diff options
author | Anas Nashif <anas.nashif@intel.com> | 2012-11-22 10:31:06 -0800 |
---|---|---|
committer | Anas Nashif <anas.nashif@intel.com> | 2012-11-22 10:31:06 -0800 |
commit | 07bb297329b9e9754d09dcb6d70417272a626619 (patch) | |
tree | c1bdcad5f080f8cfe2e876604177670061cdc101 /examples | |
parent | f251dedaa31b48f7c05a4b53c112b40ebca890ef (diff) | |
download | xmlsec1-07bb297329b9e9754d09dcb6d70417272a626619.tar.gz xmlsec1-07bb297329b9e9754d09dcb6d70417272a626619.tar.bz2 xmlsec1-07bb297329b9e9754d09dcb6d70417272a626619.zip |
Imported Upstream version 1.2.14upstream/1.2.14
Diffstat (limited to 'examples')
-rw-r--r-- | examples/decrypt1.c | 102 | ||||
-rw-r--r-- | examples/decrypt2.c | 164 | ||||
-rw-r--r-- | examples/decrypt3.c | 181 | ||||
-rw-r--r-- | examples/encrypt1.c | 93 | ||||
-rw-r--r-- | examples/encrypt2.c | 100 | ||||
-rw-r--r-- | examples/encrypt3.c | 137 | ||||
-rw-r--r-- | examples/mywin32make.bat | 2 | ||||
-rw-r--r-- | examples/sign1.c | 86 | ||||
-rw-r--r-- | examples/sign2.c | 104 | ||||
-rw-r--r-- | examples/sign3.c | 108 | ||||
-rw-r--r-- | examples/verify1.c | 88 | ||||
-rw-r--r-- | examples/verify2.c | 150 | ||||
-rw-r--r-- | examples/verify3.c | 113 | ||||
-rw-r--r-- | examples/verify4.c | 125 | ||||
-rw-r--r-- | examples/xkms-server.c | 447 | ||||
-rw-r--r-- | examples/xmldsigverify.c | 212 |
16 files changed, 974 insertions, 1238 deletions
diff --git a/examples/decrypt1.c b/examples/decrypt1.c index 39ad1039..bfc1dd03 100644 --- a/examples/decrypt1.c +++ b/examples/decrypt1.c @@ -4,11 +4,11 @@ * Decrypts encrypted XML file using a single DES key from a binary file * * Usage: - * ./decrypt1 <xml-enc> <des-key-file> + * ./decrypt1 <xml-enc> <des-key-file> * * Example: - * ./decrypt1 encrypt1-res.xml deskey.bin - * ./decrypt1 encrypt2-res.xml deskey.bin + * ./decrypt1 encrypt1-res.xml deskey.bin + * ./decrypt1 encrypt2-res.xml deskey.bin * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -25,7 +25,6 @@ #ifndef XMLSEC_NO_XSLT #include <libxslt/xslt.h> -#include <libxslt/security.h> #endif /* XMLSEC_NO_XSLT */ #include <xmlsec/xmlsec.h> @@ -37,16 +36,12 @@ int decrypt_file(const char* enc_file, const char* key_file); int main(int argc, char **argv) { -#ifndef XMLSEC_NO_XSLT - xsltSecurityPrefsPtr xsltSecPrefs = NULL; -#endif /* XMLSEC_NO_XSLT */ - assert(argv); if(argc != 3) { - fprintf(stderr, "Error: wrong number of arguments.\n"); - fprintf(stderr, "Usage: %s <enc-file> <key-file>\n", argv[0]); - return(1); + fprintf(stderr, "Error: wrong number of arguments.\n"); + fprintf(stderr, "Usage: %s <enc-file> <key-file>\n", argv[0]); + return(1); } /* Init libxml and libxslt libraries */ @@ -57,30 +52,17 @@ main(int argc, char **argv) { #ifndef XMLSEC_NO_XSLT xmlIndentTreeOutput = 1; #endif /* XMLSEC_NO_XSLT */ - - /* Init libxslt */ -#ifndef XMLSEC_NO_XSLT - /* disable everything */ - xsltSecPrefs = xsltNewSecurityPrefs(); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); - xsltSetDefaultSecurityPrefs(xsltSecPrefs); -#endif /* XMLSEC_NO_XSLT */ - - + /* Init xmlsec library */ if(xmlSecInit() < 0) { - fprintf(stderr, "Error: xmlsec initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: xmlsec initialization failed.\n"); + return(-1); } /* Check loaded library version */ if(xmlSecCheckVersion() != 1) { - fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n"); - return(-1); + fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n"); + return(-1); } /* Load default crypto engine if we are supporting dynamic @@ -90,27 +72,27 @@ main(int argc, char **argv) { */ #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { - fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" - "that you have it installed and check shared libraries path\n" - "(LD_LIBRARY_PATH) envornment variable.\n"); - return(-1); + fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" + "that you have it installed and check shared libraries path\n" + "(LD_LIBRARY_PATH) envornment variable.\n"); + return(-1); } #endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */ /* Init crypto library */ if(xmlSecCryptoAppInit(NULL) < 0) { - fprintf(stderr, "Error: crypto initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: crypto initialization failed.\n"); + return(-1); } /* Init xmlsec-crypto library */ if(xmlSecCryptoInit() < 0) { - fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n"); + return(-1); } if(decrypt_file(argv[1], argv[2]) < 0) { - return(-1); + return(-1); } /* Shutdown xmlsec-crypto library */ @@ -133,8 +115,8 @@ main(int argc, char **argv) { /** * decrypt_file: - * @enc_file: the encrypted XML file name. - * @key_file: the Triple DES key file. + * @enc_file: the encrypted XML file name. + * @key_file: the Triple DES key file. * * Decrypts the XML file #enc_file using DES key from #key_file and * prints results to stdout. @@ -154,55 +136,55 @@ decrypt_file(const char* enc_file, const char* key_file) { /* load template */ doc = xmlParseFile(enc_file); if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){ - fprintf(stderr, "Error: unable to parse file \"%s\"\n", enc_file); - goto done; + fprintf(stderr, "Error: unable to parse file \"%s\"\n", enc_file); + goto done; } /* find start node */ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeEncryptedData, xmlSecEncNs); if(node == NULL) { - fprintf(stderr, "Error: start node not found in \"%s\"\n", enc_file); - goto done; + fprintf(stderr, "Error: start node not found in \"%s\"\n", enc_file); + goto done; } /* create encryption context, we don't need keys manager in this example */ encCtx = xmlSecEncCtxCreate(NULL); if(encCtx == NULL) { fprintf(stderr,"Error: failed to create encryption context\n"); - goto done; + goto done; } /* load DES key */ encCtx->encKey = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, key_file); if(encCtx->encKey == NULL) { fprintf(stderr,"Error: failed to load des key from binary file \"%s\"\n", key_file); - goto done; + goto done; } /* set key name to the file name, this is just an example! */ if(xmlSecKeySetName(encCtx->encKey, key_file) < 0) { - fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file); - goto done; + fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file); + goto done; } /* decrypt the data */ if((xmlSecEncCtxDecrypt(encCtx, node) < 0) || (encCtx->result == NULL)) { fprintf(stderr,"Error: decryption failed\n"); - goto done; + goto done; } /* print decrypted data to stdout */ if(encCtx->resultReplaced != 0) { - fprintf(stdout, "Decrypted XML data:\n"); - xmlDocDump(stdout, doc); + fprintf(stdout, "Decrypted XML data:\n"); + xmlDocDump(stdout, doc); } else { - fprintf(stdout, "Decrypted binary data (%d bytes):\n", xmlSecBufferGetSize(encCtx->result)); - if(xmlSecBufferGetData(encCtx->result) != NULL) { - fwrite(xmlSecBufferGetData(encCtx->result), - 1, - xmlSecBufferGetSize(encCtx->result), - stdout); - } + fprintf(stdout, "Decrypted binary data (%d bytes):\n", xmlSecBufferGetSize(encCtx->result)); + if(xmlSecBufferGetData(encCtx->result) != NULL) { + fwrite(xmlSecBufferGetData(encCtx->result), + 1, + xmlSecBufferGetSize(encCtx->result), + stdout); + } } fprintf(stdout, "\n"); @@ -212,11 +194,11 @@ decrypt_file(const char* enc_file, const char* key_file) { done: /* cleanup */ if(encCtx != NULL) { - xmlSecEncCtxDestroy(encCtx); + xmlSecEncCtxDestroy(encCtx); } if(doc != NULL) { - xmlFreeDoc(doc); + xmlFreeDoc(doc); } return(res); } diff --git a/examples/decrypt2.c b/examples/decrypt2.c index 49513e12..051cbf97 100644 --- a/examples/decrypt2.c +++ b/examples/decrypt2.c @@ -5,11 +5,11 @@ * DES key from a binary file * * Usage: - * ./decrypt2 <xml-enc> <des-key-file1> [<des-key-file2> [...]] + * ./decrypt2 <xml-enc> <des-key-file1> [<des-key-file2> [...]] * * Example: - * ./decrypt2 encrypt1-res.xml deskey.bin - * ./decrypt2 encrypt2-res.xml deskey.bin + * ./decrypt2 encrypt1-res.xml deskey.bin + * ./decrypt2 encrypt2-res.xml deskey.bin * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -26,7 +26,6 @@ #ifndef XMLSEC_NO_XSLT #include <libxslt/xslt.h> -#include <libxslt/security.h> #endif /* XMLSEC_NO_XSLT */ #include <xmlsec/xmlsec.h> @@ -40,16 +39,13 @@ int decrypt_file(xmlSecKeysMngrPtr mngr, const char* enc_file); int main(int argc, char **argv) { xmlSecKeysMngrPtr mngr; -#ifndef XMLSEC_NO_XSLT - xsltSecurityPrefsPtr xsltSecPrefs = NULL; -#endif /* XMLSEC_NO_XSLT */ assert(argv); if(argc != 3) { - fprintf(stderr, "Error: wrong number of arguments.\n"); - fprintf(stderr, "Usage: %s <enc-file> <key-file1> [<key-file2> [...]]\n", argv[0]); - return(1); + fprintf(stderr, "Error: wrong number of arguments.\n"); + fprintf(stderr, "Usage: %s <enc-file> <key-file1> [<key-file2> [...]]\n", argv[0]); + return(1); } /* Init libxml and libxslt libraries */ @@ -60,30 +56,17 @@ main(int argc, char **argv) { #ifndef XMLSEC_NO_XSLT xmlIndentTreeOutput = 1; #endif /* XMLSEC_NO_XSLT */ - - /* Init libxslt */ -#ifndef XMLSEC_NO_XSLT - /* disable everything */ - xsltSecPrefs = xsltNewSecurityPrefs(); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); - xsltSetDefaultSecurityPrefs(xsltSecPrefs); -#endif /* XMLSEC_NO_XSLT */ - - + /* Init xmlsec library */ if(xmlSecInit() < 0) { - fprintf(stderr, "Error: xmlsec initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: xmlsec initialization failed.\n"); + return(-1); } /* Check loaded library version */ if(xmlSecCheckVersion() != 1) { - fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n"); - return(-1); + fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n"); + return(-1); } /* Load default crypto engine if we are supporting dynamic @@ -93,34 +76,34 @@ main(int argc, char **argv) { */ #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { - fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" - "that you have it installed and check shared libraries path\n" - "(LD_LIBRARY_PATH) envornment variable.\n"); - return(-1); + fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" + "that you have it installed and check shared libraries path\n" + "(LD_LIBRARY_PATH) envornment variable.\n"); + return(-1); } #endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */ /* Init crypto library */ if(xmlSecCryptoAppInit(NULL) < 0) { - fprintf(stderr, "Error: crypto initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: crypto initialization failed.\n"); + return(-1); } /* Init xmlsec-crypto library */ if(xmlSecCryptoInit() < 0) { - fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n"); + return(-1); } /* create keys manager and load keys */ mngr = load_des_keys(&(argv[2]), argc - 2); if(mngr == NULL) { - return(-1); + return(-1); } if(decrypt_file(mngr, argv[1]) < 0) { - xmlSecKeysMngrDestroy(mngr); - return(-1); + xmlSecKeysMngrDestroy(mngr); + return(-1); } /* destroy keys manager */ @@ -137,7 +120,6 @@ main(int argc, char **argv) { /* Shutdown libxslt/libxml */ #ifndef XMLSEC_NO_XSLT - xsltFreeSecurityPrefs(xsltSecPrefs); xsltCleanupGlobals(); #endif /* XMLSEC_NO_XSLT */ xmlCleanupParser(); @@ -147,8 +129,8 @@ main(int argc, char **argv) { /** * load_des_keys: - * @files: the list of filenames. - * @files_size: the number of filenames in #files. + * @files: the list of filenames. + * @files_size: the number of filenames in #files. * * Creates simple keys manager and load DES keys from #files in it. * The caller is responsible for destroing returned keys manager using @@ -172,43 +154,43 @@ load_des_keys(char** files, int files_size) { */ mngr = xmlSecKeysMngrCreate(); if(mngr == NULL) { - fprintf(stderr, "Error: failed to create keys manager.\n"); - return(NULL); + fprintf(stderr, "Error: failed to create keys manager.\n"); + return(NULL); } if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) { - fprintf(stderr, "Error: failed to initialize keys manager.\n"); - xmlSecKeysMngrDestroy(mngr); - return(NULL); + fprintf(stderr, "Error: failed to initialize keys manager.