[xml] Signing XML PLEASE HELP
- From: AndrewHartley <andrew hartley bcs org uk>
- To: xml gnome org
- Subject: [xml] Signing XML PLEASE HELP
- Date: Wed, 9 Jul 2008 03:30:06 -0700 (PDT)
I am have wriiten code using xmlLib2 to:
1) Calculate the DigestValue for 2 Reference nodes, and write the Digest's
calculated to the node content of each DigestValue child node.
2) Code to calculate the SignatureValue over the nodeset for
<ds:SignedInfo>.
It is this calculating the signature value that I think I have not got
right. As such I thought that I would use the xmlSec library to do this
part. As I have already parsed the PKCS12 file and extracted the X509*
certificate and EVP_PKEY* privateKey, I would VERY MUCH appreciate if
someone could guide me as to how to successfully sign the XML.
Here is an extract of my code:
[code]
// We are now ready to get the SignedInfo to sign:
expr = (xmlChar*)"(//. | //@* |
//namespace::*)[ancestor-or-self::ds:SignedInfo]";
pXPathObj = xmlXPathEvalExpression( expr, m_pXPathCtx );
if ( pXPathObj == NULL )
{
CString sMsg( "Error: unable to evaluate SignedInfo XPath expression" );
throw sMsg;
}
// Do the Exclusive Canonicalisation:
result = NULL;
ret = xmlC14NDocDumpMemory( m_pXmlDoc,
pXPathObj->nodesetval,
1,
NULL,
0,
&result );
xmlXPathFreeObject( pXPathObj );
if ( ret >= 0 )
{
// and calculate the digital signature:
CString sDSig = ComputeSignature( result );
// Write the DSig into the Xml doc:
expr = (xmlChar*)"//ds:SignatureValue";
if ( !WriteNodeContent( expr, (const xmlChar*)(LPCTSTR)sDSig ) )
{
CString sMsg( "Error: unable to evaluate SignatureValue XPath
expression" );
throw sMsg;
}
xmlFree( result );
// Save xml:
xmlSaveCtxtPtr pSaveCtx = xmlSaveToFilename( m_rGWDoc.GetXmlFileName(),
NULL, 0 );
long r = xmlSaveDoc( pSaveCtx, m_pXmlDoc );
ret = xmlSaveClose( pSaveCtx );
[/code]
and my ComputeSignature function:
[code]
CString CDigitalCerts::ComputeSignature( const xmlChar* input )
{
CString sSig( "" );
if ( !m_pKey )
{
ReadPKCS12();
}
if ( m_pKey )
{
unsigned int nLen = 0;
int nSigSize = EVP_PKEY_size( m_pKey );
unsigned char* pszSig = new unsigned char[nSigSize*2];
EVP_MD_CTX ctx;
EVP_MD_CTX_init( &ctx );
int res = EVP_SignInit_ex( &ctx, EVP_sha1(), NULL );
res = EVP_SignUpdate( &ctx, (const char*)input, strlen( (const char*)input
) );
// Compute signature:
res = EVP_SignFinal( &ctx, pszSig, &nLen, m_pKey );
if ( res != 0 )
{
// Base64 the resultant signature:
sSig = Base64( pszSig, nLen );
}
delete[] pszSig;
}
return sSig;
}
[/code]
and my WriteNodeContent function:
[code]
bool CDigitalCerts::WriteNodeContent( const xmlChar* expr, const xmlChar*
value )
{
xmlXPathObjectPtr pXPathObj = xmlXPathEvalExpression( expr, m_pXPathCtx );
if ( pXPathObj == NULL )
return false;
xmlNodeSetPtr pNodeSet = pXPathObj->nodesetval;
if ( pNodeSet == NULL || pNodeSet->nodeNr == 0 )
return false;
xmlNodeSetContent( pNodeSet->nodeTab[0], value );
return true;
}
[/code]
Alternatively, could someone advise how to successfully sign the XML file
below with my password protected PKCS12 file.
