[xmlsec] Re: Error Signing the xml document
Yeshwanth C
cyeshwanth at gmail.com
Sun Dec 3 22:16:57 PST 2006
The password to the appended .pem file is "bala".
On 12/4/06, Yeshwanth C <cyeshwanth at gmail.com> wrote:
>
> Hi Aleksey,
>
> I am literally trying out the sample you have given in the tutorials.
>
> I am pasting it below. Upon debugging, the point of failure is detected
> in the following function in file xmldsig.c and marked in red.
>
> static int
>
> *xmlSecDSigCtxProcessSignatureNode*(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr
> node) {
>
> xmlSecTransformDataType firstType;
>
> xmlNodePtr signedInfoNode = NULL;
>
> xmlNodePtr keyInfoNode = NULL;
>
> xmlNodePtr cur;
>
> int ret;
>
> xmlSecAssert2(dsigCtx != NULL, -1);
>
> xmlSecAssert2((dsigCtx->operation == xmlSecTransformOperationSign) ||
> (dsigCtx->operation == xmlSecTransformOperationVerify), -1);
>
> xmlSecAssert2(dsigCtx->status == xmlSecDSigStatusUnknown, -1);
>
> xmlSecAssert2(dsigCtx->signValueNode == NULL, -1);
>
> xmlSecAssert2(dsigCtx->signMethod == NULL, -1);
>
> //*BELOW LINE IS WHERE THE CODE FAILS -*
>
> * xmlSecAssert2(dsigCtx->c14nMethod == NULL, -1); *
>
> xmlSecAssert2(node != NULL, -1);
>
> .....
>
> }
>
> The client code is pasted below -
>
> #include <stdlib.h>
>
> #include <string.h>
>
> #include <assert.h>
>
> #include <libxml/tree.h>
>
> #include <libxml/xmlmemory.h>
>
> #include <libxml/parser.h>
>
> #define XMLSEC_CRYPTO_OPENSSL
>
> #ifndef XMLSEC_NO_XSLT
>
> #include <libxslt/xslt.h>
>
> #endif /* XMLSEC_NO_XSLT */
>
> #include <xmlsec/xmlsec.h>
>
> #include <xmlsec/xmltree.h>
>
> #include <xmlsec/xmldsig.h>
>
> #include <xmlsec/crypto.h>
>
> int sign_file(const char* tmpl_file, const char* key_file);
>
> int
>
> main(int argc, char **argv) {
>
> assert(argv);
>
> if(argc != 3) {
>
> fprintf(stderr, "Error: wrong number of arguments.\n");
>
> fprintf(stderr, "Usage: %s <tmpl-file> <key-file>\n", argv[0]);
>
> return(1);
>
> }
>
> /* Init libxml and libxslt libraries */
>
> xmlInitParser();
>
> LIBXML_TEST_VERSION
>
> xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
>
> xmlSubstituteEntitiesDefault(1);
>
> #ifndef XMLSEC_NO_XSLT
>
> xmlIndentTreeOutput = 1;
>
> #endif /* XMLSEC_NO_XSLT */
>
> /* Init xmlsec library */
>
> if(xmlSecInit() < 0) {
>
> fprintf(stderr, "Error: xmlsec initialization failed.\n");
>
> return(-1);
>
> }
>
> /* Check loaded library version */
>
> if(xmlSecCheckVersion() != 1) {
>
> fprintf(stderr, "Error: loaded xmlsec library version is not
> compatible.\n");
>
> return(-1);
>
> }
>
> /* Load default crypto engine if we are supporting dynamic
>
> * loading for xmlsec-crypto libraries. Use the crypto library
>
> * name ("openssl", "nss", etc.) to load corresponding
>
> * xmlsec-crypto library.