\n"); + xmlSecKeysMngrDestroy(mngr); + return(NULL); } for(i = 0; i < files_size; ++i) { - assert(files[i]); + assert(files[i]); - /* load DES key */ - key = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, files[i]); - if(key == NULL) { - fprintf(stderr,"Error: failed to load des key from binary file \"%s\"\n", files[i]); - xmlSecKeysMngrDestroy(mngr); - return(NULL); - } + /* load DES key */ + key = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, files[i]); + if(key == NULL) { + fprintf(stderr,"Error: failed to load des key from binary file \"%s\"\n", files[i]); + xmlSecKeysMngrDestroy(mngr); + return(NULL); + } - /* set key name to the file name, this is just an example! */ - if(xmlSecKeySetName(key, BAD_CAST files[i]) < 0) { - fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", files[i]); - xmlSecKeyDestroy(key); - xmlSecKeysMngrDestroy(mngr); - return(NULL); - } - - /* add key to keys manager, from now on keys manager is responsible - * for destroying key - */ - if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key) < 0) { - fprintf(stderr,"Error: failed to add key from \"%s\" to keys manager\n", files[i]); - xmlSecKeyDestroy(key); - xmlSecKeysMngrDestroy(mngr); - return(NULL); - } + /* set key name to the file name, this is just an example! */ + if(xmlSecKeySetName(key, BAD_CAST files[i]) < 0) { + fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", files[i]); + xmlSecKeyDestroy(key); + xmlSecKeysMngrDestroy(mngr); + return(NULL); + } + + /* add key to keys manager, from now on keys manager is responsible + * for destroying key + */ + if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key) < 0) { + fprintf(stderr,"Error: failed to add key from \"%s\" to keys manager\n", files[i]); + xmlSecKeyDestroy(key); + xmlSecKeysMngrDestroy(mngr); + return(NULL); + } } return(mngr); @@ -216,8 +198,8 @@ load_des_keys(char** files, int files_size) { /** * decrypt_file: - * @mngr: the pointer to keys manager. - * @enc_file: the encrypted XML file name. + * @mngr: the pointer to keys manager. + * @enc_file: the encrypted XML file name. * * Decrypts the XML file #enc_file using DES key from #key_file and * prints results to stdout. @@ -237,42 +219,42 @@ decrypt_file(xmlSecKeysMngrPtr mngr, const char* enc_file) { /* load template */ doc = xmlParseFile(enc_file); if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){ - fprintf(stderr, "Error: unable to parse file \"%s\"\n", enc_file); - goto done; + fprintf(stderr, "Error: unable to parse file \"%s\"\n", enc_file); + goto done; } /* find start node */ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeEncryptedData, xmlSecEncNs); if(node == NULL) { - fprintf(stderr, "Error: start node not found in \"%s\"\n", enc_file); - goto done; + fprintf(stderr, "Error: start node not found in \"%s\"\n", enc_file); + goto done; } /* create encryption context */ encCtx = xmlSecEncCtxCreate(mngr); if(encCtx == NULL) { fprintf(stderr,"Error: failed to create encryption context\n"); - goto done; + goto done; } /* decrypt the data */ if((xmlSecEncCtxDecrypt(encCtx, node) < 0) || (encCtx->result == NULL)) { fprintf(stderr,"Error: decryption failed\n"); - goto done; + goto done; } /* print decrypted data to stdout */ if(encCtx->resultReplaced != 0) { - fprintf(stdout, "Decrypted XML data:\n"); - xmlDocDump(stdout, doc); + fprintf(stdout, "Decrypted XML data:\n"); + xmlDocDump(stdout, doc); } else { - fprintf(stdout, "Decrypted binary data (%d bytes):\n", xmlSecBufferGetSize(encCtx->result)); - if(xmlSecBufferGetData(encCtx->result) != NULL) { - fwrite(xmlSecBufferGetData(encCtx->result), - 1, - xmlSecBufferGetSize(encCtx->result), - stdout); - } + fprintf(stdout, "Decrypted binary data (%d bytes):\n", xmlSecBufferGetSize(encCtx->result)); + if(xmlSecBufferGetData(encCtx->result) != NULL) { + fwrite(xmlSecBufferGetData(encCtx->result), + 1, + xmlSecBufferGetSize(encCtx->result), + stdout); + } } fprintf(stdout, "\n"); @@ -282,11 +264,11 @@ decrypt_file(xmlSecKeysMngrPtr mngr, const char* enc_file) { done: /* cleanup */ if(encCtx != NULL) { - xmlSecEncCtxDestroy(encCtx); + xmlSecEncCtxDestroy(encCtx); } if(doc != NULL) { - xmlFreeDoc(doc); + xmlFreeDoc(doc); } return(res); } diff --git a/examples/decrypt3.c b/examples/decrypt3.c index 253920fb..eb0d581a 100644 --- a/examples/decrypt3.c +++ b/examples/decrypt3.c @@ -6,11 +6,11 @@ * key's file name in the current folder. * * Usage: - * ./decrypt3 <xml-enc> + * ./decrypt3 <xml-enc> * * Example: - * ./decrypt3 encrypt1-res.xml - * ./decrypt3 encrypt2-res.xml + * ./decrypt3 encrypt1-res.xml + * ./decrypt3 encrypt2-res.xml * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -28,7 +28,6 @@ #ifndef XMLSEC_NO_XSLT #include <libxslt/xslt.h> -#include <libxslt/security.h> #endif /* XMLSEC_NO_XSLT */ #include <xmlsec/xmlsec.h> @@ -43,16 +42,13 @@ int decrypt_file(xmlSecKeysMngrPtr mngr, const char* enc_file); int main(int argc, char **argv) { xmlSecKeysMngrPtr mngr; -#ifndef XMLSEC_NO_XSLT - xsltSecurityPrefsPtr xsltSecPrefs = NULL; -#endif /* XMLSEC_NO_XSLT */ assert(argv); if(argc != 2) { - fprintf(stderr, "Error: wrong number of arguments.\n"); - fprintf(stderr, "Usage: %s <enc-file>\n", argv[0]); - return(1); + fprintf(stderr, "Error: wrong number of arguments.\n"); + fprintf(stderr, "Usage: %s <enc-file>\n", argv[0]); + return(1); } /* Init libxml and libxslt libraries */ @@ -63,29 +59,17 @@ main(int argc, char **argv) { #ifndef XMLSEC_NO_XSLT xmlIndentTreeOutput = 1; #endif /* XMLSEC_NO_XSLT */ - - /* Init libxslt */ -#ifndef XMLSEC_NO_XSLT - /* disable everything */ - xsltSecPrefs = xsltNewSecurityPrefs(); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); - xsltSetDefaultSecurityPrefs(xsltSecPrefs); -#endif /* XMLSEC_NO_XSLT */ - + /* Init xmlsec library */ if(xmlSecInit() < 0) { - fprintf(stderr, "Error: xmlsec initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: xmlsec initialization failed.\n"); + return(-1); } /* Check loaded library version */ if(xmlSecCheckVersion() != 1) { - fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n"); - return(-1); + fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n"); + return(-1); } /* Load default crypto engine if we are supporting dynamic @@ -95,34 +79,34 @@ main(int argc, char **argv) { */ #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { - fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" - "that you have it installed and check shared libraries path\n" - "(LD_LIBRARY_PATH) envornment variable.\n"); - return(-1); + fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" + "that you have it installed and check shared libraries path\n" + "(LD_LIBRARY_PATH) envornment variable.\n"); + return(-1); } #endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */ /* Init crypto library */ if(xmlSecCryptoAppInit(NULL) < 0) { - fprintf(stderr, "Error: crypto initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: crypto initialization failed.\n"); + return(-1); } /* Init xmlsec-crypto library */ if(xmlSecCryptoInit() < 0) { - fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n"); + return(-1); } /* create keys manager and load keys */ mngr = create_files_keys_mngr(); if(mngr == NULL) { - return(-1); + return(-1); } if(decrypt_file(mngr, argv[1]) < 0) { - xmlSecKeysMngrDestroy(mngr); - return(-1); + xmlSecKeysMngrDestroy(mngr); + return(-1); } /* destroy keys manager */ @@ -139,7 +123,6 @@ main(int argc, char **argv) { /* Shutdown libxslt/libxml */ #ifndef XMLSEC_NO_XSLT - xsltFreeSecurityPrefs(xsltSecPrefs); xsltCleanupGlobals(); #endif /* XMLSEC_NO_XSLT */ xmlCleanupParser(); @@ -149,8 +132,8 @@ main(int argc, char **argv) { /** * decrypt_file: - * @mngr: the pointer to keys manager. - * @enc_file: the encrypted XML file name. + * @mngr: the pointer to keys manager. + * @enc_file: the encrypted XML file name. * * Decrypts the XML file #enc_file using DES key from #key_file and * prints results to stdout. @@ -170,42 +153,42 @@ decrypt_file(xmlSecKeysMngrPtr mngr, const char* enc_file) { /* load template */ doc = xmlParseFile(enc_file); if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){ - fprintf(stderr, "Error: unable to parse file \"%s\"\n", enc_file); - goto done; + fprintf(stderr, "Error: unable to parse file \"%s\"\n", enc_file); + goto done; } /* find start node */ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeEncryptedData, xmlSecEncNs); if(node == NULL) { - fprintf(stderr, "Error: start node not found in \"%s\"\n", enc_file); - goto done; + fprintf(stderr, "Error: start node not found in \"%s\"\n", enc_file); + goto done; } /* create encryption context */ encCtx = xmlSecEncCtxCreate(mngr); if(encCtx == NULL) { fprintf(stderr,"Error: failed to create encryption context\n"); - goto done; + goto done; } /* decrypt the data */ if((xmlSecEncCtxDecrypt(encCtx, node) < 0) || (encCtx->result == NULL)) { fprintf(stderr,"Error: decryption failed\n"); - goto done; + goto done; } /* print decrypted data to stdout */ if(encCtx->resultReplaced != 0) { - fprintf(stdout, "Decrypted XML data:\n"); - xmlDocDump(stdout, doc); + fprintf(stdout, "Decrypted XML data:\n"); + xmlDocDump(stdout, doc); } else { - fprintf(stdout, "Decrypted binary data (%d bytes):\n", xmlSecBufferGetSize(encCtx->result)); - if(xmlSecBufferGetData(encCtx->result) != NULL) { - fwrite(xmlSecBufferGetData(encCtx->result), - 1, - xmlSecBufferGetSize(encCtx->result), - stdout); - } + fprintf(stdout, "Decrypted binary data (%d bytes):\n", xmlSecBufferGetSize(encCtx->result)); + if(xmlSecBufferGetData(encCtx->result) != NULL) { + fwrite(xmlSecBufferGetData(encCtx->result), + 1, + xmlSecBufferGetSize(encCtx->result), + stdout); + } } fprintf(stdout, "\n"); @@ -215,11 +198,11 @@ decrypt_file(xmlSecKeysMngrPtr mngr, const char* enc_file) { done: /* cleanup */ if(encCtx != NULL) { - xmlSecEncCtxDestroy(encCtx); + xmlSecEncCtxDestroy(encCtx); } if(doc != NULL) { - xmlFreeDoc(doc); + xmlFreeDoc(doc); } return(res); } @@ -240,31 +223,31 @@ create_files_keys_mngr(void) { /* create files based keys store */ keysStore = xmlSecKeyStoreCreate(files_keys_store_get_klass()); if(keysStore == NULL) { - fprintf(stderr, "Error: failed to create keys store.\n"); - return(NULL); + fprintf(stderr, "Error: failed to create keys store.\n"); + return(NULL); } /* create keys manager */ mngr = xmlSecKeysMngrCreate(); if(mngr == NULL) { - fprintf(stderr, "Error: failed to create keys manager.\n"); - xmlSecKeyStoreDestroy(keysStore); - return(NULL); + fprintf(stderr, "Error: failed to create keys manager.\n"); + xmlSecKeyStoreDestroy(keysStore); + return(NULL); } /* add store to keys manager, from now on keys manager destroys the store if needed */ if(xmlSecKeysMngrAdoptKeysStore(mngr, keysStore) < 0) { - fprintf(stderr, "Error: failed to add keys store to keys manager.\n"); - xmlSecKeyStoreDestroy(keysStore); - xmlSecKeysMngrDestroy(mngr); - return(NULL); + fprintf(stderr, "Error: failed to add keys store to keys manager.\n"); + xmlSecKeyStoreDestroy(keysStore); + xmlSecKeysMngrDestroy(mngr); + return(NULL); } /* initialize crypto library specific data in keys manager */ if(xmlSecCryptoKeysMngrInit(mngr) < 0) { - fprintf(stderr, "Error: failed to initialize crypto data in keys manager.\n"); - xmlSecKeysMngrDestroy(mngr); - return(NULL); + fprintf(stderr, "Error: failed to initialize crypto data in keys manager.\n"); + xmlSecKeysMngrDestroy(mngr); + return(NULL); } /* set the get key callback */ @@ -280,20 +263,20 @@ create_files_keys_mngr(void) { * Attention: this probably not a good solution for high traffic systems. * ***************************************************************************/ -static xmlSecKeyPtr files_keys_store_find_key (xmlSecKeyStorePtr store, - const xmlChar* name, - xmlSecKeyInfoCtxPtr keyInfoCtx); +static xmlSecKeyPtr files_keys_store_find_key (xmlSecKeyStorePtr store, + const xmlChar* name, + xmlSecKeyInfoCtxPtr keyInfoCtx); static xmlSecKeyStoreKlass files_keys_store_klass = { sizeof(xmlSecKeyStoreKlass), sizeof(xmlSecKeyStore), - BAD_CAST "files-based-keys-store", /* const xmlChar* name; */ - NULL, /* xmlSecKeyStoreInitializeMethod initialize; */ - NULL, /* xmlSecKeyStoreFinalizeMethod finalize; */ - files_keys_store_find_key, /* xmlSecKeyStoreFindKeyMethod findKey; */ + BAD_CAST "files-based-keys-store", /* const xmlChar* name; */ + NULL, /* xmlSecKeyStoreInitializeMethod initialize; */ + NULL, /* xmlSecKeyStoreFinalizeMethod finalize; */ + files_keys_store_find_key, /* xmlSecKeyStoreFindKeyMethod findKey; */ /* reserved for the future */ - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ }; /** @@ -311,9 +294,9 @@ files_keys_store_get_klass(void) { /** * files_keys_store_find_key: - * @store: the pointer to simple keys store. - * @name: the desired key name. - * @keyInfoCtx: the pointer to <dsig:KeyInfo/> node processing context. + * @store: the pointer to simple keys store. + * @name: the desired key name. + * @keyInfoCtx: the pointer to <dsig:KeyInfo/> node processing context. * * Lookups key in the @store. The caller is responsible for destroying * returned key with #xmlSecKeyDestroy function. @@ -331,7 +314,7 @@ files_keys_store_find_key(xmlSecKeyStorePtr store, const xmlChar* name, xmlSecKe /* it's possible to do not have the key name or desired key type * but we could do nothing in this case */ if((name == NULL) || (keyInfoCtx->keyReq.keyId == xmlSecKeyDataIdUnknown)){ - return(NULL); + return(NULL); } /* we don't want to open files in a folder other than "current"; @@ -339,32 +322,32 @@ files_keys_store_find_key(xmlSecKeyStorePtr store, const xmlChar* name, xmlSecKe * '.', '-' or '_'. */ for(p = name; (*p) != '\0'; ++p) { - if(!isalnum((*p)) && ((*p) != '.') && ((*p) != '-') && ((*p) != '_')) { - return(NULL); - } + if(!isalnum((*p)) && ((*p) != '.') && ((*p) != '-') && ((*p) != '_')) { + return(NULL); + } } if((keyInfoCtx->keyReq.keyId == xmlSecKeyDataDsaId) || (keyInfoCtx->keyReq.keyId == xmlSecKeyDataRsaId)) { - /* load key from a pem file, if key is not found then it's an error (is it?) */ - key = xmlSecCryptoAppKeyLoad(name, xmlSecKeyDataFormatPem, NULL, NULL, NULL); - if(key == NULL) { - fprintf(stderr,"Error: failed to load public pem key from \"%s\"\n", name); - return(NULL); - } + /* load key from a pem file, if key is not found then it's an error (is it?) */ + key = xmlSecCryptoAppKeyLoad(name, xmlSecKeyDataFormatPem, NULL, NULL, NULL); + if(key == NULL) { + fprintf(stderr,"Error: failed to load public pem key from \"%s\"\n", name); + return(NULL); + } } else { - /* otherwise it's a binary key, if key is not found then it's an error (is it?) */ - key = xmlSecKeyReadBinaryFile(keyInfoCtx->keyReq.keyId, name); - if(key == NULL) { - fprintf(stderr,"Error: failed to load key from binary file \"%s\"\n", name); - return(NULL); - } + /* otherwise it's a binary key, if key is not found then it's an error (is it?) */ + key = xmlSecKeyReadBinaryFile(keyInfoCtx->keyReq.keyId, name); + if(key == NULL) { + fprintf(stderr,"Error: failed to load key from binary file \"%s\"\n", name); + return(NULL); + } } /* set key name */ if(xmlSecKeySetName(key, name) < 0) { fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", name); xmlSecKeyDestroy(key); - return(NULL); + return(NULL); } return(key); diff --git a/examples/encrypt1.c b/examples/encrypt1.c index fb4d103f..bdd16b14 100644 --- a/examples/encrypt1.c +++ b/examples/encrypt1.c @@ -4,13 +4,13 @@ * Encrypts binary data using a template file and a DES key from a binary file * * Usage: - * ./encrypt1 <xml-tmpl> <des-key-file> + * ./encrypt1 <xml-tmpl> <des-key-file> * * Example: - * ./encrypt1 encrypt1-tmpl.xml deskey.bin > encrypt1-res.xml + * ./encrypt1 encrypt1-tmpl.xml deskey.bin > encrypt1-res.xml * * The result could be decrypted with decrypt1 example: - * ./decrypt1 encrypt1-res.xml deskey.bin + * ./decrypt1 encrypt1-res.xml deskey.bin * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -27,7 +27,6 @@ #ifndef XMLSEC_NO_XSLT #include <libxslt/xslt.h> -#include <libxslt/security.h> #endif /* XMLSEC_NO_XSLT */ #include <xmlsec/xmlsec.h> @@ -36,20 +35,17 @@ #include <xmlsec/crypto.h> int encrypt_file(const char* tmpl_file, const char* key_file, - const unsigned char* data, size_t dataSize); + const unsigned char* data, size_t dataSize); int main(int argc, char **argv) { static const char secret_data[] = "Big secret"; -#ifndef XMLSEC_NO_XSLT - xsltSecurityPrefsPtr xsltSecPrefs = NULL; -#endif /* XMLSEC_NO_XSLT */ - + assert(argv); if(argc != 3) { - fprintf(stderr, "Error: wrong number of arguments.\n"); - fprintf(stderr, "Usage: %s <tmpl-file> <key-file>\n", argv[0]); - return(1); + fprintf(stderr, "Error: wrong number of arguments.\n"); + fprintf(stderr, "Usage: %s <tmpl-file> <key-file>\n", argv[0]); + return(1); } /* Init libxml and libxslt libraries */ @@ -60,29 +56,17 @@ main(int argc, char **argv) { #ifndef XMLSEC_NO_XSLT xmlIndentTreeOutput = 1; #endif /* XMLSEC_NO_XSLT */ - - /* Init libxslt */ -#ifndef XMLSEC_NO_XSLT - /* disable everything */ - xsltSecPrefs = xsltNewSecurityPrefs(); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); - xsltSetDefaultSecurityPrefs(xsltSecPrefs); -#endif /* XMLSEC_NO_XSLT */ - + /* Init xmlsec library */ if(xmlSecInit() < 0) { - fprintf(stderr, "Error: xmlsec initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: xmlsec initialization failed.\n"); + return(-1); } /* Check loaded library version */ if(xmlSecCheckVersion() != 1) { - fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n"); - return(-1); + fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n"); + return(-1); } /* Load default crypto engine if we are supporting dynamic @@ -92,27 +76,27 @@ main(int argc, char **argv) { */ #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { - fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" - "that you have it installed and check shared libraries path\n" - "(LD_LIBRARY_PATH) envornment variable.\n"); - return(-1); + fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" + "that you have it installed and check shared libraries path\n" + "(LD_LIBRARY_PATH) envornment variable.\n"); + return(-1); } #endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */ /* Init crypto library */ if(xmlSecCryptoAppInit(NULL) < 0) { - fprintf(stderr, "Error: crypto initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: crypto initialization failed.\n"); + return(-1); } /* Init xmlsec-crypto library */ if(xmlSecCryptoInit() < 0) { - fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n"); + return(-1); } if(encrypt_file(argv[1], argv[2], secret_data, strlen(secret_data)) < 0) { - return(-1); + return(-1); } /* Shutdown xmlsec-crypto library */ @@ -126,7 +110,6 @@ main(int argc, char **argv) { /* Shutdown libxslt/libxml */ #ifndef XMLSEC_NO_XSLT - xsltFreeSecurityPrefs(xsltSecPrefs); xsltCleanupGlobals(); #endif /* XMLSEC_NO_XSLT */ xmlCleanupParser(); @@ -136,10 +119,10 @@ main(int argc, char **argv) { /** * encrypt_file: - * @tmpl_file: the encryption template file name. - * @key_file: the Triple DES key file. - * @data: the binary data to encrypt. - * @dataSize: the binary data size. + * @tmpl_file: the encryption template file name. + * @key_file: the Triple DES key file. + * @data: the binary data to encrypt. + * @dataSize: the binary data size. * * Encrypts binary #data using template from #tmpl_file and DES key from * #key_file. @@ -148,7 +131,7 @@ main(int argc, char **argv) { */ int encrypt_file(const char* tmpl_file, const char* key_file, - const unsigned char* data, size_t dataSize) { + const unsigned char* data, size_t dataSize) { xmlDocPtr doc = NULL; xmlNodePtr node = NULL; xmlSecEncCtxPtr encCtx = NULL; @@ -161,41 +144,41 @@ encrypt_file(const char* tmpl_file, const char* key_file, /* load template */ doc = xmlParseFile(tmpl_file); if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){ - fprintf(stderr, "Error: unable to parse file \"%s\"\n", tmpl_file); - goto done; + fprintf(stderr, "Error: unable to parse file \"%s\"\n", tmpl_file); + goto done; } /* find start node */ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeEncryptedData, xmlSecEncNs); if(node == NULL) { - fprintf(stderr, "Error: start node not found in \"%s\"\n", tmpl_file); - goto done; + fprintf(stderr, "Error: start node not found in \"%s\"\n", tmpl_file); + goto done; } /* create encryption context, we don't need keys manager in this example */ encCtx = xmlSecEncCtxCreate(NULL); if(encCtx == NULL) { fprintf(stderr,"Error: failed to create encryption context\n"); - goto done; + goto done; } /* load DES key, assuming that there is not password */ encCtx->encKey = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, key_file); if(encCtx->encKey == NULL) { fprintf(stderr,"Error: failed to load des key from binary file \"%s\"\n", key_file); - goto done; + goto done; } /* set key name to the file name, this is just an example! */ if(xmlSecKeySetName(encCtx->encKey, key_file) < 0) { - fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file); - goto done; + fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file); + goto done; } /* encrypt the data */ if(xmlSecEncCtxBinaryEncrypt(encCtx, node, data, dataSize) < 0) { fprintf(stderr,"Error: encryption failed\n"); - goto done; + goto done; } /* print encrypted data with document to stdout */ @@ -208,11 +191,11 @@ done: /* cleanup */ if(encCtx != NULL) { - xmlSecEncCtxDestroy(encCtx); + xmlSecEncCtxDestroy(encCtx); } if(doc != NULL) { - xmlFreeDoc(doc); + xmlFreeDoc(doc); } return(res); } diff --git a/examples/encrypt2.c b/examples/encrypt2.c index 4f1ad588..9bbd52ff 100644 --- a/examples/encrypt2.c +++ b/examples/encrypt2.c @@ -5,13 +5,13 @@ * from a binary file * * Usage: - * ./encrypt2 <xml-doc> <des-key-file> + * ./encrypt2 <xml-doc> <des-key-file> * * Example: - * ./encrypt2 encrypt2-doc.xml deskey.bin > encrypt2-res.xml + * ./encrypt2 encrypt2-doc.xml deskey.bin > encrypt2-res.xml * * The result could be decrypted with decrypt1 example: - * ./decrypt1 encrypt2-res.xml deskey.bin + * ./decrypt1 encrypt2-res.xml deskey.bin * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -28,7 +28,6 @@ #ifndef XMLSEC_NO_XSLT #include <libxslt/xslt.h> -#include <libxslt/security.h> #endif /* XMLSEC_NO_XSLT */ #include <xmlsec/xmlsec.h> @@ -41,16 +40,12 @@ int encrypt_file(const char* xml_file, const char* key_file); int main(int argc, char **argv) { -#ifndef XMLSEC_NO_XSLT - xsltSecurityPrefsPtr xsltSecPrefs = NULL; -#endif /* XMLSEC_NO_XSLT */ - assert(argv); if(argc != 3) { - fprintf(stderr, "Error: wrong number of arguments.\n"); - fprintf(stderr, "Usage: %s <xml-file> <key-file>\n", argv[0]); - return(1); + fprintf(stderr, "Error: wrong number of arguments.\n"); + fprintf(stderr, "Usage: %s <xml-file> <key-file>\n", argv[0]); + return(1); } /* Init libxml and libxslt libraries */ @@ -61,29 +56,17 @@ main(int argc, char **argv) { #ifndef XMLSEC_NO_XSLT xmlIndentTreeOutput = 1; #endif /* XMLSEC_NO_XSLT */ - - /* Init libxslt */ -#ifndef XMLSEC_NO_XSLT - /* disable everything */ - xsltSecPrefs = xsltNewSecurityPrefs(); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); - xsltSetDefaultSecurityPrefs(xsltSecPrefs); -#endif /* XMLSEC_NO_XSLT */ - + /* Init xmlsec library */ if(xmlSecInit() < 0) { - fprintf(stderr, "Error: xmlsec initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: xmlsec initialization failed.\n"); + return(-1); } /* Check loaded library version */ if(xmlSecCheckVersion() != 1) { - fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n"); - return(-1); + fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n"); + return(-1); } /* Load default crypto engine if we are supporting dynamic @@ -93,27 +76,27 @@ main(int argc, char **argv) { */ #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { - fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" - "that you have it installed and check shared libraries path\n" - "(LD_LIBRARY_PATH) envornment variable.\n"); - return(-1); + fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" + "that you have it installed and check shared libraries path\n" + "(LD_LIBRARY_PATH) envornment variable.\n"); + return(-1); } #endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */ /* Init crypto library */ if(xmlSecCryptoAppInit(NULL) < 0) { - fprintf(stderr, "Error: crypto initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: crypto initialization failed.\n"); + return(-1); } /* Init xmlsec-crypto library */ if(xmlSecCryptoInit() < 0) { - fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n"); + return(-1); } if(encrypt_file(argv[1], argv[2]) < 0) { - return(-1); + return(-1); } /* Shutdown xmlsec-crypto library */ @@ -127,7 +110,6 @@ main(int argc, char **argv) { /* Shutdown libxslt/libxml */ #ifndef XMLSEC_NO_XSLT - xsltFreeSecurityPrefs(xsltSecPrefs); xsltCleanupGlobals(); #endif /* XMLSEC_NO_XSLT */ xmlCleanupParser(); @@ -137,8 +119,8 @@ main(int argc, char **argv) { /** * encrypt_file: - * @xml_file: the encryption template file name. - * @key_file: the Triple DES key file. + * @xml_file: the encryption template file name. + * @key_file: the Triple DES key file. * * Encrypts #xml_file using a dynamicaly created template and DES key from * #key_file. @@ -159,61 +141,61 @@ encrypt_file(const char* xml_file, const char* key_file) { /* load template */ doc = xmlParseFile(xml_file); if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){ - fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file); - goto done; + fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file); + goto done; } /* create encryption template to encrypt XML file and replace * its content with encryption result */ encDataNode = xmlSecTmplEncDataCreate(doc, xmlSecTransformDes3CbcId, - NULL, xmlSecTypeEncElement, NULL, NULL); + NULL, xmlSecTypeEncElement, NULL, NULL); if(encDataNode == NULL) { - fprintf(stderr, "Error: failed to create encryption template\n"); - goto done; + fprintf(stderr, "Error: failed to create encryption template\n"); + goto done; } /* we want to put encrypted data in the <enc:CipherValue/> node */ if(xmlSecTmplEncDataEnsureCipherValue(encDataNode) == NULL) { - fprintf(stderr, "Error: failed to add CipherValue node\n"); - goto done; + fprintf(stderr, "Error: failed to add CipherValue node\n"); + goto done; } /* add <dsig:KeyInfo/> and <dsig:KeyName/> nodes to put key name in the signed document */ keyInfoNode = xmlSecTmplEncDataEnsureKeyInfo(encDataNode, NULL); if(keyInfoNode == NULL) { - fprintf(stderr, "Error: failed to add key info\n"); - goto done; + fprintf(stderr, "Error: failed to add key info\n"); + goto done; } if(xmlSecTmplKeyInfoAddKeyName(keyInfoNode, NULL) == NULL) { - fprintf(stderr, "Error: failed to add key name\n"); - goto done; + fprintf(stderr, "Error: failed to add key name\n"); + goto done; } /* create encryption context, we don't need keys manager in this example */ encCtx = xmlSecEncCtxCreate(NULL); if(encCtx == NULL) { fprintf(stderr,"Error: failed to create encryption context\n"); - goto done; + goto done; } /* load DES key, assuming that there is not password */ encCtx->encKey = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, key_file); if(encCtx->encKey == NULL) { fprintf(stderr,"Error: failed to load des key from binary file \"%s\"\n", key_file); - goto done; + goto done; } /* set key name to the file name, this is just an example! */ if(xmlSecKeySetName(encCtx->encKey, key_file) < 0) { - fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file); - goto done; + fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file); + goto done; } /* encrypt the data */ if(xmlSecEncCtxXmlEncrypt(encCtx, encDataNode, xmlDocGetRootElement(doc)) < 0) { fprintf(stderr,"Error: encryption failed\n"); - goto done; + goto done; } /* we template is inserted in the doc */ @@ -229,15 +211,15 @@ done: /* cleanup */ if(encCtx != NULL) { - xmlSecEncCtxDestroy(encCtx); + xmlSecEncCtxDestroy(encCtx); } if(encDataNode != NULL) { - xmlFreeNode(encDataNode); + xmlFreeNode(encDataNode); } if(doc != NULL) { - xmlFreeDoc(doc); + xmlFreeDoc(doc); } return(res); } diff --git a/examples/encrypt3.c b/examples/encrypt3.c index aa9465a2..788c964e 100644 --- a/examples/encrypt3.c +++ b/examples/encrypt3.c @@ -5,13 +5,13 @@ * DES key (encrypted with an RSA key). * * Usage: - * ./encrypt3 <xml-doc> <rsa-pem-key-file> + * ./encrypt3 <xml-doc> <rsa-pem-key-file> * * Example: - * ./encrypt3 encrypt3-doc.xml rsakey.pem > encrypt3-res.xml + * ./encrypt3 encrypt3-doc.xml rsakey.pem > encrypt3-res.xml * * The result could be decrypted with decrypt3 example: - * ./decrypt3 encrypt3-res.xml + * ./decrypt3 encrypt3-res.xml * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -28,7 +28,6 @@ #ifndef XMLSEC_NO_XSLT #include <libxslt/xslt.h> -#include <libxslt/security.h> #endif /* XMLSEC_NO_XSLT */ #include <xmlsec/xmlsec.h> @@ -43,16 +42,13 @@ int encrypt_file(xmlSecKeysMngrPtr mngr, const char* xml_file, const char* key_n int main(int argc, char **argv) { xmlSecKeysMngrPtr mngr; -#ifndef XMLSEC_NO_XSLT - xsltSecurityPrefsPtr xsltSecPrefs = NULL; -#endif /* XMLSEC_NO_XSLT */ assert(argv); if(argc != 3) { - fprintf(stderr, "Error: wrong number of arguments.