// --------------------------------------------------------------------------- // Add element to <KeyInfo> node. // --------------------------------------------------------------------------- // void XmlSecTemplate::SetKeyInfoL(RXmlEngDocument& aTemplate, TXmlEngElement aKeyProp) { if(aKeyProp.IsNull()) { User::Leave(KErrWrongParameter); } if(aTemplate.IsNull()) { User::Leave(KErrTemplate); } xmlNodePtr keyInfo = NULL; TXmlEngNode tmpNode = aTemplate.DocumentElement(); xmlNodePtr root = INTERNAL_NODEPTR(tmpNode); keyInfo = xmlSecFindNode(root,xmlSecNodeKeyInfo, xmlSecDSigNs); if(!keyInfo) { User::Leave(KErrTemplate); } TXmlEngElement keyIn(keyInfo); keyIn.RemoveChildren(); keyIn.AppendChildL(aKeyProp); }
int xml_verify(char *filename) { xmlSecDSigCtxPtr dsig_ctx = NULL; xmlDocPtr doc = NULL; xmlNodePtr root_node; xmlNodePtr sign_node; xmlNodePtr cert_node; xmlNodePtr x509d_node; xmlNodePtr cur_node; int result = DCP_FATAL; xmlSecKeysMngrPtr key_manager; char cert[5000]; int cert_l; xmlsec_verify_init(); /* load doc file */ doc = xmlParseFile(filename); if (doc == NULL) { dcp_log(LOG_ERROR, "unable to parse file %s", filename); goto done; } /* find root node */ root_node = xmlDocGetRootElement(doc); if (root_node == NULL){ dcp_log(LOG_ERROR, "unable to find root node"); goto done; } /* find signature node */ sign_node = xmlSecFindNode(root_node, xmlSecNodeSignature, xmlSecDSigNs); if(sign_node == NULL) { dcp_log(LOG_ERROR, "signature node not found"); goto done; } /* create keys manager */ key_manager = load_certificates(); if (key_manager == NULL) { dcp_log(LOG_ERROR,"create key manager failed"); goto done; } /* find certificates */ cur_node = sign_node; while (x509d_node = xmlSecFindNode(cur_node, xmlSecNodeX509Data, xmlSecDSigNs)) { cert_node = xmlSecFindNode(x509d_node, xmlSecNodeX509Certificate, xmlSecDSigNs); if(cert_node == NULL) { dcp_log(LOG_ERROR, "X509certficate node not found"); goto done; } sprintf(cert,"-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----\n",xmlNodeGetContent(cert_node)); cert_l = strlen(cert); if (xmlSecCryptoAppKeysMngrCertLoadMemory(key_manager, cert, cert_l, xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) { dcp_log(LOG_ERROR, "could read X509certificate node value"); goto done; } cur_node = xmlNextElementSibling(x509d_node); } /* create signature context */ dsig_ctx = xmlSecDSigCtxCreate(key_manager); if (dsig_ctx == NULL) { dcp_log(LOG_ERROR,"create signature opendcp failed"); goto done; } /* sign the template */ if (xmlSecDSigCtxVerify(dsig_ctx, sign_node) < 0) { dcp_log(LOG_ERROR,"signature verify failed"); goto done; } if (dsig_ctx->status != xmlSecDSigStatusSucceeded) { dcp_log(LOG_ERROR,"signature validation failed"); goto done; } /* success */ result = 0; done: /* destroy keys manager */ xmlSecKeysMngrDestroy(key_manager); /* destroy signature context */ if(dsig_ctx != NULL) { xmlSecDSigCtxDestroy(dsig_ctx); } /* destroy xml doc */ if(doc != NULL) { xmlFreeDoc(doc); } xmlsec_close(); return(result); }
/** * decrypt_file: * @mngr: the pointer to keys manager. * @enc_file: the encrypted XML file name. * * Decrypts the XML file #enc_file using DES key from #key_file and * prints results to stdout. * * Returns 0 on success or a negative value if an error occurs. */ int decrypt_file(xmlSecKeysMngrPtr mngr, const char* enc_file) { xmlDocPtr doc = NULL; xmlNodePtr node = NULL; xmlSecEncCtxPtr encCtx = NULL; int res = -1; assert(mngr); assert(enc_file); /* load template */ doc = xmlParseFile(enc_file); if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){ fprintf(stderr, "Error: unable to parse file \"%s\"\n", enc_file); goto done; } /* find start node */ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeEncryptedData, xmlSecEncNs); if(node == NULL) { fprintf(stderr, "Error: start node not found in \"%s\"\n", enc_file); goto done; } /* create encryption context */ encCtx = xmlSecEncCtxCreate(mngr); if(encCtx == NULL) { fprintf(stderr,"Error: failed to create encryption context\n"); goto done; } /* decrypt the data */ if((xmlSecEncCtxDecrypt(encCtx, node) < 0) || (encCtx->result == NULL)) { fprintf(stderr,"Error: decryption failed\n"); goto done; } /* print decrypted data to stdout */ if(encCtx->resultReplaced != 0) { fprintf(stdout, "Decrypted XML data:\n"); xmlDocDump(stdout, doc); } else { fprintf(stdout, "Decrypted binary data (%d bytes):\n", xmlSecBufferGetSize(encCtx->result)); if(xmlSecBufferGetData(encCtx->result) != NULL) { fwrite(xmlSecBufferGetData(encCtx->result), 1, xmlSecBufferGetSize(encCtx->result), stdout); } } fprintf(stdout, "\n"); /* success */ res = 0; done: /* cleanup */ if(encCtx != NULL) { xmlSecEncCtxDestroy(encCtx); } if(doc != NULL) { xmlFreeDoc(doc); } return(res); }
int xml_sign(opendcp_t *opendcp, char *filename) { xmlSecDSigCtxPtr dsig_ctx = NULL; xmlDocPtr doc = NULL; xmlNodePtr root_node; xmlNodePtr sign_node; FILE *fp; int result = OPENDCP_ERROR; xmlSecKeysMngrPtr key_manager = NULL; dcp_log(LOG_DEBUG, "xml_sign: xmlsec_init"); xmlsec_init(); /* load doc file */ dcp_log(LOG_DEBUG, "xml_sign: parse file"); doc = xmlParseFile(filename); if (doc == NULL) { dcp_log(OPENDCP_ERROR, "Error: unable to parse file %s", filename); goto done; } /* find root node */ root_node = xmlDocGetRootElement(doc); if (root_node == NULL){ dcp_log(OPENDCP_ERROR, "Error: unable to find root node"); goto done; } /* find signature node */ sign_node = xmlSecFindNode(root_node, xmlSecNodeSignature, xmlSecDSigNs); if(sign_node == NULL) { fprintf(stderr, "Error: start node not found"); goto done; } /* create keys manager */ key_manager = load_certificates_sign(opendcp); if (key_manager == NULL) { fprintf(stderr,"Error: failed to create key manager\n"); goto done; } /* create signature opendcp */ dsig_ctx = xmlSecDSigCtxCreate(key_manager); if(dsig_ctx == NULL) { fprintf(stderr,"Error: failed to create signature opendcp\n"); goto done; } /* sign the template */ if(xmlSecDSigCtxSign(dsig_ctx, sign_node) < 0) { fprintf(stderr,"Error: signature failed\n"); goto done; } /* open xml file */ fp = fopen(filename,"wb"); if (fp == NULL) { fprintf(stderr,"Error: could not open output file\n"); goto done; } /* write the xml file */ if (xmlDocDump(fp, doc) < 0) { fprintf(stderr,"Error: writing XML document failed\n"); goto done; } /* close the file */ fclose(fp); /* success */ result = 0; done: /* destroy keys manager */ xmlSecKeysMngrDestroy(key_manager); /* destroy signature context */ if(dsig_ctx != NULL) { xmlSecDSigCtxDestroy(dsig_ctx); } /* destroy xml doc */ if(doc != NULL) { xmlFreeDoc(doc); } xmlsec_close(); return(result); }
static PyObject* sign_xml(const char* xml_string, const char* key_file, const char* cert_file, const char* id_attr_name, const char* id_node_name) { xmlDocPtr doc = NULL; xmlNodePtr node = NULL; xmlSecDSigCtxPtr dsigCtx = NULL; xmlChar *signed_xml; int size; PyObject *result; assert(xml_string); assert(key_file); assert(cert_file); /* load template */ doc = xmlParseDoc((xmlChar*)xml_string); if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){ fprintf(stderr, "XmlSecError: unable to parse xml string!