Hi
>> xmlAddID - look at LibXML2 documentation for the function, it's pretty
simple.
OK
>> Actually default trusted certs are loaded in the xmlsec-openssl init
function.
Then I don't need load certs in "xmlSecKeysMngrPtr"?
I am trying to use sample "Verifying a signature with X 509 certificates."
And I changed load_trusted_certs to accept a vector with keys file, like:
----------------------------------------------------------------------------
---------------------------------
std::vector<std::string> certs;
certs.push_back("/usr/lib/ssl/certs/Serasa_Certificadora_Digital_v2.pem");
certs.push_back("/usr/lib/ssl/certs/Serasa_Autoridade_Certificadora_Principa
l_v2.pem");
certs.push_back("/usr/lib/ssl/certs/Autoridade_Certificadora_Raiz_Brasileira
_v2.pem");
mngr = load_trusted_certs(certs);
----------------------------------------------------------------------------
---------------------------------
And for now, I using DTD on xml file:
----------------------------------------------------------------------------
---------------------------------
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE test [
<!ATTLIST infNFe Id ID #IMPLIED>
]>
----------------------------------------------------------------------------
---------------------------------
But always I received: "Signature is INVALID"!
If I use xmlsec1 command, its work in some file!
----------------------------------------------------------------------------
---------------------------------
afe/engine/libs/xmldsig/test$ xmlsec1 --verify mt-embedded-id-dtd-attr.xml
OK
SignedInfo References (ok/all): 1/1
Manifests References (ok/all): 0/0
----------------------------------------------------------------------------
---------------------------------
How I can print debug into to try see what's happening?
My current code, and file that I need check is attached!
Thanks again, and again, and again ...!
-----Mensagem original-----
De: Aleksey Sanin [mailto:[email protected]]
Enviada em: segunda-feira, 11 de junho de 2012 10:46
Para: Renato Tegon Forti
Cc: [email protected]
Assunto: Re: [xmlsec] how verify sig using xmlAddID and local certs!
1) xmlAddID - look at LibXML2 documentation for the function, it's pretty
simple.
2) Actually default trusted certs are loaded in the xmlsec-openssl init
function.
Aleksey
On 6/11/12 5:39 AM, Renato Tegon Forti wrote:
> Hi All,
>
>
>
> I'm trying to understand how the xmlsec tool interprets this command:
>
>
>
> xmlsec1 --verify --id-attr:Id infNFe file.xml
>
>
>
> which parts of code are activated! Need to reproduce this behavior in
> my code
>
>
>
> Can someone explain to me?
>
>
>
> In special how "xmlSecAppLoadKeys" load CA 's files of
> /usr/lib/ssl/certs/ : (for sample. openssl ssl files folder) !
>
>
>
> I need use "xmlAddID" to add "infNFe" like an id! Ok? How?
>
>
>
> Anything else!
>
>
>
> My test code:
>
>
>
> // Copyright 2011-2012 Renato Tegon Forti
>
>
>
> #define BOOST_ALL_DYN_LINK
>
> #define BOOST_THREAD_USE_DLL //thread header not compliant with
> 'BOOST_ALL_DYN_LINK'
>
> #define BOOST_LIB_DIAGNOSTIC
>
>
>
> #include <boost/test/minimal.hpp>
>
> #include <dsafe/xmlsig.hpp>
>
>
>
> #define XMLSEC_CRYPTO_OPENSSL
>
>
>
> #include <libxml/tree.h>
>
> #include <libxml/xmlmemory.h>
>
> #include <libxml/parser.h>
>
>
>
> #ifndef XMLSEC_NO_XSLT
>
> #include <libxslt/xslt.h>
>
> #endif /* XMLSEC_NO_XSLT */
>
>
>
> #include <xmlsec/xmlsec.h>
>
> #include <xmlsec/xmltree.h>
>
> #include <xmlsec/xmldsig.h>
>
> #include <xmlsec/xmlenc.h>
>
> #include <xmlsec/templates.h>
>
> #include <xmlsec/crypto.h>
>
>
>
>
>
> /**
>
> * verify_file:
>
> * @mngr: the pointer to keys manager.