\n"); - fprintf(stderr, "Usage: %s <xml-file> <key-file>\n", argv[0]); - return(1); + fprintf(stderr, "Error: wrong number of arguments.\n"); + fprintf(stderr, "Usage: %s <xml-file> <key-file>\n", argv[0]); + return(1); } /* Init libxml and libxslt libraries */ @@ -63,29 +59,17 @@ main(int argc, char **argv) { #ifndef XMLSEC_NO_XSLT xmlIndentTreeOutput = 1; #endif /* XMLSEC_NO_XSLT */ - - /* Init libxslt */ -#ifndef XMLSEC_NO_XSLT - /* disable everything */ - xsltSecPrefs = xsltNewSecurityPrefs(); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); - xsltSetDefaultSecurityPrefs(xsltSecPrefs); -#endif /* XMLSEC_NO_XSLT */ - + /* Init xmlsec library */ if(xmlSecInit() < 0) { - fprintf(stderr, "Error: xmlsec initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: xmlsec initialization failed.\n"); + return(-1); } /* Check loaded library version */ if(xmlSecCheckVersion() != 1) { - fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n"); - return(-1); + fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n"); + return(-1); } /* Load default crypto engine if we are supporting dynamic @@ -95,35 +79,35 @@ main(int argc, char **argv) { */ #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { - fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" - "that you have it installed and check shared libraries path\n" - "(LD_LIBRARY_PATH) envornment variable.\n"); - return(-1); + fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" + "that you have it installed and check shared libraries path\n" + "(LD_LIBRARY_PATH) envornment variable.\n"); + return(-1); } #endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */ /* Init crypto library */ if(xmlSecCryptoAppInit(NULL) < 0) { - fprintf(stderr, "Error: crypto initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: crypto initialization failed.\n"); + return(-1); } /* Init xmlsec-crypto library */ if(xmlSecCryptoInit() < 0) { - fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n"); + return(-1); } /* create keys manager and load keys */ mngr = load_rsa_keys(argv[2]); if(mngr == NULL) { - return(-1); + return(-1); } /* we use key filename as key name here */ if(encrypt_file(mngr, argv[1], argv[2]) < 0) { - xmlSecKeysMngrDestroy(mngr); - return(-1); + xmlSecKeysMngrDestroy(mngr); + return(-1); } /* destroy keys manager */ @@ -140,7 +124,6 @@ main(int argc, char **argv) { /* Shutdown libxslt/libxml */ #ifndef XMLSEC_NO_XSLT - xsltFreeSecurityPrefs(xsltSecPrefs); xsltCleanupGlobals(); #endif /* XMLSEC_NO_XSLT */ xmlCleanupParser(); @@ -150,7 +133,7 @@ main(int argc, char **argv) { /** * load_rsa_keys: - * @key_file: the key filename. + * @key_file: the key filename. * * Creates simple keys manager and load RSA key from #key_file in it. * The caller is responsible for destroing returned keys manager using @@ -172,13 +155,13 @@ load_rsa_keys(char* key_file) { */ mngr = xmlSecKeysMngrCreate(); if(mngr == NULL) { - fprintf(stderr, "Error: failed to create keys manager.\n"); - return(NULL); + fprintf(stderr, "Error: failed to create keys manager.\n"); + return(NULL); } if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) { - fprintf(stderr, "Error: failed to initialize keys manager.\n"); - xmlSecKeysMngrDestroy(mngr); - return(NULL); + fprintf(stderr, "Error: failed to initialize keys manager.\n"); + xmlSecKeysMngrDestroy(mngr); + return(NULL); } /* load private RSA key */ @@ -192,11 +175,11 @@ load_rsa_keys(char* key_file) { /* set key name to the file name, this is just an example! */ if(xmlSecKeySetName(key, BAD_CAST key_file) < 0) { fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file); - xmlSecKeyDestroy(key); - xmlSecKeysMngrDestroy(mngr); - return(NULL); + xmlSecKeyDestroy(key); + xmlSecKeysMngrDestroy(mngr); + return(NULL); } - + /* add key to keys manager, from now on keys manager is responsible * for destroying key */ @@ -212,9 +195,9 @@ load_rsa_keys(char* key_file) { /** * encrypt_file: - * @mngr: the pointer to keys manager. - * @xml_file: the encryption template file name. - * @key_name: the RSA key name. + * @mngr: the pointer to keys manager. + * @xml_file: the encryption template file name. + * @key_name: the RSA key name. * * Encrypts #xml_file using a dynamicaly created template, a session DES key * and an RSA key from keys manager. @@ -238,78 +221,78 @@ encrypt_file(xmlSecKeysMngrPtr mngr, const char* xml_file, const char* key_name) /* load template */ doc = xmlParseFile(xml_file); if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){ - fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file); - goto done; + fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file); + goto done; } /* create encryption template to encrypt XML file and replace * its content with encryption result */ encDataNode = xmlSecTmplEncDataCreate(doc, xmlSecTransformDes3CbcId, - NULL, xmlSecTypeEncElement, NULL, NULL); + NULL, xmlSecTypeEncElement, NULL, NULL); if(encDataNode == NULL) { - fprintf(stderr, "Error: failed to create encryption template\n"); - goto done; + fprintf(stderr, "Error: failed to create encryption template\n"); + goto done; } /* we want to put encrypted data in the <enc:CipherValue/> node */ if(xmlSecTmplEncDataEnsureCipherValue(encDataNode) == NULL) { - fprintf(stderr, "Error: failed to add CipherValue node\n"); - goto done; + fprintf(stderr, "Error: failed to add CipherValue node\n"); + goto done; } /* add <dsig:KeyInfo/> */ keyInfoNode = xmlSecTmplEncDataEnsureKeyInfo(encDataNode, NULL); if(keyInfoNode == NULL) { - fprintf(stderr, "Error: failed to add key info\n"); - goto done; + fprintf(stderr, "Error: failed to add key info\n"); + goto done; } /* add <enc:EncryptedKey/> to store the encrypted session key */ encKeyNode = xmlSecTmplKeyInfoAddEncryptedKey(keyInfoNode, - xmlSecTransformRsaPkcs1Id, - NULL, NULL, NULL); + xmlSecTransformRsaPkcs1Id, + NULL, NULL, NULL); if(encKeyNode == NULL) { - fprintf(stderr, "Error: failed to add key info\n"); - goto done; + fprintf(stderr, "Error: failed to add key info\n"); + goto done; } /* we want to put encrypted key in the <enc:CipherValue/> node */ if(xmlSecTmplEncDataEnsureCipherValue(encKeyNode) == NULL) { - fprintf(stderr, "Error: failed to add CipherValue node\n"); - goto done; + fprintf(stderr, "Error: failed to add CipherValue node\n"); + goto done; } /* add <dsig:KeyInfo/> and <dsig:KeyName/> nodes to <enc:EncryptedKey/> */ keyInfoNode2 = xmlSecTmplEncDataEnsureKeyInfo(encKeyNode, NULL); if(keyInfoNode2 == NULL) { - fprintf(stderr, "Error: failed to add key info\n"); - goto done; + fprintf(stderr, "Error: failed to add key info\n"); + goto done; } /* set key name so we can lookup key when needed */ if(xmlSecTmplKeyInfoAddKeyName(keyInfoNode2, key_name) == NULL) { - fprintf(stderr, "Error: failed to add key name\n"); - goto done; + fprintf(stderr, "Error: failed to add key name\n"); + goto done; } /* create encryption context */ encCtx = xmlSecEncCtxCreate(mngr); if(encCtx == NULL) { fprintf(stderr,"Error: failed to create encryption context\n"); - goto done; + goto done; } /* generate a Triple DES key */ encCtx->encKey = xmlSecKeyGenerate(xmlSecKeyDataDesId, 192, xmlSecKeyDataTypeSession); if(encCtx->encKey == NULL) { fprintf(stderr,"Error: failed to generate session des key\n"); - goto done; + goto done; } /* encrypt the data */ if(xmlSecEncCtxXmlEncrypt(encCtx, encDataNode, xmlDocGetRootElement(doc)) < 0) { fprintf(stderr,"Error: encryption failed\n"); - goto done; + goto done; } /* we template is inserted in the doc */ @@ -325,15 +308,15 @@ done: /* cleanup */ if(encCtx != NULL) { - xmlSecEncCtxDestroy(encCtx); + xmlSecEncCtxDestroy(encCtx); } if(encDataNode != NULL) { - xmlFreeNode(encDataNode); + xmlFreeNode(encDataNode); } if(doc != NULL) { - xmlFreeDoc(doc); + xmlFreeDoc(doc); } return(res); } diff --git a/examples/mywin32make.bat b/examples/mywin32make.bat index a7d22803..84c5777e 100644 --- a/examples/mywin32make.bat +++ b/examples/mywin32make.bat @@ -8,7 +8,7 @@ REM REM Aleksey Sanin <aleksey@aleksey.com> REM -SET XMLSEC_PREFIX=C:\cygwin\home\local +SET XMLSEC_PREFIX=d:\sdk SET XMLSEC_INCLUDE=%XMLSEC_PREFIX%\include SET XMLSEC_LIB=%XMLSEC_PREFIX%\lib diff --git a/examples/sign1.c b/examples/sign1.c index e545843f..f17bf96f 100644 --- a/examples/sign1.c +++ b/examples/sign1.c @@ -4,13 +4,13 @@ * Signs a template file using a key from PEM file * * Usage: - * ./sign1 <xml-tmpl> <pem-key> + * ./sign1 <xml-tmpl> <pem-key> * * Example: - * ./sign1 sign1-tmpl.xml rsakey.pem > sign1-res.xml + * ./sign1 sign1-tmpl.xml rsakey.pem > sign1-res.xml * * The result signature could be validated using verify1 example: - * ./verify1 sign1-res.xml rsapub.pem + * ./verify1 sign1-res.xml rsapub.pem * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -27,7 +27,6 @@ #ifndef XMLSEC_NO_XSLT #include <libxslt/xslt.h> -#include <libxslt/security.h> #endif /* XMLSEC_NO_XSLT */ #include <xmlsec/xmlsec.h> @@ -39,16 +38,12 @@ int sign_file(const char* tmpl_file, const char* key_file); int main(int argc, char **argv) { -#ifndef XMLSEC_NO_XSLT - xsltSecurityPrefsPtr xsltSecPrefs = NULL; -#endif /* XMLSEC_NO_XSLT */ - assert(argv); if(argc != 3) { - fprintf(stderr, "Error: wrong number of arguments.\n"); - fprintf(stderr, "Usage: %s <tmpl-file> <key-file>\n", argv[0]); - return(1); + fprintf(stderr, "Error: wrong number of arguments.\n"); + fprintf(stderr, "Usage: %s <tmpl-file> <key-file>\n", argv[0]); + return(1); } /* Init libxml and libxslt libraries */ @@ -59,29 +54,17 @@ main(int argc, char **argv) { #ifndef XMLSEC_NO_XSLT xmlIndentTreeOutput = 1; #endif /* XMLSEC_NO_XSLT */ - - /* Init libxslt */ -#ifndef XMLSEC_NO_XSLT - /* disable everything */ - xsltSecPrefs = xsltNewSecurityPrefs(); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); - xsltSetDefaultSecurityPrefs(xsltSecPrefs); -#endif /* XMLSEC_NO_XSLT */ - + /* Init xmlsec library */ if(xmlSecInit() < 0) { - fprintf(stderr, "Error: xmlsec initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: xmlsec initialization failed.\n"); + return(-1); } /* Check loaded library version */ if(xmlSecCheckVersion() != 1) { - fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n"); - return(-1); + fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n"); + return(-1); } /* Load default crypto engine if we are supporting dynamic @@ -91,27 +74,27 @@ main(int argc, char **argv) { */ #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { - fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" - "that you have it installed and check shared libraries path\n" - "(LD_LIBRARY_PATH) envornment variable.\n"); - return(-1); + fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" + "that you have it installed and check shared libraries path\n" + "(LD_LIBRARY_PATH) envornment variable.\n"); + return(-1); } #endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */ /* Init crypto library */ if(xmlSecCryptoAppInit(NULL) < 0) { - fprintf(stderr, "Error: crypto initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: crypto initialization failed.\n"); + return(-1); } /* Init xmlsec-crypto library */ if(xmlSecCryptoInit() < 0) { - fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n"); + return(-1); } if(sign_file(argv[1], argv[2]) < 0) { - return(-1); + return(-1); } /* Shutdown xmlsec-crypto library */ @@ -125,8 +108,7 @@ main(int argc, char **argv) { /* Shutdown libxslt/libxml */ #ifndef XMLSEC_NO_XSLT - xsltFreeSecurityPrefs(xsltSecPrefs); - xsltCleanupGlobals(); + xsltCleanupGlobals(); #endif /* XMLSEC_NO_XSLT */ xmlCleanupParser(); @@ -135,8 +117,8 @@ main(int argc, char **argv) { /** * sign_file: - * @tmpl_file: the signature template file name. - * @key_file: the PEM private key file name. + * @tmpl_file: the signature template file name. + * @key_file: the PEM private key file name. * * Signs the #tmpl_file using private key from #key_file. * @@ -155,41 +137,41 @@ sign_file(const char* tmpl_file, const char* key_file) { /* load template */ doc = xmlParseFile(tmpl_file); if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){ - fprintf(stderr, "Error: unable to parse file \"%s\"\n", tmpl_file); - goto done; + fprintf(stderr, "Error: unable to parse file \"%s\"\n", tmpl_file); + goto done; } /* find start node */ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs); if(node == NULL) { - fprintf(stderr, "Error: start node not found in \"%s\"\n", tmpl_file); - goto done; + fprintf(stderr, "Error: start node not found in \"%s\"\n", tmpl_file); + goto done; } /* create signature context, we don't need keys manager in this example */ dsigCtx = xmlSecDSigCtxCreate(NULL); if(dsigCtx == NULL) { fprintf(stderr,"Error: failed to create signature context\n"); - goto done; + goto done; } /* load private key, assuming that there is not password */ dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL); if(dsigCtx->signKey == NULL) { fprintf(stderr,"Error: failed to load private pem key from \"%s\"\n", key_file); - goto done; + goto done; } /* set key name to the file name, this is just an example! */ if(xmlSecKeySetName(dsigCtx->signKey, key_file) < 0) { - fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file); - goto done; + fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file); + goto done; } /* sign the template */ if(xmlSecDSigCtxSign(dsigCtx, node) < 0) { fprintf(stderr,"Error: signature failed\n"); - goto done; + goto done; } /* print signed document to stdout */ @@ -201,11 +183,11 @@ sign_file(const char* tmpl_file, const char* key_file) { done: /* cleanup */ if(dsigCtx != NULL) { - xmlSecDSigCtxDestroy(dsigCtx); + xmlSecDSigCtxDestroy(dsigCtx); } if(doc != NULL) { - xmlFreeDoc(doc); + xmlFreeDoc(doc); } return(res); } diff --git a/examples/sign2.c b/examples/sign2.c index 146bbbaa..3bb858ce 100644 --- a/examples/sign2.c +++ b/examples/sign2.c @@ -6,13 +6,13 @@ * the whole document except the <dsig:Signature/> node itself. * * Usage: - * sign2 <xml-doc> <pem-key> + * sign2 <xml-doc> <pem-key> * * Example: - * ./sign2 sign2-doc.xml rsakey.pem > sign2-res.xml + * ./sign2 sign2-doc.xml rsakey.pem > sign2-res.xml * * The result signature could be validated using verify1 example: - * ./verify1 sign2-res.xml rsapub.pem + * ./verify1 sign2-res.xml rsapub.pem * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -29,7 +29,6 @@ #ifndef XMLSEC_NO_XSLT #include <libxslt/xslt.h> -#include <libxslt/security.h> #endif /* XMLSEC_NO_XSLT */ #include <xmlsec/xmlsec.h> @@ -42,16 +41,12 @@ int sign_file(const char* xml_file, const char* key_file); int main(int argc, char **argv) { -#ifndef XMLSEC_NO_XSLT - xsltSecurityPrefsPtr xsltSecPrefs = NULL; -#endif /* XMLSEC_NO_XSLT */ - assert(argv); if(argc != 3) { - fprintf(stderr, "Error: wrong number of arguments.\n"); - fprintf(stderr, "Usage: %s <xml-file> <key-file>\n", argv[0]); - return(1); + fprintf(stderr, "Error: wrong number of arguments.\n"); + fprintf(stderr, "Usage: %s <xml-file> <key-file>\n", argv[0]); + return(1); } /* Init libxml and libxslt libraries */ @@ -62,29 +57,17 @@ main(int argc, char **argv) { #ifndef XMLSEC_NO_XSLT xmlIndentTreeOutput = 1; #endif /* XMLSEC_NO_XSLT */ - - /* Init libxslt */ -#ifndef XMLSEC_NO_XSLT - /* disable everything */ - xsltSecPrefs = xsltNewSecurityPrefs(); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); - xsltSetDefaultSecurityPrefs(xsltSecPrefs); -#endif /* XMLSEC_NO_XSLT */ - + /* Init xmlsec library */ if(xmlSecInit() < 0) { - fprintf(stderr, "Error: xmlsec initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: xmlsec initialization failed.\n"); + return(-1); } /* Check loaded library version */ if(xmlSecCheckVersion() != 1) { - fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n"); - return(-1); + fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n"); + return(-1); } /* Load default crypto engine if we are supporting dynamic @@ -94,27 +77,27 @@ main(int argc, char **argv) { */ #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { - fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" - "that you have it installed and check shared libraries path\n" - "(LD_LIBRARY_PATH) envornment variable.\n"); - return(-1); + fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" + "that you have it installed and check shared libraries path\n" + "(LD_LIBRARY_PATH) envornment variable.\n"); + return(-1); } #endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */ /* Init crypto library */ if(xmlSecCryptoAppInit(NULL) < 0) { - fprintf(stderr, "Error: crypto initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: crypto initialization failed.\n"); + return(-1); } /* Init xmlsec-crypto library */ if(xmlSecCryptoInit() < 0) { - fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n"); + return(-1); } if(sign_file(argv[1], argv[2]) < 0) { - return(-1); + return(-1); } /* Shutdown xmlsec-crypto library */ @@ -128,7 +111,6 @@ main(int argc, char **argv) { /* Shutdown libxslt/libxml */ #ifndef XMLSEC_NO_XSLT - xsltFreeSecurityPrefs(xsltSecPrefs); xsltCleanupGlobals(); #endif /* XMLSEC_NO_XSLT */ xmlCleanupParser(); @@ -138,8 +120,8 @@ main(int argc, char **argv) { /** * sign_file: - * @xml_file: the XML file name. - * @key_file: the PEM private key file name. + * @xml_file: the XML file name. + * @key_file: the PEM private key file name. * * Signs the #xml_file using private key from #key_file and dynamicaly * created enveloped signature template. @@ -161,16 +143,16 @@ sign_file(const char* xml_file, const char* key_file) { /* load doc file */ doc = xmlParseFile(xml_file); if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){ - fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file); - goto done; + fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file); + goto done; } /* create signature template for RSA-SHA1 enveloped signature */ signNode = xmlSecTmplSignatureCreate(doc, xmlSecTransformExclC14NId, - xmlSecTransformRsaSha1Id, NULL); + xmlSecTransformRsaSha1Id, NULL); if(signNode == NULL) { - fprintf(stderr, "Error: failed to create signature template\n"); - goto done; + fprintf(stderr, "Error: failed to create signature template\n"); + goto done; } /* add <dsig:Signature/> node to the doc */ @@ -178,54 +160,54 @@ sign_file(const char* xml_file, const char* key_file) { /* add reference */ refNode = xmlSecTmplSignatureAddReference(signNode, xmlSecTransformSha1Id, - NULL, NULL, NULL); + NULL, NULL, NULL); if(refNode == NULL) { - fprintf(stderr, "Error: failed to add reference to signature template\n"); - goto done; + fprintf(stderr, "Error: failed to add reference to signature template\n"); + goto done; } /* add enveloped transform */ if(xmlSecTmplReferenceAddTransform(refNode, xmlSecTransformEnvelopedId) == NULL) { - fprintf(stderr, "Error: failed to add enveloped transform to reference\n"); - goto done; + fprintf(stderr, "Error: failed to add enveloped transform to reference\n"); + goto done; } /* add <dsig:KeyInfo/> and <dsig:KeyName/> nodes to put key name in the signed document */ keyInfoNode = xmlSecTmplSignatureEnsureKeyInfo(signNode, NULL); if(keyInfoNode == NULL) { - fprintf(stderr, "Error: failed to add key info\n"); - goto done; + fprintf(stderr, "Error: failed to add key info\n"); + goto done; } if(xmlSecTmplKeyInfoAddKeyName(keyInfoNode, NULL) == NULL) { - fprintf(stderr, "Error: failed to add key name\n"); - goto done; + fprintf(stderr, "Error: failed to add key name\n"); + goto done; } /* create signature context, we don't need keys manager in this example */ dsigCtx = xmlSecDSigCtxCreate(NULL); if(dsigCtx == NULL) { fprintf(stderr,"Error: failed to create signature context\n"); - goto done; + goto done; } /* load private key, assuming that there is not password */ dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL); if(dsigCtx->signKey == NULL) { fprintf(stderr,"Error: failed to load private pem key from \"%s\"\n", key_file); - goto done; + goto done; } /* set key name to the file name, this is just an example! */ if(xmlSecKeySetName(dsigCtx->signKey, key_file) < 0) { - fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file); - goto done; + fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file); + goto done; } /* sign the template */ if(xmlSecDSigCtxSign(dsigCtx, signNode) < 0) { fprintf(stderr,"Error: signature failed\n"); - goto done; + goto done; } /* print signed document to stdout */ @@ -237,11 +219,11 @@ sign_file(const char* xml_file, const char* key_file) { done: /* cleanup */ if(dsigCtx != NULL) { - xmlSecDSigCtxDestroy(dsigCtx); + xmlSecDSigCtxDestroy(dsigCtx); } if(doc != NULL) { - xmlFreeDoc(doc); + xmlFreeDoc(doc); } return(res); } diff --git a/examples/sign3.c b/examples/sign3.c index 9d16cf72..8a367083 100644 --- a/examples/sign3.c +++ b/examples/sign3.c @@ -10,13 +10,13 @@ * certificates management policies for another crypto library may break it. * * Usage: - * sign3 <xml-doc> <pem-key> + * sign3 <xml-doc> <pem-key> * * Example: - * ./sign3 sign3-doc.xml rsakey.pem rsacert.pem > sign3-res.xml + * ./sign3 sign3-doc.xml rsakey.pem rsacert.pem > sign3-res.xml * * The result signature could be validated using verify3 example: - * ./verify3 sign3-res.xml rootcert.pem + * ./verify3 sign3-res.xml rootcert.pem * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -33,7 +33,6 @@ #ifndef XMLSEC_NO_XSLT #include <libxslt/xslt.h> -#include <libxslt/security.h> #endif /* XMLSEC_NO_XSLT */ #include <xmlsec/xmlsec.h> @@ -46,16 +45,12 @@ int sign_file(const char* xml_file, const char* key_file, const char* cert_file) int main(int argc, char **argv) { -#ifndef XMLSEC_NO_XSLT - xsltSecurityPrefsPtr xsltSecPrefs = NULL; -#endif /* XMLSEC_NO_XSLT */ - assert(argv); if(argc != 4) { - fprintf(stderr, "Error: wrong number of arguments.\n"); - fprintf(stderr, "Usage: %s <xml-file> <key-file> <cert-file>\n", argv[0]); - return(1); + fprintf(stderr, "Error: wrong number of arguments.\n"); + fprintf(stderr, "Usage: %s <xml-file> <key-file> <cert-file>\n", argv[0]); + return(1); } /* Init libxml and libxslt libraries */ @@ -66,29 +61,17 @@ main(int argc, char **argv) { #ifndef XMLSEC_NO_XSLT xmlIndentTreeOutput = 1; #endif /* XMLSEC_NO_XSLT */ - - /* Init libxslt */ -#ifndef XMLSEC_NO_XSLT - /* disable everything */ - xsltSecPrefs = xsltNewSecurityPrefs(); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); - xsltSetDefaultSecurityPrefs(xsltSecPrefs); -#endif /* XMLSEC_NO_XSLT */ - + /* Init xmlsec library */ if(xmlSecInit() < 0) { - fprintf(stderr, "Error: xmlsec initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: xmlsec initialization failed.\n"); + return(-1); } /* Check loaded library version */ if(xmlSecCheckVersion() != 1) { - fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n"); - return(-1); + fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n"); + return(-1); } /* Load default crypto engine if we are supporting dynamic @@ -98,27 +81,27 @@ main(int argc, char **argv) { */ #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { - fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" - "that you have it installed and check shared libraries path\n" - "(LD_LIBRARY_PATH) envornment variable.\n"); - return(-1); + fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" + "that you have it installed and check shared libraries path\n" + "(LD_LIBRARY_PATH) envornment variable.\n"); + return(-1); } #endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */ /* Init crypto library */ if(xmlSecCryptoAppInit(NULL) < 0) { - fprintf(stderr, "Error: crypto initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: crypto initialization failed.