gcc -m64 -DHAVE_CONFIG_H -I. -I.. -DXMLSEC_CRYPTO=\"openssl\" -DPACKAGE=\"xmlsec1\" -I../include -I../include -D__XMLSEC_FUNCTION__=__FUNCTION__ -DXMLSEC_NO_SIZE_T -DXMLSEC_NO_GOST=1 -DXMLSEC_NO_XKMS=1 -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1 -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1 -I/usr/include/libxml2   -I/usr/include/libxml2        -g -O2 -MT xmlsec.o -MD -MP -MF .deps/xmlsec.Tpo -c -o xmlsec.o xmlsec.c<div>
<br><br><div class="gmail_quote">On Wed, Oct 13, 2010 at 6:38 PM, Aleksey Sanin <span dir="ltr"><<a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Well, I have no idea how xmlsec was compiled.<br><font color="#888888">
<br>
Aleksey</font><div><div></div><div class="h5"><br>
<br>
On 10/13/10 2:31 PM, Erik Smith wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div></div><div class="h5">
It looks like the open SSL Dir issue was a bad library interaction.  So<br>
I made sure all relavant libs were up-to-date and dynamically loaded.<br>
<br>
libxml version: 2.7.7<br>
xmlsec version: 1.2.16<br>
libxslt version: 1.1.26<br>
<br>
When I use xmlSecCryptoAppKeysMngrCertLoad, I do get a "key is not<br>
found", which I think has to do with it looking for a cert as a key in<br>
the document.  I had tried this to address the open SSL Dir issue which<br>
appears to have been resolve as stated above.<br>
<br>
Going back to<br>
xmlSecCryptoAppKeyLoad / xmlSecCryptoAppDefaultKeysMngrAdoptKey as it is<br>
seen originally in the code below gets me back to the same error with<br>
the corrupted status:<br>
<br>
status before xmlSecDSigCtxVerify: 0<br>
status after xmlSecDSigCtxVerify: 5361840<br>
<br>
compilation is simple:<br>
<br>
export LD_LIBRARY_PATH=$NDTOOLS/lib:$LD_LIBRARY_PATH<br>
<br>
g++ -c xs2.cpp -o xs2.o -g -fexceptions -Wall -Wno-sign-compare<br>
-Wno-unused -m64 -g -D_REENTRANT -D_PTHREADS -DXMLSEC_CRYPTO_OPENSSL -I.<br>
-I$NDTOOLS/include -I$NDTOOLS/include/libxml2 -I$NDTOOLS/include/xmlsec1<br>
<br>
g++ -o xs2 xs2.o -lxml2 -lxslt -lssl -lcrypto -lz -ldl -lxmlsec1<br>
-lxmlsec1-openssl -m64<br>
<br>
erik<br>
<br>
<br>
<br>
On Wed, Oct 13, 2010 at 1:47 PM, Aleksey Sanin <<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a><br></div></div><div class="im">
<mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>>> wrote:<br>
<br>
    It might be hard coded from OpenSSL during compilation<br>
<br>
<br>
    On 10/13/10 12:11 PM, Erik Smith wrote:<br>
<br>
        The same code run on the earlier library versions did not have this<br>
        issue (see code below).    Do I need to specify a directory if<br>
        I'm just<br>
        loading a cert in a manger?<br>
<br>
        erik<br>
<br>
        On Wed, Oct 13, 2010 at 12:09 PM, Aleksey Sanin<br>
        <<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>><br></div><div class="im">
        <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>>>> wrote:<br>
<br>
            No changes, it is a part of xmlsec-openssl init process.<br>
<br>
<br>
            On 10/13/10 12:07 PM, Erik Smith wrote:<br>
<br>
                I'm not specifying any directories in the code, only two<br>
        files<br>
                in the<br>
                CWD.    Did something change in recent version that<br>
        requires a cert<br>
                directory for openssl?<br>
<br>
                erik<br>
<br>
                On Wed, Oct 13, 2010 at 12:04 PM, Aleksey Sanin<br>
        <<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>><br>
        <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>>><br></div><div class="im">
        <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>><br>
        <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>>>>> wrote:<br>
<br></div><div><div></div><div class="h5">
                    The dir might not exists?<br>
<br>
                    Aleksey<br>
<br>
<br>
                    On 10/13/10 10:56 AM, Erik Smith wrote:<br>
<br>
                        I rebuilt libxml, xmlsec, and libxslt to the<br>
        latest and<br>
                I get an<br>
                        x509<br>
                        error for some reason.  Any ideas on this?<br>
<br>
                        libxml version: 2.7.7<br>
                        xmlsec version: 1.2.16<br>
                        libxslt version: 1.1.26<br>
<br>
<br>
          func=xmlSecOpenSSLX509StoreInitialize:file=x509vfy.c:line=657:obj=x509-store:subj=X509_LOOKUP_add_dir:error=4:crypto<br>
                        library function failed:<br>
<br>
<br>
          func=xmlSecKeyDataStoreCreate:file=keysdata.c:line=1330:obj=x509-store:subj=id->initialize:error=1:xmlsec<br>
                        library function failed:<br>
<br>
<br>
          func=xmlSecOpenSSLKeysMngrInit:file=crypto.c:line=330:obj=unknown:subj=xmlSecKeyDataStoreCreate:error=1:xmlsec<br>
                        library function failed:xmlSecOpenSSLX509StoreId<br>
