subject:"\[xmlsec\] Finding Keys"

Re: [xmlsec] Finding Keys

2005-10-30 Thread Aleksey Sanin


Great news! Thanks for posting a solution!

Aleksey

Edward Shallow wrote:

Eureka !!!,

 Got it working. That is, Python ctypes against xmlsec on Windows. This
allows Python to call xmslec directly on Windows without the need to compile
a Python "C" extension module. Thus Python Windows users can call Igor's
binaries directly with only Python code.

___
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec

RE: [xmlsec] Finding Keys

2005-10-30 Thread Edward Shallow

Eureka !!!,

 Got it working. That is, Python ctypes against xmlsec on Windows. This
allows Python to call xmslec directly on Windows without the need to compile
a Python "C" extension module. Thus Python Windows users can call Igor's
binaries directly with only Python code.

 Here is what I had to do to get it going ...

- mapped xmlSecMSCryptoAppInit('MY') directly from libxmlsec-mscrypto.dll
instead of from libxmlsec
- mapped xmlSecMSCryptoKeysStoreGetKlass() directly from
libxmlsec-mscrypto.dll instead of from libxmlsec
- mapped xmlSecMSCryptoKeysStoreLoad(.) directly from
libxmlsec-mscrypto.dll instead of from libxmlsec
- removed xmlSecKeysMngrAdoptKeysStore(.) from call sequence

I discovered it by doing an xmlSecMSCryptoAppGetCertStoreName which should
have been returning a "MY" but wasn't. 

   This allows the rest of the generic xmlsec code to work fine.

   It might have something to do with defaulting constants I think, not
sure. Perhaps Wouter would know. Small price to pay.

As usual thanks for your help,
Ed

-Original Message-
From: Edward Shallow [mailto:[EMAIL PROTECTED] 
Sent: October 28, 2005 4:36 PM
To: 'Aleksey Sanin'
Subject: RE: [xmlsec] Finding Keys

Not sure on the "broken" possibility ...

As you can see keysMngr gets successfully passed in on AdoptKeysStore call
below which subsequently works OK when I KeysMngrFindKey, so I think basic
pointer passing from one call to the next is working. This is the same
convention I used in libxml2.

The one area I can't do is any macro work because Python ctypes requires no
compilation since it marshals calls dynamically to/from "C". Could this
absence cause problems ?

Ed 


parsedDoc =
libxml2.xmlParseFile('c:/xmlsec/tmpl/tmpl-EPM-sign-enveloped-friendly-rsa.xm
l')
rootNode = libxml2.xmlDocGetRootElement(parsedDoc)

sigNode = xmlsec.xmlSecFindNode(rootNode, 'Signature',
'http://www.w3.org/2000/09/xmldsig#')
print 'found signature node with name', sigNode.contents.name, 'and
type', sigNode.contents.type  

keysMngr = xmlsec.xmlSecKeysMngrCreate()
rc = xmlsec.xmlSecCryptoAppDefaultKeysMngrInit(keysMngr)
print 'CryptoAppDefaultKeysMngrInit returned with rc', rc

id = xmlsec.xmlSecSimpleKeysStoreGetKlass()
keyStore = xmlsec.xmlSecKeyStoreCreate(id)
rc = xmlsec.xmlSecSimpleKeysStoreLoad(keyStore,
'c:/xmlsec/keys/keys2.xml', keysMngr)
print 'SimpleKeysStoreLoad returned with rc', rc
rc = xmlsec.xmlSecKeysMngrAdoptKeysStore(keysMngr, keyStore)
print 'KeysMngrAdoptKeysStore returned with rc', rc

dsigCtx = xmlsec.xmlSecDSigCtxCreate()
rc = xmlsec.xmlSecDSigCtxInitialize(dsigCtx, keysMngr)
print 'DSigCtxInitialize returned with rc', rc

keyInfoCtx = xmlsec.xmlSecKeyInfoCtxCreate(keysMngr)
print 'keyInfoCtx.contents.keysMngr', keyInfoCtx.contents.keysMngr,
'keyInfoCtx.contents.mode', keyInfoCtx.contents.mode

key = xmlsec.xmlSecKeysMngrFindKey(keysMngr, 'test-rsa', keyInfoCtx)
print 'xmlSecKeysMngrFindKey returned with key', key.contents.name

key = xmlsec.xmlSecKeyStoreFindKey(keyStore, 'test-rsa', keyInfoCtx)
print 'xmlSecKeyStoreFindKey returned with key', key.contents.name

keyInfoNode = xmlsec.xmlSecFindNode(sigNode, 'KeyInfo',
'http://www.w3.org/2000/09/xmldsig#')
print 'found KeyInfo node with name and type',
keyInfoNode.contents.name, keyInfoNode.contents.type
print 'about to execute xmlSecKeysMngrGetKey'
key = xmlsec.xmlSecKeysMngrGetKey(keyInfoNode, keyInfoCtx)
print 'xmlSecKeysMngrGetKey returned with key', key.contents.name