>
> * @xml_file: the signed XML file name.
>
> *
>
> * Verifies XML signature in #xml_file.
>
> *
>
> * Returns 0 on success or a negative value if an error occurs.
>
> */
>
> int
>
> verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file)
>
> {
>
> xmlDocPtr doc = NULL;
>
> xmlNodePtr node = NULL;
>
> xmlSecDSigCtxPtr dsigCtx = NULL;
>
> int res = -1;
>
>
>
> assert(mngr);
>
> assert(xml_file);
>
>
>
> /* load file */
>
> doc = xmlParseFile(xml_file);
>
> if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
>
> fprintf(stderr, "Error: unable to parse file
> \"%s\"\n", xml_file);
>
> goto done;
>
> }
>
>
>
> /* find start node */
>
> node = xmlSecFindNode(xmlDocGetRootElement(doc),
> xmlSecNodeSignature, xmlSecDSigNs);
>
> if(node == NULL) {
>
> fprintf(stderr, "Error: start node not found in
> \"%s\"\n", xml_file);
>
> goto done;
>
> }
>
>
>
> /* create signature context */
>
> dsigCtx = xmlSecDSigCtxCreate(mngr);
>
> if(dsigCtx == NULL) {
>
> fprintf(stderr,"Error: failed to create signature context\n");
>
> goto done;
>
> }
>
>
>
>
>
>
>
>
>
> /* limit the Reference URI attributes to empty or NULL */
>
> dsigCtx->enabledReferenceUris = xmlSecTransformUriTypeEmpty;
>
>
>
> /* limit allowed transforms for siganture and reference processing
> */
>
> if((xmlSecDSigCtxEnableSignatureTransform(dsigCtx,
> xmlSecTransformInclC14NId) < 0) ||
>
> (xmlSecDSigCtxEnableSignatureTransform(dsigCtx,
> xmlSecTransformExclC14NId) < 0) ||
>
> (xmlSecDSigCtxEnableSignatureTransform(dsigCtx,
> xmlSecTransformSha1Id) < 0) ||
>
> (xmlSecDSigCtxEnableSignatureTransform(dsigCtx,
> xmlSecTransformRsaSha1Id) < 0)) {
>
>
>
> fprintf(stderr,"Error: failed to limit allowed siganture
> transforms\n");
>
> goto done;
>
> }
>
> if((xmlSecDSigCtxEnableReferenceTransform(dsigCtx,
> xmlSecTransformInclC14NId) < 0) ||
>
> (xmlSecDSigCtxEnableReferenceTransform(dsigCtx,
> xmlSecTransformExclC14NId) < 0) ||
>
> (xmlSecDSigCtxEnableReferenceTransform(dsigCtx,
> xmlSecTransformSha1Id) < 0) ||
>
> (xmlSecDSigCtxEnableReferenceTransform(dsigCtx,
> xmlSecTransformEnvelopedId) < 0)) {
>
>
>
> fprintf(stderr,"Error: failed to limit allowed reference
> transforms\n");
>
> goto done;
>
> }
>
>
>
> /* in addition, limit possible key data to valid X509 certificates
> only */
>
> if(xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData),
> BAD_CAST xmlSecKeyDataX509Id) < 0) {
>
> fprintf(stderr,"Error: failed to limit allowed key data\n");
>
> goto done;
>
> }
>
>
>
> /* Verify signature */
>
> if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
>
> fprintf(stderr,"Error: signature verify\n");
>
> goto done;
>
> }
>
>
>
> /* check that we have only one Reference */
>
> if((dsigCtx->status == xmlSecDSigStatusSucceeded) &&
