[xml] Signing XML PLEASE HELP




I am have wriiten code using xmlLib2 to:

1)  Calculate the DigestValue for 2 Reference nodes, and write the Digest's
calculated to the node content of each DigestValue child node.

2)  Code to calculate the SignatureValue over the nodeset for
<ds:SignedInfo>.

It is this calculating the signature value that I think I have not got
right.  As such I thought that I would use the xmlSec library to do this
part.  As I have already parsed the PKCS12 file and extracted the X509*
certificate and EVP_PKEY* privateKey, I would VERY MUCH appreciate if
someone could guide me as to how to successfully sign the XML.

Here is an extract of my code:

[code]
//      We are now ready to get the SignedInfo to sign:
                expr = (xmlChar*)"(//. | //@* |
//namespace::*)[ancestor-or-self::ds:SignedInfo]";
                pXPathObj = xmlXPathEvalExpression( expr, m_pXPathCtx );

                if ( pXPathObj == NULL )
                {
                        CString sMsg( "Error: unable to evaluate SignedInfo XPath expression" );
                        throw sMsg;
                }

                // Do the Exclusive Canonicalisation:
                result = NULL;
                ret = xmlC14NDocDumpMemory( m_pXmlDoc,
                                                                                        pXPathObj->nodesetval,
                                                                                        1,
                                                                                        NULL,
                                                                                        0,
                                                                                        &result );

                xmlXPathFreeObject( pXPathObj );

                if ( ret >= 0 )
                {
                        //      and calculate the digital signature:
                        CString sDSig = ComputeSignature( result );
                        
                        //      Write the DSig into the Xml doc:
                        expr = (xmlChar*)"//ds:SignatureValue";

                        if ( !WriteNodeContent( expr, (const xmlChar*)(LPCTSTR)sDSig ) )
                        {
                                CString sMsg( "Error: unable to evaluate SignatureValue XPath
expression" );
                                throw sMsg;
                        }
                        
                        xmlFree( result );

                        //      Save xml:
                        xmlSaveCtxtPtr pSaveCtx = xmlSaveToFilename( m_rGWDoc.GetXmlFileName(),
NULL, 0 );
                        long r = xmlSaveDoc( pSaveCtx, m_pXmlDoc );
                        ret = xmlSaveClose( pSaveCtx );
[/code]

and my ComputeSignature function:

[code]
CString CDigitalCerts::ComputeSignature( const xmlChar* input )
{
        CString sSig( "" );

        if ( !m_pKey )
        {
                ReadPKCS12();
        }
        
        if ( m_pKey )
        {
                unsigned int nLen                       = 0;
                int nSigSize                            = EVP_PKEY_size( m_pKey );
                unsigned char* pszSig   = new unsigned char[nSigSize*2];
                EVP_MD_CTX ctx;

                EVP_MD_CTX_init( &ctx );
                int res = EVP_SignInit_ex( &ctx, EVP_sha1(), NULL );
                res = EVP_SignUpdate( &ctx, (const char*)input, strlen( (const char*)input
) );
                //      Compute signature:
                res = EVP_SignFinal( &ctx, pszSig, &nLen, m_pKey );

                if ( res != 0 ) 
                {
                        //      Base64 the resultant signature:
                        sSig = Base64( pszSig, nLen );
                }

                delete[] pszSig;
        }

        return sSig;
}
[/code]

and my WriteNodeContent function:

[code]
bool CDigitalCerts::WriteNodeContent( const xmlChar* expr, const xmlChar*
value )
{
        xmlXPathObjectPtr pXPathObj = xmlXPathEvalExpression( expr, m_pXPathCtx );
                        
        if ( pXPathObj == NULL )
                return false;

        xmlNodeSetPtr pNodeSet = pXPathObj->nodesetval;

        if ( pNodeSet == NULL || pNodeSet->nodeNr == 0 )
                return false;

        xmlNodeSetContent( pNodeSet->nodeTab[0], value );

        return true;
}
[/code]

Alternatively, could someone advise how to successfully sign the XML file
below with my password protected PKCS12 file.