\n"); + return(-1); } /* Init xmlsec-crypto library */ if(xmlSecCryptoInit() < 0) { - fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n"); + return(-1); } if(sign_file(argv[1], argv[2], argv[3]) < 0) { - return(-1); + return(-1); } /* Shutdown xmlsec-crypto library */ @@ -132,7 +115,6 @@ main(int argc, char **argv) { /* Shutdown libxslt/libxml */ #ifndef XMLSEC_NO_XSLT - xsltFreeSecurityPrefs(xsltSecPrefs); xsltCleanupGlobals(); #endif /* XMLSEC_NO_XSLT */ xmlCleanupParser(); @@ -142,9 +124,9 @@ main(int argc, char **argv) { /** * sign_file: - * @xml_file: the XML file name. - * @key_file: the PEM private key file name. - * @cert_file: the x509 certificate PEM file. + * @xml_file: the XML file name. + * @key_file: the PEM private key file name. + * @cert_file: the x509 certificate PEM file. * * Signs the @xml_file using private key from @key_file and dynamicaly * created enveloped signature template. The certificate from @cert_file @@ -168,16 +150,16 @@ sign_file(const char* xml_file, const char* key_file, const char* cert_file) { /* load doc file */ doc = xmlParseFile(xml_file); if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){ - fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file); - goto done; + fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file); + goto done; } /* create signature template for RSA-SHA1 enveloped signature */ signNode = xmlSecTmplSignatureCreate(doc, xmlSecTransformExclC14NId, - xmlSecTransformRsaSha1Id, NULL); + xmlSecTransformRsaSha1Id, NULL); if(signNode == NULL) { - fprintf(stderr, "Error: failed to create signature template\n"); - goto done; + fprintf(stderr, "Error: failed to create signature template\n"); + goto done; } /* add <dsig:Signature/> node to the doc */ @@ -185,60 +167,60 @@ sign_file(const char* xml_file, const char* key_file, const char* cert_file) { /* add reference */ refNode = xmlSecTmplSignatureAddReference(signNode, xmlSecTransformSha1Id, - NULL, NULL, NULL); + NULL, NULL, NULL); if(refNode == NULL) { - fprintf(stderr, "Error: failed to add reference to signature template\n"); - goto done; + fprintf(stderr, "Error: failed to add reference to signature template\n"); + goto done; } /* add enveloped transform */ if(xmlSecTmplReferenceAddTransform(refNode, xmlSecTransformEnvelopedId) == NULL) { - fprintf(stderr, "Error: failed to add enveloped transform to reference\n"); - goto done; + fprintf(stderr, "Error: failed to add enveloped transform to reference\n"); + goto done; } /* add <dsig:KeyInfo/> and <dsig:X509Data/> */ keyInfoNode = xmlSecTmplSignatureEnsureKeyInfo(signNode, NULL); if(keyInfoNode == NULL) { - fprintf(stderr, "Error: failed to add key info\n"); - goto done; + fprintf(stderr, "Error: failed to add key info\n"); + goto done; } if(xmlSecTmplKeyInfoAddX509Data(keyInfoNode) == NULL) { - fprintf(stderr, "Error: failed to add X509Data node\n"); - goto done; + fprintf(stderr, "Error: failed to add X509Data node\n"); + goto done; } /* create signature context, we don't need keys manager in this example */ dsigCtx = xmlSecDSigCtxCreate(NULL); if(dsigCtx == NULL) { fprintf(stderr,"Error: failed to create signature context\n"); - goto done; + goto done; } /* load private key, assuming that there is not password */ dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL); if(dsigCtx->signKey == NULL) { fprintf(stderr,"Error: failed to load private pem key from \"%s\"\n", key_file); - goto done; + goto done; } /* load certificate and add to the key */ if(xmlSecCryptoAppKeyCertLoad(dsigCtx->signKey, cert_file, xmlSecKeyDataFormatPem) < 0) { fprintf(stderr,"Error: failed to load pem certificate \"%s\"\n", cert_file); - goto done; + goto done; } /* set key name to the file name, this is just an example! */ if(xmlSecKeySetName(dsigCtx->signKey, key_file) < 0) { - fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file); - goto done; + fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file); + goto done; } /* sign the template */ if(xmlSecDSigCtxSign(dsigCtx, signNode) < 0) { fprintf(stderr,"Error: signature failed\n"); - goto done; + goto done; } /* print signed document to stdout */ @@ -250,11 +232,11 @@ sign_file(const char* xml_file, const char* key_file, const char* cert_file) { done: /* cleanup */ if(dsigCtx != NULL) { - xmlSecDSigCtxDestroy(dsigCtx); + xmlSecDSigCtxDestroy(dsigCtx); } if(doc != NULL) { - xmlFreeDoc(doc); + xmlFreeDoc(doc); } return(res); } diff --git a/examples/verify1.c b/examples/verify1.c index 04917e5a..9f2eff5b 100644 --- a/examples/verify1.c +++ b/examples/verify1.c @@ -4,11 +4,11 @@ * Verifies a file using a key from PEM file. * * Usage: - * verify1 <signed-file> <pem-key> + * verify1 <signed-file> <pem-key> * * Example: - * ./verify1 sign1-res.xml rsapub.pem - * ./verify1 sign2-res.xml rsapub.pem + * ./verify1 sign1-res.xml rsapub.pem + * ./verify1 sign2-res.xml rsapub.pem * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -25,7 +25,6 @@ #ifndef XMLSEC_NO_XSLT #include <libxslt/xslt.h> -#include <libxslt/security.h> #endif /* XMLSEC_NO_XSLT */ #include <xmlsec/xmlsec.h> @@ -37,16 +36,12 @@ int verify_file(const char* xml_file, const char* key_file); int main(int argc, char **argv) { -#ifndef XMLSEC_NO_XSLT - xsltSecurityPrefsPtr xsltSecPrefs = NULL; -#endif /* XMLSEC_NO_XSLT */ - assert(argv); if(argc != 3) { - fprintf(stderr, "Error: wrong number of arguments.\n"); - fprintf(stderr, "Usage: %s <xml-file> <key-file>\n", argv[0]); - return(1); + fprintf(stderr, "Error: wrong number of arguments.\n"); + fprintf(stderr, "Usage: %s <xml-file> <key-file>\n", argv[0]); + return(1); } /* Init libxml and libxslt libraries */ @@ -57,29 +52,17 @@ main(int argc, char **argv) { #ifndef XMLSEC_NO_XSLT xmlIndentTreeOutput = 1; #endif /* XMLSEC_NO_XSLT */ - - /* Init libxslt */ -#ifndef XMLSEC_NO_XSLT - /* disable everything */ - xsltSecPrefs = xsltNewSecurityPrefs(); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); - xsltSetDefaultSecurityPrefs(xsltSecPrefs); -#endif /* XMLSEC_NO_XSLT */ - + /* Init xmlsec library */ if(xmlSecInit() < 0) { - fprintf(stderr, "Error: xmlsec initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: xmlsec initialization failed.\n"); + return(-1); } /* Check loaded library version */ if(xmlSecCheckVersion() != 1) { - fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n"); - return(-1); + fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n"); + return(-1); } /* Load default crypto engine if we are supporting dynamic @@ -89,27 +72,27 @@ main(int argc, char **argv) { */ #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { - fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" - "that you have it installed and check shared libraries path\n" - "(LD_LIBRARY_PATH) envornment variable.\n"); - return(-1); + fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" + "that you have it installed and check shared libraries path\n" + "(LD_LIBRARY_PATH) envornment variable.\n"); + return(-1); } #endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */ /* Init crypto library */ if(xmlSecCryptoAppInit(NULL) < 0) { - fprintf(stderr, "Error: crypto initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: crypto initialization failed.\n"); + return(-1); } /* Init xmlsec-crypto library */ if(xmlSecCryptoInit() < 0) { - fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n"); + return(-1); } if(verify_file(argv[1], argv[2]) < 0) { - return(-1); + return(-1); } /* Shutdown xmlsec-crypto library */ @@ -123,7 +106,6 @@ main(int argc, char **argv) { /* Shutdown libxslt/libxml */ #ifndef XMLSEC_NO_XSLT - xsltFreeSecurityPrefs(xsltSecPrefs); xsltCleanupGlobals(); #endif /* XMLSEC_NO_XSLT */ xmlCleanupParser(); @@ -133,8 +115,8 @@ main(int argc, char **argv) { /** * verify_file: - * @xml_file: the signed XML file name. - * @key_file: the PEM public key file name. + * @xml_file: the signed XML file name. + * @key_file: the PEM public key file name. * * Verifies XML signature in #xml_file using public key from #key_file. * @@ -153,48 +135,48 @@ verify_file(const char* xml_file, const char* key_file) { /* load file */ doc = xmlParseFile(xml_file); if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){ - fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file); - goto done; + fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file); + goto done; } /* find start node */ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs); if(node == NULL) { - fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file); - goto done; + fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file); + goto done; } /* create signature context, we don't need keys manager in this example */ dsigCtx = xmlSecDSigCtxCreate(NULL); if(dsigCtx == NULL) { fprintf(stderr,"Error: failed to create signature context\n"); - goto done; + goto done; } /* load public key */ dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL); if(dsigCtx->signKey == NULL) { fprintf(stderr,"Error: failed to load public pem key from \"%s\"\n", key_file); - goto done; + goto done; } /* set key name to the file name, this is just an example! */ if(xmlSecKeySetName(dsigCtx->signKey, key_file) < 0) { - fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file); - goto done; + fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file); + goto done; } /* Verify signature */ if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) { fprintf(stderr,"Error: signature verify\n"); - goto done; + goto done; } /* print verification result to stdout */ if(dsigCtx->status == xmlSecDSigStatusSucceeded) { - fprintf(stdout, "Signature is OK\n"); + fprintf(stdout, "Signature is OK\n"); } else { - fprintf(stdout, "Signature is INVALID\n"); + fprintf(stdout, "Signature is INVALID\n"); } /* success */ @@ -203,11 +185,11 @@ verify_file(const char* xml_file, const char* key_file) { done: /* cleanup */ if(dsigCtx != NULL) { - xmlSecDSigCtxDestroy(dsigCtx); + xmlSecDSigCtxDestroy(dsigCtx); } if(doc != NULL) { - xmlFreeDoc(doc); + xmlFreeDoc(doc); } return(res); } diff --git a/examples/verify2.c b/examples/verify2.c index 36fde2d3..a56bb551 100644 --- a/examples/verify2.c +++ b/examples/verify2.c @@ -4,11 +4,11 @@ * Verifies a file using keys manager * * Usage: - * verify2 <signed-file> <public-pem-key1> [<public-pem-key2> [...]] + * verify2 <signed-file> <public-pem-key1> [<public-pem-key2> [...]] * * Example: - * ./verify2 sign1-res.xml rsapub.pem - * ./verify2 sign2-res.xml rsapub.pem + * ./verify2 sign1-res.xml rsapub.pem + * ./verify2 sign2-res.xml rsapub.pem * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -25,7 +25,6 @@ #ifndef XMLSEC_NO_XSLT #include <libxslt/xslt.h> -#include <libxslt/security.h> #endif /* XMLSEC_NO_XSLT */ #include <xmlsec/xmlsec.h> @@ -38,18 +37,14 @@ int verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file); int main(int argc, char **argv) { -#ifndef XMLSEC_NO_XSLT - xsltSecurityPrefsPtr xsltSecPrefs = NULL; -#endif /* XMLSEC_NO_XSLT */ - xmlSecKeysMngrPtr mngr; assert(argv); if(argc < 3) { - fprintf(stderr, "Error: wrong number of arguments.\n"); - fprintf(stderr, "Usage: %s <xml-file> <key-file1> [<key-file2> [...]]\n", argv[0]); - return(1); + fprintf(stderr, "Error: wrong number of arguments.\n"); + fprintf(stderr, "Usage: %s <xml-file> <key-file1> [<key-file2> [...]]\n", argv[0]); + return(1); } /* Init libxml and libxslt libraries */ @@ -60,29 +55,17 @@ main(int argc, char **argv) { #ifndef XMLSEC_NO_XSLT xmlIndentTreeOutput = 1; #endif /* XMLSEC_NO_XSLT */ - - /* Init libxslt */ -#ifndef XMLSEC_NO_XSLT - /* disable everything */ - xsltSecPrefs = xsltNewSecurityPrefs(); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); - xsltSetDefaultSecurityPrefs(xsltSecPrefs); -#endif /* XMLSEC_NO_XSLT */ - + /* Init xmlsec library */ if(xmlSecInit() < 0) { - fprintf(stderr, "Error: xmlsec initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: xmlsec initialization failed.\n"); + return(-1); } /* Check loaded library version */ if(xmlSecCheckVersion() != 1) { - fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n"); - return(-1); + fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n"); + return(-1); } /* Load default crypto engine if we are supporting dynamic @@ -92,35 +75,35 @@ main(int argc, char **argv) { */ #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { - fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" - "that you have it installed and check shared libraries path\n" - "(LD_LIBRARY_PATH) envornment variable.\n"); - return(-1); + fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" + "that you have it installed and check shared libraries path\n" + "(LD_LIBRARY_PATH) envornment variable.\n"); + return(-1); } #endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */ /* Init crypto library */ if(xmlSecCryptoAppInit(NULL) < 0) { - fprintf(stderr, "Error: crypto initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: crypto initialization failed.\n"); + return(-1); } /* Init xmlsec-crypto library */ if(xmlSecCryptoInit() < 0) { - fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n"); + return(-1); } /* create keys manager and load keys */ mngr = load_keys(&(argv[2]), argc - 2); if(mngr == NULL) { - return(-1); + return(-1); } /* verify file */ if(verify_file(mngr, argv[1]) < 0) { - xmlSecKeysMngrDestroy(mngr); - return(-1); + xmlSecKeysMngrDestroy(mngr); + return(-1); } /* destroy keys manager */ @@ -137,7 +120,6 @@ main(int argc, char **argv) { /* Shutdown libxslt/libxml */ #ifndef XMLSEC_NO_XSLT - xsltFreeSecurityPrefs(xsltSecPrefs); xsltCleanupGlobals(); #endif /* XMLSEC_NO_XSLT */ xmlCleanupParser(); @@ -147,8 +129,8 @@ main(int argc, char **argv) { /** * load_keys: - * @files: the list of filenames. - * @files_size: the number of filenames in #files. + * @files: the list of filenames. + * @files_size: the number of filenames in #files. * * Creates simple keys manager and load PEM keys from #files in it. * The caller is responsible for destroing returned keys manager using @@ -172,43 +154,43 @@ load_keys(char** files, int files_size) { */ mngr = xmlSecKeysMngrCreate(); if(mngr == NULL) { - fprintf(stderr, "Error: failed to create keys manager.\n"); - return(NULL); + fprintf(stderr, "Error: failed to create keys manager.\n"); + return(NULL); } if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) { - fprintf(stderr, "Error: failed to initialize keys manager.\n"); - xmlSecKeysMngrDestroy(mngr); - return(NULL); + fprintf(stderr, "Error: failed to initialize keys manager.