>
> */
>
> #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
>
> if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) {
>
> fprintf(stderr, "Error: unable to load default xmlsec-crypto
> library. Make sure\n"
>
> "that you have it installed and check shared libraries
> path\n"
>
> "(LD_LIBRARY_PATH) envornment variable.\n");
>
> return(-1);
>
> }
>
> #endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
>
> /* Init crypto library */
>
> if(xmlSecCryptoAppInit(NULL) < 0) {
>
> fprintf(stderr, "Error: crypto initialization failed.\n");
>
> return(-1);
>
> }
>
> /* Init xmlsec-crypto library */
>
> if(xmlSecCryptoInit() < 0) {
>
> fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
>
> return(-1);
>
> }
>
> if(sign_file(argv[1], argv[2]) < 0) {
>
> return(-1);
>
> }
>
> /* Shutdown xmlsec-crypto library */
>
> xmlSecCryptoShutdown();
>
> /* Shutdown crypto library */
>
> xmlSecCryptoAppShutdown();
>
> /* Shutdown xmlsec library */
>
> xmlSecShutdown();
>
> /* Shutdown libxslt/libxml */
>
> #ifndef XMLSEC_NO_XSLT
>
> xsltCleanupGlobals();
>
> #endif /* XMLSEC_NO_XSLT */
>
> xmlCleanupParser();
>
> return(0);
>
> }
>
> /**
>
> * sign_file:
>
> * @tmpl_file: the signature template file name.
>
> * @key_file: the PEM private key file name.
>
> *
>
> * Signs the #tmpl_file using private key from #key_file.
>
> *
>
> * Returns 0 on success or a negative value if an error occurs.
>
> */
>
> int
>
> sign_file(const char* tmpl_file, const char* key_file) {
>
> xmlDocPtr doc = NULL;
>
> xmlNodePtr node = NULL;
>
> xmlSecDSigCtxPtr dsigCtx = NULL;
>
> int res = -1;
>
> assert(tmpl_file);
>
> assert(key_file);
>
> /* load template */
>
> doc = xmlParseFile(tmpl_file);
>
> if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
>
> fprintf(stderr, "Error: unable to parse file \"%s\"\n", tmpl_file);
>
> goto done;
>
> }
>
> /* find start node */
>
> node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature,
> xmlSecDSigNs);
>
> if(node == NULL) {
>
> fprintf(stderr, "Error: start node not found in \"%s\"\n",
> tmpl_file);
>
> goto done;
>
> }
>
> /* create signature context, we don't need keys manager in this
> example */
>
> dsigCtx = xmlSecDSigCtxCreate(NULL);
>
> if(dsigCtx == NULL) {
>
> fprintf(stderr,"Error: failed to create signature context\n");
>
> goto done;
>
> }
>
> /* load private key, assuming that there is not password */
>
> dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file,
> xmlSecKeyDataFormatPem, /*NULL*/"bala", NULL, NULL);
>
> if(dsigCtx->signKey == NULL) {
>
> fprintf(stderr,"Error: failed to load private pem key from
> \"%s\"\n", key_file);
>
> goto done;
>
> }
>
> /* set key name to the file name, this is just an example! */
>
> if(xmlSecKeySetName(dsigCtx->signKey, BAD_CAST (key_file)) < 0) {
>
> fprintf(stderr,"Error: failed to set key name for key from
> \"%s\"\n", key_file);
>
> goto done;
>
> }
>
> * /* sign the template */ *
>
> * if(xmlSecDSigCtxSign(dsigCtx, node) < 0) {*
>
> * fprintf(stderr,"Error: signature failed\n");*
>
> * goto done;*
>
> * }*
>
>
>
> /* print signed document to stdout */
>
> xmlDocDump(stdout, doc);
>
>
>
> /* success */
>
> res = 0;
>
>
>
> done:
>
> /* cleanup */
>
> if(dsigCtx != NULL) {
>
> xmlSecDSigCtxDestroy(dsigCtx);
>
> }
>
>
>
> if(doc != NULL) {
>
> xmlFreeDoc(doc);
>
> }
>
> return(res);
>
> }
>
> The xml file and key file are also pasted below -
>
> <? xml version="1.0" encoding="UTF-8" ?>
>
> *-* <!--
>
> XML Security Library example: Simple signature template file for sign1 example.