XML:
[code]
<?xml version="1.0" ?>
- <soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";>
- <soapenv:Header>
<ns1:Operation xmlns:ns1="http://www.ros.ie/schemas/service/";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
soapenv:mustUnderstand="0" xsi:type="xsd:string"
Id="MsgOperation">CT1/File</ns1:Operation>
- <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext";>
<wsse:BinarySecurityToken ValueType="wsse:X509v3"
EncodingType="wsse:Base64Binary"
Id="X509Token">MIIEETCCAvmgAwIBAgIQG3tCyCCfRVdMcF685SAEYDANBgkqhkiG9w0BAQUFADBo
MQswCQYDVQQGEwJJRTEeMBwGA1UEChMVUmV2ZW51ZSBDb21taXNzaW9uZXJzMSAw
HgYDVQQLExdSZXZlbnVlIE9uLUxpbmUgU2VydmljZTEXMBUGA1UEAxMOUk9TIFRl
c3QgU3ViQ0EwHhcNMDcwNDE1MTQ1NTA4WhcNMDkwNDE0MTQ1NTA4WjBKMQ8wDQYD
VQQDEwY1NTIwNUQxEzARBgNVBAsTCjExMTcwODA4MDUxFTATBgNVBAoTDFBJVFRl
c3RBZ2VudDELMAkGA1UEBhMCSUUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
AKIhEA3s8SuF9JkJXkJ0x8SHK2LszzNtxnoS8DjdAVeMTeGgWzyG1qoJ7ZDfGWF9
ZrHBrw+VzqsOhq01V3rv6TRbsf7s13rQ4kLbts+OT2J8P0xUzokW6Pjt7ESqLVDq
ImuYdRq9tvRZSFzcMaWMmxanoj2qB68GZCVYamy3QgyTAgMBAAGjggFXMIIBUzAf
BgNVHSMEGDAWgBR+mBL7lCDBGWGvXOU+g+5GKQuVOzCCAQ8GA1UdIASCAQYwggEC
MIH/BgsqgnS76CMBAQEBATCB7zAaBggrBgEFBQcCARYOd3d3LnJldmVudWUuaWUw
gdAGCCsGAQUFBwICMIHDGoHAQ2VydGlmaWNhdGVzIGlzc3VlZCB1bmRlciB0aGlz
IENQIGFyZSBxdWFsaWZpZWQgY2VydGlmaWNhdGVzIHVuZGVyIHRoZSBFbGVjdHJv
bmljIENvbW1lcmNlIEFjdCAyMDAwIGZvciB1c2UgYnkgQXBwcm92ZWQgb3IgQXV0
aG9yaXNlZCBwZXJzb25zIG9ubHkgdG8gY29tbXVuaWNhdGUgd2l0aCB0aGUgUmV2
ZW51ZSBDb21taXNzaW9uZXJzMB0GA1UdDgQWBBSJOACcDz0hTl729ATi1Xq5Rawp
8jANBgkqhkiG9w0BAQUFAAOCAQEADUWZ8e6kN14QGxEZWRlhaoSiwG0QK4bxs6AY
48N4ldPODIn33gygOFJ4jyaHBNVsV2gJM9J9UFXMl7wj+MN0dPNoVkCTPF6gqRxH
2C3lrWE3jn29/251cWp9viDQzOqDuhTZU/gJhKgVjiG0s+iFZwnpncnUJNOa+jVA
qwYvAowpoyzUrO9WG49/56c+e4v39bzBQ2Rmn8A1as7h3ljsAhzbVjVhExUZr2jB
m9FiIWXujNDYHisl+mPni5uQ1WIEMR2HxsfSxkxlRnYfbLt1OvujnDPMtjIhwR9G
QY0fKiinhJIX2IA5PMd3dNPHSMNQCHuECQ+GhvVmeQBTa5ie2w==</wsse:BinarySecurityToken>
- <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
- <ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-enc-c14n#"; />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";
/>
- <ds:Reference URI="#MsgOperation">
- <ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
<ds:DigestValue />
</ds:Reference>
- <ds:Reference URI="#MsgBody">
- <ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
<ds:DigestValue />
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue />
- <ds:KeyInfo>
- <wsse:SecurityTokenReference>
<wsse:Reference URI="#X509Token" />
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
- <soapenv:Body Id="MsgBody">
- <Ct1 xmlns="http://www.ros.ie/schemas/ct1/v7/";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; currency="E"
formversion="7" language="E" product="91"
xsi:schemaLocation="http://www.ros.ie/schemas/ct1/v7 schema.xsd">
- <Company>
<CompanyDetails referencenumber="6564826E" companyname="IrishTest"