<br>
<br>
          func=xmlSecOpenSSLAppDefaultKeysMngrInit:file=app.c:line=1331:obj=unknown:subj=xmlSecOpenSSLKeysMngrInit:error=1:xmlsec<br>
                        library function failed:<br>
<br>
<br>
<br>
                        2010/10/13 Aleksey Sanin <<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a><br>
        <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>><br>
        <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>>><br>
        <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>><br>
        <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>>>><br></div></div><div><div>
</div><div class="h5">
        <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>><br>
        <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>>><br>
<br>
        <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>><br>
        <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>>>>>><br>
<br>
<br>
                            Sounds like you are compiling your<br>
        application with<br>
                        different flags<br>
                            compared to xmlsec. Something like structure<br>
        members<br>
                alignment<br>
                            or debug vs. release.<br>
<br>
                            Aleksey<br>
<br>
<br>
                            On 10/13/10 7:32 AM, Erik Smith wrote:<br>
<br>
                                xmlsec output:<br>
<br>
                                OK<br>
                                SignedInfo References (ok/all): 1/1<br>
                                Manifests References (ok/all): 0/0<br>
                                = VERIFICATION CONTEXT<br>
                                == Status: succeeded<br>
                                == flags: 0x00000006<br>
                                == flags2: 0x00000000<br>
                                == Key Info Read Ctx:<br>
                                = KEY INFO READ CONTEXT<br>
                                == flags: 0x00000000<br>
                                == flags2: 0x00000000<br>
                                == enabled key data: all<br>
                                == RetrievalMethod level (cur/max): 0/1<br>
                                == TRANSFORMS CTX (status=0)<br>
                                == flags: 0x00000000<br>
                                == flags2: 0x00000000<br>
                                == enabled transforms: all<br>
                                === uri: NULL<br>
                                === uri xpointer expr: NULL<br>
                                == EncryptedKey level (cur/max): 0/1<br>
                                === KeyReq:<br>
                                ==== keyId: rsa<br>
                                ==== keyType: 0x00000001<br>
                                ==== keyUsage: 0x00000002<br>
                                ==== keyBitsSize: 0<br>
                                === list size: 0<br>
                                == Key Info Write Ctx:<br>
                                = KEY INFO WRITE CONTEXT<br>
                                == flags: 0x00000000<br>
                                == flags2: 0x00000000<br>
                                == enabled key data: all<br>
                                == RetrievalMethod level (cur/max): 0/1<br>
                                == TRANSFORMS CTX (status=0)<br>
                                == flags: 0x00000000<br>
                                == flags2: 0x00000000<br>
                                == enabled transforms: all<br>
                                === uri: NULL<br>
                                === uri xpointer expr: NULL<br>
                                == EncryptedKey level (cur/max): 0/1<br>
                                === KeyReq:<br>
                                ==== keyId: NULL<br>
                                ==== keyType: 0x00000001<br>
                                ==== keyUsage: 0xffffffff<br>
                                ==== keyBitsSize: 0<br>
                                === list size: 0<br>
                                == Signature Transform Ctx:<br>
                                == TRANSFORMS CTX (status=2)<br>
                                == flags: 0x00000000<br>
                                == flags2: 0x00000000<br>
                                == enabled transforms: all<br>
                                === uri: NULL<br>
                                === uri xpointer expr: NULL<br>
                                === Transform: exc-c14n<br>
<br>
          (href=<a href="http://www.w3.org/2001/10/xml-exc-c14n#" target="_blank">http://www.w3.org/2001/10/xml-exc-c14n#</a>)<br>
                                === Transform: rsa-sha1<br>
<br>
