[xmlsec] corrupt context after verify call
Aleksey Sanin
aleksey at aleksey.com
Wed Oct 13 07:28:43 PDT 2010
What is the output of the xmlsec1 command?
Aleksey
On 10/12/10 11:36 PM, Erik Smith wrote:
> After I call xmlSecDSigCtxVerify, the status in the contex is corrupted
> with a large number. However xmlsec1 reports validation as OK.
>
> xmlsec1 --verify --pubkey-cert-pem cert.crt --store-references
> --id-attr:ResponseID urn:oasis:names:tc:SAML:1.0:protocol:Response /saml.xml
>
> Also xmlSecDSigCtxDebugDump output is exactly the same for xmlsec1 and
> my program.
>
> I've reduced the code down to what is below and I'm having trouble
> seeing what could be wrong.
>
> libxml version: 2.6.27
> xmlsec version: 1.2.11
>
> Thanks for any help.
>
>
>
> #include <iostream>
> #include <xmlsec/xmltree.h>
> #include <xmlsec/xmldsig.h>
> #include <xmlsec/crypto.h>
> #include <xmlsec/errors.h>
>
> #ifndef XMLSEC_NO_XSLT
> #include <libxslt/xslt.h>
> #endif
>
> void error(const char *);
>
> int main(int argc, char **argv) {
> using namespace std;
> int status(0);
>
> xmlSecKeysMngrPtr mngr_;
> xmlSecDSigCtxPtr dsigCtx;
> xmlDocPtr doc_;
>
> cout << "libxml version: " << LIBXML_DOTTED_VERSION << endl;
> cout << "xmlsec version: " << XMLSEC_VERSION << endl;
>
> xmlInitParser();
> LIBXML_TEST_VERSION;
> xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
> xmlSubstituteEntitiesDefault(1);
>
> #ifndef XMLSEC_NO_XSLT
> xmlIndentTreeOutput = 1;
> #endif
> // Init xmlsec library
> if (xmlSecInit() < 0) error("xmlSecInit");
> if (xmlSecCheckVersion() != 1) error("xmlSecCheckVersion");
>
> #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
> if(xmlSecCryptoDLLoadLibrary(BAD_CAST "openssl") < 0)
> error("xmlSecCryptoDLLoadLibrary");
> #endif
>
> if(xmlSecCryptoAppInit(NULL) < 0) error("Error: crypto
> initialization failed.");
> if(xmlSecCryptoInit() < 0) error("Error: xmlsec-crypto
> initialization failed.");
>
> mngr_ = xmlSecKeysMngrCreate();
> if (!mngr_) error("bad");
>
> if (xmlSecCryptoAppDefaultKeysMngrInit(mngr_) < 0) error("bad");
>
> xmlSecKeyDataFormat format(xmlSecKeyDataFormatCertPem);
> xmlSecKeyPtr key = xmlSecCryptoAppKeyLoad("cert.crt", format, NULL,
> NULL, NULL);
> if (!key) error("key load error");
>
> if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr_, key) < 0)
> error("could not add key");
>
> doc_ = xmlParseFile("saml.xml");
> if (!doc_ || !xmlDocGetRootElement(doc_)) error("bad");
>
> set_id(doc_);
>
> xmlNodePtr node = xmlSecFindNode(xmlDocGetRootElement(doc_),
> xmlSecNodeSignature, xmlSecDSigNs);
> if (!node) error("start node not found");
>
> dsigCtx = xmlSecDSigCtxCreate(mngr_);
> if (!dsigCtx) error("failed to create signature context");
>
> std::cout << "status before: " << dsigCtx->status << std::endl;
> if (xmlSecDSigCtxVerify(dsigCtx, node) < 0) error("signature verify
> error");
> std::cout << "status: " << dsigCtx->status << std::endl;
> //xmlSecDSigCtxDebugDump(dsigCtx, stdout);
>
> return status;
> }
>
> void set_id(xmlDocPtr doc) {
> using namespace std;
>
> xmlNodePtr node = xmlSecFindNode(
> xmlDocGetRootElement(doc),
> BAD_CAST "Response",
> BAD_CAST "urn:oasis:names:tc:SAML:1.0:protocol");
>
> cout << "element name: " << node->name<< endl;
> xmlAttrPtr attr = xmlHasProp(node, BAD_CAST "ResponseID");
> if (!attr) error("attribute not found");
> cout << "attribute name: " << attr->name<< endl;
>
> xmlChar *value = xmlNodeListGetString(node->doc, attr->children, 1);
> if (!value) error("xmlNodeListGetString");
> cout << "value: " << value << endl;
>
> xmlAttrPtr tmp(xmlGetID(node->doc, value));
> if (tmp) {
> cout << "id already registered" << endl;
> } else {
> xmlIDPtr id = xmlAddID(NULL, doc, BAD_CAST value, attr);
> if (!id) {
> xmlFree(value); // fix
> error("xmlAddID error");
> }
> cout << "id added" << endl;
> }
>
> //xmlFree(value); // fix
> }
>
> void error(const char *e) {
> std::cout << e << std::endl;
> std::cout << "exiting" << std::endl;
> exit(0);
> }
>
>
>
>
>
>
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list