>
> (xmlSecPtrListGetSize(&(dsigCtx->signedInfoReferences)) != 1))
> {
>
>
>
> fprintf(stderr,"Error: only one reference is allowed\n");
>
> goto done;
>
> }
>
>
>
> /* print verification result to stdout */
>
> if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
>
> fprintf(stdout, "Signature is OK\n");
>
> } else {
>
> fprintf(stdout, "Signature is INVALID\n");
>
> }
>
>
>
> /* success */
>
> res = 0;
>
>
>
> done:
>
> /* cleanup */
>
> if(dsigCtx != NULL) {
>
> xmlSecDSigCtxDestroy(dsigCtx);
>
> }
>
>
>
> if(doc != NULL) {
>
> xmlFreeDoc(doc);
>
> }
>
> return(res);
>
>
>
> }
>
>
>
> int
>
> init_allxml_lib()
>
> {
>
> // Init libxml and libxslt libraries
>
> xmlInitParser();
>
>
>
> LIBXML_TEST_VERSION
>
> xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
>
> xmlSubstituteEntitiesDefault(1);
>
> #ifndef XMLSEC_NO_XSLT
>
> xmlIndentTreeOutput = 1;
>
> #endif // XMLSEC_NO_XSLT
>
>
>
> // Init xmlsec library
>
> if(xmlSecInit() < 0) {
>
> fprintf(stderr, "Error: xmlsec initialization failed.\n");
>
> return(-1);
>
> }
>
>
>
> // Check loaded library version
>
> if(xmlSecCheckVersion() != 1) {
>
> fprintf(stderr, "Error: loaded xmlsec library version is not
> compatible.\n");
>
> return(-1);
>
> }
>
>
>
> // Load default crypto engine if we are supporting dynamic
>
> // loading for xmlsec-crypto libraries. Use the crypto library
>
> // name ("openssl", "nss", etc.) to load corresponding
>
> // xmlsec-crypto library.
>
>
>
> #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
>
> if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) {
>
> fprintf(stderr, "Error: unable to load default xmlsec-crypto library.
> Make sure\n"
>
> "that you have it
> installed and check shared libraries path\n"
>
> "(LD_LIBRARY_PATH)
> envornment variable.\n");
>
> return(-1);
>
> }
>
> #endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
>
>
>
> // Init crypto library
>
> if(xmlSecCryptoAppInit(NULL) < 0) {
>
> fprintf(stderr, "Error: crypto initialization failed.\n");
>
> return(-1);
>
> }
>
>
>
> // Init xmlsec-crypto library
>
> if(xmlSecCryptoInit() < 0) {
>
> fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
>
> return(-1);
>
> }
>
>
>
> return 0;
>
> }
>
>
>
> void
>
> fnit_allxml_lib()
>
> {
>
> // Shutdown xmlsec-crypto library
>
> xmlSecCryptoShutdown();
>
>
>
> //Shutdown crypto library
>
> xmlSecCryptoAppShutdown();
>
>
>
> //Shutdown xmlsec library
>
> xmlSecShutdown();
>
>
>
> // Shutdown libxslt/libxml
>
> #ifndef XMLSEC_NO_XSLT
>
> xsltCleanupGlobals();
>
> #endif //XMLSEC_NO_XSLT
>
>
>
> xmlCleanupParser();
>
> }
>
>
>
> const std::string XML_FILE =
>
"/Projects/project.dokfile.vses/hades/trunk/products/doksafe/engine/libs/xml
