Hi Again,
I write one new code, but I can put it to work! Please you can point me what
I forgot!
The verify function is : verify_f
Output:
========================================================================
verify_f
========================================================================
Signature is ***INVALID***
func=xmlSecDSigCtxDebugXmlDump:file=xmldsig.c:line=1148:obj=unknown:subj=out
put != NULL:error=100:assertion:
func=xmlSecDSigCtxDebugDump:file=xmldsig.c:line=1068:obj=unknown:subj=output
!= NULL:error=100:assertion:
Thanks
-----Mensagem original-----
De: Aleksey Sanin [mailto:[email protected]]
Enviada em: segunda-feira, 11 de junho de 2012 13:22
Para: Renato Tegon Forti
Cc: [email protected]
Assunto: Re: RES: [xmlsec] how verify sig using xmlAddID and local certs!
xmlsec1 --help
Aleksey
On 6/11/12 7:09 AM, Renato Tegon Forti wrote:
> Hi
>
>>> xmlAddID - look at LibXML2 documentation for the function, it's
>>> pretty
> simple.
> OK
>
>>> Actually default trusted certs are loaded in the xmlsec-openssl init
> function.
> Then I don't need load certs in "xmlSecKeysMngrPtr"?
>
> I am trying to use sample "Verifying a signature with X 509 certificates."
>
> And I changed load_trusted_certs to accept a vector with keys file, like:
>
> ----------------------------------------------------------------------
> ------
> ---------------------------------
> std::vector<std::string> certs;
>
> certs.push_back("/usr/lib/ssl/certs/Serasa_Certificadora_Digital_v2.pe
> m");
> certs.push_back("/usr/lib/ssl/certs/Serasa_Autoridade_Certificadora_Pr
> incipa
> l_v2.pem");
> certs.push_back("/usr/lib/ssl/certs/Autoridade_Certificadora_Raiz_Bras
> ileira
> _v2.pem");
>
> mngr = load_trusted_certs(certs);
>
> ----------------------------------------------------------------------
> ------
> ---------------------------------
>
> And for now, I using DTD on xml file:
>
> ----------------------------------------------------------------------
> ------
> ---------------------------------
> <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE test [ <!ATTLIST
> infNFe Id ID #IMPLIED> ]>
> ----------------------------------------------------------------------
> ------
> ---------------------------------
>
> But always I received: "Signature is INVALID"!
>
> If I use xmlsec1 command, its work in some file!
>
> ----------------------------------------------------------------------
> ------
> ---------------------------------
> afe/engine/libs/xmldsig/test$ xmlsec1 --verify
> mt-embedded-id-dtd-attr.xml OK SignedInfo References (ok/all): 1/1
> Manifests References (ok/all): 0/0
> ----------------------------------------------------------------------
> ------
> ---------------------------------
>
> How I can print debug into to try see what's happening?
>
> My current code, and file that I need check is attached!
>
> Thanks again, and again, and again ...!
>
> -----Mensagem original-----
> De: Aleksey Sanin [mailto:[email protected]] Enviada em:
> segunda-feira, 11 de junho de 2012 10:46
> Para: Renato Tegon Forti
> Cc: [email protected]
> Assunto: Re: [xmlsec] how verify sig using xmlAddID and local certs!
>
> 1) xmlAddID - look at LibXML2 documentation for the function, it's
> pretty simple.
>
> 2) Actually default trusted certs are loaded in the xmlsec-openssl
> init function.
>
> Aleksey
>
> On 6/11/12 5:39 AM, Renato Tegon Forti wrote:
>> Hi All,
>>
>>
>>
>> I'm trying to understand how the xmlsec tool interprets this command:
>>
>>
>>
>> xmlsec1 --verify --id-attr:Id infNFe file.xml
>>
>>
>>
>> which parts of code are activated! Need to reproduce this behavior in
>> my code
>>
>>
>>
>> Can someone explain to me?
>>
>>
>>
>> In special how "xmlSecAppLoadKeys" load CA 's files of
>> /usr/lib/ssl/certs/ : (for sample. openssl ssl files folder) !
>>
>>
>>
>> I need use "xmlAddID" to add "infNFe" like an id! Ok? How?
>>
>>
>>
>> Anything else!
