// ---------------------------------------------------------------------------
// Add <KeyName> element to <KeyInfo> node and set the value of it.
// ---------------------------------------------------------------------------
//
void XmlSecTemplate::SetKeyInfoL(RXmlEngDocument& aTemplate, const TDesC8& aKeyName)
{
if(!aKeyName.Compare(KNullDesC8))
{
User::Leave(KErrWrongParameter);
}
if(aTemplate.IsNull())
{
User::Leave(KErrTemplate);
}
xmlNodePtr keyInfo = NULL;
TXmlEngNode tmpNode = aTemplate.DocumentElement();
xmlNodePtr root = INTERNAL_NODEPTR(tmpNode);
keyInfo = xmlSecFindNode(root,xmlSecNodeKeyInfo, xmlSecDSigNs);
if(!keyInfo)
{
User::Leave(KErrTemplate);
}
TXmlEngElement(keyInfo).RemoveChildren();
char* name = XmlEngXmlCharFromDes8L(aKeyName);
root = xmlSecTmplKeyInfoAddKeyName(keyInfo,(unsigned char*)name);
delete name;
if(!root)
{
User::Leave(KErrNoMemory);
}
}
PyObject *xmlsec_TmplKeyInfoAddKeyName(PyObject *self, PyObject *args) {
PyObject *keyInfoNode_obj;
xmlNodePtr keyInfoNode;
const xmlChar *name;
xmlNodePtr keyName;
if (CheckArgs(args, "Os:tmplKeyInfoAddKeyName")) {
if (!PyArg_ParseTuple(args, "Oz:tmplKeyInfoAddKeyName",
&keyInfoNode_obj, &name))
return NULL;
}
else return NULL;
keyInfoNode = xmlNodePtr_get(keyInfoNode_obj);
keyName = xmlSecTmplKeyInfoAddKeyName(keyInfoNode, name);
return (wrap_xmlNodePtr(keyName));
}
/**
* sign_file:
* @xml_file: the XML file name.
* @key_file: the PEM private key file name.
*
* Signs the #xml_file using private key from #key_file and dynamicaly
* created enveloped signature template.
*
* Returns 0 on success or a negative value if an error occurs.
*/
int
sign_file(const char* xml_file, const char* key_file) {
xmlDocPtr doc = NULL;
xmlNodePtr signNode = NULL;
xmlNodePtr refNode = NULL;
xmlNodePtr keyInfoNode = NULL;
xmlSecDSigCtxPtr dsigCtx = NULL;
int res = -1;
assert(xml_file);
assert(key_file);
/* load doc file */
doc = xmlParseFile(xml_file);
if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
printf_a_ignorar3(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
goto done;
}
/* create signature template for RSA-SHA1 enveloped signature */
signNode = xmlSecTmplSignatureCreate(doc, xmlSecTransformExclC14NId,
xmlSecTransformRsaSha1Id, NULL);
if(signNode == NULL) {
printf_a_ignorar3(stderr, "Error: failed to create signature template\n");
goto done;
}
/* add <dsig:Signature/> node to the doc */
xmlAddChild(xmlDocGetRootElement(doc), signNode);
/* add reference */
refNode = xmlSecTmplSignatureAddReference(signNode, xmlSecTransformSha1Id,
NULL, NULL, NULL);
if(refNode == NULL) {
printf_a_ignorar3(stderr, "Error: failed to add reference to signature template\n");
goto done;
}
/* add enveloped transform */
if(xmlSecTmplReferenceAddTransform(refNode, xmlSecTransformEnvelopedId) == NULL) {
printf_a_ignorar3(stderr, "Error: failed to add enveloped transform to reference\n");
goto done;
}
/* add <dsig:KeyInfo/> and <dsig:KeyName/> nodes to put key name in the signed document */
keyInfoNode = xmlSecTmplSignatureEnsureKeyInfo(signNode, NULL);
if(keyInfoNode == NULL) {
printf_a_ignorar3(stderr, "Error: failed to add key info\n");
goto done;
}
if(xmlSecTmplKeyInfoAddKeyName(keyInfoNode, NULL) == NULL) {
printf_a_ignorar3(stderr, "Error: failed to add key name\n");
goto done;
}
/* create signature context, we don't need keys manager in this example */
dsigCtx = xmlSecDSigCtxCreate(NULL);
if(dsigCtx == NULL) {
printf_a_ignorar3(stderr,"Error: failed to create signature context\n");
goto done;
}
/* load private key, assuming that there is not password */
dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
if(dsigCtx->signKey == NULL) {
printf_a_ignorar3(stderr,"Error: failed to load private pem key from \"%s\"\n", key_file);
goto done;
}
/* set key name to the file name, this is just an example! */
if(xmlSecKeySetName(dsigCtx->signKey, key_file) < 0) {
printf_a_ignorar3(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
goto done;
}
/* sign the template */
if(xmlSecDSigCtxSign(dsigCtx, signNode) < 0) {
printf_a_ignorar3(stderr,"Error: signature failed\n");
goto done;
}
/* print signed document to stdout */
xmlDocDump(stdout, doc);
/* success */
res = 0;
done:
/* cleanup */
if(dsigCtx != NULL) {
xmlSecDSigCtxDestroy(dsigCtx);
}
if(doc != NULL) {
xmlFreeDoc(doc);
}
return(res);
}
/**
* encrypt_file:
* @xml_file: the encryption template file name.
