Re: [xmlsec] Finding Keys
Great news! Thanks for posting a solution! Aleksey Edward Shallow wrote: Eureka !!!, Got it working. That is, Python ctypes against xmlsec on Windows. This allows Python to call xmslec directly on Windows without the need to compile a Python "C" extension module. Thus Python Windows users can call Igor's binaries directly with only Python code. ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] Finding Keys
Eureka !!!, Got it working. That is, Python ctypes against xmlsec on Windows. This allows Python to call xmslec directly on Windows without the need to compile a Python "C" extension module. Thus Python Windows users can call Igor's binaries directly with only Python code. Here is what I had to do to get it going ... - mapped xmlSecMSCryptoAppInit('MY') directly from libxmlsec-mscrypto.dll instead of from libxmlsec - mapped xmlSecMSCryptoKeysStoreGetKlass() directly from libxmlsec-mscrypto.dll instead of from libxmlsec - mapped xmlSecMSCryptoKeysStoreLoad(.) directly from libxmlsec-mscrypto.dll instead of from libxmlsec - removed xmlSecKeysMngrAdoptKeysStore(.) from call sequence I discovered it by doing an xmlSecMSCryptoAppGetCertStoreName which should have been returning a "MY" but wasn't. This allows the rest of the generic xmlsec code to work fine. It might have something to do with defaulting constants I think, not sure. Perhaps Wouter would know. Small price to pay. As usual thanks for your help, Ed -Original Message- From: Edward Shallow [mailto:[EMAIL PROTECTED] Sent: October 28, 2005 4:36 PM To: 'Aleksey Sanin' Subject: RE: [xmlsec] Finding Keys Not sure on the "broken" possibility ... As you can see keysMngr gets successfully passed in on AdoptKeysStore call below which subsequently works OK when I KeysMngrFindKey, so I think basic pointer passing from one call to the next is working. This is the same convention I used in libxml2. The one area I can't do is any macro work because Python ctypes requires no compilation since it marshals calls dynamically to/from "C". Could this absence cause problems ? Ed parsedDoc = libxml2.xmlParseFile('c:/xmlsec/tmpl/tmpl-EPM-sign-enveloped-friendly-rsa.xm l') rootNode = libxml2.xmlDocGetRootElement(parsedDoc) sigNode = xmlsec.xmlSecFindNode(rootNode, 'Signature', 'http://www.w3.org/2000/09/xmldsig#') print 'found signature node with name', sigNode.contents.name, 'and type', sigNode.contents.type keysMngr = xmlsec.xmlSecKeysMngrCreate() rc = xmlsec.xmlSecCryptoAppDefaultKeysMngrInit(keysMngr) print 'CryptoAppDefaultKeysMngrInit returned with rc', rc id = xmlsec.xmlSecSimpleKeysStoreGetKlass() keyStore = xmlsec.xmlSecKeyStoreCreate(id) rc = xmlsec.xmlSecSimpleKeysStoreLoad(keyStore, 'c:/xmlsec/keys/keys2.xml', keysMngr) print 'SimpleKeysStoreLoad returned with rc', rc rc = xmlsec.xmlSecKeysMngrAdoptKeysStore(keysMngr, keyStore) print 'KeysMngrAdoptKeysStore returned with rc', rc dsigCtx = xmlsec.xmlSecDSigCtxCreate() rc = xmlsec.xmlSecDSigCtxInitialize(dsigCtx, keysMngr) print 'DSigCtxInitialize returned with rc', rc keyInfoCtx = xmlsec.xmlSecKeyInfoCtxCreate(keysMngr) print 'keyInfoCtx.contents.keysMngr', keyInfoCtx.contents.keysMngr, 'keyInfoCtx.contents.mode', keyInfoCtx.contents.mode key = xmlsec.xmlSecKeysMngrFindKey(keysMngr, 'test-rsa', keyInfoCtx) print 'xmlSecKeysMngrFindKey returned with key', key.contents.name key = xmlsec.xmlSecKeyStoreFindKey(keyStore, 'test-rsa', keyInfoCtx) print 'xmlSecKeyStoreFindKey returned with key', key.contents.name keyInfoNode = xmlsec.xmlSecFindNode(sigNode, 'KeyInfo', 'http://www.w3.org/2000/09/xmldsig#') print 'found