#xmlsec.xmlSecKeyInfoCtxDebugDump(keyInfoCtx, stdout)
xmlsec.xmlSecDSigCtxDebugDump(dsigCtx, stdout) 
    rc = xmlsec.xmlSecDSigCtxSign(dsigCtx, sigNode)
print 'Signature creation complete with status code', rc 

-Original Message-
From: Aleksey Sanin [mailto:[EMAIL PROTECTED]
Sent: October 28, 2005 4:10 PM
To: [EMAIL PROTECTED]
Cc: xmlsec@aleksey.com
Subject: Re: [xmlsec] Finding Keys

> Do you see something obvious that I don't see ?
Stupid idea but ... would it be possible that Python wrapper does not pass
the key manager to dsig context correctly? E.g. the assignment operator for
keys manager is broken or it's just the Python syntax/semantic?

Aleksey


___
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec

Re: [xmlsec] Finding Keys

2005-10-28 Thread Aleksey Sanin


Well, it'll only tell you that there is a pointer to
keys manager :) It will not look inside. If you can
then to debug this problem it might be a good idea to
modify xmlsec source code and add keys manager dump to
the xmlSecDSigCtxDebugDump.

Aleksey

Edward Shallow wrote:
Would a xmlsec.xmlSecDSigCtxDebugDump(dsigCtx, stdout) tell you anything ? 


-Original Message-
From: Aleksey Sanin [mailto:[EMAIL PROTECTED] 
Sent: October 28, 2005 4:10 PM

To: [EMAIL PROTECTED]
Cc: xmlsec@aleksey.com
Subject: Re: [xmlsec] Finding Keys



Do you see something obvious that I don't see ?


Stupid idea but ... would it be possible that Python wrapper does not pass
the key manager to dsig context correctly? E.g. the assignment operator for
keys manager is broken or it's just the Python syntax/semantic?

Aleksey


___
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec

___
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec

RE: [xmlsec] Finding Keys

2005-10-28 Thread Edward Shallow

Would a xmlsec.xmlSecDSigCtxDebugDump(dsigCtx, stdout) tell you anything ? 

-Original Message-
From: Aleksey Sanin [mailto:[EMAIL PROTECTED] 
Sent: October 28, 2005 4:10 PM
To: [EMAIL PROTECTED]
Cc: xmlsec@aleksey.com
Subject: Re: [xmlsec] Finding Keys

> Do you see something obvious that I don't see ?
Stupid idea but ... would it be possible that Python wrapper does not pass
the key manager to dsig context correctly? E.g. the assignment operator for
keys manager is broken or it's just the Python syntax/semantic?

Aleksey


___
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec

Re: [xmlsec] Finding Keys

2005-10-28 Thread Aleksey Sanin


Do you see something obvious that I don't see ?

Stupid idea but ... would it be possible that Python
wrapper does not pass the key manager to dsig context
correctly? E.g. the assignment operator for keys manager
is broken or it's just the Python syntax/semantic?

Aleksey
___
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec

[xmlsec] Finding Keys

2005-10-28 Thread Edward Shallow

Hi Aleksey,

   Making progress, but still having problem getting at keys with Python and
ctypes module. I won't ask you any Python or ctype questions, I promise. But
I will ask you to comment on these observations from an xmlsec perspective
if you would be so kind. 

What I am able to do:
*

- using xmlsec command line utility, sign with keys specified by KeyName in
template sourced from Simple Keys Store in (i.e. keys.xml)
- using xmlsec command line utility, sign with keys specified by KeyName in
template sourced from mscrypto store in either short friendly name form or
long X.500 name form
- using Python and ctypes against libxml2, I can parse docs, walk trees,
access children, get and set node contents, pretty much anything the lib can
do
- using Python and ctypes against xmlsec I can run everything clean up to
the last 2 lines below where it fails

   That is, I can Find keys using either xmlSecKeysMngrFindKey or
xmlSecKeyStoreFindKey, and I can Get keys using xmlSecKeysMngrGetKey as long
as they are in the keys.xml Simple Keys Store. None of these 3 work when an
mscrypto store key is specified. Mscrypto support is advertised as being
able to first look in the SimpleKeysStore and if not found there to then
look in mscrypto store.

