// ---------------------------------------------------------------------------
// Add element to <KeyInfo> node.
// ---------------------------------------------------------------------------
//
void XmlSecTemplate::SetKeyInfoL(RXmlEngDocument& aTemplate, TXmlEngElement aKeyProp)
{
if(aKeyProp.IsNull())
{
User::Leave(KErrWrongParameter);
}
if(aTemplate.IsNull())
{
User::Leave(KErrTemplate);
}
xmlNodePtr keyInfo = NULL;
TXmlEngNode tmpNode = aTemplate.DocumentElement();
xmlNodePtr root = INTERNAL_NODEPTR(tmpNode);
keyInfo = xmlSecFindNode(root,xmlSecNodeKeyInfo, xmlSecDSigNs);
if(!keyInfo)
{
User::Leave(KErrTemplate);
}
TXmlEngElement keyIn(keyInfo);
keyIn.RemoveChildren();
keyIn.AppendChildL(aKeyProp);
}
int xml_verify(char *filename) {
xmlSecDSigCtxPtr dsig_ctx = NULL;
xmlDocPtr doc = NULL;
xmlNodePtr root_node;
xmlNodePtr sign_node;
xmlNodePtr cert_node;
xmlNodePtr x509d_node;
xmlNodePtr cur_node;
int result = DCP_FATAL;
xmlSecKeysMngrPtr key_manager;
char cert[5000];
int cert_l;
xmlsec_verify_init();
/* load doc file */
doc = xmlParseFile(filename);
if (doc == NULL) {
dcp_log(LOG_ERROR, "unable to parse file %s", filename);
goto done;
}
/* find root node */
root_node = xmlDocGetRootElement(doc);
if (root_node == NULL){
dcp_log(LOG_ERROR, "unable to find root node");
goto done;
}
/* find signature node */
sign_node = xmlSecFindNode(root_node, xmlSecNodeSignature, xmlSecDSigNs);
if(sign_node == NULL) {
dcp_log(LOG_ERROR, "signature node not found");
goto done;
}
/* create keys manager */
key_manager = load_certificates();
if (key_manager == NULL) {
dcp_log(LOG_ERROR,"create key manager failed");
goto done;
}
/* find certificates */
cur_node = sign_node;
while (x509d_node = xmlSecFindNode(cur_node, xmlSecNodeX509Data, xmlSecDSigNs)) {
cert_node = xmlSecFindNode(x509d_node, xmlSecNodeX509Certificate, xmlSecDSigNs);
if(cert_node == NULL) {
dcp_log(LOG_ERROR, "X509certficate node not found");
goto done;
}
sprintf(cert,"-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----\n",xmlNodeGetContent(cert_node));
cert_l = strlen(cert);
if (xmlSecCryptoAppKeysMngrCertLoadMemory(key_manager, cert, cert_l, xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
dcp_log(LOG_ERROR, "could read X509certificate node value");
goto done;
}
cur_node = xmlNextElementSibling(x509d_node);
}
/* create signature context */
dsig_ctx = xmlSecDSigCtxCreate(key_manager);
if (dsig_ctx == NULL) {
dcp_log(LOG_ERROR,"create signature opendcp failed");
goto done;
}
/* sign the template */
if (xmlSecDSigCtxVerify(dsig_ctx, sign_node) < 0) {
dcp_log(LOG_ERROR,"signature verify failed");
goto done;
}
if (dsig_ctx->status != xmlSecDSigStatusSucceeded) {
dcp_log(LOG_ERROR,"signature validation failed");
goto done;
}
/* success */
result = 0;
done:
/* destroy keys manager */
xmlSecKeysMngrDestroy(key_manager);
/* destroy signature context */
if(dsig_ctx != NULL) {
xmlSecDSigCtxDestroy(dsig_ctx);
}
/* destroy xml doc */
if(doc != NULL) {
xmlFreeDoc(doc);
}
xmlsec_close();
return(result);
}
/**
* decrypt_file:
* @mngr: the pointer to keys manager.
* @enc_file: the encrypted XML file name.
*
* Decrypts the XML file #enc_file using DES key from #key_file and
* prints results to stdout.
*
* Returns 0 on success or a negative value if an error occurs.