\n"); goto done; } /* add id */ if (id_attr_name && id_node_name && *id_attr_name != '\0' && *id_node_name != '\0') xmlSecAppAddIDAttr(xmlDocGetRootElement(doc), (xmlChar*)id_attr_name, (xmlChar*)id_node_name, NULL); /* find start node */ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs); if(node == NULL) { fprintf(stderr, "XmlSecError: start node <Signature> not found in xml string\n"); goto done; } /* create signature context, we don't need keys manager in this example */ dsigCtx = xmlSecDSigCtxCreate(NULL); if(dsigCtx == NULL) { fprintf(stderr,"XmlSecError: failed to create signature context\n"); goto done; } /* load private key, assuming that there is not password */ dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL); if(dsigCtx->signKey == NULL) { fprintf(stderr,"XmlSecError: failed to load private pem key from \"%s\"\n", key_file); goto done; } /* set key name to the file name */ if(xmlSecKeySetName(dsigCtx->signKey, (xmlChar*)key_file) < 0) { fprintf(stderr,"XmlSecError: failed to set key name for key from \"%s\"\n", key_file); goto done; } /* set cert name to the file name */ if(xmlSecCryptoAppKeyCertLoad(dsigCtx->signKey, cert_file, xmlSecKeyDataFormatPem) < 0) { fprintf(stderr,"XmlSecError: failed to set cert name for cert from \"%s\"\n", cert_file); goto done; } /* sign the template */ if(xmlSecDSigCtxSign(dsigCtx, node) < 0) { fprintf(stderr,"XmlSecError: signature failed\n"); goto done; } done: /* cleanup */ if(dsigCtx != NULL) { xmlSecDSigCtxDestroy(dsigCtx); } if(doc != NULL) { xmlDocDumpMemory(doc, &signed_xml, &size); result = Py_BuildValue("s", signed_xml); xmlFree(signed_xml); xmlFreeDoc(doc); } else { result = Py_BuildValue("s", NULL); } return result; }
/** * verify_request: * @mng: the keys manager * * Verifies XML signature in the request (stdin). * * Returns 0 on success or a negative value if an error occurs. */ int verify_request(xmlSecKeysMngrPtr mngr) { xmlBufferPtr buffer = NULL; char buf[256]; xmlDocPtr doc = NULL; xmlNodePtr node = NULL; xmlSecDSigCtxPtr dsigCtx = NULL; int ret; int res = -1; assert(mngr); /* load request in the buffer */ buffer = xmlBufferCreate(); if(buffer == NULL) { fprintf(stdout,"Error: failed to create buffer\n"); goto done; } while(!feof(stdin)) { ret = fread(buf, 1, sizeof(buf), stdin); if(ret < 0) { fprintf(stdout,"Error: read failed\n"); goto done; } xmlBufferAdd(buffer, buf, ret); } /* is the document subbmitted from the form? */ if(strncmp((char*)xmlBufferContent(buffer), "_xmldoc=", 8) == 0) { xmlBufferShrink(buffer, 8); buffer->use = url_decode((char*)xmlBufferContent(buffer), xmlBufferLength(buffer)); } /** * Load doc */ doc = xmlReadMemory(xmlBufferContent(buffer), xmlBufferLength(buffer), NULL, NULL, XML_PARSE_NOENT | XML_PARSE_NOCDATA | XML_PARSE_PEDANTIC | XML_PARSE_NOCDATA); if (doc == NULL) { fprintf(stdout, "Error: unable to parse xml document (syntax error)\n"); goto done; } /* * Check the document is of the right kind */ if(xmlDocGetRootElement(doc) == NULL) { fprintf(stdout,"Error: empty document\n"); goto done; } /* find start node */ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs); if(node == NULL) { fprintf(stdout, "Error: start <dsig:Signature/> node not found\n"); goto done; } /* create signature context */ dsigCtx = xmlSecDSigCtxCreate(mngr); if(dsigCtx == NULL) { fprintf(stdout,"Error: failed to create signature context\n"); goto done; } /* we would like to store and print out everything */ /* actually we would not because it opens a security hole dsigCtx->flags = XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES | XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES | XMLSEC_DSIG_FLAGS_STORE_SIGNATURE; */ /* Verify signature */ if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) { fprintf(stdout,"Error: signature verification failed\n"); goto done; } /* print verification result to stdout */ if(dsigCtx->status == xmlSecDSigStatusSucceeded) { fprintf(stdout, "RESULT: Signature is OK\n"); } else { fprintf(stdout, "RESULT: Signature is INVALID\n"); } fprintf(stdout, "---------------------------------------------------\n"); xmlSecDSigCtxDebugDump(dsigCtx, stdout); /* success */ res = 0; done: /* cleanup */ if(dsigCtx != NULL) { xmlSecDSigCtxDestroy(dsigCtx); } if(doc != NULL) { xmlFreeDoc(doc); } if(buffer != NULL) { xmlBufferFree(buffer); } return(res); }