dsig/test/"
>
> "mt-embedded-id-dtd-attr.xml";
>
>
> // "mt.xml";
>
>
>
> // Unit Tests
>
>
>
> void do_0()
>
> {
>
> xmlSecKeysMngrPtr mngr = xmlSecKeysMngrCreate();
>
> if(mngr == NULL)
>
> {
>
> fprintf(stderr, "Error: failed to create keys manager.\n");
>
> }
>
>
>
> if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0)
>
> {
>
> fprintf(stderr, "Error: failed to initialize keys manager.\n");
>
> xmlSecKeysMngrDestroy(mngr);
>
> }
>
>
>
> BOOST_CHECK(init_allxml_lib() == 0);
>
> BOOST_CHECK(verify_file(mngr, XML_FILE.c_str()) == 0);
>
>
>
> fnit_allxml_lib();
>
> }
>
>
>
> // -
>
>
>
> int test_main(int, char*[])
>
> {
>
> do_0();
>
>
>
> return 0;
>
> }
>
>
>
>
>
>
>
>
>
> Thanks
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> xmlsec mailing list
> [email protected]
> http://www.aleksey.com/mailman/listinfo/xmlsec
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE test [
<!ATTLIST infNFe Id ID #IMPLIED>
]><nfeProc versao="2.00" xmlns="http://www.portalfiscal.inf.br/nfe";><NFe xmlns="http://www.portalfiscal.inf.br/nfe";><infNFe Id="NFe35120543270727000100550010000103231020313654" versao="2.00"><ide><cUF>35</cUF><cNF>02031365</cNF><natOp>VDA MERC SUJ REG SUBS TRIB</natOp><indPag>2</indPag><mod>55</mod><serie>1</serie><nNF>10323</nNF><dEmi>2012-05-25</dEmi><dSaiEnt>2012-05-25</dSaiEnt><tpNF>1</tpNF><cMunFG>3501608</cMunFG><tpImp>1</tpImp><tpEmis>1</tpEmis><cDV>4</cDV><tpAmb>1</tpAmb><finNFe>1</finNFe><procEmi>0</procEmi><verProc>SIM999V3.14.1U000</verProc></ide><emit><CNPJ>43270727000100</CNPJ><xNome>Meta Materiais Eletricos Ltda</xNome><enderEmit><xLgr>R DR CANDIDO CRUZ</xLgr><nro>182</nro><xBairro>CENTRO</xBairro><cMun>3501608</cMun><xMun>AMERICANA</xMun><UF>SP</UF><CEP>13465350</CEP><cPais>1058</cPais><xPais>Brasil</xPais><fone>1934710010</fone></enderEmit><IE>165079118111</IE><IM>63162</IM><CNAE>4742300</CNAE><CRT>3</CRT></emit><dest><CNPJ>11253910000100</CNPJ><xNome>AYSSO SYSTEMAS LTDA EPP</xNome><enderDest><xLgr>RUA DOZE DE NOVEMBRO</xLgr><nro>180</nro><xCpl>SA 73</xCpl><xBairro>CENTRO</xBairro><cMun>3501608</cMun><xMun>AMERICANA</xMun><UF>SP</UF><CEP>13465490</CEP><cPais>1058</cPais><xPais>BRASIL</xPais><fone>1936459991</fone></enderDest><IE>ISENTO</IE></dest><det nItem="1"><prod><cProd>103549</cProd><cEAN></cEAN><xProd>LAMP ELET MINI ESP 15Wx127V BR T2 