*/
int
decrypt_file(xmlSecKeysMngrPtr mngr, const char* enc_file) {
xmlDocPtr doc = NULL;
xmlNodePtr node = NULL;
xmlSecEncCtxPtr encCtx = NULL;
int res = -1;
assert(mngr);
assert(enc_file);
/* load template */
doc = xmlParseFile(enc_file);
if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
fprintf(stderr, "Error: unable to parse file \"%s\"\n", enc_file);
goto done;
}
/* find start node */
node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeEncryptedData, xmlSecEncNs);
if(node == NULL) {
fprintf(stderr, "Error: start node not found in \"%s\"\n", enc_file);
goto done;
}
/* create encryption context */
encCtx = xmlSecEncCtxCreate(mngr);
if(encCtx == NULL) {
fprintf(stderr,"Error: failed to create encryption context\n");
goto done;
}
/* decrypt the data */
if((xmlSecEncCtxDecrypt(encCtx, node) < 0) || (encCtx->result == NULL)) {
fprintf(stderr,"Error: decryption failed\n");
goto done;
}
/* print decrypted data to stdout */
if(encCtx->resultReplaced != 0) {
fprintf(stdout, "Decrypted XML data:\n");
xmlDocDump(stdout, doc);
} else {
fprintf(stdout, "Decrypted binary data (%d bytes):\n", xmlSecBufferGetSize(encCtx->result));
if(xmlSecBufferGetData(encCtx->result) != NULL) {
fwrite(xmlSecBufferGetData(encCtx->result),
1,
xmlSecBufferGetSize(encCtx->result),
stdout);
}
}
fprintf(stdout, "\n");
/* success */
res = 0;
done:
/* cleanup */
if(encCtx != NULL) {
xmlSecEncCtxDestroy(encCtx);
}
if(doc != NULL) {
xmlFreeDoc(doc);
}
return(res);
}
int xml_sign(opendcp_t *opendcp, char *filename) {
xmlSecDSigCtxPtr dsig_ctx = NULL;
xmlDocPtr doc = NULL;
xmlNodePtr root_node;
xmlNodePtr sign_node;
FILE *fp;
int result = OPENDCP_ERROR;
xmlSecKeysMngrPtr key_manager = NULL;
dcp_log(LOG_DEBUG, "xml_sign: xmlsec_init");
xmlsec_init();
/* load doc file */
dcp_log(LOG_DEBUG, "xml_sign: parse file");
doc = xmlParseFile(filename);
if (doc == NULL) {
dcp_log(OPENDCP_ERROR, "Error: unable to parse file %s", filename);
goto done;
}
/* find root node */
root_node = xmlDocGetRootElement(doc);
if (root_node == NULL){
dcp_log(OPENDCP_ERROR, "Error: unable to find root node");
goto done;
}
/* find signature node */
sign_node = xmlSecFindNode(root_node, xmlSecNodeSignature, xmlSecDSigNs);
if(sign_node == NULL) {
fprintf(stderr, "Error: start node not found");
goto done;
}
/* create keys manager */
key_manager = load_certificates_sign(opendcp);
if (key_manager == NULL) {
fprintf(stderr,"Error: failed to create key manager\n");
goto done;
}
/* create signature opendcp */
dsig_ctx = xmlSecDSigCtxCreate(key_manager);
if(dsig_ctx == NULL) {
fprintf(stderr,"Error: failed to create signature opendcp\n");
goto done;
}
/* sign the template */
if(xmlSecDSigCtxSign(dsig_ctx, sign_node) < 0) {
fprintf(stderr,"Error: signature failed\n");
goto done;
}
/* open xml file */
fp = fopen(filename,"wb");
if (fp == NULL) {
fprintf(stderr,"Error: could not open output file\n");
goto done;
}
/* write the xml file */
if (xmlDocDump(fp, doc) < 0) {
fprintf(stderr,"Error: writing XML document failed\n");
goto done;
}
/* close the file */
fclose(fp);
/* success */
result = 0;
done:
/* destroy keys manager */
xmlSecKeysMngrDestroy(key_manager);
/* destroy signature context */
if(dsig_ctx != NULL) {
xmlSecDSigCtxDestroy(dsig_ctx);
}
/* destroy xml doc */
if(doc != NULL) {
xmlFreeDoc(doc);
}
xmlsec_close();
return(result);
}
static PyObject*
sign_xml(const char* xml_string, const char* key_file, const char* cert_file, const char* id_attr_name, const char* id_node_name) {