XML:

[code]
<?xml version="1.0" ?> 
- <soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";>
- <soapenv:Header>
  <ns1:Operation xmlns:ns1="http://www.ros.ie/schemas/service/";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
soapenv:mustUnderstand="0" xsi:type="xsd:string"
Id="MsgOperation">CT1/File</ns1:Operation> 
- <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext";>
  <wsse:BinarySecurityToken ValueType="wsse:X509v3"
EncodingType="wsse:Base64Binary"
Id="X509Token">MIIEETCCAvmgAwIBAgIQG3tCyCCfRVdMcF685SAEYDANBgkqhkiG9w0BAQUFADBo
MQswCQYDVQQGEwJJRTEeMBwGA1UEChMVUmV2ZW51ZSBDb21taXNzaW9uZXJzMSAw
HgYDVQQLExdSZXZlbnVlIE9uLUxpbmUgU2VydmljZTEXMBUGA1UEAxMOUk9TIFRl
c3QgU3ViQ0EwHhcNMDcwNDE1MTQ1NTA4WhcNMDkwNDE0MTQ1NTA4WjBKMQ8wDQYD
VQQDEwY1NTIwNUQxEzARBgNVBAsTCjExMTcwODA4MDUxFTATBgNVBAoTDFBJVFRl
c3RBZ2VudDELMAkGA1UEBhMCSUUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
AKIhEA3s8SuF9JkJXkJ0x8SHK2LszzNtxnoS8DjdAVeMTeGgWzyG1qoJ7ZDfGWF9
ZrHBrw+VzqsOhq01V3rv6TRbsf7s13rQ4kLbts+OT2J8P0xUzokW6Pjt7ESqLVDq
ImuYdRq9tvRZSFzcMaWMmxanoj2qB68GZCVYamy3QgyTAgMBAAGjggFXMIIBUzAf
BgNVHSMEGDAWgBR+mBL7lCDBGWGvXOU+g+5GKQuVOzCCAQ8GA1UdIASCAQYwggEC
MIH/BgsqgnS76CMBAQEBATCB7zAaBggrBgEFBQcCARYOd3d3LnJldmVudWUuaWUw
gdAGCCsGAQUFBwICMIHDGoHAQ2VydGlmaWNhdGVzIGlzc3VlZCB1bmRlciB0aGlz
IENQIGFyZSBxdWFsaWZpZWQgY2VydGlmaWNhdGVzIHVuZGVyIHRoZSBFbGVjdHJv
bmljIENvbW1lcmNlIEFjdCAyMDAwIGZvciB1c2UgYnkgQXBwcm92ZWQgb3IgQXV0
aG9yaXNlZCBwZXJzb25zIG9ubHkgdG8gY29tbXVuaWNhdGUgd2l0aCB0aGUgUmV2
ZW51ZSBDb21taXNzaW9uZXJzMB0GA1UdDgQWBBSJOACcDz0hTl729ATi1Xq5Rawp
8jANBgkqhkiG9w0BAQUFAAOCAQEADUWZ8e6kN14QGxEZWRlhaoSiwG0QK4bxs6AY
48N4ldPODIn33gygOFJ4jyaHBNVsV2gJM9J9UFXMl7wj+MN0dPNoVkCTPF6gqRxH
2C3lrWE3jn29/251cWp9viDQzOqDuhTZU/gJhKgVjiG0s+iFZwnpncnUJNOa+jVA
qwYvAowpoyzUrO9WG49/56c+e4v39bzBQ2Rmn8A1as7h3ljsAhzbVjVhExUZr2jB
m9FiIWXujNDYHisl+mPni5uQ1WIEMR2HxsfSxkxlRnYfbLt1OvujnDPMtjIhwR9G
QY0fKiinhJIX2IA5PMd3dNPHSMNQCHuECQ+GhvVmeQBTa5ie2w==</wsse:BinarySecurityToken> 
- <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
- <ds:SignedInfo>
  <ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-enc-c14n#"; /> 
  <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";
/> 
- <ds:Reference URI="#MsgOperation">
- <ds:Transforms>
  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> 
  </ds:Transforms>
  <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> 
  <ds:DigestValue /> 
  </ds:Reference>
- <ds:Reference URI="#MsgBody">
- <ds:Transforms>
  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> 
  </ds:Transforms>
  <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /> 
  <ds:DigestValue /> 
  </ds:Reference>
  </ds:SignedInfo>
  <ds:SignatureValue /> 
- <ds:KeyInfo>
- <wsse:SecurityTokenReference>
  <wsse:Reference URI="#X509Token" /> 
  </wsse:SecurityTokenReference>
  </ds:KeyInfo>
  </ds:Signature>
  </wsse:Security>
  </soapenv:Header>
- <soapenv:Body Id="MsgBody">
- <Ct1 xmlns="http://www.ros.ie/schemas/ct1/v7/";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; currency="E"
formversion="7" language="E" product="91"
xsi:schemaLocation="http://www.ros.ie/schemas/ct1/v7 schema.xsd">