KeyInfo node with name and type', keyInfoNode.contents.name, keyInfoNode.contents.type print 'about to execute xmlSecKeysMngrGetKey' key = xmlsec.xmlSecKeysMngrGetKey(keyInfoNode, keyInfoCtx) print 'xmlSecKeysMngrGetKey returned with key', key.contents.name #xmlsec.xmlSecKeyInfoCtxDebugDump(keyInfoCtx, stdout) xmlsec.xmlSecDSigCtxDebugDump(dsigCtx, stdout) rc = xmlsec.xmlSecDSigCtxSign(dsigCtx, sigNode) print 'Signature creation complete with status code', rc -Original Message- From: Aleksey Sanin [mailto:[EMAIL PROTECTED] Sent: October 28, 2005 4:10 PM To: [EMAIL PROTECTED] Cc: xmlsec@aleksey.com Subject: Re: [xmlsec] Finding Keys > Do you see something obvious that I don't see ? Stupid idea but ... would it be possible that Python wrapper does not pass the key manager to dsig context correctly? E.g. the assignment operator for keys manager is broken or it's just the Python syntax/semantic? Aleksey ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
Re: [xmlsec] Finding Keys
Well, it'll only tell you that there is a pointer to keys manager :) It will not look inside. If you can then to debug this problem it might be a good idea to modify xmlsec source code and add keys manager dump to the xmlSecDSigCtxDebugDump. Aleksey Edward Shallow wrote: Would a xmlsec.xmlSecDSigCtxDebugDump(dsigCtx, stdout) tell you anything ? -Original Message- From: Aleksey Sanin [mailto:[EMAIL PROTECTED] Sent: October 28, 2005 4:10 PM To: [EMAIL PROTECTED] Cc: xmlsec@aleksey.com Subject: Re: [xmlsec] Finding Keys Do you see something obvious that I don't see ? Stupid idea but ... would it be possible that Python wrapper does not pass the key manager to dsig context correctly? E.g. the assignment operator for keys manager is broken or it's just the Python syntax/semantic? Aleksey ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] Finding Keys
Would a xmlsec.xmlSecDSigCtxDebugDump(dsigCtx, stdout) tell you anything ? -Original Message- From: Aleksey Sanin [mailto:[EMAIL PROTECTED] Sent: October 28, 2005 4:10 PM To: [EMAIL PROTECTED] Cc: xmlsec@aleksey.com Subject: Re: [xmlsec] Finding Keys > Do you see something obvious that I don't see ? Stupid idea but ... would it be possible that Python wrapper does not pass the key manager to dsig context correctly? E.g. the assignment operator for keys manager is broken or it's just the Python syntax/semantic? Aleksey ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
Re: [xmlsec] Finding Keys
Do you see something obvious that I don't see ? Stupid idea but ... would it be possible that Python wrapper does not pass the key manager to dsig context correctly? E.g. the assignment operator for keys manager is broken or it's just the Python syntax/semantic? Aleksey ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec
[xmlsec] Finding Keys
Hi Aleksey, Making progress, but still having problem getting at keys with Python and ctypes module. I won't ask you any Python or ctype questions, I promise. But I will ask you to comment on these observations from an xmlsec perspective if you would be so kind. What I am able to do: * - using xmlsec command line utility, sign with keys specified by KeyName in template sourced from Simple Keys Store in (i.e. keys.xml) - using xmlsec command line utility, sign with keys specified by KeyName in template sourced from mscrypto store in either short friendly name form or long X.500 name form - using Python and ctypes against libxml2, I can parse docs, walk trees, access children, get and set node contents, pretty much anything the lib can do - using Python and ctypes against xmlsec I can run