>>
>>
>>
>> My test code:
>>
>>
>>
>> // Copyright 2011-2012 Renato Tegon Forti
>>
>>
>>
>> #define BOOST_ALL_DYN_LINK
>>
>> #define BOOST_THREAD_USE_DLL //thread header not compliant with
>> 'BOOST_ALL_DYN_LINK'
>>
>> #define BOOST_LIB_DIAGNOSTIC
>>
>>
>>
>> #include <boost/test/minimal.hpp>
>>
>> #include <dsafe/xmlsig.hpp>
>>
>>
>>
>> #define XMLSEC_CRYPTO_OPENSSL
>>
>>
>>
>> #include <libxml/tree.h>
>>
>> #include <libxml/xmlmemory.h>
>>
>> #include <libxml/parser.h>
>>
>>
>>
>> #ifndef XMLSEC_NO_XSLT
>>
>> #include <libxslt/xslt.h>
>>
>> #endif /* XMLSEC_NO_XSLT */
>>
>>
>>
>> #include <xmlsec/xmlsec.h>
>>
>> #include <xmlsec/xmltree.h>
>>
>> #include <xmlsec/xmldsig.h>
>>
>> #include <xmlsec/xmlenc.h>
>>
>> #include <xmlsec/templates.h>
>>
>> #include <xmlsec/crypto.h>
>>
>>
>>
>>
>>
>> /**
>>
>> * verify_file:
>>
>> * @mngr: the pointer to keys manager.
>>
>> * @xml_file: the signed XML file name.
>>
>> *
>>
>> * Verifies XML signature in #xml_file.
>>
>> *
>>
>> * Returns 0 on success or a negative value if an error occurs.
>>
>> */
>>
>> int
>>
>> verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file)
>>
>> {
>>
>> xmlDocPtr doc = NULL;
>>
>> xmlNodePtr node = NULL;
>>
>> xmlSecDSigCtxPtr dsigCtx = NULL;
>>
>> int res = -1;
>>
>>
>>
>> assert(mngr);
>>
>> assert(xml_file);
>>
>>
>>
>> /* load file */
>>
>> doc = xmlParseFile(xml_file);
>>
>> if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
>>
>> fprintf(stderr, "Error: unable to parse file
>> \"%s\"\n", xml_file);
>>
>> goto done;
>>
>> }
>>
>>
>>
>> /* find start node */
>>
>> node = xmlSecFindNode(xmlDocGetRootElement(doc),
>> xmlSecNodeSignature, xmlSecDSigNs);
>>
>> if(node == NULL) {
>>
>> fprintf(stderr, "Error: start node not found in
>> \"%s\"\n", xml_file);
>>
>> goto done;
>>
>> }
>>
>>
>>
>> /* create signature context */
>>
>> dsigCtx = xmlSecDSigCtxCreate(mngr);
>>
>> if(dsigCtx == NULL) {
>>
>> fprintf(stderr,"Error: failed to create signature
>> context\n");
>>
>> goto done;
>>
>> }
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> /* limit the Reference URI attributes to empty or NULL */
>>
>> dsigCtx->enabledReferenceUris = xmlSecTransformUriTypeEmpty;
>>
>>
>>
>> /* limit allowed transforms for siganture and reference
>> processing */
>>
>> if((xmlSecDSigCtxEnableSignatureTransform(dsigCtx,
>> xmlSecTransformInclC14NId) < 0) ||
>>
>> (xmlSecDSigCtxEnableSignatureTransform(dsigCtx,
>> xmlSecTransformExclC14NId) < 0) ||
>>
>> (xmlSecDSigCtxEnableSignatureTransform(dsigCtx,
>> xmlSecTransformSha1Id) < 0) ||
>>
>> (xmlSecDSigCtxEnableSignatureTransform(dsigCtx,
>> xmlSecTransformRsaSha1Id) < 0)) {
>>
>>
>>
>> fprintf(stderr,"Error: failed to limit allowed siganture
>> transforms\n");
>>
>> goto done;
>>
>> }
>>
>> if((xmlSecDSigCtxEnableReferenceTransform(dsigCtx,
>> xmlSecTransformInclC14NId) < 0) ||
>>
>> (xmlSecDSigCtxEnableReferenceTransform(dsigCtx,
>> xmlSecTransformExclC14NId) < 0) ||
>>
>> (xmlSecDSigCtxEnableReferenceTransform(dsigCtx,
>> xmlSecTransformSha1Id) < 0) ||
>>
>> (xmlSecDSigCtxEnableReferenceTransform(dsigCtx,
>> xmlSecTransformEnvelopedId) < 0)) {
>>
>>
>>
>> fprintf(stderr,"Error: failed to limit allowed reference
>> transforms\n");
>>
>> goto done;
>>
>> }
>>
>>
>>
>> /* in addition, limit possible key data to valid X509
>> certificates only */
>>
>> if(xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData),
>> BAD_CAST xmlSecKeyDataX509Id) < 0) {
>>
>> fprintf(stderr,"Error: failed to limit allowed key data\n");
>>
>> goto done;
>>
>> }
>>
>>
>>
>> /* Verify signature */
>>
>> if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
>>
>> fprintf(stderr,"Error: signature verify\n");
>>
>> goto done;
>>
>> }
>>
>>
>>
>> /* check that we have only one Reference */
>>
>> if((dsigCtx->status == xmlSecDSigStatusSucceeded) &&
>>