SYLVANIA</xProd><NCM>85393100</NCM><CFOP>5405</CFOP><uCom>PC</uCom><qCom>2.0000</qCom><vUnCom>11.9900</vUnCom><vProd>23.98</vProd><cEANTrib></cEANTrib><uTrib>PC</uTrib><qTrib>2.0000</qTrib><vUnTrib>11.9900</vUnTrib><vDesc>0.72</vDesc><indTot>1</indTot></prod><imposto><ICMS><ICMS60><orig>0</orig><CST>60</CST><vBCSTRet>0.00</vBCSTRet><vICMSSTRet>0.00</vICMSSTRet></ICMS60></ICMS><IPI><qSelo>0</qSelo><cEnq>999</cEnq><IPINT><CST>52</CST></IPINT></IPI><II><vBC>0.00</vBC><vDespAdu>0.00</vDespAdu><vII>0.00</vII><vIOF>0.00</vIOF></II><PIS><PISAliq><CST>01</CST><vBC>23.26</vBC><pPIS>1.65</pPIS><vPIS>0.38</vPIS></PISAliq></PIS><COFINS><COFINSAliq><CST>01</CST><vBC>23.26</vBC><pCOFINS>7.60</pCOFINS><vCOFINS>1.77</vCOFINS></COFINSAliq></COFINS></imposto></det><total><ICMSTot><vBC>0.00</vBC><vICMS>0.00</vICMS><vBCST>0.00</vBCST><vST>0.00</vST><vProd>23.98</vProd><vFrete>0.00</vFrete><vSeg>0.00</vSeg><vDesc>0.72</vDesc><vII>0.00</vII><vIPI>0.00</vIPI><vPIS>0.38</vPIS><vCOFINS>1.77</vCOFINS><vOutro>0.00</vOutro><vNF>23.26</vNF></ICMSTot></total><transp><modFrete>0</modFrete></transp><infAdic><infCpl>Em caso de devolucao, XML para [email protected]&#13;CASO NAO RECEBA O XML, ENVIE-NOS SEU EMAIL PARA RECEBE-LO&#13;ICMS RECOLHIDO POR SUBSTITUICAO TRIBUTARIA, NOS&#13;TERMOS DO ART 313-S/313-Y DO RICMS/2000&#13;**REDESPACHO: 01 Endereco:**ENDERECO DE COBRANCA:RUA DOZE DE NOVEMBRO 180 - CENTRO - AMERICANA - SP - 13.465-490**Cod.Representante:040 - FABIO</infCpl></infAdic></infNFe><Signature xmlns="http://www.w3.org/2000/09/xmldsig#";><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI="#NFe35120543270727000100550010000103231020313654"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>vAstTaAGm+Flro+96rhJ+S4JxGA=</DigestValue></Reference></SignedInfo><SignatureValue> elzSWi9iKJ+6oZ7g3FfNXNXkLnzg3h7EaIZT3nxxzOCA0/xao0Mz3nWol4MHLt5e9Qjm3t5o SB6qGoB+pRG3ozrw0RrcOSD4gUAJ4h+Qkey/CD+VL2KDgVHXP4Sw/T8Fn9WQ3mtM1n0nfrLj 0qsXyMxrZvfD3Cp7TINVrj9hvm6ma0tg4VbKrZ47ChOo+QkXB3n0Uh1hkDaWHy3xOSW+SvS0 rOfUmkYJV1p6yzyyir/La2/UQcjkohRor1rrVJjC/bhLJA+76dhvKmwPWTbkt9T/cLBrIfav vwuJBYov2uOMjrQ5Pcgpn+1jRtMGCY1gDQW+ITi6PL4sl+u1hqse6w== </SignatureValue><KeyInfo><X509Data><X509Certificate> MIIHzjCCBbagAwIBAgIIJ/Z01hJtsY0wDQYJKoZIhvcNAQELBQAwTDELMAkGA1UEBhMCQlIx EzARBgNVBAoTCklDUC1CcmFzaWwxKDAmBgNVBAMTH1NFUkFTQSBDZXJ0aWZpY2Fkb3JhIERp Z2l0YWwgdjIwHhcNMTIwNDMwMTM1MjAwWhcNMTMwNDMwMTM1MjAwWjCB6DELMAkGA1UEBhMC QlIxEzARBgNVBAoTCklDUC1CcmFzaWwxFDASBgNVBAsTCyhFTSBCUkFOQ08pMRgwFgYDVQQL Ew8wMDAwMDEwMDMwOTU5MDkxFDASBgNVBAsTCyhFTSBCUkFOQ08pMRQwEgYDVQQLEwsoRU0g QlJBTkNPKTEUMBIGA1UECxMLKEVNIEJSQU5DTykxFDASBgNVBAsTCyhFTSBCUkFOQ08pMRQw EgYDVQQLEwsoRU0gQlJBTkNPKTEmMCQGA1UEAxMdTUVUQSBNQVRFUklBSVMgRUxFVFJJQ09T IExUREEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRw2mVpPi3M81gY1Gsv6sU 7vUl/TinzaqU02fOhtkh8LbyPxzfvcfC/HVNDWh+QsQ0GhNwRzXGQtdx76m3CnP3PcBpe7NK 7y8sgSKwrxtVe5AVEm/DMBDQCbCXRZwIs+6N8Ygg3qJXH7La1rNzheQGJPmH4ziUokrkxyxF mjyyz1R9h6jqBgihYeUuZvFF5TBgoviLLKdZOChl0rYZD03Tt1GOCfFMqWUpff6tN2hChH8I PWEf47qFIw6iTxVNaytjSwcUbPqCdeuRXqfSavbvMd5wdP+GjliiMBdo5BlZJSWnNl7ousec +7KTAeCqcBjL+TxEwc55aGpBGdlZQ61hAgMBAAGjggMVMIIDETCBlwYIKwYBBQUHAQEEgYow