xmlDocPtr doc = NULL;
xmlNodePtr node = NULL;
xmlSecDSigCtxPtr dsigCtx = NULL;
xmlChar *signed_xml;
int size;
PyObject *result;
assert(xml_string);
assert(key_file);
assert(cert_file);
/* load template */
doc = xmlParseDoc((xmlChar*)xml_string);
if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
fprintf(stderr, "XmlSecError: unable to parse xml string!\n");
goto done;
}
/* add id */
if (id_attr_name && id_node_name && *id_attr_name != '\0' && *id_node_name != '\0')
xmlSecAppAddIDAttr(xmlDocGetRootElement(doc), (xmlChar*)id_attr_name, (xmlChar*)id_node_name, NULL);
/* find start node */
node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
if(node == NULL) {
fprintf(stderr, "XmlSecError: start node <Signature> not found in xml string\n");
goto done;
}
/* create signature context, we don't need keys manager in this example */
dsigCtx = xmlSecDSigCtxCreate(NULL);
if(dsigCtx == NULL) {
fprintf(stderr,"XmlSecError: failed to create signature context\n");
goto done;
}
/* load private key, assuming that there is not password */
dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
if(dsigCtx->signKey == NULL) {
fprintf(stderr,"XmlSecError: failed to load private pem key from \"%s\"\n", key_file);
goto done;
}
/* set key name to the file name */
if(xmlSecKeySetName(dsigCtx->signKey, (xmlChar*)key_file) < 0) {
fprintf(stderr,"XmlSecError: failed to set key name for key from \"%s\"\n", key_file);
goto done;
}
/* set cert name to the file name */
if(xmlSecCryptoAppKeyCertLoad(dsigCtx->signKey, cert_file, xmlSecKeyDataFormatPem) < 0) {
fprintf(stderr,"XmlSecError: failed to set cert name for cert from \"%s\"\n", cert_file);
goto done;
}
/* sign the template */
if(xmlSecDSigCtxSign(dsigCtx, node) < 0) {
fprintf(stderr,"XmlSecError: signature failed\n");
goto done;
}
done:
/* cleanup */
if(dsigCtx != NULL) {
xmlSecDSigCtxDestroy(dsigCtx);
}
if(doc != NULL) {
xmlDocDumpMemory(doc, &signed_xml, &size);
result = Py_BuildValue("s", signed_xml);
xmlFree(signed_xml);
xmlFreeDoc(doc);
}
else {
result = Py_BuildValue("s", NULL);
}
return result;
}
/**
* verify_request:
* @mng: the keys manager
*
* Verifies XML signature in the request (stdin).
*
* Returns 0 on success or a negative value if an error occurs.
*/
int
verify_request(xmlSecKeysMngrPtr mngr) {
xmlBufferPtr buffer = NULL;
char buf[256];
xmlDocPtr doc = NULL;
xmlNodePtr node = NULL;
xmlSecDSigCtxPtr dsigCtx = NULL;
int ret;
int res = -1;
assert(mngr);
/* load request in the buffer */
buffer = xmlBufferCreate();
if(buffer == NULL) {
fprintf(stdout,"Error: failed to create buffer\n");
goto done;
}
while(!feof(stdin)) {
ret = fread(buf, 1, sizeof(buf), stdin);
if(ret < 0) {
fprintf(stdout,"Error: read failed\n");
goto done;
}
xmlBufferAdd(buffer, buf, ret);
}
/* is the document subbmitted from the form? */
if(strncmp((char*)xmlBufferContent(buffer), "_xmldoc=", 8) == 0) {
xmlBufferShrink(buffer, 8);
buffer->use = url_decode((char*)xmlBufferContent(buffer), xmlBufferLength(buffer));
}
/**
* Load doc
*/
doc = xmlReadMemory(xmlBufferContent(buffer), xmlBufferLength(buffer),
NULL, NULL,
XML_PARSE_NOENT | XML_PARSE_NOCDATA |
XML_PARSE_PEDANTIC | XML_PARSE_NOCDATA);
if (doc == NULL) {
fprintf(stdout, "Error: unable to parse xml document (syntax error)\n");
goto done;
}
/*
* Check the document is of the right kind
*/
if(xmlDocGetRootElement(doc) == NULL) {