>> (xmlSecPtrListGetSize(&(dsigCtx->signedInfoReferences)) !=
>> 1)) {
>>
>>
>>
>> fprintf(stderr,"Error: only one reference is allowed\n");
>>
>> goto done;
>>
>> }
>>
>>
>>
>> /* print verification result to stdout */
>>
>> if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
>>
>> fprintf(stdout, "Signature is OK\n");
>>
>> } else {
>>
>> fprintf(stdout, "Signature is INVALID\n");
>>
>> }
>>
>>
>>
>> /* success */
>>
>> res = 0;
>>
>>
>>
>> done:
>>
>> /* cleanup */
>>
>> if(dsigCtx != NULL) {
>>
>> xmlSecDSigCtxDestroy(dsigCtx);
>>
>> }
>>
>>
>>
>> if(doc != NULL) {
>>
>> xmlFreeDoc(doc);
>>
>> }
>>
>> return(res);
>>
>>
>>
>> }
>>
>>
>>
>> int
>>
>> init_allxml_lib()
>>
>> {
>>
>> // Init libxml and libxslt libraries
>>
>> xmlInitParser();
>>
>>
>>
>> LIBXML_TEST_VERSION
>>
>> xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
>>
>> xmlSubstituteEntitiesDefault(1);
>>
>> #ifndef XMLSEC_NO_XSLT
>>
>> xmlIndentTreeOutput = 1;
>>
>> #endif // XMLSEC_NO_XSLT
>>
>>
>>
>> // Init xmlsec library
>>
>> if(xmlSecInit() < 0) {
>>
>> fprintf(stderr, "Error: xmlsec initialization failed.\n");
>>
>> return(-1);
>>
>> }
>>
>>
>>
>> // Check loaded library version
>>
>> if(xmlSecCheckVersion() != 1) {
>>
>> fprintf(stderr, "Error: loaded xmlsec library version is not
>> compatible.\n");
>>
>> return(-1);
>>
>> }
>>
>>
>>
>> // Load default crypto engine if we are supporting dynamic
>>
>> // loading for xmlsec-crypto libraries. Use the crypto library
>>
>> // name ("openssl", "nss", etc.) to load corresponding
>>
>> // xmlsec-crypto library.
>>
>>
>>
>> #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
>>
>> if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) {
>>
>> fprintf(stderr, "Error: unable to load default xmlsec-crypto library.
>> Make sure\n"
>>
>> "that you have it
>> installed and check shared libraries path\n"
>>
>> "(LD_LIBRARY_PATH)
>> envornment variable.\n");
>>
>> return(-1);
>>
>> }
>>
>> #endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
>>
>>
>>
>> // Init crypto library
>>
>> if(xmlSecCryptoAppInit(NULL) < 0) {
>>
>> fprintf(stderr, "Error: crypto initialization failed.\n");
>>
>> return(-1);
>>
>> }
>>
>>
>>
>> // Init xmlsec-crypto library
>>
>> if(xmlSecCryptoInit() < 0) {
>>
>> fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
>>
>> return(-1);
>>
>> }
>>
>>
>>
>> return 0;
>>
>> }
>>
>>
>>
>> void
>>
>> fnit_allxml_lib()
>>
>> {
>>
>> // Shutdown xmlsec-crypto library
>>
>> xmlSecCryptoShutdown();
>>
>>
>>
>> //Shutdown crypto library
>>
>> xmlSecCryptoAppShutdown();
>>
>>
>>
>> //Shutdown xmlsec library
>>
>> xmlSecShutdown();
>>
>>
>>
>> // Shutdown libxslt/libxml
>>
>> #ifndef XMLSEC_NO_XSLT
>>
>> xsltCleanupGlobals();
>>
>> #endif //XMLSEC_NO_XSLT
>>
>>
>>
>> xmlCleanupParser();
>>
>> }
>>
>>
>>
>> const std::string XML_FILE =
>>
> "/Projects/project.dokfile.vses/hades/trunk/products/doksafe/engine/li
> bs/xml
> dsig/test/"
>>
>> "mt-embedded-id-dtd-attr.xml";
>>
>>
>
>> // "mt.xml";
>>
>>
>>
>> // Unit Tests
>>
>>
>>
>> void do_0()
>>
>> {
>>
>> xmlSecKeysMngrPtr mngr = xmlSecKeysMngrCreate();
>>
>> if(mngr == NULL)
>>
>> {
>>
>> fprintf(stderr, "Error: failed to create keys manager.\n");
>>
>> }
>>
>>
>>
>> if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0)
>>
>> {
>>
>> fprintf(stderr, "Error: failed to initialize keys manager.\n");
>>
>> xmlSecKeysMngrDestroy(mngr);
>>
>> }
>>
>>
>>
>> BOOST_CHECK(init_allxml_lib() == 0);
>>
>> BOOST_CHECK(verify_file(mngr, XML_FILE.c_str()) == 0);
>>
>>
>>
>> fnit_allxml_lib();
>>
>> }
>>
>>
>>
>> // -
>>
>>
>>
>> int test_main(int, char*[])
>>
>> {
>>
>> do_0();
>>
>>
>>
>> return 0;
>>
>> }
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Thanks
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> xmlsec mailing list
>> [email protected]
