date:20051013

Re: [xmlsec] Can't find key using mscrpto

2005-10-13 Thread Aleksey Sanin


I have successfully wrapped most of libxml2 using Python and ctypes and was
then moving onto xmlsec. Got stalled at the GetKey.

Sorry, can't help you with Python :( May be you should ask on python
xmlsec mailing list?

Aleksey

___
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec

[xmlsec] Can't find key using mscrpto

2005-10-13 Thread Edward Shallow

Hi Aleksey,

This sign over a template and subsequent verify works fine using
command-line utility:

xmlsec sign --crypto mscrypto --output inout/edsigned-enveloped.xml
tmpl/tmpl-EPM-sign-enveloped.xml

xmlsec verify --store-references --crypto mscrypto
inout/edsigned-enveloped.xml

The KeyInfo from simple enveloped signature template looks like this:


[EMAIL PROTECTED],CN=Test User 1,OU=Electronic Post
Mark,O=For Test Use Only,O=Universal Postal
Union,L=Berne,ST=Berne,C=CH








I am trying to recreate this simple sign scenario from code using Python
with the ctypes module (which marshals Python calls to/from "C" dll's and
so's)

I have successfully wrapped most of libxml2 using Python and ctypes and was
then moving onto xmlsec. Got stalled at the GetKey.

Not sure my call sequence is good though.

This simplified code snippet produces the stdout below it:

###
# Initialization
###
print 'Entering xmlsec ctypes wrap'
print 'Loading libxml2 parser'
libxml2 = cdll.libxml2
xmlsec = cdll.libxmlsec
print 'Initializing xmlsec, return code', xmlsec.xmlSecInit()
print 'Loading dynamic crypto support, return code ',
xmlsec.xmlSecCryptoDLInit()
print 'Loading mscrypto, return code ',
xmlsec.xmlSecCryptoDLLoadLibrary('mscrypto')
print 'CryptoAppInit, return code ', xmlsec.xmlSecCryptoAppInit()
print 'CryptoInit, return code ', xmlsec.xmlSecCryptoInit()
###
# Let's sign a template
###
parsedDoc =
xmlsec.xmlSecParseFile('c:/xmlsec/tmpl-EPM-sign-enveloped-keyname.xml')
# uses xmlsec
rootNode = libxml2.xmlDocGetRootElement(parsedDoc)

sigNode = xmlsec.xmlSecFindNode(rootNode, 'Signature',
'http://www.w3.org/2000/09/xmldsig#')
print 'found signature node', sigNode.contents.name
keysMngr = xmlsec.xmlSecKeysMngrCreate()
rc = xmlsec.xmlSecCryptoAppDefaultKeysMngrInit(keysMngr)
print 'CryptoAppDefaultKeysMngrInit returned with rc', rc
dsigCtx = xmlsec.xmlSecDSigCtxCreate(keysMngr)
keyInfoCtx = xmlsec.xmlSecKeyInfoCtxCreate(keysMngr)
print 'keyInfoCtx.contents.keysMngr', keyInfoCtx.contents.keysMngr,
'keyInfoCtx.contents.mode', keyInfoCtx.contents.mode
#keyNode = xmlsec.xmlSecFindNode(rootNode, 'KeyInfo',
'http://www.w3.org/2000/09/xmldsig#')
#print 'found KeyInfo node', keyNode.contents.name
xmlsec.xmlSecKeyInfoCtxDebugDump(keyInfoCtx, stdout)
#key = xmlsec.xmlSecKeysMngrGetKey(keyNode, keyInfoCtx)
#print 'found key', key.contents.name
#xmlsec.xmlSecDSigCtxDebugDump(dsigCtx, stdout) 
rc = xmlsec.xmlSecDSigCtxSign(dsigCtx, sigNode)
print 'Signature creation complete with status code', rc


Output from above follows ... (doesn't find key when I do an explicit
KeysMngrGetKey either)Any ideas ?


C:\XMLSec>libxmlsec.py
Entering xmlsec ctypes wrap
Initializing libxml2 parser
Initializing xmlsec, return code 0
Loading dynamic crypto support, return code  0
Loading mscrypto, return code  0
CryptoAppInit, return code  0
CryptoInit, return code  0
stdin fileno = 0
stdout fileno = 1
stderr fileno = 2
found signature node Signature
CryptoAppDefaultKeysMngrInit returned with rc 0
keyInfoCtx.contents.keysMngr 12159304 keyInfoCtx.contents.mode 0
= KEY INFO READ CONTEXT
== flags: 0x
== flags2: 0x
== enabled key data: all
== RetrievalMethod level (cur/max): 0/1
== TRANSFORMS CTX (status=0)
== flags: 0x
== flags2: 0x
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
== EncryptedKey level (cur/max): 0/1
=== KeyReq:
 keyId: NULL
 keyType: 0x
 keyUsage: 0x
 keyBitsSize: 0
=== list size: 0
func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=xmlS
ecKeysMngrFindKey:error=1:xmlsec library function failed: ;last
error=-2146885628 (0x80092004);last error msg=Cannot find object or
property.

func=xmlSecDSigCtxProcessKeyInfoNode:file=..\src\xmldsig.c:line=871:obj=unkn
own:subj=unknown:error=45:key is not found: ;last error=-2146885628
(0x80092004);last error msg=Cannot find object or property.

func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=565:obj=un
known:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function
failed: ; last error=-2146885628 (0x80092004);last error msg=Cannot find
object or property.

func=xmlSecDSigCtxSign:file=..\src\xmldsig.c:line=303:obj=unknown:subj=xmlSe
cDSigCtxSigantureProcessNode:error=1:xmlsec library function failed: ;last
error=-2146885628 (0x80092004);last error msg=Cannot find object or
property.

Signature creation complete with status code -1













___
xmlsec mailing list
xmlsec@aleksey.com
http:

Re: [xmlsec] Empty KeyValue element after a call to xmlSecKeyInfoNodeWrite()

2005-10-13 Thread Aleksey Sanin


It sounds like lasso_provider_get_public_key() function is
not constructing the public key correctly. BTW, which crypto
library do you use? If it is not one of openssl/nss/mscrypto
then it is possible that writing key to XML was not implemented
by the authors of the xmlsec-crypto port.

Aleksey
___
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec

Re: [xmlsec] Empty KeyValue element after a call to xmlSecKeyInfoNodeWrite()

2005-10-13 Thread Nicolas Clapies


Here is a sample of my code :
xmlDoc *doc;
xmlNode *key_info_node;
xmlSecKey *public_key;
xmlSecKeyInfoCtx *ctx;

public_key = lasso_provider_get_public_key(lasso_provider);

doc = xmlSecCreateTree("KeyInfo", LASSO_DS_HREF);
key_info_node = xmlDocGetRootElement(doc);
xmlSecAddChild(key_info_node, "KeyValue", LASSO_DS_HREF);

ctx = xmlSecKeyInfoCtxCreate(NULL);
xmlSecKeyInfoCtxInitialize(ctx, NULL);
ctx->mode = xmlSecKeyInfoModeWrite;

xmlSecKeyDebugXmlDump(public_key, stdout);

xmlSecKeyInfoNodeWrite(key_info_node, public_key, ctx);

the dump of my template before the call of xmlSecKeyInfoNodeWrite() is :
http://www.w3.org/2000/09/xmldsig#";>



the dump of my template after the call of xmlSecKeyInfoNodeWrite() is :
http://www.w3.org/2000/09/xmldsig#";>





The dump from xmlSecKeyDebugXmlDump is :

RSAKeyValue
Public




Nicolas.

On Oct 12, 2005, at 6:30 PM, Aleksey Sanin wrote:


Make sure that you template look like this:

  http://www.w3.org/2000/09/xmldsig#";>


  

Aleksey



___
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec

Re: [xmlsec] Can't find key using mscrpto

[xmlsec] Can't find key using mscrpto

Re: [xmlsec] Empty KeyValue element after a call to xmlSecKeyInfoNodeWrite()

Re: [xmlsec] Empty KeyValue element after a call to xmlSecKeyInfoNodeWrite()

4 matches

Site Navigation

Mail list logo

Footer information