>
> * * -->
>
> *-* <Envelope xmlns ="*urn:envelope*">
>
> * * <Data>*Hello, World!* </Data>
>
> *-* <Signature xmlns ="*http://www.w3.org/2000/09/xmldsig#* ">
>
> *-* <SignedInfo>
>
> * * <CanonicalizationMethod Algorithm ="*
> http://www.w3.org/TR/2001/REC-xml-c14n-20010315*" />
>
> * * <SignatureMethod Algorithm ="*
> http://www.w3.org/2000/09/xmldsig#rsa-sha1*" />
>
> *-* <Reference URI="">
>
> *-* <Transforms>
>
> * * <Transform Algorithm=" *
> http://www.w3.org/2000/09/xmldsig#enveloped-signature*" />
>
> * * </Transforms>
>
> * * <DigestMethod Algorithm=" *http://www.w3.org/2000/09/xmldsig#sha1*" />
>
> * * <DigestValue />
>
> * * </Reference>
>
> * * </SignedInfo>
>
> * * <SignatureValue />
>
> *-* <KeyInfo>
>
> * * <KeyName />
>
> * * </KeyInfo>
>
> * * </Signature>
>
> * * </Envelope>
>
> The .pem file contents are also pasted below:-
>
> -----BEGIN RSA PRIVATE KEY-----
>
> Proc-Type: 4,ENCRYPTED
>
> DEK-Info: DES-EDE3-CBC,0F27CF23A060B31A
>
>
>
> ft00DxahgotEwqK8R/w0uOB0288Qdf+5ha1laHXOSgGS9saeFpt2fIEddGsjJ5RS
>
> nEoTFVPMj4p3vwaUXtnSVNZ7gNL//xXXYNzXMQBI1AyMGVrJIRhsLs0lr0+qcMCN
>
> QRji51z8qssKNh2vcQRy/Y4YD8gj4bFYDPGmE9bWlTJhV4wLzdh8DYxis/LJdBye
>
> T2dlHP2HYAybWMrRq3AvyeP8HArvXphPbdQ3sBomwBp+HbuuLhRLnEHu1nFM6RjW
>
> BApzyyiBsKcld7AgRjWtMOocB3mzDtPZnFygRIFF5eJcaj0hywdcJ/lPQzbKe0RP
>
> fEy01L0VxFQ+T/JRTQwJfRV8Irc2Z9ypZ0JPwe86NoeOsaMjTCpvXFg4UAgMWWSp
>
> mxR1uVjbXkAh80Bp0tZDlFMxk+bs2eTQtNbBBNyE9asxxeveMmsDFw6XIovKkV3N
>
> KuUaQEz9tx9QJh8thzgLLdCXcotcul/VdlBtHFKMfKruAJ6uFT/gvhDh//oQjDaE
>
> tyGMCP2xCM4DFdWVlrodkVh3wUJV4RQArsjWh8G8qM7CORY/jINXEyhzxSSx8iBz
>
> Mztq7G7S2uNx983MMqlfeHrkYHmStcTyFz7D8z/g8cxfyjCRbrSmHbtz3/F6Y21Z
>
> 1+Q1b7GcY82oaMFCOBa/62/ZdXs3LsKbIepDzcma32bqO4onbQx95xZXoeCydZnh
>
> etfsQ8JvPd1z2VCva0IpdrV6/xIXugmyqlVPO7SszljuGncqAV0ggmBBz1SECwsd
>
> FSnp/9e43LQjtSF96F762chX35SKwEhvTnEcpZ2gJJyT+rsFF7xOpQ==
>
> -----END RSA PRIVATE KEY-----
>
> -----BEGIN CERTIFICATE-----
>
> MIICjjCCAfegAwIBAgIBADANBgkqhkiG9w0BAQUFADBrMR8wHQYJKoZIhvcNAQkB
>
> FhBiYWxhQHBzaWRhdGEuY29tMREwDwYDVQQKEwhwc2kgZGF0YTEMMAoGA1UECxMD
>
> cHNpMQwwCgYDVQQHEwNibHIxDDAKBgNVBAgTA2thcjELMAkGA1UEBhMCaW4wHhcN
>
> MDYwNjA3MDY1OTA3WhcNMDcwNjA3MDY1OTA3WjBrMR8wHQYJKoZIhvcNAQkBFhBi
>
> YWxhQHBzaWRhdGEuY29tMREwDwYDVQQKEwhwc2kgZGF0YTEMMAoGA1UECxMDcHNp
>
> MQwwCgYDVQQHEwNibHIxDDAKBgNVBAgTA2thcjELMAkGA1UEBhMCaW4wgZ8wDQYJ
>
> KoZIhvcNAQEBBQADgY0AMIGJAoGBAKuGfVy/A45AhHeNy35gBcHOEFv3F+zAXfgK
>
> qk0KLTBqx+BmuQ7pSGKLNsNdDlqU0WlppJ2caP9X7jLGFIPmt3I8OzD7KJlfdZjZ
>
> voS5Qq4ukMcyQP0hOjAPuqE5/exLz9kbmYXiHZfN4yOWPCl6rzzJ4Q3uffMZYCEI
>
> IZDivC0HAgMBAAGjQjBAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgIkMBMGA1UdJQQM
>
