[xmlsec] Re: Error Signing the xml document
Yeshwanth C
cyeshwanth at gmail.com
Sun Dec 3 21:41:33 PST 2006
Hi Aleksey,
I am literally trying out the sample you have given in the tutorials.
I am pasting it below. Upon debugging, the point of failure is detected in
the following function in file xmldsig.c and marked in red.
static int
*xmlSecDSigCtxProcessSignatureNode*(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr
node) {
xmlSecTransformDataType firstType;
xmlNodePtr signedInfoNode = NULL;
xmlNodePtr keyInfoNode = NULL;
xmlNodePtr cur;
int ret;
xmlSecAssert2(dsigCtx != NULL, -1);
xmlSecAssert2((dsigCtx->operation == xmlSecTransformOperationSign) ||
(dsigCtx->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(dsigCtx->status == xmlSecDSigStatusUnknown, -1);
xmlSecAssert2(dsigCtx->signValueNode == NULL, -1);
xmlSecAssert2(dsigCtx->signMethod == NULL, -1);
//*BELOW LINE IS WHERE THE CODE FAILS -*
* xmlSecAssert2(dsigCtx->c14nMethod == NULL, -1); *
xmlSecAssert2(node != NULL, -1);
.....
}
The client code is pasted below -
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include <libxml/tree.h>
#include <libxml/xmlmemory.h>
#include <libxml/parser.h>
#define XMLSEC_CRYPTO_OPENSSL
#ifndef XMLSEC_NO_XSLT
#include <libxslt/xslt.h>
#endif /* XMLSEC_NO_XSLT */
#include <xmlsec/xmlsec.h>
#include <xmlsec/xmltree.h>
#include <xmlsec/xmldsig.h>
#include <xmlsec/crypto.h>
int sign_file(const char* tmpl_file, const char* key_file);
int
main(int argc, char **argv) {
assert(argv);
if(argc != 3) {
fprintf(stderr, "Error: wrong number of arguments.\n");
fprintf(stderr, "Usage: %s <tmpl-file> <key-file>\n", argv[0]);
return(1);
}
/* Init libxml and libxslt libraries */
xmlInitParser();
LIBXML_TEST_VERSION
xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
xmlSubstituteEntitiesDefault(1);
#ifndef XMLSEC_NO_XSLT
xmlIndentTreeOutput = 1;
#endif /* XMLSEC_NO_XSLT */
/* Init xmlsec library */
if(xmlSecInit() < 0) {
fprintf(stderr, "Error: xmlsec initialization failed.\n");
return(-1);
}
/* Check loaded library version */
if(xmlSecCheckVersion() != 1) {
fprintf(stderr, "Error: loaded xmlsec library version is not
compatible.\n");
return(-1);
}
/* Load default crypto engine if we are supporting dynamic
* loading for xmlsec-crypto libraries. Use the crypto library
* name ("openssl", "nss", etc.) to load corresponding
* xmlsec-crypto library.
*/
#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) {
fprintf(stderr, "Error: unable to load default xmlsec-crypto library.
Make sure\n"
"that you have it installed and check shared libraries
path\n"
"(LD_LIBRARY_PATH) envornment variable.\n");
return(-1);
}
#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
/* Init crypto library */
if(xmlSecCryptoAppInit(NULL) < 0) {
fprintf(stderr, "Error: crypto initialization failed.\n");
return(-1);
}
/* Init xmlsec-crypto library */
if(xmlSecCryptoInit() < 0) {
fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
return(-1);
}
if(sign_file(argv[1], argv[2]) < 0) {
return(-1);
}
/* Shutdown xmlsec-crypto library */
xmlSecCryptoShutdown();
/* Shutdown crypto library */
xmlSecCryptoAppShutdown();
/* Shutdown xmlsec library */
xmlSecShutdown();
/* Shutdown libxslt/libxml */
#ifndef XMLSEC_NO_XSLT
xsltCleanupGlobals();
#endif /* XMLSEC_NO_XSLT */
xmlCleanupParser();
return(0);
}
/**
* sign_file:
* @tmpl_file: the signature template file name.