          (href=<a href="http://www.w3.org/2000/09/xmldsig#rsa-sha1" target="_blank">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a>)<br>
                                === Transform: membuf-transform (href=NULL)<br>
                                == Signature Method:<br>
                                === Transform: rsa-sha1<br>
<br>
          (href=<a href="http://www.w3.org/2000/09/xmldsig#rsa-sha1" target="_blank">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a>)<br>
                                == Signature Key:<br>
                                == KEY<br>
                                === method: RSAKeyValue<br>
                                === key type: Public<br>
                                === key usage: -1<br>
                                === rsa key: size = 1024<br>
                                === list size: 1<br>
                                === X509 Data:<br>
                                ==== Certificate:<br>
                                ==== Subject Name:<br>
<br>
          /C=US/ST=TN/L=Nashville/O=Emdeon/OU=Emdeon/CN=Emdeon<br>
                                ==== Issuer Name:<br>
<br>
          /C=US/ST=TN/L=Nashville/O=Emdeon/OU=Emdeon/CN=Emdeon<br>
                                ==== Issuer Serial: 4CAB2D3B<br>
                                == SignedInfo References List:<br>
                                === list size: 1<br>
                                = REFERENCE VERIFICATION CONTEXT<br>
                                == Status: succeeded<br>
                                == URI:<br>
        "#Response-guid-ab3e423b-4f6e-4376-b910-553b31bc6404"<br>
                                == Reference Transform Ctx:<br>
                                == TRANSFORMS CTX (status=2)<br>
                                == flags: 0x00000000<br>
                                == flags2: 0x00000000<br>
                                == enabled transforms: all<br>
                                === uri:<br>
                                === uri xpointer expr:<br>
<br>
          #Response-guid-ab3e423b-4f6e-4376-b910-553b31bc6404<br>
                                === Transform: xpointer<br>
<br>
          (href=<a href="http://www.w3.org/2001/04/xmldsig-more/xptr" target="_blank">http://www.w3.org/2001/04/xmldsig-more/xptr</a>)<br>
                                === Transform: enveloped-signature<br>
<br>
<br>
          (href=<a href="http://www.w3.org/2000/09/xmldsig#enveloped-signature" target="_blank">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a>)<br>
                                === Transform: exc-c14n<br>
<br>
          (href=<a href="http://www.w3.org/2001/10/xml-exc-c14n#" target="_blank">http://www.w3.org/2001/10/xml-exc-c14n#</a>)<br>
                                === Transform: membuf-transform (href=NULL)<br>
                                === Transform: sha1<br>
                        (href=<a href="http://www.w3.org/2000/09/xmldsig#sha1" target="_blank">http://www.w3.org/2000/09/xmldsig#sha1</a>)<br>
                                === Transform: membuf-transform (href=NULL)<br>
                                == Digest Method:<br>
                                === Transform: sha1<br>
                        (href=<a href="http://www.w3.org/2000/09/xmldsig#sha1" target="_blank">http://www.w3.org/2000/09/xmldsig#sha1</a>)<br>
                                == PreDigest data - start buffer:<br>
        <Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol"<br>
<br>
          xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"<br>
<br>
          xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"<br>
                                xmlns:xsd="<a href="http://www.w3.org/2001/XMLSchema" target="_blank">http://www.w3.org/2001/XMLSchema</a>"<br>
<br>
                  xmlns:xsi="<a href="http://www.w3.org/2001/XMLSchema-instance" target="_blank">http://www.w3.org/2001/XMLSchema-instance</a>"<br>
                                IssueInstant="2010-10-06T21:15:38.906Z"<br>
                MajorVersion="1"<br>
                                MinorVersion="1"<br>
        Recipient="<a href="http://amgr.emdeon.com" target="_blank">http://amgr.emdeon.com</a>"<br>
<br>
<br>
<br>
          ResponseID="Response-guid-ab3e423b-4f6e-4376-b910-553b31bc6404"><Status><StatusCode<br>
<br>
                  Value="samlp:Success"></StatusCode></Status><Assertion<br>
<br>
          xmlns="urn:oasis:names:tc:SAML:1.0:assertion"<br>
<br>
                  AssertionID="kpenti-df8fac42-ac9d-4317-98c4-7c05fc4bb761"<br>
                                IssueInstant="2010-10-06T16:15:38.906Z"<br>
                                Issuer="<a href="http://access.emdeon.com" target="_blank">http://access.emdeon.com</a>"<br>
        MajorVersion="1"<br>
                                MinorVersion="1"><Conditions<br>
                        NotBefore="2010-10-06T21:15:38.905Z"<br>