\n"); + xmlSecKeysMngrDestroy(mngr); + return(NULL); } for(i = 0; i < files_size; ++i) { - assert(files[i]); + assert(files[i]); - /* load key */ - key = xmlSecCryptoAppKeyLoad(files[i], xmlSecKeyDataFormatPem, NULL, NULL, NULL); - if(key == NULL) { - fprintf(stderr,"Error: failed to load pem key from \"%s\"\n", files[i]); - xmlSecKeysMngrDestroy(mngr); - return(NULL); - } + /* load key */ + key = xmlSecCryptoAppKeyLoad(files[i], xmlSecKeyDataFormatPem, NULL, NULL, NULL); + if(key == NULL) { + fprintf(stderr,"Error: failed to load pem key from \"%s\"\n", files[i]); + xmlSecKeysMngrDestroy(mngr); + return(NULL); + } - /* set key name to the file name, this is just an example! */ - if(xmlSecKeySetName(key, BAD_CAST files[i]) < 0) { - fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", files[i]); - xmlSecKeyDestroy(key); - xmlSecKeysMngrDestroy(mngr); - return(NULL); - } - - /* add key to keys manager, from now on keys manager is responsible - * for destroying key - */ - if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key) < 0) { - fprintf(stderr,"Error: failed to add key from \"%s\" to keys manager\n", files[i]); - xmlSecKeyDestroy(key); - xmlSecKeysMngrDestroy(mngr); - return(NULL); - } + /* set key name to the file name, this is just an example! */ + if(xmlSecKeySetName(key, BAD_CAST files[i]) < 0) { + fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", files[i]); + xmlSecKeyDestroy(key); + xmlSecKeysMngrDestroy(mngr); + return(NULL); + } + + /* add key to keys manager, from now on keys manager is responsible + * for destroying key + */ + if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key) < 0) { + fprintf(stderr,"Error: failed to add key from \"%s\" to keys manager\n", files[i]); + xmlSecKeyDestroy(key); + xmlSecKeysMngrDestroy(mngr); + return(NULL); + } } return(mngr); @@ -216,8 +198,8 @@ load_keys(char** files, int files_size) { /** * verify_file: - * @mngr: the pointer to keys manager. - * @xml_file: the signed XML file name. + * @mngr: the pointer to keys manager. + * @xml_file: the signed XML file name. * * Verifies XML signature in #xml_file. * @@ -236,35 +218,35 @@ verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file) { /* load file */ doc = xmlParseFile(xml_file); if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){ - fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file); - goto done; + fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file); + goto done; } /* find start node */ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs); if(node == NULL) { - fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file); - goto done; + fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file); + goto done; } /* create signature context */ dsigCtx = xmlSecDSigCtxCreate(mngr); if(dsigCtx == NULL) { fprintf(stderr,"Error: failed to create signature context\n"); - goto done; + goto done; } /* Verify signature */ if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) { fprintf(stderr,"Error: signature verify\n"); - goto done; + goto done; } /* print verification result to stdout */ if(dsigCtx->status == xmlSecDSigStatusSucceeded) { - fprintf(stdout, "Signature is OK\n"); + fprintf(stdout, "Signature is OK\n"); } else { - fprintf(stdout, "Signature is INVALID\n"); + fprintf(stdout, "Signature is INVALID\n"); } /* success */ @@ -273,11 +255,11 @@ verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file) { done: /* cleanup */ if(dsigCtx != NULL) { - xmlSecDSigCtxDestroy(dsigCtx); + xmlSecDSigCtxDestroy(dsigCtx); } if(doc != NULL) { - xmlFreeDoc(doc); + xmlFreeDoc(doc); } return(res); } diff --git a/examples/verify3.c b/examples/verify3.c index 5f0666bb..b7746a0d 100644 --- a/examples/verify3.c +++ b/examples/verify3.c @@ -7,10 +7,10 @@ * certificates management policies for another crypto library may break it. * * Usage: - * verify3 <signed-file> <trusted-cert-pem-file1> [<trusted-cert-pem-file2> [...]] + * verify3 <signed-file> <trusted-cert-pem-file1> [<trusted-cert-pem-file2> [...]] * * Example: - * ./verify3 sign3-res.xml rootcert.pem + * ./verify3 sign3-res.xml rootcert.pem * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -27,7 +27,6 @@ #ifndef XMLSEC_NO_XSLT #include <libxslt/xslt.h> -#include <libxslt/security.h> #endif /* XMLSEC_NO_XSLT */ #include <xmlsec/xmlsec.h> @@ -40,17 +39,14 @@ int verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file); int main(int argc, char **argv) { -#ifndef XMLSEC_NO_XSLT - xsltSecurityPrefsPtr xsltSecPrefs = NULL; -#endif /* XMLSEC_NO_XSLT */ xmlSecKeysMngrPtr mngr; assert(argv); if(argc < 3) { - fprintf(stderr, "Error: wrong number of arguments.\n"); - fprintf(stderr, "Usage: %s <xml-file> <cert-file1> [<cert-file2> [...]]\n", argv[0]); - return(1); + fprintf(stderr, "Error: wrong number of arguments.\n"); + fprintf(stderr, "Usage: %s <xml-file> <cert-file1> [<cert-file2> [...]]\n", argv[0]); + return(1); } /* Init libxml and libxslt libraries */ @@ -61,29 +57,17 @@ main(int argc, char **argv) { #ifndef XMLSEC_NO_XSLT xmlIndentTreeOutput = 1; #endif /* XMLSEC_NO_XSLT */ - - /* Init libxslt */ -#ifndef XMLSEC_NO_XSLT - /* disable everything */ - xsltSecPrefs = xsltNewSecurityPrefs(); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); - xsltSetDefaultSecurityPrefs(xsltSecPrefs); -#endif /* XMLSEC_NO_XSLT */ - + /* Init xmlsec library */ if(xmlSecInit() < 0) { - fprintf(stderr, "Error: xmlsec initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: xmlsec initialization failed.\n"); + return(-1); } /* Check loaded library version */ if(xmlSecCheckVersion() != 1) { - fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n"); - return(-1); + fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n"); + return(-1); } /* Load default crypto engine if we are supporting dynamic @@ -93,35 +77,35 @@ main(int argc, char **argv) { */ #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { - fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" - "that you have it installed and check shared libraries path\n" - "(LD_LIBRARY_PATH) envornment variable.\n"); - return(-1); + fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" + "that you have it installed and check shared libraries path\n" + "(LD_LIBRARY_PATH) envornment variable.\n"); + return(-1); } #endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */ /* Init crypto library */ if(xmlSecCryptoAppInit(NULL) < 0) { - fprintf(stderr, "Error: crypto initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: crypto initialization failed.\n"); + return(-1); } /* Init xmlsec-crypto library */ if(xmlSecCryptoInit() < 0) { - fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n"); + return(-1); } /* create keys manager and load trusted certificates */ mngr = load_trusted_certs(&(argv[2]), argc - 2); if(mngr == NULL) { - return(-1); + return(-1); } /* verify file */ if(verify_file(mngr, argv[1]) < 0) { - xmlSecKeysMngrDestroy(mngr); - return(-1); + xmlSecKeysMngrDestroy(mngr); + return(-1); } /* destroy keys manager */ @@ -138,7 +122,6 @@ main(int argc, char **argv) { /* Shutdown libxslt/libxml */ #ifndef XMLSEC_NO_XSLT - xsltFreeSecurityPrefs(xsltSecPrefs); xsltCleanupGlobals(); #endif /* XMLSEC_NO_XSLT */ xmlCleanupParser(); @@ -148,8 +131,8 @@ main(int argc, char **argv) { /** * load_trusted_certs: - * @files: the list of filenames. - * @files_size: the number of filenames in #files. + * @files: the list of filenames. + * @files_size: the number of filenames in #files. * * Creates simple keys manager and load trusted certificates from PEM #files. * The caller is responsible for destroing returned keys manager using @@ -172,24 +155,24 @@ load_trusted_certs(char** files, int files_size) { */ mngr = xmlSecKeysMngrCreate(); if(mngr == NULL) { - fprintf(stderr, "Error: failed to create keys manager.\n"); - return(NULL); + fprintf(stderr, "Error: failed to create keys manager.\n"); + return(NULL); } if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) { - fprintf(stderr, "Error: failed to initialize keys manager.\n"); - xmlSecKeysMngrDestroy(mngr); - return(NULL); + fprintf(stderr, "Error: failed to initialize keys manager.\n"); + xmlSecKeysMngrDestroy(mngr); + return(NULL); } for(i = 0; i < files_size; ++i) { - assert(files[i]); - - /* load trusted cert */ - if(xmlSecCryptoAppKeysMngrCertLoad(mngr, files[i], xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) { - fprintf(stderr,"Error: failed to load pem certificate from \"%s\"\n", files[i]); - xmlSecKeysMngrDestroy(mngr); - return(NULL); - } + assert(files[i]); + + /* load trusted cert */ + if(xmlSecCryptoAppKeysMngrCertLoad(mngr, files[i], xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) { + fprintf(stderr,"Error: failed to load pem certificate from \"%s\"\n", files[i]); + xmlSecKeysMngrDestroy(mngr); + return(NULL); + } } return(mngr); @@ -197,8 +180,8 @@ load_trusted_certs(char** files, int files_size) { /** * verify_file: - * @mngr: the pointer to keys manager. - * @xml_file: the signed XML file name. + * @mngr: the pointer to keys manager. + * @xml_file: the signed XML file name. * * Verifies XML signature in #xml_file. * @@ -217,35 +200,35 @@ verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file) { /* load file */ doc = xmlParseFile(xml_file); if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){ - fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file); - goto done; + fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file); + goto done; } /* find start node */ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs); if(node == NULL) { - fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file); - goto done; + fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file); + goto done; } /* create signature context */ dsigCtx = xmlSecDSigCtxCreate(mngr); if(dsigCtx == NULL) { fprintf(stderr,"Error: failed to create signature context\n"); - goto done; + goto done; } /* Verify signature */ if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) { fprintf(stderr,"Error: signature verify\n"); - goto done; + goto done; } /* print verification result to stdout */ if(dsigCtx->status == xmlSecDSigStatusSucceeded) { - fprintf(stdout, "Signature is OK\n"); + fprintf(stdout, "Signature is OK\n"); } else { - fprintf(stdout, "Signature is INVALID\n"); + fprintf(stdout, "Signature is INVALID\n"); } /* success */ @@ -254,11 +237,11 @@ verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file) { done: /* cleanup */ if(dsigCtx != NULL) { - xmlSecDSigCtxDestroy(dsigCtx); + xmlSecDSigCtxDestroy(dsigCtx); } if(doc != NULL) { - xmlFreeDoc(doc); + xmlFreeDoc(doc); } return(res); } diff --git a/examples/verify4.c b/examples/verify4.c index 1445e997..3d82af69 100644 --- a/examples/verify4.c +++ b/examples/verify4.c @@ -10,15 +10,15 @@ * certificates management policies for another crypto library may break it. * * Usage: - * verify4 <signed-file> <trusted-cert-pem-file1> [<trusted-cert-pem-file2> [...]] + * verify4 <signed-file> <trusted-cert-pem-file1> [<trusted-cert-pem-file2> [...]] * * Example (sucecess): - * ./verify4 verify4-res.xml rootcert.pem + * ./verify4 verify4-res.xml rootcert.pem * * Example (failure): - * ./verify4 verify4-bad-res.xml rootcert.pem + * ./verify4 verify4-bad-res.xml rootcert.pem * In the same time, verify3 example successfuly verifies this signature: - * ./verify3 verify4-bad-res.xml rootcert.pem + * ./verify3 verify4-bad-res.xml rootcert.pem * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -35,7 +35,6 @@ #ifndef XMLSEC_NO_XSLT #include <libxslt/xslt.h> -#include <libxslt/security.h> #endif /* XMLSEC_NO_XSLT */ #include <xmlsec/xmlsec.h> @@ -48,17 +47,14 @@ int verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file); int main(int argc, char **argv) { -#ifndef XMLSEC_NO_XSLT - xsltSecurityPrefsPtr xsltSecPrefs = NULL; -#endif /* XMLSEC_NO_XSLT */ xmlSecKeysMngrPtr mngr; assert(argv); if(argc < 3) { - fprintf(stderr, "Error: wrong number of arguments.\n"); - fprintf(stderr, "Usage: %s <xml-file> <cert-file1> [<cert-file2> [...]]\n", argv[0]); - return(1); + fprintf(stderr, "Error: wrong number of arguments.\n"); + fprintf(stderr, "Usage: %s <xml-file> <cert-file1> [<cert-file2> [...]]\n", argv[0]); + return(1); } /* Init libxml and libxslt libraries */ @@ -69,29 +65,17 @@ main(int argc, char **argv) { #ifndef XMLSEC_NO_XSLT xmlIndentTreeOutput = 1; #endif /* XMLSEC_NO_XSLT */ - - /* Init libxslt */ -#ifndef XMLSEC_NO_XSLT - /* disable everything */ - xsltSecPrefs = xsltNewSecurityPrefs(); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); - xsltSetDefaultSecurityPrefs(xsltSecPrefs); -#endif /* XMLSEC_NO_XSLT */ - + /* Init xmlsec library */ if(xmlSecInit() < 0) { - fprintf(stderr, "Error: xmlsec initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: xmlsec initialization failed.\n"); + return(-1); } /* Check loaded library version */ if(xmlSecCheckVersion() != 1) { - fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n"); - return(-1); + fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n"); + return(-1); } /* Load default crypto engine if we are supporting dynamic @@ -101,35 +85,35 @@ main(int argc, char **argv) { */ #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { - fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" - "that you have it installed and check shared libraries path\n" - "(LD_LIBRARY_PATH) envornment variable.