fprintf(stdout,"Error: empty document\n");
goto done;
}
/* find start node */
node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
if(node == NULL) {
fprintf(stdout, "Error: start <dsig:Signature/> node not found\n");
goto done;
}
/* create signature context */
dsigCtx = xmlSecDSigCtxCreate(mngr);
if(dsigCtx == NULL) {
fprintf(stdout,"Error: failed to create signature context\n");
goto done;
}
/* we would like to store and print out everything */
/* actually we would not because it opens a security hole
dsigCtx->flags = XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES |
XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES |
XMLSEC_DSIG_FLAGS_STORE_SIGNATURE;
*/
/* Verify signature */
if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
fprintf(stdout,"Error: signature verification failed\n");
goto done;
}
/* print verification result to stdout */
if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
fprintf(stdout, "RESULT: Signature is OK\n");
} else {
fprintf(stdout, "RESULT: Signature is INVALID\n");
}
fprintf(stdout, "---------------------------------------------------\n");
xmlSecDSigCtxDebugDump(dsigCtx, stdout);
/* success */
res = 0;
done:
/* cleanup */
if(dsigCtx != NULL) {
xmlSecDSigCtxDestroy(dsigCtx);
}
if(doc != NULL) {
xmlFreeDoc(doc);
}
if(buffer != NULL) {
xmlBufferFree(buffer);
}
return(res);
}
/**
* Funkcja dokonuje weryfikacji poprawności złożonego podpisu pod formularzem.
* \param[in] mngr Zainicjalizowany menedżer kluczy.
* \param[in] buffer Formularz do zweryfikowania.
* \param[in] buffer_len Długość weryfikowanego formularza.
*
* \retval 0 Podpis poprawny.
* \retval 1 Podpis niepoprawny.
* \retval -1 Nie można przeparsować dokumentu.
* \retval -2 Nie znaleziono startowego węzła.
* \retval -3 Nie dało się utworzyć kontekstu podpisu.
* \retval -4 Nie dało rady zweryfikować podpisu.
* */
static long verify_memory(xmlSecKeysMngrPtr mngr, const char* buffer, const long buffer_len) {
xmlDocPtr doc = NULL;
xmlNodePtr node = NULL;
xmlSecDSigCtxPtr dsigCtx = NULL;
long ret = -99;
assert(mngr);
/* load file */
doc = xmlParseMemory(buffer,buffer_len);
if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
PRINT_DEBUG("UNABLE TO PARSE DOCUMENT\n");
ret = -1;
goto done;
}
/* find start node */
node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
if(node == NULL) {
PRINT_DEBUG("Start node %s not found\n",xmlSecNodeSignature);
ret = -2;
goto done;
}
/* create signature context */
dsigCtx = xmlSecDSigCtxCreate(mngr);
if(dsigCtx == NULL) {
PRINT_DEBUG("Failed to create signature context\n");
ret = -3;
goto done;
}
/* Verify signature */
if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
PRINT_DEBUG("Error: signature verify failed\n");
ret = -4;
goto done;
}
/* print verification result to stdout */
if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
ret = 0;
PRINT_DEBUG("XAdES: Signature is OK\n");
} else {
ret = 1;
PRINT_DEBUG("XAdES: Signature is INVALID\n");
}
done:
/* cleanup */
if(dsigCtx != NULL) {
xmlSecDSigCtxDestroy(dsigCtx);
}
if(doc != NULL) {
xmlFreeDoc(doc);
}
return(ret);
}
/**
* encrypt_file:
* @tmpl_file: the encryption template file name.
* @key_file: the Triple DES key file.
* @data: the binary data to encrypt.
* @dataSize: the binary data size.
*
* Encrypts binary #data using template from #tmpl_file and DES key from
* #key_file.
*
* Returns 0 on success or a negative value if an error occurs.