<br>
<br>
<br>
          NotOnOrAfter="2010-10-06T21:25:38.905Z"></Conditions><AuthenticationStatement<br>
<br>
          AuthenticationInstant="2010-10-06T16:15:38.906Z"<br>
<br>
<br>
<br>
          AuthenticationMethod="urn:oasis:names:tc:1.0:am:password"><Subject><NameIdentifier>kpenti</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:1.0:cm:bearer</ConfirmationMethod></SubjectConfirmation></Subject></AuthenticationStatement></Assertion></Response><br>

                                == PreDigest data - end buffer<br>
                                == Manifest References List:<br>
                                === list size: 0<br>
<br>
<br>
                                On Wed, Oct 13, 2010 at 7:28 AM, Aleksey<br>
        Sanin<br>
        <<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>><br>
        <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>>><br>
        <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>><br>
        <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>>>><br>
        <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>><br>
        <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>>><br>
        <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>><br>
        <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>>>>><br>
        <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>><br>
        <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>>><br>
        <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>><br>
        <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>>>><br>
        <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>><br>
        <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>>><br>
        <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>><br>
        <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>>>>>>> wrote:<br>
<br>
                                    What is the output of the xmlsec1<br>
        command?<br>
<br>
                                    Aleksey<br>
<br>
<br>
                                    On 10/12/10 11:36 PM, Erik Smith wrote:<br>
<br>
                                        After I call<br>
        xmlSecDSigCtxVerify, the<br>
                status in the<br>
                                contex is<br>
                                        corrupted<br>
                                        with a large number.   However<br>
        xmlsec1<br>
                reports<br>
                                validation as OK.<br>
<br>
                                        xmlsec1 --verify<br>
        --pubkey-cert-pem cert.crt<br>
                                --store-references<br>
                                        --id-attr:ResponseID<br>
<br>
                  urn:oasis:names:tc:SAML:1.0:protocol:Response<br>
                        /saml.xml<br>
<br>
                                        Also xmlSecDSigCtxDebugDump<br>
        output is<br>
                exactly<br>
                        the same for<br>
                                        xmlsec1 and<br>
                                        my program.<br>
<br>
                                        I've reduced the code down to<br>
        what is<br>
                below and I'm<br>
                                having trouble<br>
                                        seeing what could be wrong.<br>
<br>
                                        libxml version: 2.6.27<br>
                                        xmlsec version: 1.2.11<br>
<br>
                                        Thanks for any help.<br>
<br>
<br>
<br>
                                        #include <iostream><br>
                                        #include <xmlsec/xmltree.h><br>
                                        #include <xmlsec/xmldsig.h><br>
                                        #include <xmlsec/crypto.h><br>
                                        #include <xmlsec/errors.h><br>
<br>
                                        #ifndef XMLSEC_NO_XSLT<br>
                                        #include <libxslt/xslt.h><br>
                                        #endif<br>
<br>
                                        void error(const char *);<br>
<br>
                                        int main(int argc, char **argv) {<br>
                                             using namespace std;<br>
                                             int status(0);<br>
<br>
                                             xmlSecKeysMngrPtr mngr_;<br>
                                             xmlSecDSigCtxPtr dsigCtx;<br>
                                             xmlDocPtr doc_;<br>
<br>
                                             cout << "libxml version: " <<<br>
                        LIBXML_DOTTED_VERSION<br>
        << endl;<br>
                                             cout << "xmlsec version: " <<<br>