* @key_file: the PEM private key file name.
*
* Signs the #tmpl_file using private key from #key_file.
*
* Returns 0 on success or a negative value if an error occurs.
*/
int
sign_file(const char* tmpl_file, const char* key_file) {
xmlDocPtr doc = NULL;
xmlNodePtr node = NULL;
xmlSecDSigCtxPtr dsigCtx = NULL;
int res = -1;
assert(tmpl_file);
assert(key_file);
/* load template */
doc = xmlParseFile(tmpl_file);
if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
fprintf(stderr, "Error: unable to parse file \"%s\"\n", tmpl_file);
goto done;
}
/* find start node */
node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature,
xmlSecDSigNs);
if(node == NULL) {
fprintf(stderr, "Error: start node not found in \"%s\"\n", tmpl_file);
goto done;
}
/* create signature context, we don't need keys manager in this example
*/
dsigCtx = xmlSecDSigCtxCreate(NULL);
if(dsigCtx == NULL) {
fprintf(stderr,"Error: failed to create signature context\n");
goto done;
}
/* load private key, assuming that there is not password */
dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file,
xmlSecKeyDataFormatPem, /*NULL*/"bala", NULL, NULL);
if(dsigCtx->signKey == NULL) {
fprintf(stderr,"Error: failed to load private pem key from
\"%s\"\n", key_file);
goto done;
}
/* set key name to the file name, this is just an example! */
if(xmlSecKeySetName(dsigCtx->signKey, BAD_CAST (key_file)) < 0) {
fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n",
key_file);
goto done;
}
* /* sign the template */*
* if(xmlSecDSigCtxSign(dsigCtx, node) < 0) {*
* fprintf(stderr,"Error: signature failed\n");*
* goto done;*
* }*
/* print signed document to stdout */
xmlDocDump(stdout, doc);
/* success */
res = 0;
done:
/* cleanup */
if(dsigCtx != NULL) {
xmlSecDSigCtxDestroy(dsigCtx);
}
if(doc != NULL) {
xmlFreeDoc(doc);
}
return(res);
}
The xml file and key file are also pasted below -
<?xml version="1.0" encoding="UTF-8" ?>
*-*<file:///D:/yeshwanth/Yeshwanth/DLL/LicenseManager/bin/Debug/write.xml##>
<!--
XML Security Library example: Simple signature template file for sign1 example.
* * -->
*-*<file:///D:/yeshwanth/Yeshwanth/DLL/LicenseManager/bin/Debug/write.xml##>
<Envelope xmlns="*urn:envelope*">
* * <Data>*Hello, World!*</Data>
*-*<file:///D:/yeshwanth/Yeshwanth/DLL/LicenseManager/bin/Debug/write.xml##>
<Signature xmlns="*http://www.w3.org/2000/09/xmldsig#*">
*-*<file:///D:/yeshwanth/Yeshwanth/DLL/LicenseManager/bin/Debug/write.xml##>
<SignedInfo>
* * <CanonicalizationMethod Algorithm="*
http://www.w3.org/TR/2001/REC-xml-c14n-20010315*" />
* * <SignatureMethod Algorithm="*http://www.w3.org/2000/09/xmldsig#rsa-sha1*"