>> http://www.aleksey.com/mailman/listinfo/xmlsec
// Copyright 2011-2012 Renato Tegon Forti
#define BOOST_ALL_DYN_LINK
#define BOOST_THREAD_USE_DLL //thread header not compliant with
'BOOST_ALL_DYN_LINK'
#define BOOST_LIB_DIAGNOSTIC
#include <boost/test/minimal.hpp>
#include <dsafe/xmlsig.hpp>
#include <vector>
#define XMLSEC_CRYPTO_OPENSSL
// ---------------------
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include <libxml/tree.h>
#include <libxml/xmlmemory.h>
#include <libxml/parser.h>
#ifndef XMLSEC_NO_XSLT
#include <libxslt/xslt.h>
#include <libxslt/security.h>
#endif /* XMLSEC_NO_XSLT */
#include <xmlsec/xmlsec.h>
#include <xmlsec/xmltree.h>
#include <xmlsec/xmldsig.h>
#include <xmlsec/crypto.h>
const std::string XML_FILE =
"/Projects/project.dokfile.vses/hades/trunk/products/doksafe/engine/libs/xmldsig/test/"
"mt-embedded-id-dtd-attr.xml";
// "mt.xml";
void printNode(xmlNodePtr nd)
{
xmlNodePtr nodeLevel1;
xmlNodePtr nodeLevel2;
for( nodeLevel1 = nd->children;
nodeLevel1 != NULL;
nodeLevel1 = nodeLevel1->next)
{
printf("%s\n",nodeLevel1->name);
for( nodeLevel2 = nodeLevel1->children;
nodeLevel2 != NULL;
nodeLevel2 = nodeLevel2->next)
{
printf("\t%s\n",nodeLevel2->name);
}
}
}
// return -1 Failed to verify signature
// 0 Signature is INVALID
// 1 Signature is VALID
int verify_f(xmlSecKeysMngrPtr mngr, const char* xmlFile,
const std::string& nodeName = "NFe",
const std::string& ns =
"http://www.portalfiscal.inf.br/nfe";,
bool printDebugInfo = true)
{
if(printDebugInfo)
{
fprintf(stderr,
"========================================================================\n");
fprintf(stderr, "verify_f\n");
fprintf(stderr,
"========================================================================\n");
}
int rc = -1;
xmlDocPtr doc = NULL;
xmlSecDSigCtxPtr dsigCtx = NULL;
xmlNodePtr interestNone = NULL;
xmlNodePtr keyInfo = NULL; xmlSecKeyPtr keyInfoKey = NULL;
xmlNodePtr signature = NULL;
xmlSecKeyDataPtr certData = NULL, certKey = NULL;
doc = xmlParseFile(xmlFile);
if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL))
{
fprintf(stderr, "---> ERROR : Error: unable to parse file \"%s\"\n",
xmlFile);
goto cleanup;
}
dsigCtx = xmlSecDSigCtxCreate(mngr);
if(dsigCtx == NULL)
{
fprintf(stderr,"---> ERROR : Error: failed to create signature
context\n");
goto cleanup;
}
interestNone = xmlSecFindNode(xmlDocGetRootElement(doc),
( xmlChar* ) nodeName.c_str(),
( xmlChar* )
ns.c_str());
if (interestNone == NULL)
{
fprintf(stderr, "---> ERROR : interestNone Error\n");
goto cleanup;
}
signature = xmlSecFindNode(interestNone, xmlSecNodeSignature, xmlSecDSigNs);
if (signature == NULL)
{
fprintf(stderr, "---> ERROR : signature Error");
goto cleanup;
}
keyInfo = xmlSecFindNode(signature, xmlSecNodeKeyInfo, xmlSecDSigNs);
if (keyInfo == NULL)
{
fprintf(stderr, "---> ERROR : keyInfo Error");
goto cleanup;
}
keyInfoKey = xmlSecKeyCreate();
if (xmlSecKeyInfoNodeRead(keyInfo, keyInfoKey, &dsigCtx->keyInfoReadCtx) < 0)
{
fprintf(stderr, "---> ERROR : xmlSecKeyInfoNodeRead Error");
goto cleanup;
}
certData = xmlSecKeyGetData(keyInfoKey, xmlSecOpenSSLKeyDataX509GetKlass());
if(certData == NULL)
{
fprintf(stderr, "---> ERROR : certData Error");
goto cleanup;
}
certKey =
xmlSecOpenSSLX509CertGetKey(xmlSecOpenSSLKeyDataX509GetCert(certData, 0));
if(certKey == NULL)
{
fprintf(stderr, "---> ERROR : certKey Error");
goto cleanup;
}
rc = xmlSecKeySetValue(keyInfoKey, certKey);
if(rc != 0)
{
fprintf(stderr, "---> ERROR : xmlSecKeySetValue Error");
goto cleanup;
}
if(xmlSecDSigCtxVerify(dsigCtx, signature) < 0)
{
fprintf(stderr,"Error: signature verify\n");
goto cleanup;
}
// print verification result to stdout
if(dsigCtx->status == xmlSecDSigStatusSucceeded)
{
fprintf(stdout, "Signature is OK\n");
}
else
{
fprintf(stdout, "Signature is ***INVALID***\n");
goto cleanup;
}
rc = 0; // if we here sig is valid...