> MAoGCCsGAQUFBwMBMBEGCWCGSAGG+EIBAQQEAwIGQDANBgkqhkiG9w0BAQUFAAOB
>
> gQCky3Ov2mUTgY6uNkbVTQWVFec7sDIrpaxwSVjbbwWA34tK3E7tqBiFJqQPPZDl
>
> /cCmcYyeNvvMAr6YzC1U6P+nRuoAJ4sot14o01GmUS51QQpo+IjZs8ycBVkIXuZ9
>
> LvlnELNZQa9Ea8IITX4MH0dFp0h5wTzYtrBuw/qRzLH5RA==
>
> -----END CERTIFICATE-----
>
> Thanks for your prompt response and hoping for a solution.
>
> Regards
>
> Yesh.
>
> -----Original Message-----
> From: Aleksey Sanin [mailto: aleksey at aleksey.com]
> Sent: Friday, December 01, 2006 8:46 PM
> To: yeshwanth.c
> Cc: xmlsec at aleksey.com
> Subject: Re: [xmlsec] Error signing the following xml document
>
> > While signing the following example xml document using the xmlsec
> libraries,
>
> Do you sign this document using xmlsec command line utility? What
>
> are the command line parameters? Or do you do it from the C code?
>
> Can you share it?
>
> BTW, I noticed the disclaimer at the bottom of your emails. This is
>
> a public forum and the disclaimer does not make sense. Please, remove
>
> it from your future posts.
>
> Thanks,
> Aleksey
>
>
> Hi,
>
> While signing the following example xml document,
>
> * *<?xml version="1.0" encoding="UTF-8" ?>
>
> *-* <!--
>
> XML Security Library example: Simple signature template file for sign1 example.
>
> * * -->
>
> *-* <Envelope xmlns ="*urn:envelope*">
>
> * * <Data>*Hello, World!* </Data>
>
> *-* <Signature xmlns ="*http://www.w3.org/2000/09/xmldsig#* ">
>
> *-* <SignedInfo>
>
> * * <CanonicalizationMethod Algorithm ="*
> http://www.w3.org/TR/2001/REC-xml-c14n-20010315*" />
>
> * * <SignatureMethod Algorithm ="*
> http://www.w3.org/2000/09/xmldsig#rsa-sha1*" />
>
> *-* <Reference URI="">
>
> *-* <Transforms>
>
> * * <Transform Algorithm=" *
> http://www.w3.org/2000/09/xmldsig#enveloped-signature*" />
>
> * * </Transforms>
>
> * * <DigestMethod Algorithm=" *http://www.w3.org/2000/09/xmldsig#sha1*" />
>
> * * <DigestValue />
>
> * * </Reference>
>
> * * </SignedInfo>
>
> * * <SignatureValue />
>
> *-* <KeyInfo>
>
> * * <KeyName />
>
> * * </KeyInfo>
>
> * * </Signature>
>
> * * </Envelope>
>
> I I get the following error: -
>
> *func=xmlSecDSigCtxProcessSignatureNode:*
>
> *file=..\src\xmldsig.c:line=465:obj=unknow* *n:*
>
> *subj=dsigCtx->c14nMethod == NULL:*
>
> *error=100:assertion:*
>
> *func=xmlSecDSigCtxSign:file=..\src\xmldsig.c:*
>
> *line=303:obj=unknown:subj=xmlSecDSi* *gCtxSigantureProcessNode:*
>
> *error=1:xmlsec library function failed:*
>
> *Error: signature failed*
>
> Please could somebody help me out with this?
>
> Thanks in advance,
>
> Yesh.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20061204/f72b3214/attachment-0002.htm
More information about the xmlsec
mailing list