[xmlsec] Finding Keys

Edward Shallow ed.shallow at rogers.com
Sun Oct 30 06:37:19 PST 2005


Eureka !!!,

     Got it working. That is, Python ctypes against xmlsec on Windows. This
allows Python to call xmslec directly on Windows without the need to compile
a Python "C" extension module. Thus Python Windows users can call Igor's
binaries directly with only Python code.

     Here is what I had to do to get it going ...

- mapped xmlSecMSCryptoAppInit('MY') directly from libxmlsec-mscrypto.dll
instead of from libxmlsec
- mapped xmlSecMSCryptoKeysStoreGetKlass() directly from
libxmlsec-mscrypto.dll instead of from libxmlsec
- mapped xmlSecMSCryptoKeysStoreLoad(.....) directly from
libxmlsec-mscrypto.dll instead of from libxmlsec
- removed xmlSecKeysMngrAdoptKeysStore(.....) from call sequence

I discovered it by doing an xmlSecMSCryptoAppGetCertStoreName which should
have been returning a "MY" but wasn't. 

   This allows the rest of the generic xmlsec code to work fine.

   It might have something to do with defaulting constants I think, not
sure. Perhaps Wouter would know. Small price to pay.

As usual thanks for your help,
Ed

-----Original Message-----
From: Edward Shallow [mailto:ed.shallow at rogers.com] 
Sent: October 28, 2005 4:36 PM
To: 'Aleksey Sanin'
Subject: RE: [xmlsec] Finding Keys

Not sure on the "broken" possibility ...

As you can see keysMngr gets successfully passed in on AdoptKeysStore call
below which subsequently works OK when I KeysMngrFindKey, so I think basic
pointer passing from one call to the next is working. This is the same
convention I used in libxml2.

The one area I can't do is any macro work because Python ctypes requires no
compilation since it marshals calls dynamically to/from "C". Could this
absence cause problems ?

Ed 


    parsedDoc =
libxml2.xmlParseFile('c:/xmlsec/tmpl/tmpl-EPM-sign-enveloped-friendly-rsa.xm
l')
    rootNode = libxml2.xmlDocGetRootElement(parsedDoc)

    sigNode = xmlsec.xmlSecFindNode(rootNode, 'Signature',
'http://www.w3.org/2000/09/xmldsig#')
    print 'found signature node with name', sigNode.contents.name, 'and
type', sigNode.contents.type  

    keysMngr = xmlsec.xmlSecKeysMngrCreate()
    rc = xmlsec.xmlSecCryptoAppDefaultKeysMngrInit(keysMngr)
    print 'CryptoAppDefaultKeysMngrInit returned with rc', rc

    id = xmlsec.xmlSecSimpleKeysStoreGetKlass()
    keyStore = xmlsec.xmlSecKeyStoreCreate(id)
    rc = xmlsec.xmlSecSimpleKeysStoreLoad(keyStore,
'c:/xmlsec/keys/keys2.xml', keysMngr)
    print 'SimpleKeysStoreLoad returned with rc', rc
    rc = xmlsec.xmlSecKeysMngrAdoptKeysStore(keysMngr, keyStore)
    print 'KeysMngrAdoptKeysStore returned with rc', rc

    dsigCtx = xmlsec.xmlSecDSigCtxCreate()
    rc = xmlsec.xmlSecDSigCtxInitialize(dsigCtx, keysMngr)
    print 'DSigCtxInitialize returned with rc', rc

    keyInfoCtx = xmlsec.xmlSecKeyInfoCtxCreate(keysMngr)
    print 'keyInfoCtx.contents.keysMngr', keyInfoCtx.contents.keysMngr,
'keyInfoCtx.contents.mode', keyInfoCtx.contents.mode

    key = xmlsec.xmlSecKeysMngrFindKey(keysMngr, 'test-rsa', keyInfoCtx)
    print 'xmlSecKeysMngrFindKey returned with key', key.contents.name

    key = xmlsec.xmlSecKeyStoreFindKey(keyStore, 'test-rsa', keyInfoCtx)
    print 'xmlSecKeyStoreFindKey returned with key', key.contents.name

    keyInfoNode = xmlsec.xmlSecFindNode(sigNode, 'KeyInfo',
'http://www.w3.org/2000/09/xmldsig#')
    print 'found KeyInfo node with name and type',
keyInfoNode.contents.name, keyInfoNode.contents.type
    print 'about to execute xmlSecKeysMngrGetKey'
    key = xmlsec.xmlSecKeysMngrGetKey(keyInfoNode, keyInfoCtx)
    print 'xmlSecKeysMngrGetKey returned with key', key.contents.name

#    xmlsec.xmlSecKeyInfoCtxDebugDump(keyInfoCtx, stdout)
    xmlsec.xmlSecDSigCtxDebugDump(dsigCtx, stdout) 
    rc = xmlsec.xmlSecDSigCtxSign(dsigCtx, sigNode)
    print 'Signature creation complete with status code', rc 

-----Original Message-----
From: Aleksey Sanin [mailto:aleksey at aleksey.com]
Sent: October 28, 2005 4:10 PM
To: ed.shallow at rogers.com
Cc: xmlsec at aleksey.com
Subject: Re: [xmlsec] Finding Keys

> Do you see something obvious that I don't see ?
Stupid idea but ... would it be possible that Python wrapper does not pass
the key manager to dsig context correctly? E.g. the assignment operator for
keys manager is broken or it's just the Python syntax/semantic?

Aleksey





More information about the xmlsec mailing list