OA1="01/01/2008" OA2="31/12/2008" />
<Indicate companychanges="false" periodchanged="false"
closecompany="false" groupmember="false" branch="false"
companyassociates="false" repairpriorloan="false" />
<ForeignSubsidiaries />
<ExpressionOfDoubt expofdoubt="false" />
<AdditionalNotes addnotes="false" />
</Company>
- <TradeIncome>
<ManufacturingTradingResults OM1="0" OM2="0" />
<ManufacturingCapitalAllowances manufacturingpropertyincentive="false" />
<ManufacturingTradingLosses ManUITFChanges="false" />
<TradingResults OD1="0" OB1="0" />
<NonManufacturingCapitalAllowances
nonmanufacturingpropertyincentive="false" />
<TradingLosses NonManUITFChanges="false" />
<ExceptedTrade OD2="0" ExcepTradUITFChanges="false" />
<ShippingIncome OD7="0" OBO="0" />
<ShipTradingLosses UnallowedExpenditure="false"
ShipIncomeUITFChanges="false" />
<TonnageTax tonnagetaxelected="false" chartered75intonnage="false"
tonnagetaxgroupelect="false" />
<ShortLeaseAssets taxationshortleaseassets="false" />
</TradeIncome>
- <RentalIncome>
<LandAndProperty rentedresidentialpremises="false" OD5="0" OB2="0" />
<CapitalAllowances capallowpropertyincentive="false"
offsetexcesscapallow="false" />
</RentalIncome>
- <InvestmentIncome>
<InterestInState OD3="0" OD6="0" />
<OtherIncome OD8="0" OD4="0" />
<Foreign OF5="0" />
<ForeignLifeOffshore foreignlife="false" offshore="false"
offshoreproducts="false" />
<OffShoreFundDetails />
<ForeignDeposits foreignbankdeposits="false" />
<DividendWithholdingTax divwithtax="false" />
<DistributionsReceived />
<StapledStockDetails />
</InvestmentIncome>
- <CapitalGains>
<AssetsDisposed agrilanddispconn="false" sharesquoteddispconn="false"
sharesunquoteddispconn="false" commpremisesdispconn="false"
respremisesdispconn="false" otherassetsdispconn="false" />
<Acquisitions armslength="false" chargeableatlower="0" />
<ChargeableAssetsAcquired assetsacquired="false" />
</CapitalGains>
- <PropertyIncentives>
<Industrial />
</PropertyIncentives>
- <LtdCpyLess250>
<Income accperiodfrom="01/01/2008" accperiodto="31/12/2008"
salesandrecip="0" govrecips="0" otherinc="0" />
<tradaccitemless250 grosstp="0" />
<expdeductless250 swscosts="0" cntrctrs="0" />
<balcapless250 blocredit="0" sharefunds="0" />
</LtdCpyLess250>
- <AccountNotes>
<AuditRepOpinion adverseop="false" disclaimop="false" empofmatter="false"
qualifiedop="false" />
<Change ntsdeprec="false" ntsstocks="false" prpdevelop="false"
chngother="false" />
<PriorYear pradjust="false" />
<ChangeAct activities="false" />
<Exceptional excepitem="false" />
<ExtraNotes notesbox="" />
</AccountNotes>
</Ct1>
</soapenv:Body>
</soapenv:Envelope>
[/code]
--
View this message in context: http://www.nabble.com/Signing-XML-PLEASE-HELP-tp18358565p18358565.html
Sent from the Gnome - Lib - Xml - General mailing list archive at Nabble.com.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