What I am NOT able to do:
*

I can't however go on to use the key to actually sign using the DSigCtx
(last 2 lines). This inability applies to both keys.xml and the mscrypto
store.

Do you see something obvious that I don't see ?

Thanks,
Ed


Simplified code snippet ...

libxml2.xmlParseFile()
rootNode = libxml2.xmlDocGetRootElement(parsedDoc)
sigNode = xmlsec.xmlSecFindNode(rootNode, 'Signature',
'http://www.w3.org/2000/09/xmldsig#')
keysMngr = xmlsec.xmlSecKeysMngrCreate()
rc = xmlsec.xmlSecCryptoAppDefaultKeysMngrInit(keysMngr)
id = xmlsec.xmlSecSimpleKeysStoreGetKlass()
keyStore = xmlsec.xmlSecKeyStoreCreate(id)
rc = xmlsec.xmlSecSimpleKeysStoreLoad(keyStore,
'c:/xmlsec/keys/keys2.xml', keysMngr)
rc = xmlsec.xmlSecKeysMngrAdoptKeysStore(keysMngr, keyStore)
dsigCtx = xmlsec.xmlSecDSigCtxCreate()
rc = xmlsec.xmlSecDSigCtxInitialize(dsigCtx, keysMngr)
keyInfoCtx = xmlsec.xmlSecKeyInfoCtxCreate(keysMngr)

# block below works for keys in Simple Key Store

key = xmlsec.xmlSecKeysMngrFindKey(keysMngr, 'test-rsa', keyInfoCtx)
key = xmlsec.xmlSecKeyStoreFindKey(keyStore, 'test-rsa', keyInfoCtx)
keyInfoNode = xmlsec.xmlSecFindNode(sigNode, 'KeyInfo',
'http://www.w3.org/2000/09/xmldsig#')
key = xmlsec.xmlSecKeysMngrGetKey(keyInfoNode, keyInfoCtx)

# can't get keys when signing though ???
rc = xmlsec.xmlSecDSigCtxSign(dsigCtx, sigNode)
print 'Signature creation complete with status code', rc





Output from above ...

Entering xmlsec ctypes wrap
Initializing libxml2 parser
Loading dynamic crypto support, return code  0
Loading mscrypto, return code  0
CryptoAppInit, return code  0
Initializing xmlsec, return code 0
CryptoInit, return code  0
stdin fileno = 0
stdout fileno = 1
stderr fileno = 2
found signature node with name Signature and type 1
CryptoAppDefaultKeysMngrInit returned with rc 0
SimpleKeysStoreLoad returned with rc 0
KeysMngrAdoptKeysStore returned with rc 0
DSigCtxInitialize allocated 
keyInfoCtx.contents.keysMngr 11586024 keyInfoCtx.contents.mode 0

xmlSecKeysMngrFindKey returned with key test-rsa
xmlSecKeyStoreFindKey returned with key test-rsa
found KeyInfo node with name KeyInfo and type 1
xmlSecKeysMngrGetKey returned with key test-rsa

func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=xmlS
ecKeysMngrFindKey:error=1:xmlsec library function failed: ;last
error=-2146885628 (0x80092004);last error msg=Cannot find object or
property.

func=xmlSecDSigCtxProcessKeyInfoNode:file=..\src\xmldsig.c:line=871:obj=unkn
own:subj=unknown:error=45:key is not found: ;last error=-2146885628
(0x80092004);last error msg=Cannot find object or property.

func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=565:obj=un
known:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function
failed: ;last error=-2146885628 (0x80092004);last error msg=Cannot find
object or property.

func=xmlSecDSigCtxSign:file=..\src\xmldsig.c:line=303:obj=unknown:subj=xmlSe
cDSigCtxSigantureProcessNode:error=1:xmlsec library function failed: ;last
error=-2146885628 (0x80092004);last error msg=Cannot find object or
property.

Signature creation complete with status code -1


___
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec

Re: [xmlsec] Finding Keys

RE: [xmlsec] Finding Keys

Re: [xmlsec] Finding Keys

RE: [xmlsec] Finding Keys

Re: [xmlsec] Finding Keys

[xmlsec] Finding Keys

6 matches

Site Navigation

Mail list logo

Footer information