/>
*-*<file:///D:/yeshwanth/Yeshwanth/DLL/LicenseManager/bin/Debug/write.xml##>
<Reference URI="">
*-*<file:///D:/yeshwanth/Yeshwanth/DLL/LicenseManager/bin/Debug/write.xml##>
<Transforms>
* * <Transform Algorithm="*
http://www.w3.org/2000/09/xmldsig#enveloped-signature*" />
* * </Transforms>
* * <DigestMethod Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
* * <DigestValue />
* * </Reference>
* * </SignedInfo>
* * <SignatureValue />
*-*<file:///D:/yeshwanth/Yeshwanth/DLL/LicenseManager/bin/Debug/write.xml##>
<KeyInfo>
* * <KeyName />
* * </KeyInfo>
* * </Signature>
* * </Envelope>
The .pem file contents are also pasted below:-
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,0F27CF23A060B31A
ft00DxahgotEwqK8R/w0uOB0288Qdf+5ha1laHXOSgGS9saeFpt2fIEddGsjJ5RS
nEoTFVPMj4p3vwaUXtnSVNZ7gNL//xXXYNzXMQBI1AyMGVrJIRhsLs0lr0+qcMCN
QRji51z8qssKNh2vcQRy/Y4YD8gj4bFYDPGmE9bWlTJhV4wLzdh8DYxis/LJdBye
T2dlHP2HYAybWMrRq3AvyeP8HArvXphPbdQ3sBomwBp+HbuuLhRLnEHu1nFM6RjW
BApzyyiBsKcld7AgRjWtMOocB3mzDtPZnFygRIFF5eJcaj0hywdcJ/lPQzbKe0RP
fEy01L0VxFQ+T/JRTQwJfRV8Irc2Z9ypZ0JPwe86NoeOsaMjTCpvXFg4UAgMWWSp
mxR1uVjbXkAh80Bp0tZDlFMxk+bs2eTQtNbBBNyE9asxxeveMmsDFw6XIovKkV3N
KuUaQEz9tx9QJh8thzgLLdCXcotcul/VdlBtHFKMfKruAJ6uFT/gvhDh//oQjDaE
tyGMCP2xCM4DFdWVlrodkVh3wUJV4RQArsjWh8G8qM7CORY/jINXEyhzxSSx8iBz
Mztq7G7S2uNx983MMqlfeHrkYHmStcTyFz7D8z/g8cxfyjCRbrSmHbtz3/F6Y21Z
1+Q1b7GcY82oaMFCOBa/62/ZdXs3LsKbIepDzcma32bqO4onbQx95xZXoeCydZnh
etfsQ8JvPd1z2VCva0IpdrV6/xIXugmyqlVPO7SszljuGncqAV0ggmBBz1SECwsd
FSnp/9e43LQjtSF96F762chX35SKwEhvTnEcpZ2gJJyT+rsFF7xOpQ==
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICjjCCAfegAwIBAgIBADANBgkqhkiG9w0BAQUFADBrMR8wHQYJKoZIhvcNAQkB
FhBiYWxhQHBzaWRhdGEuY29tMREwDwYDVQQKEwhwc2kgZGF0YTEMMAoGA1UECxMD
cHNpMQwwCgYDVQQHEwNibHIxDDAKBgNVBAgTA2thcjELMAkGA1UEBhMCaW4wHhcN
MDYwNjA3MDY1OTA3WhcNMDcwNjA3MDY1OTA3WjBrMR8wHQYJKoZIhvcNAQkBFhBi
YWxhQHBzaWRhdGEuY29tMREwDwYDVQQKEwhwc2kgZGF0YTEMMAoGA1UECxMDcHNp
MQwwCgYDVQQHEwNibHIxDDAKBgNVBAgTA2thcjELMAkGA1UEBhMCaW4wgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBAKuGfVy/A45AhHeNy35gBcHOEFv3F+zAXfgK
qk0KLTBqx+BmuQ7pSGKLNsNdDlqU0WlppJ2caP9X7jLGFIPmt3I8OzD7KJlfdZjZ
voS5Qq4ukMcyQP0hOjAPuqE5/exLz9kbmYXiHZfN4yOWPCl6rzzJ4Q3uffMZYCEI
IZDivC0HAgMBAAGjQjBAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgIkMBMGA1UdJQQM
MAoGCCsGAQUFBwMBMBEGCWCGSAGG+EIBAQQEAwIGQDANBgkqhkiG9w0BAQUFAAOB
gQCky3Ov2mUTgY6uNkbVTQWVFec7sDIrpaxwSVjbbwWA34tK3E7tqBiFJqQPPZDl
/cCmcYyeNvvMAr6YzC1U6P+nRuoAJ4sot14o01GmUS51QQpo+IjZs8ycBVkIXuZ9
LvlnELNZQa9Ea8IITX4MH0dFp0h5wTzYtrBuw/qRzLH5RA==
-----END CERTIFICATE-----
Thanks for your prompt response and hoping for a solution.