*/
int
encrypt_file(const char* tmpl_file, const char* key_file,
const unsigned char* data, size_t dataSize) {
xmlDocPtr doc = NULL;
xmlNodePtr node = NULL;
xmlSecEncCtxPtr encCtx = NULL;
int res = -1;
assert(tmpl_file);
assert(key_file);
assert(data);
/* load template */
doc = xmlParseFile(tmpl_file);
if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
printf_a_ignorar3(stderr, "Error: unable to parse file \"%s\"\n", tmpl_file);
goto done;
}
/* find start node */
node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeEncryptedData, xmlSecEncNs);
if(node == NULL) {
printf_a_ignorar3(stderr, "Error: start node not found in \"%s\"\n", tmpl_file);
goto done;
}
/* create encryption context, we don't need keys manager in this example */
encCtx = xmlSecEncCtxCreate(NULL);
if(encCtx == NULL) {
printf_a_ignorar3(stderr,"Error: failed to create encryption context\n");
goto done;
}
/* load DES key, assuming that there is not password */
encCtx->encKey = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, key_file);
if(encCtx->encKey == NULL) {
printf_a_ignorar3(stderr,"Error: failed to load des key from binary file \"%s\"\n", key_file);
goto done;
}
/* set key name to the file name, this is just an example! */
if(xmlSecKeySetName(encCtx->encKey, key_file) < 0) {
printf_a_ignorar3(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
goto done;
}
/* encrypt the data */
if(xmlSecEncCtxBinaryEncrypt(encCtx, node, data, dataSize) < 0) {
printf_a_ignorar3(stderr,"Error: encryption failed\n");
goto done;
}
/* print encrypted data with document to stdout */
xmlDocDump(stdout, doc);
/* success */
res = 0;
done:
/* cleanup */
if(encCtx != NULL) {
xmlSecEncCtxDestroy(encCtx);
}
if(doc != NULL) {
xmlFreeDoc(doc);
}
return(res);
}
/**
* verify_file:
* @mngr: the pointer to keys manager.
* @xml_file: the signed XML file name.
*
* Verifies XML signature in #xml_file.
*
* Returns 0 on success or a negative value if an error occurs.
*/
int
verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file) {
xmlDocPtr doc = NULL;
xmlNodePtr node = NULL;
xmlSecDSigCtxPtr dsigCtx = NULL;
int res = -1;
assert(mngr);
assert(xml_file);
/* load file */
doc = xmlParseFile(xml_file);
if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
goto done;
}
/* find start node */
node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
if(node == NULL) {
fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file);
goto done;
}
/* create signature context */
dsigCtx = xmlSecDSigCtxCreate(mngr);
if(dsigCtx == NULL) {
fprintf(stderr,"Error: failed to create signature context\n");
goto done;
}
/* limit the Reference URI attributes to empty or NULL */
dsigCtx->enabledReferenceUris = xmlSecTransformUriTypeEmpty;
/* limit allowed transforms for signature and reference processing */
if((xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformInclC14NId) < 0) ||
(xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformExclC14NId) < 0) ||
(xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformSha1Id) < 0) ||
(xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformRsaSha1Id) < 0)) {
fprintf(stderr,"Error: failed to limit allowed signature transforms\n");
goto done;
}
if((xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformInclC14NId) < 0) ||
(xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformExclC14NId) < 0) ||
(xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformSha1Id) < 0) ||
(xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformEnvelopedId) < 0)) {
fprintf(stderr,"Error: failed to limit allowed reference transforms\n");
goto done;
}
/* in addition, limit possible key data to valid X509 certificates only */
if(xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecKeyDataX509Id) < 0) {
fprintf(stderr,"Error: failed to limit allowed key data\n");
goto done;
}
/* Verify signature */
if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
fprintf(stderr,"Error: signature verify\n");
goto done;
}
/* check that we have only one Reference */
if((dsigCtx->status == xmlSecDSigStatusSucceeded) &&
(xmlSecPtrListGetSize(&(dsigCtx->signedInfoReferences)) != 1)) {
fprintf(stderr,"Error: only one reference is allowed\n");
goto done;
}
/* print verification result to stdout */
if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
fprintf(stdout, "Signature is OK\n");
} else {
fprintf(stdout, "Signature is INVALID\n");
}
/* success */
res = 0;
done:
/* cleanup */
if(dsigCtx != NULL) {
xmlSecDSigCtxDestroy(dsigCtx);
}
if(doc != NULL) {
xmlFreeDoc(doc);
}
return(res);
}
/**
* sign_file:
* @tmpl_file: the signature template file name.
* @key_file: the PEM private key file name.
*
* Signs the #tmpl_file using private key from #key_file.
*
* Returns 0 on success or a negative value if an error occurs.