                        XMLSEC_VERSION << endl;<br>
<br>
                                             xmlInitParser();<br>
                                             LIBXML_TEST_VERSION;<br>
                                             xmlLoadExtDtdDefaultValue =<br>
                XML_DETECT_IDS |<br>
                                        XML_COMPLETE_ATTRS;<br>
<br>
        xmlSubstituteEntitiesDefault(1);<br>
<br>
                                        #ifndef XMLSEC_NO_XSLT<br>
                                             xmlIndentTreeOutput = 1;<br>
                                        #endif<br>
                                             // Init xmlsec library<br>
                                             if (xmlSecInit() < 0)<br>
                error("xmlSecInit");<br>
                                             if (xmlSecCheckVersion() != 1)<br>
                                error("xmlSecCheckVersion");<br>
<br>
                                        #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING<br>
<br>
        if(xmlSecCryptoDLLoadLibrary(BAD_CAST<br>
        "openssl") < 0)<br>
                                        error("xmlSecCryptoDLLoadLibrary");<br>
                                        #endif<br>
<br>
<br>
        if(xmlSecCryptoAppInit(NULL) < 0)<br>
                        error("Error: crypto<br>
                                        initialization failed.");<br>
                                             if(xmlSecCryptoInit() < 0)<br>
                error("Error:<br>
                        xmlsec-crypto<br>
                                        initialization failed.");<br>
<br>
                                             mngr_ = xmlSecKeysMngrCreate();<br>
                                             if (!mngr_) error("bad");<br>
<br>
                                             if<br>
                        (xmlSecCryptoAppDefaultKeysMngrInit(mngr_) < 0)<br>
                                        error("bad");<br>
<br>
                                             xmlSecKeyDataFormat<br>
                        format(xmlSecKeyDataFormatCertPem);<br>
                                             xmlSecKeyPtr key =<br>
                        xmlSecCryptoAppKeyLoad("cert.crt",<br>
                                        format, NULL,<br>
                                        NULL, NULL);<br>
                                             if (!key) error("key load<br>
        error");<br>
<br>
<br>
                        if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr_,<br>
                                key) < 0)<br>
                                        error("could not add key");<br>
<br>
                                             doc_ =<br>
        xmlParseFile("saml.xml");<br>
                                             if (!doc_ ||<br>
                !xmlDocGetRootElement(doc_))<br>
                        error("bad");<br>
<br>
                                             set_id(doc_);<br>
<br>
                                             xmlNodePtr node =<br>
                                xmlSecFindNode(xmlDocGetRootElement(doc_),<br>
                                        xmlSecNodeSignature, xmlSecDSigNs);<br>
                                             if (!node) error("start<br>
        node not<br>
                found");<br>
<br>
                                             dsigCtx =<br>
        xmlSecDSigCtxCreate(mngr_);<br>
                                             if (!dsigCtx) error("failed to<br>
                create signature<br>
                                context");<br>
<br>
                                             std::cout << "status<br>
        before: " <<<br>
                        dsigCtx->status<br>
        << std::endl;<br>
                                             if<br>
        (xmlSecDSigCtxVerify(dsigCtx,<br>
                node) < 0)<br>
                                        error("signature verify<br>
                                        error");<br>
                                             std::cout << "status: " <<<br>
                dsigCtx->status <<<br>
                                std::endl;<br>
<br>
        //xmlSecDSigCtxDebugDump(dsigCtx,<br>
                stdout);<br>
<br>
                                             return status;<br>
                                        }<br>
<br>
                                        void set_id(xmlDocPtr doc) {<br>
                                             using namespace std;<br>
<br>
                                             xmlNodePtr node =<br>
        xmlSecFindNode(<br>
<br>
        xmlDocGetRootElement(doc),<br>
                                                     BAD_CAST "Response",<br>
                                                     BAD_CAST<br>