Regards
Yesh.
-----Original Message-----
From: Aleksey Sanin [mailto:aleksey at aleksey.com]
Sent: Friday, December 01, 2006 8:46 PM
To: yeshwanth.c
Cc: xmlsec at aleksey.com
Subject: Re: [xmlsec] Error signing the following xml document
> While signing the following example xml document using the xmlsec
libraries,
Do you sign this document using xmlsec command line utility? What
are the command line parameters? Or do you do it from the C code?
Can you share it?
BTW, I noticed the disclaimer at the bottom of your emails. This is
a public forum and the disclaimer does not make sense. Please, remove
it from your future posts.
Thanks,
Aleksey
Hi,
While signing the following example xml document,
* * <?xml version="1.0" encoding="UTF-8" ?>
*-*<file:///D:/yeshwanth/Yeshwanth/DLL/LicenseManager/LicenseGenerator/write.xml##>
<!--
XML Security Library example: Simple signature template file for sign1 example.
* * -->
*-*<file:///D:/yeshwanth/Yeshwanth/DLL/LicenseManager/LicenseGenerator/write.xml##>
<Envelope xmlns="*urn:envelope*">
* * <Data>*Hello, World!*</Data>
*-*<file:///D:/yeshwanth/Yeshwanth/DLL/LicenseManager/LicenseGenerator/write.xml##>
<Signature xmlns="*http://www.w3.org/2000/09/xmldsig#*">
*-*<file:///D:/yeshwanth/Yeshwanth/DLL/LicenseManager/LicenseGenerator/write.xml##>
<SignedInfo>
* * <CanonicalizationMethod Algorithm="*
http://www.w3.org/TR/2001/REC-xml-c14n-20010315*" />
* * <SignatureMethod Algorithm="*http://www.w3.org/2000/09/xmldsig#rsa-sha1*"
/>
*-*<file:///D:/yeshwanth/Yeshwanth/DLL/LicenseManager/LicenseGenerator/write.xml##>
<Reference URI="">
*-*<file:///D:/yeshwanth/Yeshwanth/DLL/LicenseManager/LicenseGenerator/write.xml##>
<Transforms>
* * <Transform Algorithm="*
http://www.w3.org/2000/09/xmldsig#enveloped-signature*" />
* * </Transforms>
* * <DigestMethod Algorithm="*http://www.w3.org/2000/09/xmldsig#sha1*" />
* * <DigestValue />
* * </Reference>
* * </SignedInfo>
* * <SignatureValue />
*-*<file:///D:/yeshwanth/Yeshwanth/DLL/LicenseManager/LicenseGenerator/write.xml##>
<KeyInfo>
* * <KeyName />
* * </KeyInfo>
* * </Signature>
* * </Envelope>
I I get the following error: -
*func=xmlSecDSigCtxProcessSignatureNode:*
*file=..\src\xmldsig.c:line=465:obj=unknow**n:*
*subj=dsigCtx->c14nMethod == NULL:*
*error=100:assertion:*
*func=xmlSecDSigCtxSign:file=..\src\xmldsig.c:*
*line=303:obj=unknown:subj=xmlSecDSi**gCtxSigantureProcessNode:*
*error=1:xmlsec library function failed:*
*Error: signature failed*
Please could somebody help me out with this?
Thanks in advance,
Yesh.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20061204/7ad578f5/attachment-0002.htm
More information about the xmlsec
mailing list