- <Company>
  <CompanyDetails referencenumber="6564826E" companyname="IrishTest"
OA1="01/01/2008" OA2="31/12/2008" /> 
  <Indicate companychanges="false" periodchanged="false"
closecompany="false" groupmember="false" branch="false"
companyassociates="false" repairpriorloan="false" /> 
  <ForeignSubsidiaries /> 
  <ExpressionOfDoubt expofdoubt="false" /> 
  <AdditionalNotes addnotes="false" /> 
  </Company>
- <TradeIncome>
  <ManufacturingTradingResults OM1="0" OM2="0" /> 
  <ManufacturingCapitalAllowances manufacturingpropertyincentive="false" /> 
  <ManufacturingTradingLosses ManUITFChanges="false" /> 
  <TradingResults OD1="0" OB1="0" /> 
  <NonManufacturingCapitalAllowances
nonmanufacturingpropertyincentive="false" /> 
  <TradingLosses NonManUITFChanges="false" /> 
  <ExceptedTrade OD2="0" ExcepTradUITFChanges="false" /> 
  <ShippingIncome OD7="0" OBO="0" /> 
  <ShipTradingLosses UnallowedExpenditure="false"
ShipIncomeUITFChanges="false" /> 
  <TonnageTax tonnagetaxelected="false" chartered75intonnage="false"
tonnagetaxgroupelect="false" /> 
  <ShortLeaseAssets taxationshortleaseassets="false" /> 
  </TradeIncome>
- <RentalIncome>
  <LandAndProperty rentedresidentialpremises="false" OD5="0" OB2="0" /> 
  <CapitalAllowances capallowpropertyincentive="false"
offsetexcesscapallow="false" /> 
  </RentalIncome>
- <InvestmentIncome>
  <InterestInState OD3="0" OD6="0" /> 
  <OtherIncome OD8="0" OD4="0" /> 
  <Foreign OF5="0" /> 
  <ForeignLifeOffshore foreignlife="false" offshore="false"
offshoreproducts="false" /> 
  <OffShoreFundDetails /> 
  <ForeignDeposits foreignbankdeposits="false" /> 
  <DividendWithholdingTax divwithtax="false" /> 
  <DistributionsReceived /> 
  <StapledStockDetails /> 
  </InvestmentIncome>
- <CapitalGains>
  <AssetsDisposed agrilanddispconn="false" sharesquoteddispconn="false"
sharesunquoteddispconn="false" commpremisesdispconn="false"
respremisesdispconn="false" otherassetsdispconn="false" /> 
  <Acquisitions armslength="false" chargeableatlower="0" /> 
  <ChargeableAssetsAcquired assetsacquired="false" /> 
  </CapitalGains>
- <PropertyIncentives>
  <Industrial /> 
  </PropertyIncentives>
- <LtdCpyLess250>
  <Income accperiodfrom="01/01/2008" accperiodto="31/12/2008"
salesandrecip="0" govrecips="0" otherinc="0" /> 
  <tradaccitemless250 grosstp="0" /> 
  <expdeductless250 swscosts="0" cntrctrs="0" /> 
  <balcapless250 blocredit="0" sharefunds="0" /> 
  </LtdCpyLess250>
- <AccountNotes>
  <AuditRepOpinion adverseop="false" disclaimop="false" empofmatter="false"
qualifiedop="false" /> 
  <Change ntsdeprec="false" ntsstocks="false" prpdevelop="false"
chngother="false" /> 
  <PriorYear pradjust="false" /> 
  <ChangeAct activities="false" /> 
  <Exceptional excepitem="false" /> 
  <ExtraNotes notesbox="" /> 
  </AccountNotes>
  </Ct1>
  </soapenv:Body>
  </soapenv:Envelope>
[/code]
-- 
View this message in context: http://www.nabble.com/Signing-XML-PLEASE-HELP-tp18358565p18358565.html
Sent from the Gnome - Lib - Xml - General mailing list archive at Nabble.com.




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]