cleanup:
if(printDebugInfo)
{
xmlSecDSigCtxDebugXmlDump(dsigCtx, 0);
xmlSecDSigCtxDebugDump(dsigCtx, 0);
}
if(keyInfoKey != NULL)
{
xmlSecKeyDestroy(keyInfoKey);
}
if(dsigCtx != NULL)
{
xmlSecDSigCtxDestroy(dsigCtx);
}
if(doc != NULL)
{
xmlFreeDoc(doc);
}
return rc;
}
xmlSecKeysMngrPtr
load_trusted_certs(const std::vector<std::string> & certs)
{
if(certs.size() == 0)
return NULL;
xmlSecKeysMngrPtr mngr;
/* create and initialize keys manager, we use a simple list based
* keys manager, implement your own xmlSecKeysStore klass if you need
* something more sophisticated
*/
mngr = xmlSecKeysMngrCreate();
if(mngr == NULL) {
fprintf(stderr, "Error: failed to create keys manager.\n");
return(NULL);
}
if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
fprintf(stderr, "Error: failed to initialize keys manager.\n");
xmlSecKeysMngrDestroy(mngr);
return(NULL);
}
for(int i = 0; i < certs.size(); ++i)
{
fprintf(stdout, certs[i].c_str());
fprintf(stdout, "\n");
/* load trusted cert */
if(xmlSecCryptoAppKeysMngrCertLoad(mngr, certs[i].c_str(),
xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0)
{
fprintf(stderr,"Error: failed to load pem certificate from \"%s\"\n",
certs[i].c_str());
xmlSecKeysMngrDestroy(mngr);
return(NULL);
}
}
return(mngr);
}
int do_test_xmlsec()
{
#ifndef XMLSEC_NO_XSLT
xsltSecurityPrefsPtr xsltSecPrefs = NULL;
#endif /* XMLSEC_NO_XSLT */
xmlSecKeysMngrPtr mngr;
/* Init libxml and libxslt libraries */
xmlInitParser();
LIBXML_TEST_VERSION
xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
xmlSubstituteEntitiesDefault(1);
#ifndef XMLSEC_NO_XSLT
xmlIndentTreeOutput = 1;
#endif /* XMLSEC_NO_XSLT */
/* Init libxslt */
#ifndef XMLSEC_NO_XSLT
/* disable everything */
xsltSecPrefs = xsltNewSecurityPrefs();
xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE,
xsltSecurityForbid);
xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE,
xsltSecurityForbid);
xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY,
xsltSecurityForbid);
xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK,
xsltSecurityForbid);
xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK,
xsltSecurityForbid);
xsltSetDefaultSecurityPrefs(xsltSecPrefs);
#endif /* XMLSEC_NO_XSLT */
/* Init xmlsec library */
if(xmlSecInit() < 0) {
fprintf(stderr, "Error: xmlsec initialization failed.\n");
return(-1);
}
/* Check loaded library version */
if(xmlSecCheckVersion() != 1) {
fprintf(stderr, "Error: loaded xmlsec library version is not
compatible.\n");
return(-1);
}
/* Load default crypto engine if we are supporting dynamic
* loading for xmlsec-crypto libraries. Use the crypto library
* name ("openssl", "nss", etc.) to load corresponding
* xmlsec-crypto library.
*/
#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) {
fprintf(stderr, "Error: unable to load default xmlsec-crypto library.