gYcwRwYIKwYBBQUHMAKGO2h0dHA6Ly93d3cuY2VydGlmaWNhZG9kaWdpdGFsLmNvbS5ici9j YWRlaWFzL3NlcmFzYWNkdjIucDdiMDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5jZXJ0aWZp Y2Fkb2RpZ2l0YWwuY29tLmJyL3NlcmFzYWNkdjIwHwYDVR0jBBgwFoAUmuCDENcmm+m62oKy gc45GtOHcIYwcQYDVR0gBGowaDBmBgZgTAECAQYwXDBaBggrBgEFBQcCARZOaHR0cDovL3B1 YmxpY2FjYW8uY2VydGlmaWNhZG9kaWdpdGFsLmNvbS5ici9yZXBvc2l0b3Jpby9kcGMvZGVj bGFyYWNhby1zY2QucGRmMIHwBgNVHR8EgegwgeUwSaBHoEWGQ2h0dHA6Ly93d3cuY2VydGlm aWNhZG9kaWdpdGFsLmNvbS5ici9yZXBvc2l0b3Jpby9sY3Ivc2VyYXNhY2R2Mi5jcmwwQ6BB oD+GPWh0dHA6Ly9sY3IuY2VydGlmaWNhZG9zLmNvbS5ici9yZXBvc2l0b3Jpby9sY3Ivc2Vy YXNhY2R2Mi5jcmwwU6BRoE+GTWh0dHA6Ly9yZXBvc2l0b3Jpby5pY3BicmFzaWwuZ292LmJy L2xjci9TZXJhc2EvcmVwb3NpdG9yaW8vbGNyL3NlcmFzYWNkdjIuY3JsMA4GA1UdDwEB/wQE AwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwgb4GA1UdEQSBtjCBs4EZUEFV TE9ATUVUQUVMRVRSSUNBLkNPTS5CUqA+BgVgTAEDBKA1EzMwMzAxMTk1OTAxNzM2NTM4ODAy MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDCgIgYFYEwBAwKgGRMXUEFVTE8gUk9C RVJUTyBERSBDQU1QT1OgGQYFYEwBAwOgEBMONDMyNzA3MjcwMDAxMDCgFwYFYEwBAwegDhMM MDAwMDAwMDAwMDAwMA0GCSqGSIb3DQEBCwUAA4ICAQA0WbwzzGPPcAvLy8ylWEMJnw6TAOVQ u8zi32MSbds1RsJwLJOtPZCM5t0GpSf5QaLyFcm3051j9ywKGTbq4Wuk8aZb5MCDpc2dDQ1A veyUy7zL0TL1y8zvCGcN4Wu+4Sn5+jqwV/Z45hSXAJvv5acqMNljpYn4c1gx1OmBRgYoC0DN X5jcSagCaJi52ZHGwzgKl3kUGXBQ10PwqtPJlNVq9Y/e9o7ATeC7IQ1EQFeiUrc8+mfhcUO1 lqGti57m4uuNa2UynYQifvy0M0LH9gNVldcTFl6RSatBRC54cYYyeH8YC+IU9jUCjgupp7ra XoOje7K347PSm3k75pzjiJQ5oY78yf5Omd4IZae5awFHz7q7PAMZYtpTkaS/cR0GCY82da/q PwqeCmVT+5dj2/Yj9FQ9wt+gHgDISq3ene74ClXWXw2xb3POp3oNpg6bHw4vQv2RRpspfhCt 1lxhxEiFlqCksfiFyXQgi+9BWwxrZjWdiJkM0YbN5rCvTTe7QeElvdwb0GozUfaEvUAoZjqg T/w6VTmLTHvjzw+J8qgTmch74awIdtykESuLli5WB+z9Rmqw6Hk+o7jjtozo+AOV3vYjLLMh mXEJ6sBXSnV2q2V2CBTDCPmi2KEx19r5WSHjFKPy5uOdK2xNqkp4a0YYD/zmDqJfoXTNSlWd LN6jew== </X509Certificate></X509Data></KeyInfo></Signature></NFe><protNFe versao="2.00" xmlns="http://www.portalfiscal.inf.br/nfe";><infProt><tpAmb>1</tpAmb><verAplic>SP_NFE_PL_006j</verAplic><chNFe>35120543270727000100550010000103231020313654</chNFe><dhRecbto>2012-05-25T08:35:48</dhRecbto><nProt>135120291755405</nProt><digVal>vAstTaAGm+Flro+96rhJ+S4JxGA=</digVal><cStat>100</cStat><xMotivo>Autorizado o uso da NF-e</xMotivo></infProt></protNFe></nfeProc>
// Copyright 2011-2012 Renato Tegon Forti
#define BOOST_ALL_DYN_LINK
#define BOOST_THREAD_USE_DLL //thread header not compliant with
'BOOST_ALL_DYN_LINK'
#define BOOST_LIB_DIAGNOSTIC
#include <boost/test/minimal.hpp>
#include <dsafe/xmlsig.hpp>
#include <vector>
#define XMLSEC_CRYPTO_OPENSSL
// ---------------------
/**
* XML Security Library example: Verifying a file signed with X509 certificate
*
* Verifies a file signed with X509 certificate.