        "urn:oasis:names:tc:SAML:1.0:protocol");<br>
<br>
                                             cout << "element name: " <<<br>
                node->name<< endl;<br>
                                             xmlAttrPtr attr =<br>
        xmlHasProp(node,<br>
                BAD_CAST<br>
        "ResponseID");<br>
                                             if (!attr) error("attribute not<br>
                found");<br>
                                             cout << "attribute name: " <<<br>
                attr->name<<<br>
                        endl;<br>
<br>
                                             xmlChar *value =<br>
                        xmlNodeListGetString(node->doc,<br>
                                        attr->children, 1);<br>
                                             if (!value)<br>
                error("xmlNodeListGetString");<br>
                                             cout << "value: " << value<br>
        << endl;<br>
<br>
                                             xmlAttrPtr<br>
        tmp(xmlGetID(node->doc,<br>
                value));<br>
                                             if (tmp) {<br>
                                                 cout << "id already<br>
        registered"<br>
        << endl;<br>
                                             } else {<br>
                                                 xmlIDPtr id =<br>
        xmlAddID(NULL,<br>
                doc, BAD_CAST<br>
                                value, attr);<br>
                                                 if (!id) {<br>
                                                     xmlFree(value); // fix<br>
                                                     error("xmlAddID<br>
        error");<br>
                                                 }<br>
                                                 cout << "id added" << endl;<br>
                                             }<br>
<br>
                                             //xmlFree(value); // fix<br>
                                        }<br>
<br>
                                        void error(const char *e) {<br>
                                             std::cout << e << std::endl;<br>
                                             std::cout << "exiting" <<<br>
        std::endl;<br>
                                             exit(0);<br>
                                        }<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
                  _______________________________________________<br>
                                        xmlsec mailing list<br>
        <a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a> <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>><br>
        <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a> <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>>><br>
        <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a> <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>><br>
        <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a> <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>>>><br>
        <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a> <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>><br>
        <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a> <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>>><br>
        <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a> <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>><br>
        <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a> <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>>>>><br>
        <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a> <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>><br>
        <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a> <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>>><br>
        <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a> <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>><br>
        <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a> <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>>>><br>
        <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a> <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>><br>
        <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a> <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>>><br>
        <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a> <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>><br>
        <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a> <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>>>>>><br>
<br>
<br>
        <a href="http://www.aleksey.com/mailman/listinfo/xmlsec" target="_blank">http://www.aleksey.com/mailman/listinfo/xmlsec</a><br>
<br>
<br>
<br>
<br>
<br>
<br>
</div></div></blockquote>
</blockquote></div><br></div>