Make sure\n"
"that you have it installed and check shared libraries
path\n"
"(LD_LIBRARY_PATH) envornment variable.\n");
return(-1);
}
#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
/* Init crypto library */
if(xmlSecCryptoAppInit(NULL) < 0) {
fprintf(stderr, "Error: crypto initialization failed.\n");
return(-1);
}
/* Init xmlsec-crypto library */
if(xmlSecCryptoInit() < 0) {
fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
return(-1);
}
std::vector<std::string> certs;
certs.push_back("/usr/lib/ssl/certs/Serasa_Certificadora_Digital_v2.pem");
certs.push_back("/usr/lib/ssl/certs/Serasa_Autoridade_Certificadora_Principal_v2.pem");
certs.push_back("/usr/lib/ssl/certs/Autoridade_Certificadora_Raiz_Brasileira_v2.pem");
mngr = load_trusted_certs(certs);
// mngr = xmlSecKeysMngrCreate();
if(mngr == NULL) {
return(-1);
}
/* create keys manager and load trusted certificates */
//mngr = load_trusted_certs(fileName, 1);
// if(mngr == NULL) {
// return(-1);
//}
/* verify file */
// if(verify_file(mngr, XML_FILE.c_str()) < 0) {
if(verify_f(mngr, XML_FILE.c_str()) < 0) {
//if(verify_file2(mngr, XML_FILE.c_str()) < 0) {
//if(verify(mngr, XML_FILE.c_str()) < 0) {
xmlSecKeysMngrDestroy(mngr);
return(-1);
}
/* destroy keys manager */
xmlSecKeysMngrDestroy(mngr);
/* Shutdown xmlsec-crypto library */
xmlSecCryptoShutdown();
/* Shutdown crypto library */
xmlSecCryptoAppShutdown();
/* Shutdown xmlsec library */
xmlSecShutdown();
/* Shutdown libxslt/libxml */
#ifndef XMLSEC_NO_XSLT
xsltFreeSecurityPrefs(xsltSecPrefs);
xsltCleanupGlobals();
#endif /* XMLSEC_NO_XSLT */
xmlCleanupParser();
return(0);
}
int test_main(int, char*[])
{
do_test_xmlsec();
return 0;
}
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE test [
<!ATTLIST infNFe Id ID #IMPLIED>
]><nfeProc versao="2.00" xmlns="http://www.portalfiscal.inf.br/nfe";><NFe xmlns="http://www.portalfiscal.inf.br/nfe";><infNFe Id="NFe35120543270727000100550010000103231020313654" versao="2.00"><ide><cUF>35</cUF><cNF>02031365</cNF><natOp>VDA MERC SUJ REG SUBS TRIB</natOp><indPag>2</indPag><mod>55</mod><serie>1</serie><nNF>10323</nNF><dEmi>2012-05-25</dEmi><dSaiEnt>2012-05-25</dSaiEnt><tpNF>1</tpNF><cMunFG>3501608</cMunFG><tpImp>1</tpImp><tpEmis>1</tpEmis><cDV>4</cDV><tpAmb>1</tpAmb><finNFe>1</finNFe><procEmi>0</procEmi><verProc>SIM999V3.14.1U000</verProc></ide><emit><CNPJ>43270727000100</CNPJ><xNome>Meta Materiais Eletricos Ltda</xNome><enderEmit><xLgr>R DR CANDIDO CRUZ</xLgr><nro>182</nro><xBairro>CENTRO</xBairro><cMun>3501608</cMun><xMun>AMERICANA</xMun><UF>SP</UF><CEP>13465350</CEP><cPais>1058</cPais><xPais>Brasil</xPais><fone>1934710010</fone></enderEmit><IE>165079118111</IE><IM>63162</IM><CNAE>4742300</CNAE><CRT>3</CRT></emit><dest><CNPJ>11253910000100</CNPJ><xNome>AYSSO SYSTEMAS LTDA EPP</xNome><enderDest><xLgr>RUA DOZE DE NOVEMBRO</xLgr><nro>180</nro><xCpl>SA 