PyObject *xmlsec_DSigCtxDebugDump(PyObject *self, PyObject *args) { PyObject *dsigCtx_obj, *output_obj; FILE *output; xmlSecDSigCtxPtr dsigCtx; if (CheckArgs(args, "OF:dsigCtxDebugDump")) { if (!PyArg_ParseTuple(args, "OO:dsigCtxDebugDump", &dsigCtx_obj, &output_obj)) return NULL; } else return NULL; dsigCtx = xmlSecDSigCtxPtr_get(dsigCtx_obj); output = PythonFile_get(output_obj); xmlSecDSigCtxDebugDump(dsigCtx, output); Py_INCREF(Py_None); return (Py_None); }
/** * verify_request: * @mng: the keys manager * * Verifies XML signature in the request (stdin). * * Returns 0 on success or a negative value if an error occurs. */ int verify_request(xmlSecKeysMngrPtr mngr) { xmlBufferPtr buffer = NULL; char buf[256]; xmlDocPtr doc = NULL; xmlNodePtr node = NULL; xmlSecDSigCtxPtr dsigCtx = NULL; int ret; int res = -1; assert(mngr); /* load request in the buffer */ buffer = xmlBufferCreate(); if(buffer == NULL) { fprintf(stdout,"Error: failed to create buffer\n"); goto done; } while(!feof(stdin)) { ret = fread(buf, 1, sizeof(buf), stdin); if(ret < 0) { fprintf(stdout,"Error: read failed\n"); goto done; } xmlBufferAdd(buffer, buf, ret); } /* is the document subbmitted from the form? */ if(strncmp((char*)xmlBufferContent(buffer), "_xmldoc=", 8) == 0) { xmlBufferShrink(buffer, 8); buffer->use = url_decode((char*)xmlBufferContent(buffer), xmlBufferLength(buffer)); } /** * Load doc */ doc = xmlReadMemory(xmlBufferContent(buffer), xmlBufferLength(buffer), NULL, NULL, XML_PARSE_NOENT | XML_PARSE_NOCDATA | XML_PARSE_PEDANTIC | XML_PARSE_NOCDATA); if (doc == NULL) { fprintf(stdout, "Error: unable to parse xml document (syntax error)\n"); goto done; } /* * Check the document is of the right kind */ if(xmlDocGetRootElement(doc) == NULL) { fprintf(stdout,"Error: empty document\n"); goto done; } /* find start node */ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs); if(node == NULL) { fprintf(stdout, "Error: start <dsig:Signature/> node not found\n"); goto done; } /* create signature context */ dsigCtx = xmlSecDSigCtxCreate(mngr); if(dsigCtx == NULL) { fprintf(stdout,"Error: failed to create signature context\n"); goto done; } /* we would like to store and print out everything */ /* actually we would not because it opens a security hole dsigCtx->flags = XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES | XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES | XMLSEC_DSIG_FLAGS_STORE_SIGNATURE; */ /* Verify signature */ if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) { fprintf(stdout,"Error: signature verification failed\n"); goto done; } /* print verification result to stdout */ if(dsigCtx->status == xmlSecDSigStatusSucceeded) { fprintf(stdout, "RESULT: Signature is OK\n"); } else { fprintf(stdout, "RESULT: Signature is INVALID\n"); } fprintf(stdout, "---------------------------------------------------\n"); xmlSecDSigCtxDebugDump(dsigCtx, stdout); /* success */ res = 0; done: /* cleanup */ if(dsigCtx != NULL) { xmlSecDSigCtxDestroy(dsigCtx); } if(doc != NULL) { xmlFreeDoc(doc); } if(buffer != NULL) { xmlBufferFree(buffer); } return(res); }