/** * Funkcja dokonuje weryfikacji poprawności złożonego podpisu pod formularzem. * \param[in] mngr Zainicjalizowany menedżer kluczy. * \param[in] buffer Formularz do zweryfikowania. * \param[in] buffer_len Długość weryfikowanego formularza. * * \retval 0 Podpis poprawny. * \retval 1 Podpis niepoprawny. * \retval -1 Nie można przeparsować dokumentu. * \retval -2 Nie znaleziono startowego węzła. * \retval -3 Nie dało się utworzyć kontekstu podpisu. * \retval -4 Nie dało rady zweryfikować podpisu. * */ static long verify_memory(xmlSecKeysMngrPtr mngr, const char* buffer, const long buffer_len) { xmlDocPtr doc = NULL; xmlNodePtr node = NULL; xmlSecDSigCtxPtr dsigCtx = NULL; long ret = -99; assert(mngr); /* load file */ doc = xmlParseMemory(buffer,buffer_len); if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){ PRINT_DEBUG("UNABLE TO PARSE DOCUMENT\n"); ret = -1; goto done; } /* find start node */ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs); if(node == NULL) { PRINT_DEBUG("Start node %s not found\n",xmlSecNodeSignature); ret = -2; goto done; } /* create signature context */ dsigCtx = xmlSecDSigCtxCreate(mngr); if(dsigCtx == NULL) { PRINT_DEBUG("Failed to create signature context\n"); ret = -3; goto done; } /* Verify signature */ if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) { PRINT_DEBUG("Error: signature verify failed\n"); ret = -4; goto done; } /* print verification result to stdout */ if(dsigCtx->status == xmlSecDSigStatusSucceeded) { ret = 0; PRINT_DEBUG("XAdES: Signature is OK\n"); } else { ret = 1; PRINT_DEBUG("XAdES: Signature is INVALID\n"); } done: /* cleanup */ if(dsigCtx != NULL) { xmlSecDSigCtxDestroy(dsigCtx); } if(doc != NULL) { xmlFreeDoc(doc); } return(ret); }
/** * encrypt_file: * @tmpl_file: the encryption template file name. * @key_file: the Triple DES key file. * @data: the binary data to encrypt. * @dataSize: the binary data size. * * Encrypts binary #data using template from #tmpl_file and DES key from * #key_file. * * Returns 0 on success or a negative value if an error occurs. */ int encrypt_file(const char* tmpl_file, const char* key_file, const unsigned char* data, size_t dataSize) { xmlDocPtr doc = NULL; xmlNodePtr node = NULL; xmlSecEncCtxPtr encCtx = NULL; int res = -1; assert(tmpl_file); assert(key_file); assert(data); /* load template */ doc = xmlParseFile(tmpl_file); if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){ printf_a_ignorar3(stderr, "Error: unable to parse file \"%s\"\n", tmpl_file); goto done; } /* find start node */ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeEncryptedData, xmlSecEncNs); if(node == NULL) { printf_a_ignorar3(stderr, "Error: start node not found in \"%s\"\n", tmpl_file); goto done; } /* create encryption context, we don't need keys manager in this example */ encCtx = xmlSecEncCtxCreate(NULL); if(encCtx == NULL) { printf_a_ignorar3(stderr,"Error: failed to create encryption context\n"); goto done; } /* load DES key, assuming that there is not password */ encCtx->encKey = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, key_file); if(encCtx->encKey == NULL) { printf_a_ignorar3(stderr,"Error: failed to load des key from binary file \"%s\"\n", key_file); goto done; } /* set key name to the file name, this is just an example! */ if(xmlSecKeySetName(encCtx->encKey, key_file) < 0) { printf_a_ignorar3(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file); goto done; } /* encrypt the data */ if(xmlSecEncCtxBinaryEncrypt(encCtx, node, data, dataSize) < 0) { printf_a_ignorar3(stderr,"Error: encryption failed\n"); goto done; } /* print encrypted data with document to stdout */ xmlDocDump(stdout, doc); /* success */ res = 0; done: /* cleanup */ if(encCtx != NULL) { xmlSecEncCtxDestroy(encCtx); } if(doc != NULL) { xmlFreeDoc(doc); } return(res); }