*
* This example was developed and tested with OpenSSL crypto library. The
* certificates management policies for another crypto library may break it.
*
* Usage:
* verify3 <signed-file> <trusted-cert-pem-file1>
[<trusted-cert-pem-file2> [...]]
*
* Example:
* ./verify3 sign3-res.xml rootcert.pem
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
*
* Copyright (C) 2002-2003 Aleksey Sanin <[email protected]>
*/
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include <libxml/tree.h>
#include <libxml/xmlmemory.h>
#include <libxml/parser.h>
#ifndef XMLSEC_NO_XSLT
#include <libxslt/xslt.h>
#include <libxslt/security.h>
#endif /* XMLSEC_NO_XSLT */
#include <xmlsec/xmlsec.h>
#include <xmlsec/xmltree.h>
#include <xmlsec/xmldsig.h>
#include <xmlsec/crypto.h>
const std::string XML_FILE =
"/Projects/project.dokfile.vses/hades/trunk/products/doksafe/engine/libs/xmldsig/test/"
"mt-embedded-id-dtd-attr.xml";
// "mt.xml";
xmlSecKeysMngrPtr
load_trusted_certs(const std::vector<std::string> & certs)
{
if(certs.size() == 0)
return NULL;
xmlSecKeysMngrPtr mngr;
/* create and initialize keys manager, we use a simple list based
* keys manager, implement your own xmlSecKeysStore klass if you need
* something more sophisticated
*/
mngr = xmlSecKeysMngrCreate();
if(mngr == NULL) {
fprintf(stderr, "Error: failed to create keys manager.\n");
return(NULL);
}
if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
fprintf(stderr, "Error: failed to initialize keys manager.\n");
xmlSecKeysMngrDestroy(mngr);
return(NULL);
}
for(int i = 0; i < certs.size(); ++i)
{
fprintf(stdout, certs[i].c_str());
fprintf(stdout, "\n");
/* load trusted cert */
if(xmlSecCryptoAppKeysMngrCertLoad(mngr, certs[i].c_str(),
xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0)
{
fprintf(stderr,"Error: failed to load pem certificate from \"%s\"\n",
certs[i].c_str());
xmlSecKeysMngrDestroy(mngr);
return(NULL);
}
}
return(mngr);
}
int
verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file) {
xmlDocPtr doc = NULL;
xmlNodePtr node = NULL;
xmlSecDSigCtxPtr dsigCtx = NULL;
int res = -1;
assert(mngr);
assert(xml_file);
/* load file */
doc = xmlParseFile(xml_file);
if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
goto done;
}
/* find start node */
node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature,
xmlSecDSigNs);
if(node == NULL) {
fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file);
goto done;
}
/* create signature context */
dsigCtx = xmlSecDSigCtxCreate(mngr);
if(dsigCtx == NULL) {
fprintf(stderr,"Error: failed to create signature context\n");
goto done;
}
/* Verify signature */
if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
fprintf(stderr,"Error: signature verify\n");
goto done;
}
/* print verification result to stdout */
if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
fprintf(stdout, "Signature is OK\n");
} else {
fprintf(stdout, "Signature is ***INVALID***\n");
}
/* success */
res = 0;
done:
/* cleanup */
if(dsigCtx != NULL) {
xmlSecDSigCtxDestroy(dsigCtx);
}
if(doc != NULL) {
xmlFreeDoc(doc);
}
return(res);
}
int do_test_xmlsec()
{