73</xCpl><xBairro>CENTRO</xBairro><cMun>3501608</cMun><xMun>AMERICANA</xMun><UF>SP</UF><CEP>13465490</CEP><cPais>1058</cPais><xPais>BRASIL</xPais><fone>1936459991</fone></enderDest><IE>ISENTO</IE></dest><det nItem="1"><prod><cProd>103549</cProd><cEAN></cEAN><xProd>LAMP ELET MINI ESP 15Wx127V BR T2 SYLVANIA</xProd><NCM>85393100</NCM><CFOP>5405</CFOP><uCom>PC</uCom><qCom>2.0000</qCom><vUnCom>11.9900</vUnCom><vProd>23.98</vProd><cEANTrib></cEANTrib><uTrib>PC</uTrib><qTrib>2.0000</qTrib><vUnTrib>11.9900</vUnTrib><vDesc>0.72</vDesc><indTot>1</indTot></prod><imposto><ICMS><ICMS60><orig>0</orig><CST>60</CST><vBCSTRet>0.00</vBCSTRet><vICMSSTRet>0.00</vICMSSTRet></ICMS60></ICMS><IPI><qSelo>0</qSelo><cEnq>999</cEnq><IPINT><CST>52</CST></IPINT></IPI><II><vBC>0.00</vBC><vDespAdu>0.00</vDespAdu><vII>0.00</vII><vIOF>0.00</vIOF></II><PIS><PISAliq><CST>01</CST><vBC>23.26</vBC><pPIS>1.65</pPIS><vPIS>0.38</vPIS></PISAliq></PIS><COFINS><COFINSAliq><CST>01</CST><vBC>23.26</vBC><pCOFINS>7.60</pCOFINS><vCOFINS>1.77</vCOFINS></COFINSAliq></COFINS></imposto></det><total><ICMSTot><vBC>0.00</vBC><vICMS>0.00</vICMS><vBCST>0.00</vBCST><vST>0.00</vST><vProd>23.98</vProd><vFrete>0.00</vFrete><vSeg>0.00</vSeg><vDesc>0.72</vDesc><vII>0.00</vII><vIPI>0.00</vIPI><vPIS>0.38</vPIS><vCOFINS>1.77</vCOFINS><vOutro>0.00</vOutro><vNF>23.26</vNF></ICMSTot></total><transp><modFrete>0</modFrete></transp><infAdic><infCpl>Em caso de devolucao, XML para [email protected]&#13;CASO NAO RECEBA O XML, ENVIE-NOS SEU EMAIL PARA RECEBE-LO&#13;ICMS RECOLHIDO POR SUBSTITUICAO TRIBUTARIA, NOS&#13;TERMOS DO ART 313-S/313-Y DO RICMS/2000&#13;**REDESPACHO: 01 Endereco:**ENDERECO DE COBRANCA:RUA DOZE DE NOVEMBRO 180 - CENTRO - AMERICANA - SP - 13.465-490**Cod.Representante:040 - FABIO</infCpl></infAdic></infNFe><Signature xmlns="http://www.w3.org/2000/09/xmldsig#";><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI="#NFe35120543270727000100550010000103231020313654"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>vAstTaAGm+Flro+96rhJ+S4JxGA=</DigestValue></Reference></SignedInfo><SignatureValue> elzSWi9iKJ+6oZ7g3FfNXNXkLnzg3h7EaIZT3nxxzOCA0/xao0Mz3nWol4MHLt5e9Qjm3t5o SB6qGoB+pRG3ozrw0RrcOSD4gUAJ4h+Qkey/CD+VL2KDgVHXP4Sw/T8Fn9WQ3mtM1n0nfrLj 0qsXyMxrZvfD3Cp7TINVrj9hvm6ma0tg4VbKrZ47ChOo+QkXB3n0Uh1hkDaWHy3xOSW+SvS0 rOfUmkYJV1p6yzyyir/La2/UQcjkohRor1rrVJjC/bhLJA+76dhvKmwPWTbkt9T/cLBrIfav vwuJBYov2uOMjrQ5Pcgpn+1jRtMGCY1gDQW+ITi6PL4sl+u1hqse6w== </SignatureValue><KeyInfo><X509Data><X509Certificate> MIIHzjCCBbagAwIBAgIIJ/Z01hJtsY0wDQYJKoZIhvcNAQELBQAwTDELMAkGA1UEBhMCQlIx EzARBgNVBAoTCklDUC1CcmFzaWwxKDAmBgNVBAMTH1NFUkFTQSBDZXJ0aWZpY2Fkb3JhIERp Z2l0YWwgdjIwHhcNMTIwNDMwMTM1MjAwWhcNMTMwNDMwMTM1MjAwWjCB6DELMAkGA1UEBhMC QlIxEzARBgNVBAoTCklDUC1CcmFzaWwxFDASBgNVBAsTCyhFTSBCUkFOQ08pMRgwFgYDVQQL Ew8wMDAwMDEwMDMwOTU5MDkxFDASBgNVBAsTCyhFTSBCUkFOQ08pMRQwEgYDVQQLEwsoRU0g