* @key_file: the Triple DES key file.
*
* Encrypts #xml_file using a dynamicaly created template and DES key from
* #key_file.
*
* Returns 0 on success or a negative value if an error occurs.
*/
int
encrypt_file(const char* xml_file, const char* key_file) {
xmlDocPtr doc = NULL;
xmlNodePtr encDataNode = NULL;
xmlNodePtr keyInfoNode = NULL;
xmlSecEncCtxPtr encCtx = NULL;
int res = -1;
assert(xml_file);
assert(key_file);
/* load template */
doc = xmlParseFile(xml_file);
if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
goto done;
}
/* create encryption template to encrypt XML file and replace
* its content with encryption result */
encDataNode = xmlSecTmplEncDataCreate(doc, xmlSecTransformDes3CbcId,
NULL, xmlSecTypeEncElement, NULL, NULL);
if(encDataNode == NULL) {
fprintf(stderr, "Error: failed to create encryption template\n");
goto done;
}
/* we want to put encrypted data in the <enc:CipherValue/> node */
if(xmlSecTmplEncDataEnsureCipherValue(encDataNode) == NULL) {
fprintf(stderr, "Error: failed to add CipherValue node\n");
goto done;
}
/* add <dsig:KeyInfo/> and <dsig:KeyName/> nodes to put key name in the signed document */
keyInfoNode = xmlSecTmplEncDataEnsureKeyInfo(encDataNode, NULL);
if(keyInfoNode == NULL) {
fprintf(stderr, "Error: failed to add key info\n");
goto done;
}
if(xmlSecTmplKeyInfoAddKeyName(keyInfoNode, NULL) == NULL) {
fprintf(stderr, "Error: failed to add key name\n");
goto done;
}
/* create encryption context, we don't need keys manager in this example */
encCtx = xmlSecEncCtxCreate(NULL);
if(encCtx == NULL) {
fprintf(stderr,"Error: failed to create encryption context\n");
goto done;
}
/* load DES key, assuming that there is not password */
encCtx->encKey = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, key_file);
if(encCtx->encKey == NULL) {
fprintf(stderr,"Error: failed to load des key from binary file \"%s\"\n", key_file);
goto done;
}
/* set key name to the file name, this is just an example! */
if(xmlSecKeySetName(encCtx->encKey, key_file) < 0) {
fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
goto done;
}
/* encrypt the data */
if(xmlSecEncCtxXmlEncrypt(encCtx, encDataNode, xmlDocGetRootElement(doc)) < 0) {
fprintf(stderr,"Error: encryption failed\n");
goto done;
}
/* we template is inserted in the doc */
encDataNode = NULL;
/* print encrypted data with document to stdout */
xmlDocDump(stdout, doc);
/* success */
res = 0;
done:
/* cleanup */
if(encCtx != NULL) {
xmlSecEncCtxDestroy(encCtx);
}
if(encDataNode != NULL) {
xmlFreeNode(encDataNode);
}
if(doc != NULL) {
xmlFreeDoc(doc);
}
return(res);
}
