_node_by_name(env, sig_node, OXS_NODE_KEY_INFO, OXS_DSIG_NS, OXS_DS);
x509_node = oxs_axiom_get_first_child_node_by_name(env, ki_node, OXS_NODE_X509_DATA, OXS_DSIG_NS, OXS_DS);
cert = oxs_x509_cert_create(env);
printf("No certificate is given. Fetching certificate from the KeyInfo\n");
status = oxs_xml_key_process_X509Data(env, x509_node, cert);
if(AXIS2_FAILURE == status){
printf("Error reading KeyInfo\n");
return AXIS2_FAILURE;
}
}
/*Set certificate*/
if(cert){
oxs_sign_ctx_set_certificate(sign_ctx, env, cert);
}else{
printf("Certificate is NULL\n");
return AXIS2_FAILURE;
}
/*Verify*/
status = oxs_xml_sig_verify(env, sign_ctx, sig_node, tmpl);
if(AXIS2_SUCCESS != status){
printf("\nSignature Failed :-(\n");
}else{
printf("\nSignature Verified :-)\n");
}
}
return status;
}
AXIS2_EXTERN int AXIS2_CALL saml_util_set_sig_ctx_defaults(oxs_sign_ctx_t *sig_ctx, const axutil_env_t *env, axis2_char_t *id)
{
oxs_sign_part_t* sig_part = NULL;
oxs_transform_t *tr = NULL;
axutil_array_list_t *sig_parts = NULL, *trans = NULL;
trans = axutil_array_list_create(env, SAML_ARRAY_LIST_DEF);
/*create transform sor SAML XML signature with identifier*/
tr = oxs_transforms_factory_produce_transform(env, OXS_HREF_TRANSFORM_ENVELOPED_SIGNATURE);
axutil_array_list_add(trans, env, tr);
/*Create the EXCL-C14N Transformation*/
tr = oxs_transforms_factory_produce_transform(env, OXS_HREF_TRANSFORM_XML_EXC_C14N);
axutil_array_list_add(trans, env, tr);
sig_part = oxs_sign_part_create(env);
oxs_sign_part_set_digest_mtd(sig_part, env, OXS_HREF_SHA1);
oxs_sign_part_set_transforms(sig_part, env, trans);
oxs_sign_part_set_id_name(sig_part, env, id);
/*ns = axiom_namespace_create(env, "", "");
oxs_sign_part_set_sign_namespace(sig_part,env, ns);*/
sig_parts = axutil_array_list_create(env, SAML_ARRAY_LIST_DEF);
axutil_array_list_add(sig_parts, env, sig_part);
/*create the specific sign context*/
oxs_sign_ctx_set_c14n_mtd(sig_ctx, env, OXS_HREF_XML_EXC_C14N);
oxs_sign_ctx_set_operation(sig_ctx, env, OXS_SIGN_OPERATION_SIGN);
oxs_sign_ctx_set_sign_mtd_algo(sig_ctx, env, OXS_HREF_RSA_SHA1);
oxs_sign_ctx_set_sign_parts(sig_ctx, env, sig_parts);
return AXIS2_SUCCESS;
}
axis2_status_t sign(axutil_env_t *env,
axis2_char_t *filename,
openssl_pkey_t *prvkey ,
oxs_x509_cert_t *cert)
{
axis2_char_t *signed_result = NULL;
axis2_char_t *signed_filename = "result-sign.xml";
axiom_node_t *node = NULL;
axiom_node_t *tmpl = NULL;
oxs_sign_part_t *sign_part = NULL;
oxs_sign_ctx_t *sign_ctx = NULL;
oxs_transform_t *tr = NULL;
axutil_array_list_t *sign_parts = NULL;
axutil_array_list_t *tr_list = NULL;
axis2_char_t *id = NULL;
axis2_status_t status = AXIS2_FAILURE;
FILE *outf;
tmpl = load_sample_xml(env , tmpl, filename);
if (tmpl)
{
printf("load_sample_xml SUCCESS\n");
}
else
{
printf("load_sample_xml FAILED");
return -1;
}
/*Sign specific*/
sign_part = oxs_sign_part_create(env);
tr_list = axutil_array_list_create(env, 1);
/*We need C14N transform*/
tr = oxs_transforms_factory_produce_transform(env, OXS_HREF_TRANSFORM_XML_EXC_C14N);
axutil_array_list_add(tr_list, env, tr);
oxs_sign_part_set_transforms(sign_part, env, tr_list);
/*We need to sign this node add an ID to it*/
node = axiom_node_get_first_element(tmpl, env);
id = /*"Sig-ID-EFG";*/ oxs_util_generate_id(env,(axis2_char_t*)OXS_SIG_ID);
oxs_axiom_add_attribute(env, node, OXS_WSU, OXS_WSSE_XMLNS, OXS_ATTR_ID, id);
status = oxs_sign_part_set_node(sign_part, env,node);
status = oxs_sign_part_set_digest_mtd(sign_part, env, OXS_HREF_SHA1);
sign_parts = axutil_array_list_create(env, 1);
axutil_array_list_add(sign_parts, env, sign_part);
sign_ctx = oxs_sign_ctx_create(env);
if(sign_ctx){
axiom_node_t *sig_node = NULL;
oxs_sign_ctx_set_private_key(sign_ctx, env, prvkey);
oxs_sign_ctx_set_certificate(sign_ctx, env, cert);
/*Set sig algo*/
oxs_sign_ctx_set_sign_mtd_algo(sign_ctx, env, OXS_HREF_RSA_SHA1);
/*Set C14N method*/
oxs_sign_ctx_set_c14n_mtd(sign_ctx, env, OXS_HREF_XML_EXC_C14N);
/*Set sig parts*/
oxs_sign_ctx_set_sign_parts(sign_ctx, env, sign_parts);
/*Set the operation*/
oxs_sign_ctx_set_operation(sign_ctx, env, OXS_SIGN_OPERATION_SIGN);
/*Sign*/
oxs_xml_sig_sign(env, sign_ctx, tmpl, &sig_node);
/*Finally build KeyInfo*/
oxs_xml_key_info_build(env, sig_node, cert, OXS_KIBP_X509DATA_X509CERTIFICATE);
}else{
printf("Sign ctx creation failed");
}
signed_result = axiom_node_to_string(tmpl, env) ;
outf = fopen(signed_filename, "wb");
fwrite(signed_result, 1, axutil_strlen(signed_result), outf);
return AXIS2_SUCCESS;
}