QlJBTkNPKTEUMBIGA1UECxMLKEVNIEJSQU5DTykxFDASBgNVBAsTCyhFTSBCUkFOQ08pMRQw EgYDVQQLEwsoRU0gQlJBTkNPKTEmMCQGA1UEAxMdTUVUQSBNQVRFUklBSVMgRUxFVFJJQ09T IExUREEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRw2mVpPi3M81gY1Gsv6sU 7vUl/TinzaqU02fOhtkh8LbyPxzfvcfC/HVNDWh+QsQ0GhNwRzXGQtdx76m3CnP3PcBpe7NK 7y8sgSKwrxtVe5AVEm/DMBDQCbCXRZwIs+6N8Ygg3qJXH7La1rNzheQGJPmH4ziUokrkxyxF mjyyz1R9h6jqBgihYeUuZvFF5TBgoviLLKdZOChl0rYZD03Tt1GOCfFMqWUpff6tN2hChH8I PWEf47qFIw6iTxVNaytjSwcUbPqCdeuRXqfSavbvMd5wdP+GjliiMBdo5BlZJSWnNl7ousec +7KTAeCqcBjL+TxEwc55aGpBGdlZQ61hAgMBAAGjggMVMIIDETCBlwYIKwYBBQUHAQEEgYow gYcwRwYIKwYBBQUHMAKGO2h0dHA6Ly93d3cuY2VydGlmaWNhZG9kaWdpdGFsLmNvbS5ici9j YWRlaWFzL3NlcmFzYWNkdjIucDdiMDwGCCsGAQUFBzABhjBodHRwOi8vb2NzcC5jZXJ0aWZp Y2Fkb2RpZ2l0YWwuY29tLmJyL3NlcmFzYWNkdjIwHwYDVR0jBBgwFoAUmuCDENcmm+m62oKy gc45GtOHcIYwcQYDVR0gBGowaDBmBgZgTAECAQYwXDBaBggrBgEFBQcCARZOaHR0cDovL3B1 YmxpY2FjYW8uY2VydGlmaWNhZG9kaWdpdGFsLmNvbS5ici9yZXBvc2l0b3Jpby9kcGMvZGVj bGFyYWNhby1zY2QucGRmMIHwBgNVHR8EgegwgeUwSaBHoEWGQ2h0dHA6Ly93d3cuY2VydGlm aWNhZG9kaWdpdGFsLmNvbS5ici9yZXBvc2l0b3Jpby9sY3Ivc2VyYXNhY2R2Mi5jcmwwQ6BB oD+GPWh0dHA6Ly9sY3IuY2VydGlmaWNhZG9zLmNvbS5ici9yZXBvc2l0b3Jpby9sY3Ivc2Vy YXNhY2R2Mi5jcmwwU6BRoE+GTWh0dHA6Ly9yZXBvc2l0b3Jpby5pY3BicmFzaWwuZ292LmJy L2xjci9TZXJhc2EvcmVwb3NpdG9yaW8vbGNyL3NlcmFzYWNkdjIuY3JsMA4GA1UdDwEB/wQE AwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwgb4GA1UdEQSBtjCBs4EZUEFV TE9ATUVUQUVMRVRSSUNBLkNPTS5CUqA+BgVgTAEDBKA1EzMwMzAxMTk1OTAxNzM2NTM4ODAy MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDCgIgYFYEwBAwKgGRMXUEFVTE8gUk9C RVJUTyBERSBDQU1QT1OgGQYFYEwBAwOgEBMONDMyNzA3MjcwMDAxMDCgFwYFYEwBAwegDhMM MDAwMDAwMDAwMDAwMA0GCSqGSIb3DQEBCwUAA4ICAQA0WbwzzGPPcAvLy8ylWEMJnw6TAOVQ u8zi32MSbds1RsJwLJOtPZCM5t0GpSf5QaLyFcm3051j9ywKGTbq4Wuk8aZb5MCDpc2dDQ1A veyUy7zL0TL1y8zvCGcN4Wu+4Sn5+jqwV/Z45hSXAJvv5acqMNljpYn4c1gx1OmBRgYoC0DN X5jcSagCaJi52ZHGwzgKl3kUGXBQ10PwqtPJlNVq9Y/e9o7ATeC7IQ1EQFeiUrc8+mfhcUO1 lqGti57m4uuNa2UynYQifvy0M0LH9gNVldcTFl6RSatBRC54cYYyeH8YC+IU9jUCjgupp7ra XoOje7K347PSm3k75pzjiJQ5oY78yf5Omd4IZae5awFHz7q7PAMZYtpTkaS/cR0GCY82da/q PwqeCmVT+5dj2/Yj9FQ9wt+gHgDISq3ene74ClXWXw2xb3POp3oNpg6bHw4vQv2RRpspfhCt 1lxhxEiFlqCksfiFyXQgi+9BWwxrZjWdiJkM0YbN5rCvTTe7QeElvdwb0GozUfaEvUAoZjqg T/w6VTmLTHvjzw+J8qgTmch74awIdtykESuLli5WB+z9Rmqw6Hk+o7jjtozo+AOV3vYjLLMh mXEJ6sBXSnV2q2V2CBTDCPmi2KEx19r5WSHjFKPy5uOdK2xNqkp4a0YYD/zmDqJfoXTNSlWd LN6jew== </X509Certificate></X509Data></KeyInfo></Signature></NFe><protNFe versao="2.00" xmlns="http://www.portalfiscal.inf.br/nfe";><infProt><tpAmb>1</tpAmb><verAplic>SP_NFE_PL_006j</verAplic><chNFe>35120543270727000100550010000103231020313654</chNFe><dhRecbto>2012-05-25T08:35:48</dhRecbto><nProt>135120291755405</nProt><digVal>vAstTaAGm+Flro+96rhJ+S4JxGA=</digVal><cStat>100</cStat><xMotivo>Autorizado o uso da NF-e</xMotivo></infProt></protNFe></nfeProc>
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
