Nevermind, I got it working this way (note that "node" is the
Signature node)
dsigCtx = xmlSecDSigCtxCreate(NULL);
if (dsigCtx == NULL) {
rb_raise(rb_eXMLError, "Failed to create Signature Context");
}
keyNode = xmlSecFindNode(node, xmlSecNodeKeyInfo, xmlSecDSigNs);
dsigCtx->signKey = xmlSecKeyCreate();
if ((xmlSecKeyInfoNodeRead(keyNode, dsigCtx->signKey, &dsigCtx-
>keyInfoReadCtx)) < 0) {
xmlSecKeyDestroy(dsigCtx->signKey);
xmlSecDSigCtxDestroy(dsigCtx);
rb_raise(rb_eXMLError, "Could not read KeyInfo");
}
if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
xmlSecKeyDestroy(dsigCtx->signKey);
xmlSecDSigCtxDestroy(dsigCtx);
rb_raise(rb_eXMLError, "Failed to verify signature");
}
It's working just fine now :-D
On May 8, 2008, at 1:57 PM, Rolando Abarca wrote:
I read the thread here:
http://www.mail-archive.com/xmlsec@aleksey.com/msg03219.html
but still can't verify my signature with the supplied KeyInfo. This
is what I've been doing so far:
dsigCtx = xmlSecDSigCtxCreate(NULL);
if (dsigCtx == NULL) {
rb_raise(rb_eXMLError, "Failed to create Signature Context");
}
if ((xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData),
(xmlSecPtr) xmlSecKeyDataX509Id) < 0) ||
(xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData),
(xmlSecPtr) xmlSecKeyDataRsaId) < 0)){
xmlSecDSigCtxDestroy(dsigCtx);
rb_raise(rb_eXMLError, "Failed to limit key info");
}
if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
xmlSecDSigCtxDestroy(dsigCtx);
rb_raise(rb_eXMLError, "Failed to verify signature");
}
but I still can't make it verify with the supplied key:
func
=
xmlSecDSigCtxProcessKeyInfoNode:file
=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key is not
found:
func
=
xmlSecDSigCtxProcessSignatureNode:file
=
xmldsig
.c:line
=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
library function failed:
func
=
xmlSecDSigCtxVerify:file
=
xmldsig
.c:line
=
366
:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
library function failed:
can you please tell me what do I need to do in order to verify a xml
file with the RSA pub key inside the xml? like this:
<foo>
<data>...</data>
<Signature>
...
<KeyInfo>
<KeyValue>
...
</KeyValue>
<X509Data>
...
</X509Data>
</KeyInfo>
</Signature>
</foo>
the xml was built with libxml and signed with xmlsec (using a
dinamically created template).
--
Rolando Abarca M.
_______________________________________________
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec