[xmlsec] corrupt context after verify call

Aleksey Sanin aleksey at aleksey.com
Wed Oct 13 07:28:43 PDT 2010


What is the output of the xmlsec1 command?

Aleksey

On 10/12/10 11:36 PM, Erik Smith wrote:
> After I call xmlSecDSigCtxVerify, the status in the contex is corrupted
> with a large number.   However xmlsec1 reports validation as OK.
>
> xmlsec1 --verify --pubkey-cert-pem cert.crt --store-references
> --id-attr:ResponseID urn:oasis:names:tc:SAML:1.0:protocol:Response /saml.xml
>
> Also xmlSecDSigCtxDebugDump output is exactly the same for xmlsec1 and
> my program.
>
> I've reduced the code down to what is below and I'm having trouble
> seeing what could be wrong.
>
> libxml version: 2.6.27
> xmlsec version: 1.2.11
>
> Thanks for any help.
>
>
>
> #include <iostream>
> #include <xmlsec/xmltree.h>
> #include <xmlsec/xmldsig.h>
> #include <xmlsec/crypto.h>
> #include <xmlsec/errors.h>
>
> #ifndef XMLSEC_NO_XSLT
> #include <libxslt/xslt.h>
> #endif
>
> void error(const char *);
>
> int main(int argc, char **argv) {
>      using namespace std;
>      int status(0);
>
>      xmlSecKeysMngrPtr mngr_;
>      xmlSecDSigCtxPtr dsigCtx;
>      xmlDocPtr doc_;
>
>      cout << "libxml version: " << LIBXML_DOTTED_VERSION << endl;
>      cout << "xmlsec version: " << XMLSEC_VERSION << endl;
>
>      xmlInitParser();
>      LIBXML_TEST_VERSION;
>      xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
>      xmlSubstituteEntitiesDefault(1);
>
> #ifndef XMLSEC_NO_XSLT
>      xmlIndentTreeOutput = 1;
> #endif
>      // Init xmlsec library
>      if (xmlSecInit() < 0) error("xmlSecInit");
>      if (xmlSecCheckVersion() != 1) error("xmlSecCheckVersion");
>
> #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
>      if(xmlSecCryptoDLLoadLibrary(BAD_CAST "openssl") < 0)
> error("xmlSecCryptoDLLoadLibrary");
> #endif
>
>      if(xmlSecCryptoAppInit(NULL) < 0) error("Error: crypto
> initialization failed.");
>      if(xmlSecCryptoInit() < 0) error("Error: xmlsec-crypto
> initialization failed.");
>
>      mngr_ = xmlSecKeysMngrCreate();
>      if (!mngr_) error("bad");
>
>      if (xmlSecCryptoAppDefaultKeysMngrInit(mngr_) < 0) error("bad");
>
>      xmlSecKeyDataFormat format(xmlSecKeyDataFormatCertPem);
>      xmlSecKeyPtr key = xmlSecCryptoAppKeyLoad("cert.crt", format, NULL,
> NULL, NULL);
>      if (!key) error("key load error");
>
>      if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr_, key) < 0)
> error("could not add key");
>
>      doc_ = xmlParseFile("saml.xml");
>      if (!doc_ || !xmlDocGetRootElement(doc_)) error("bad");
>
>      set_id(doc_);
>
>      xmlNodePtr node = xmlSecFindNode(xmlDocGetRootElement(doc_),
> xmlSecNodeSignature, xmlSecDSigNs);
>      if (!node) error("start node not found");
>
>      dsigCtx = xmlSecDSigCtxCreate(mngr_);
>      if (!dsigCtx) error("failed to create signature context");
>
>      std::cout << "status before: " << dsigCtx->status << std::endl;
>      if (xmlSecDSigCtxVerify(dsigCtx, node) < 0) error("signature verify
> error");
>      std::cout << "status: " << dsigCtx->status << std::endl;
>      //xmlSecDSigCtxDebugDump(dsigCtx, stdout);
>
>      return status;
> }
>
> void set_id(xmlDocPtr doc) {
>      using namespace std;
>
>      xmlNodePtr node = xmlSecFindNode(
>              xmlDocGetRootElement(doc),
>              BAD_CAST "Response",
>              BAD_CAST "urn:oasis:names:tc:SAML:1.0:protocol");
>
>      cout << "element name: " << node->name<< endl;
>      xmlAttrPtr attr = xmlHasProp(node, BAD_CAST "ResponseID");
>      if (!attr) error("attribute not found");
>      cout << "attribute name: " << attr->name<< endl;
>
>      xmlChar *value = xmlNodeListGetString(node->doc, attr->children, 1);
>      if (!value) error("xmlNodeListGetString");
>      cout << "value: " << value << endl;
>
>      xmlAttrPtr tmp(xmlGetID(node->doc, value));
>      if (tmp) {
>          cout << "id already registered" << endl;
>      } else {
>          xmlIDPtr id = xmlAddID(NULL, doc, BAD_CAST value, attr);
>          if (!id) {
>              xmlFree(value); // fix
>              error("xmlAddID error");
>          }
>          cout << "id added" << endl;
>      }
>
>      //xmlFree(value); // fix
> }
>
> void error(const char *e) {
>      std::cout << e << std::endl;
>      std::cout << "exiting" << std::endl;
>      exit(0);
> }
>
>
>
>
>
>
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec


More information about the xmlsec mailing list