*/
int
sign_file(const char* tmpl_file, const char* key_file) {
xmlDocPtr doc = NULL;
xmlNodePtr node = NULL;
xmlSecDSigCtxPtr dsigCtx = NULL;
int res = -1;
assert(tmpl_file);
assert(key_file);
/* load template */
doc = xmlParseFile(tmpl_file);
if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
fprintf(stderr, "Error: unable to parse file \"%s\"\n", tmpl_file);
goto done;
}
/* find start node */
node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
if(node == NULL) {
fprintf(stderr, "Error: start node not found in \"%s\"\n", tmpl_file);
goto done;
}
/* create signature context, we don't need keys manager in this example */
dsigCtx = xmlSecDSigCtxCreate(NULL);
if(dsigCtx == NULL) {
fprintf(stderr,"Error: failed to create signature context\n");
goto done;
}
/* load private key, assuming that there is not password */
dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
if(dsigCtx->signKey == NULL) {
fprintf(stderr,"Error: failed to load private pem key from \"%s\"\n", key_file);
goto done;
}
/* set key name to the file name, this is just an example! */
if(xmlSecKeySetName(dsigCtx->signKey, key_file) < 0) {
fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
goto done;
}
/* sign the template */
if(xmlSecDSigCtxSign(dsigCtx, node) < 0) {
fprintf(stderr,"Error: signature failed\n");
goto done;
}
/* print signed document to stdout */
xmlDocDump(stdout, doc);
/* success */
res = 0;
done:
/* cleanup */
if(dsigCtx != NULL) {
xmlSecDSigCtxDestroy(dsigCtx);
}
if(doc != NULL) {
xmlFreeDoc(doc);
}
return(res);
}
VALUE xmlsec_is_valid_by_x509_file(VALUE self, xmlDocPtr doc, VALUE x509_file ) {
xmlSecKeysMngrPtr mngr;
VALUE v;
xmlNodePtr node = NULL;
xmlSecDSigCtxPtr dsigCtx = NULL;
long i;
mngr = xmlSecKeysMngrCreate();
if(mngr == NULL) {
if(doc != NULL) xmlFreeDoc(doc);
rb_raise(rb_eRuntimeError, "Error: failed to create keys manager.\n");
return Qnil;
}
if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
if(doc != NULL) xmlFreeDoc(doc);
if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
rb_raise(rb_eRuntimeError, "Error: failed to initialize keys manager.\n");
return Qnil;
}
if (TYPE(x509_file) == T_STRING){
/* load trusted cert */
if(xmlSecCryptoAppKeysMngrCertLoad(mngr, StringValuePtr(x509_file), xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
if(doc != NULL) xmlFreeDoc(doc);
if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
rb_raise(rb_eRuntimeError, "Error: failed to load pem certificate from \"%s\"\n", StringValuePtr(x509_file));
return Qnil;
}
}
if (TYPE(x509_file) == T_ARRAY) {
for (i =0; i < RARRAY_LEN(x509_file); i++) {
v = rb_ary_entry(x509_file, i);
StringValue(v);
if(xmlSecCryptoAppKeysMngrCertLoad(mngr, RSTRING_PTR(v), xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
if(doc != NULL) xmlFreeDoc(doc);
if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
rb_raise(rb_eRuntimeError, "Error: failed to load pem certificate from \"%s\"\n", RSTRING_PTR(v));
return Qnil;
}
}
//rb_ary_entry
}
/* find start node */
node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
if(node == NULL) {
if(doc != NULL) xmlFreeDoc(doc);
rb_raise(rb_eRuntimeError, "Error: start node not found\n");
return Qnil;
}
/* create signature context*/
dsigCtx = xmlSecDSigCtxCreate(mngr);
if(dsigCtx == NULL) {
if(doc != NULL) xmlFreeDoc(doc);
if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
rb_raise(rb_eRuntimeError, "Error: failed to create signature context\n");
return Qnil;
}
/* limit the Reference URI attributes to empty or NULL */
dsigCtx->enabledReferenceUris = xmlSecTransformUriTypeEmpty;
/* Verify signature */
if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
if(doc != NULL) xmlFreeDoc(doc);
if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
rb_raise(rb_eRuntimeError, "Error: signature verify \"%s\"\n");
return Qnil;
}
/* verification result*/
if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
if(doc != NULL) xmlFreeDoc(doc);
if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
return Qtrue;
} else {
if(dsigCtx != NULL) xmlSecDSigCtxDestroy(dsigCtx);
if(doc != NULL) xmlFreeDoc(doc);
if(mngr != NULL) xmlSecKeysMngrDestroy(mngr);
return Qfalse;
}
}