#ifndef XMLSEC_NO_XSLT
xsltSecurityPrefsPtr xsltSecPrefs = NULL;
#endif /* XMLSEC_NO_XSLT */
xmlSecKeysMngrPtr mngr;
/* Init libxml and libxslt libraries */
xmlInitParser();
LIBXML_TEST_VERSION
xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
xmlSubstituteEntitiesDefault(1);
#ifndef XMLSEC_NO_XSLT
xmlIndentTreeOutput = 1;
#endif /* XMLSEC_NO_XSLT */
/* Init libxslt */
#ifndef XMLSEC_NO_XSLT
/* disable everything */
xsltSecPrefs = xsltNewSecurityPrefs();
xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE,
xsltSecurityForbid);
xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE,
xsltSecurityForbid);
xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY,
xsltSecurityForbid);
xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK,
xsltSecurityForbid);
xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK,
xsltSecurityForbid);
xsltSetDefaultSecurityPrefs(xsltSecPrefs);
#endif /* XMLSEC_NO_XSLT */
/* Init xmlsec library */
if(xmlSecInit() < 0) {
fprintf(stderr, "Error: xmlsec initialization failed.\n");
return(-1);
}
/* Check loaded library version */
if(xmlSecCheckVersion() != 1) {
fprintf(stderr, "Error: loaded xmlsec library version is not
compatible.\n");
return(-1);
}
/* Load default crypto engine if we are supporting dynamic
* loading for xmlsec-crypto libraries. Use the crypto library
* name ("openssl", "nss", etc.) to load corresponding
* xmlsec-crypto library.
*/
#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) {
fprintf(stderr, "Error: unable to load default xmlsec-crypto library.
Make sure\n"
"that you have it installed and check shared libraries
path\n"
"(LD_LIBRARY_PATH) envornment variable.\n");
return(-1);
}
#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
/* Init crypto library */
if(xmlSecCryptoAppInit(NULL) < 0) {
fprintf(stderr, "Error: crypto initialization failed.\n");
return(-1);
}
/* Init xmlsec-crypto library */
if(xmlSecCryptoInit() < 0) {
fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
return(-1);
}
std::vector<std::string> certs;
certs.push_back("/usr/lib/ssl/certs/Serasa_Certificadora_Digital_v2.pem");
certs.push_back("/usr/lib/ssl/certs/Serasa_Autoridade_Certificadora_Principal_v2.pem");
certs.push_back("/usr/lib/ssl/certs/Autoridade_Certificadora_Raiz_Brasileira_v2.pem");
mngr = load_trusted_certs(certs);
if(mngr == NULL) {
return(-1);
}
/* create keys manager and load trusted certificates */
//mngr = load_trusted_certs(fileName, 1);
// if(mngr == NULL) {
// return(-1);
//}
/* verify file */
if(verify_file(mngr, XML_FILE.c_str()) < 0) {
xmlSecKeysMngrDestroy(mngr);
return(-1);
}
/* destroy keys manager */
xmlSecKeysMngrDestroy(mngr);
/* Shutdown xmlsec-crypto library */
xmlSecCryptoShutdown();
/* Shutdown crypto library */
xmlSecCryptoAppShutdown();
/* Shutdown xmlsec library */
xmlSecShutdown();
/* Shutdown libxslt/libxml */
#ifndef XMLSEC_NO_XSLT
xsltFreeSecurityPrefs(xsltSecPrefs);
xsltCleanupGlobals();
#endif /* XMLSEC_NO_XSLT */
xmlCleanupParser();
return(0);
}
int test_main(int, char*[])
{
do_test_xmlsec();
return 0;
}
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