everything clean up to the last 2 lines below where it fails That is, I can Find keys using either xmlSecKeysMngrFindKey or xmlSecKeyStoreFindKey, and I can Get keys using xmlSecKeysMngrGetKey as long as they are in the keys.xml Simple Keys Store. None of these 3 work when an mscrypto store key is specified. Mscrypto support is advertised as being able to first look in the SimpleKeysStore and if not found there to then look in mscrypto store. What I am NOT able to do: * I can't however go on to use the key to actually sign using the DSigCtx (last 2 lines). This inability applies to both keys.xml and the mscrypto store. Do you see something obvious that I don't see ? Thanks, Ed Simplified code snippet ... libxml2.xmlParseFile() rootNode = libxml2.xmlDocGetRootElement(parsedDoc) sigNode = xmlsec.xmlSecFindNode(rootNode, 'Signature', 'http://www.w3.org/2000/09/xmldsig#') keysMngr = xmlsec.xmlSecKeysMngrCreate() rc = xmlsec.xmlSecCryptoAppDefaultKeysMngrInit(keysMngr) id = xmlsec.xmlSecSimpleKeysStoreGetKlass() keyStore = xmlsec.xmlSecKeyStoreCreate(id) rc = xmlsec.xmlSecSimpleKeysStoreLoad(keyStore, 'c:/xmlsec/keys/keys2.xml', keysMngr) rc = xmlsec.xmlSecKeysMngrAdoptKeysStore(keysMngr, keyStore) dsigCtx = xmlsec.xmlSecDSigCtxCreate() rc = xmlsec.xmlSecDSigCtxInitialize(dsigCtx, keysMngr) keyInfoCtx = xmlsec.xmlSecKeyInfoCtxCreate(keysMngr) # block below works for keys in Simple Key Store key = xmlsec.xmlSecKeysMngrFindKey(keysMngr, 'test-rsa', keyInfoCtx) key = xmlsec.xmlSecKeyStoreFindKey(keyStore, 'test-rsa', keyInfoCtx) keyInfoNode = xmlsec.xmlSecFindNode(sigNode, 'KeyInfo', 'http://www.w3.org/2000/09/xmldsig#') key = xmlsec.xmlSecKeysMngrGetKey(keyInfoNode, keyInfoCtx) # can't get keys when signing though ??? rc = xmlsec.xmlSecDSigCtxSign(dsigCtx, sigNode) print 'Signature creation complete with status code', rc Output from above ... Entering xmlsec ctypes wrap Initializing libxml2 parser Loading dynamic crypto support, return code 0 Loading mscrypto, return code 0 CryptoAppInit, return code 0 Initializing xmlsec, return code 0 CryptoInit, return code 0 stdin fileno = 0 stdout fileno = 1 stderr fileno = 2 found signature node with name Signature and type 1 CryptoAppDefaultKeysMngrInit returned with rc 0 SimpleKeysStoreLoad returned with rc 0 KeysMngrAdoptKeysStore returned with rc 0 DSigCtxInitialize allocated keyInfoCtx.contents.keysMngr 11586024 keyInfoCtx.contents.mode 0 xmlSecKeysMngrFindKey returned with key test-rsa xmlSecKeyStoreFindKey returned with key test-rsa found KeyInfo node with name KeyInfo and type 1 xmlSecKeysMngrGetKey returned with key test-rsa func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=xmlS ecKeysMngrFindKey:error=1:xmlsec library function failed: ;last error=-2146885628 (0x80092004);last error msg=Cannot find object or property. func=xmlSecDSigCtxProcessKeyInfoNode:file=..\src\xmldsig.c:line=871:obj=unkn own:subj=unknown:error=45:key is not found: ;last error=-2146885628 (0x80092004);last error msg=Cannot find object or property. func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=565:obj=un known:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed: ;last error=-2146885628 (0x80092004);last error msg=Cannot find object or property. func=xmlSecDSigCtxSign:file=..\src\xmldsig.c:line=303:obj=unknown:subj=xmlSe cDSigCtxSigantureProcessNode:error=1:xmlsec library function failed: ;last error=-2146885628 (0x80092004);last error msg=Cannot find object or property. Signature creation complete with status code -1 ___ xmlsec mailing list xmlsec@aleksey.com http://www.aleksey.com/mailman/listinfo/xmlsec