/** * verify_file: * @mngr: the pointer to keys manager. * @xml_file: the signed XML file name. * * Verifies XML signature in #xml_file. * * Returns 0 on success or a negative value if an error occurs. */ int verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file) { xmlDocPtr doc = NULL; xmlNodePtr node = NULL; xmlSecDSigCtxPtr dsigCtx = NULL; int res = -1; assert(mngr); assert(xml_file); /* load file */ doc = xmlParseFile(xml_file); if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){ fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file); goto done; } /* find start node */ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs); if(node == NULL) { fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file); goto done; } /* create signature context */ dsigCtx = xmlSecDSigCtxCreate(mngr); if(dsigCtx == NULL) { fprintf(stderr,"Error: failed to create signature context\n"); goto done; } /* limit the Reference URI attributes to empty or NULL */ dsigCtx->enabledReferenceUris = xmlSecTransformUriTypeEmpty; /* limit allowed transforms for signature and reference processing */ if((xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformInclC14NId) < 0) || (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformExclC14NId) < 0) || (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformSha1Id) < 0) || (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformRsaSha1Id) < 0)) { fprintf(stderr,"Error: failed to limit allowed signature transforms\n"); goto done; } if((xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformInclC14NId) < 0) || (xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformExclC14NId) < 0) || (xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformSha1Id) < 0) || (xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformEnvelopedId) < 0)) { fprintf(stderr,"Error: failed to limit allowed reference transforms\n"); goto done; } /* in addition, limit possible key data to valid X509 certificates only */ if(xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecKeyDataX509Id) < 0) { fprintf(stderr,"Error: failed to limit allowed key data\n"); goto done; } /* Verify signature */ if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) { fprintf(stderr,"Error: signature verify\n"); goto done; } /* check that we have only one Reference */ if((dsigCtx->status == xmlSecDSigStatusSucceeded) && (xmlSecPtrListGetSize(&(dsigCtx->signedInfoReferences)) != 1)) { fprintf(stderr,"Error: only one reference is allowed\n"); goto done; } /* print verification result to stdout */ if(dsigCtx->status == xmlSecDSigStatusSucceeded) { fprintf(stdout, "Signature is OK\n"); } else { fprintf(stdout, "Signature is INVALID\n"); } /* success */ res = 0; done: /* cleanup */ if(dsigCtx != NULL) { xmlSecDSigCtxDestroy(dsigCtx); } if(doc != NULL) { xmlFreeDoc(doc); } return(res); }
/** * sign_file: * @tmpl_file: the signature template file name. * @key_file: the PEM private key file name. * * Signs the #tmpl_file using private key from #key_file. * * Returns 0 on success or a negative value if an error occurs. */ int sign_file(const char* tmpl_file, const char* key_file) { xmlDocPtr doc = NULL; xmlNodePtr node = NULL; xmlSecDSigCtxPtr dsigCtx = NULL; int res = -1; assert(tmpl_file); assert(key_file); /* load template */ doc = xmlParseFile(tmpl_file); if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){ fprintf(stderr, "Error: unable to parse file \"%s\"\n", tmpl_file); goto done; } /* find start node */ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs); if(node == NULL) { fprintf(stderr, "Error: start node not found in \"%s\"\n", tmpl_file); goto done; } /* create signature context, we don't need keys manager in this example */ dsigCtx = xmlSecDSigCtxCreate(NULL); if(dsigCtx == NULL) { fprintf(stderr,"Error: failed to create signature context\n"); goto done; } /* load private key, assuming that there is not password */ dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL); if(dsigCtx->signKey == NULL) { fprintf(stderr,"Error: failed to load private pem key from \"%s\"\n", key_file); goto done; } /* set key name to the file name, this is just an example! */ if(xmlSecKeySetName(dsigCtx->signKey, key_file) < 0) { fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file); goto done; } /* sign the template */ if(xmlSecDSigCtxSign(dsigCtx, node) < 0) { fprintf(stderr,"Error: signature failed\n"); goto done; } /* print signed document to stdout */ xmlDocDump(stdout, doc); /* success */ res = 0; done: /* cleanup */ if(dsigCtx != NULL) { xmlSecDSigCtxDestroy(dsigCtx); } if(doc != NULL) { xmlFreeDoc(doc); } return(res); }
VALUE xmlsec_is_valid_by_x509_file(VALUE self, xmlDocPtr doc, VALUE x509_file ) { xmlSecKeysMngrPtr mngr; VALUE v; xmlNodePtr node = NULL; xmlSecDSigCtxPtr dsigCtx = NULL; long i; mngr = xmlSecKeysMngrCreate(); if(mngr == NULL) { if(doc != NULL) xmlFreeDoc(doc); rb_raise(rb_eRuntimeError, "Error: failed to create keys manager.\n"); return Qnil; } if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) { if(doc != NULL) xmlFreeDoc(doc); if(mngr != NULL) xmlSecKeysMngrDestroy(mngr); rb_raise(rb_eRuntimeError, "Error: failed to initialize keys manager.\n"); return Qnil; } if (TYPE(x509_file) == T_STRING){ /* load trusted cert */ if(xmlSecCryptoAppKeysMngrCertLoad(mngr, StringValuePtr(x509_file), xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) { if(doc != NULL) xmlFreeDoc(doc); if(mngr != NULL) xmlSecKeysMngrDestroy(mngr); rb_raise(rb_eRuntimeError, "Error: failed to load pem certificate from \"%s\"\n", StringValuePtr(x509_file)); return Qnil; } } if (TYPE(x509_file) == T_ARRAY) { for (i =0; i < RARRAY_LEN(x509_file); i++) { v = rb_ary_entry(x509_file, i); StringValue(v); if(xmlSecCryptoAppKeysMngrCertLoad(mngr, RSTRING_PTR(v), xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) { if(doc != NULL) xmlFreeDoc(doc); if(mngr != NULL) xmlSecKeysMngrDestroy(mngr); rb_raise(rb_eRuntimeError, "Error: failed to load pem certificate from \"%s\"\n", RSTRING_PTR(v)); return Qnil; } } //rb_ary_entry } /* find start node */ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs); if(node == NULL) { if(doc != NULL) xmlFreeDoc(doc); rb_raise(rb_eRuntimeError, "Error: start node not found\n"); return Qnil; } /* create signature context*/ dsigCtx = xmlSecDSigCtxCreate(mngr); if(dsigCtx == NULL) { if(doc != NULL) xmlFreeDoc(doc); if(mngr != NULL) xmlSecKeysMngrDestroy(mngr); rb_raise(rb_eRuntimeError, "Error: failed to create signature context\n"); return Qnil; } /* limit the Reference URI attributes to empty or NULL */ dsigCtx->enabledReferenceUris = xmlSecTransformUriTypeEmpty; /* Verify signature */ if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) { if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx); if(doc != NULL) xmlFreeDoc(doc); if(mngr != NULL) xmlSecKeysMngrDestroy(mngr); rb_raise(rb_eRuntimeError, "Error: signature verify \"%s\"\n"); return Qnil; } /* verification result*/ if(dsigCtx->status == xmlSecDSigStatusSucceeded) { if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx); if(doc != NULL) xmlFreeDoc(doc); if(mngr != NULL) xmlSecKeysMngrDestroy(mngr); return Qtrue; } else { if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx); if(doc != NULL) xmlFreeDoc(doc); if(mngr != NULL) xmlSecKeysMngrDestroy(mngr); return Qfalse; } }