XML signing is such a mess that the only way to support it fully, in my opinion, is to use the "definitive" canonical implementation from the non-go world: libxml and xmlsec.
i have had good success with https://github.com/treetopllc/xml I've only added one function to it that serves my purpose, called "VerifySignaturePubkey" which calls xmlsec's xmlVerifyPubkey. On Wed, Nov 9, 2016 at 1:39 AM, <qq5459...@gmail.com> wrote: > i know there is pem base64 x509 rsa in go library ,but how to use them to > verify a signed xml like this > > var xmlstr = Bytes("<?xml version=\"1.0\"?><Receipt Version=\"2.0\" > CertificateId=\"A656B9B1B3AA509EEA30222E6D5E7DBDA9822DCD\" > xmlns=\"http://schemas.microsoft.com/windows/2012/store/receipt\";><ProductReceipt > PurchasePrice=\"CNY6.0\" PurchaseDate=\"2016-11-08T03:39:04.876Z\" > Id=\"918cb98b-ed9e-4133-bef0-59992186d6b9\" > AppId=\"73fa393e-bfcc-4c66-8c19-dfeacf4477b8\" > ProductId=\"xxxxdiamond1_winstore\" ProductType=\"Consumable\" > PublisherUserId=\"/uuPdfertpI/uxVEn2adfdGQApbLcuUhTKujcAKOQ=\" > MicrosoftProductId=\"73fa39de-bfcc-4c66-8c19-98f9cf4477b8\" > MicrosoftAppId=\"73fa39de-bfcc-4c66-8c19-98f9cf4477b8\" > ExpirationDate=\"9999-12-31T23:59:59.999Z\" /><Signature > xmlns=\"http://www.w3.org/2000/09/xmldsig#\";><SignedInfo><CanonicalizationMethod > Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\"; > /><SignatureMethod > Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256\"; /><Reference > URI=\"\"><Transforms><Transform > Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"; > /></Transforms><DigestMethod > Algorithm=\"http://www.w3.org/2001/04/xmlenc#sha256\"; > /><DigestValue>odlAczuG7bdfeaDmm7LHgN6R4tq97l6OpbcSDfj/s=</DigestValue></Reference></SignedInfo><SignatureValue>Yz9GEAtSp0sg9MKMgp2SeujoQZf/UxPF9rNOB1vI40/PaLV2QTst/aq8nmH1WhMDt6ZM6EO8EWCcdiddpUD3yZe2zhvSygA6ra6AkdfeaemhqAS2OtHqGPXNvVWoShiP3Cl13R5HlYVuL/rtGVinhD13M3M0zDfcfPFbNI0K9rMv3sHpVepfSY5El8KguYvheSuksxsYtneeVWk/egRkTM9Y1HwMAwEgtJWVq6q/MnVMScKu3T9ZhzAmW3gxElHpWWAR3yObgiNcjDb2a/kh4SuNnK7Tqng9WNcZrghtwrlh6DZADmf+xdfdutm5K3b2wJLRYZgNuWxteuMoWEeNQ==</SignatureValue></Signature></Receipt>") > i already have a certificate > var cert Certificate > > -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-nuts+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