\n"); - return(-1); + fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" + "that you have it installed and check shared libraries path\n" + "(LD_LIBRARY_PATH) envornment variable.\n"); + return(-1); } #endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */ /* Init crypto library */ if(xmlSecCryptoAppInit(NULL) < 0) { - fprintf(stderr, "Error: crypto initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: crypto initialization failed.\n"); + return(-1); } /* Init xmlsec-crypto library */ if(xmlSecCryptoInit() < 0) { - fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n"); - return(-1); + fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n"); + return(-1); } /* create keys manager and load trusted certificates */ mngr = load_trusted_certs(&(argv[2]), argc - 2); if(mngr == NULL) { - return(-1); + return(-1); } /* verify file */ if(verify_file(mngr, argv[1]) < 0) { - xmlSecKeysMngrDestroy(mngr); - return(-1); + xmlSecKeysMngrDestroy(mngr); + return(-1); } /* destroy keys manager */ @@ -146,7 +130,6 @@ main(int argc, char **argv) { /* Shutdown libxslt/libxml */ #ifndef XMLSEC_NO_XSLT - xsltFreeSecurityPrefs(xsltSecPrefs); xsltCleanupGlobals(); #endif /* XMLSEC_NO_XSLT */ xmlCleanupParser(); @@ -156,8 +139,8 @@ main(int argc, char **argv) { /** * load_trusted_certs: - * @files: the list of filenames. - * @files_size: the number of filenames in #files. + * @files: the list of filenames. + * @files_size: the number of filenames in #files. * * Creates simple keys manager and load trusted certificates from PEM #files. * The caller is responsible for destroing returned keys manager using @@ -180,24 +163,24 @@ load_trusted_certs(char** files, int files_size) { */ mngr = xmlSecKeysMngrCreate(); if(mngr == NULL) { - fprintf(stderr, "Error: failed to create keys manager.\n"); - return(NULL); + fprintf(stderr, "Error: failed to create keys manager.\n"); + return(NULL); } if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) { - fprintf(stderr, "Error: failed to initialize keys manager.\n"); - xmlSecKeysMngrDestroy(mngr); - return(NULL); + fprintf(stderr, "Error: failed to initialize keys manager.\n"); + xmlSecKeysMngrDestroy(mngr); + return(NULL); } for(i = 0; i < files_size; ++i) { - assert(files[i]); + assert(files[i]); - /* load trusted cert */ - if(xmlSecCryptoAppKeysMngrCertLoad(mngr, files[i], xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) { - fprintf(stderr,"Error: failed to load pem certificate from \"%s\"\n", files[i]); - xmlSecKeysMngrDestroy(mngr); - return(NULL); - } + /* load trusted cert */ + if(xmlSecCryptoAppKeysMngrCertLoad(mngr, files[i], xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) { + fprintf(stderr,"Error: failed to load pem certificate from \"%s\"\n", files[i]); + xmlSecKeysMngrDestroy(mngr); + return(NULL); + } } return(mngr); @@ -205,8 +188,8 @@ load_trusted_certs(char** files, int files_size) { /** * verify_file: - * @mngr: the pointer to keys manager. - * @xml_file: the signed XML file name. + * @mngr: the pointer to keys manager. + * @xml_file: the signed XML file name. * * Verifies XML signature in #xml_file. * @@ -225,22 +208,22 @@ verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file) { /* load file */ doc = xmlParseFile(xml_file); if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){ - fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file); - goto done; + fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file); + goto done; } /* find start node */ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs); if(node == NULL) { - fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file); - goto done; + fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file); + goto done; } /* create signature context */ dsigCtx = xmlSecDSigCtxCreate(mngr); if(dsigCtx == NULL) { fprintf(stderr,"Error: failed to create signature context\n"); - goto done; + goto done; } /* limit the Reference URI attributes to empty or NULL */ @@ -253,7 +236,7 @@ verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file) { (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformRsaSha1Id) < 0)) { fprintf(stderr,"Error: failed to limit allowed siganture transforms\n"); - goto done; + goto done; } if((xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformInclC14NId) < 0) || (xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformExclC14NId) < 0) || @@ -261,34 +244,34 @@ verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file) { (xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformEnvelopedId) < 0)) { fprintf(stderr,"Error: failed to limit allowed reference transforms\n"); - goto done; + goto done; } /* in addition, limit possible key data to valid X509 certificates only */ if(xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecKeyDataX509Id) < 0) { fprintf(stderr,"Error: failed to limit allowed key data\n"); - goto done; + goto done; } /* Verify signature */ if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) { fprintf(stderr,"Error: signature verify\n"); - goto done; + goto done; } /* check that we have only one Reference */ if((dsigCtx->status == xmlSecDSigStatusSucceeded) && (xmlSecPtrListGetSize(&(dsigCtx->signedInfoReferences)) != 1)) { - + fprintf(stderr,"Error: only one reference is allowed\n"); - goto done; + goto done; } /* print verification result to stdout */ if(dsigCtx->status == xmlSecDSigStatusSucceeded) { - fprintf(stdout, "Signature is OK\n"); + fprintf(stdout, "Signature is OK\n"); } else { - fprintf(stdout, "Signature is INVALID\n"); + fprintf(stdout, "Signature is INVALID\n"); } /* success */ @@ -297,11 +280,11 @@ verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file) { done: /* cleanup */ if(dsigCtx != NULL) { - xmlSecDSigCtxDestroy(dsigCtx); + xmlSecDSigCtxDestroy(dsigCtx); } if(doc != NULL) { - xmlFreeDoc(doc); + xmlFreeDoc(doc); } return(res); } diff --git a/examples/xkms-server.c b/examples/xkms-server.c index 188d5c73..1021b182 100644 --- a/examples/xkms-server.c +++ b/examples/xkms-server.c @@ -4,10 +4,10 @@ * Starts XKMS server on specified port. * * Usage: - * ./xkms-server [--port <port>] [--format plain|soap-1.1|soap-1.2] <keys-file> + * ./xkms-server [--port <port>] [--format plain|soap-1.1|soap-1.2] <keys-file> * * Example: - * ./xkms-server --port 8080 --format soap-1.1 keys.xml + * ./xkms-server --port 8080 --format soap-1.1 keys.xml * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -23,8 +23,8 @@ #ifdef XMLSEC_NO_XKMS int main(int argc, char** argv) { - fprintf(stderr, "ERROR: XKMS is disabled.\n"); - return 1; + fprintf(stderr, "ERROR: XKMS is disabled.\n"); + return 1; } #else /* XMLSEC_NO_XKMS */ @@ -35,7 +35,6 @@ int main(int argc, char** argv) { #ifndef XMLSEC_NO_XSLT #include <libxslt/xslt.h> -#include <libxslt/security.h> #endif /* XMLSEC_NO_XSLT */ #include <xmlsec/xmlsec.h> @@ -65,13 +64,13 @@ int main(int argc, char** argv) { #endif /* WIN32_SOCKETS */ #endif /* UNIX_SOCKETS */ -#define DEFAULT_PORT 1234 -#define PENDING_QUEUE_SIZE 100 +#define DEFAULT_PORT 1234 +#define PENDING_QUEUE_SIZE 100 -#define LOG_LEVEL_SILENT 0 -#define LOG_LEVEL_INFO 1 -#define LOG_LEVEL_DATA 2 -#define LOG_LEVEL_DEBUG 3 +#define LOG_LEVEL_SILENT 0 +#define LOG_LEVEL_INFO 1 +#define LOG_LEVEL_DATA 2 +#define LOG_LEVEL_DEBUG 3 #ifdef UNIX_SOCKETS static int sockfd = -1; @@ -92,7 +91,7 @@ static const xmlChar* my_strnstr(const xmlChar* str, xmlSecSize strLen, const xm static int handle_connection(int fd, xmlSecXkmsServerCtxPtr xkmsCtx, xmlSecXkmsServerFormat format); static int read_request(int fd, const char* in_ip, xmlSecBufferPtr buffer); static int send_response(int fd, const char* in_ip, int resp_code, - const char* body, int body_size); + const char* body, int body_size); static char usage[] = "[--port <port>] [--format plain|soap-1.1|soap-1.2] <keys-file>"; static char http_header[] = @@ -106,9 +105,6 @@ static char http_503[] = int main(int argc, char** argv) { int argpos; unsigned short port = DEFAULT_PORT; -#ifndef XMLSEC_NO_XSLT - xsltSecurityPrefsPtr xsltSecPrefs = NULL; -#endif /* XMLSEC_NO_XSLT */ xmlSecKeysMngrPtr mngr = NULL; xmlSecXkmsServerCtxPtr xkmsCtx = NULL; xmlSecXkmsServerFormat format = xmlSecXkmsServerFormatPlain; @@ -124,29 +120,17 @@ int main(int argc, char** argv) { #ifndef XMLSEC_NO_XSLT xmlIndentTreeOutput = 1; #endif /* XMLSEC_NO_XSLT */ - - /* Init libxslt */ -#ifndef XMLSEC_NO_XSLT - /* disable everything */ - xsltSecPrefs = xsltNewSecurityPrefs(); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); - xsltSetDefaultSecurityPrefs(xsltSecPrefs); -#endif /* XMLSEC_NO_XSLT */ - + /* Init xmlsec library */ if(xmlSecInit() < 0) { - fprintf(stderr, "Error %d: xmlsec initialization failed.\n", errno); - return(-1); + fprintf(stderr, "Error %d: xmlsec initialization failed.\n", errno); + return(-1); } /* Check loaded library version */ if(xmlSecCheckVersion() != 1) { - fprintf(stderr, "Error %d: loaded xmlsec library version is not compatible.\n", errno); - return(-1); + fprintf(stderr, "Error %d: loaded xmlsec library version is not compatible.\n", errno); + return(-1); } /* Load default crypto engine if we are supporting dynamic @@ -156,115 +140,115 @@ int main(int argc, char** argv) { */ #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { - fprintf(stderr, "Error %d: unable to load default xmlsec-crypto library. Make sure\n" - "that you have it installed and check shared libraries path\n" - "(LD_LIBRARY_PATH) envornment variable.\n", errno); - return(-1); + fprintf(stderr, "Error %d: unable to load default xmlsec-crypto library. Make sure\n" + "that you have it installed and check shared libraries path\n" + "(LD_LIBRARY_PATH) envornment variable.\n", errno); + return(-1); } #endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */ /* Init crypto library */ if(xmlSecCryptoAppInit(NULL) < 0) { - fprintf(stderr, "Error %d: crypto initialization failed.\n", errno); - return(-1); + fprintf(stderr, "Error %d: crypto initialization failed.\n", errno); + return(-1); } /* Init xmlsec-crypto library */ if(xmlSecCryptoInit() < 0) { - fprintf(stderr, "Error %d: xmlsec-crypto initialization failed.\n", errno); - return(-1); + fprintf(stderr, "Error %d: xmlsec-crypto initialization failed.\n", errno); + return(-1); } /* Create and initialize keys manager */ mngr = xmlSecKeysMngrCreate(); if(mngr == NULL) { - fprintf(stderr, "Error %d: failed to create keys manager.\n", errno); - goto done; + fprintf(stderr, "Error %d: failed to create keys manager.\n", errno); + goto done; } if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) { - fprintf(stderr, "Error %d: failed to initialize keys manager.\n", errno); - goto done; + fprintf(stderr, "Error %d: failed to initialize keys manager.\n", errno); + goto done; } /* Create XKMS server context */ xkmsCtx = xmlSecXkmsServerCtxCreate(mngr); if(xkmsCtx == NULL) { - fprintf(stderr, "Error %d: XKMS server context initialization failed\n", errno); - goto done; + fprintf(stderr, "Error %d: XKMS server context initialization failed\n", errno); + goto done; } /* Process input parameters */ for(argpos = 1; (argpos < argc) && (argv[argpos][0] == '-'); argpos++) { - if((strcmp(argv[argpos], "--port") == 0) || (strcmp(argv[argpos], "-p") == 0)) { - argpos++; - port = atoi(argv[argpos]); - if(port == 0) { - fprintf(stderr, "Error %d: invalid port number \"%s\".\nUsage: %s %s\n", errno, argv[argpos], argv[0], usage); - goto done; - } - } else if((strcmp(argv[argpos], "--format") == 0) || (strcmp(argv[argpos], "-f") == 0)) { - argpos++; - format = xmlSecXkmsServerFormatFromString(BAD_CAST argv[argpos]); - if(format == xmlSecXkmsServerFormatUnknown) { - fprintf(stderr, "Error %d: invalid format \"%s\".\nUsage: %s %s\n", errno, argv[argpos], argv[0], usage); - goto done; - } - } else if((strcmp(argv[argpos], "--log-level") == 0) || (strcmp(argv[argpos], "-l") == 0)) { - argpos++; - log_level = atoi(argv[argpos]); - } else { - fprintf(stderr, "Error %d: unknown parameter \"%s\".\nUsage: %s %s\n", errno, argv[argpos], argv[0], usage); - goto done; - } + if((strcmp(argv[argpos], "--port") == 0) || (strcmp(argv[argpos], "-p") == 0)) { + argpos++; + port = atoi(argv[argpos]); + if(port == 0) { + fprintf(stderr, "Error %d: invalid port number \"%s\".\nUsage: %s %s\n", errno, argv[argpos], argv[0], usage); + goto done; + } + } else if((strcmp(argv[argpos], "--format") == 0) || (strcmp(argv[argpos], "-f") == 0)) { + argpos++; + format = xmlSecXkmsServerFormatFromString(BAD_CAST argv[argpos]); + if(format == xmlSecXkmsServerFormatUnknown) { + fprintf(stderr, "Error %d: invalid format \"%s\".\nUsage: %s %s\n", errno, argv[argpos], argv[0], usage); + goto done; + } + } else if((strcmp(argv[argpos], "--log-level") == 0) || (strcmp(argv[argpos], "-l") == 0)) { + argpos++; + log_level = atoi(argv[argpos]); + } else { + fprintf(stderr, "Error %d: unknown parameter \"%s\".\nUsage: %s %s\n", errno, argv[argpos], argv[0], usage); + goto done; + } } if(argpos >= argc) { - fprintf(stderr, "Error %d: keys file is not specified.\nUsage: %s %s\n", errno, argv[0], usage); - goto done; + fprintf(stderr, "Error %d: keys file is not specified.\nUsage: %s %s\n", errno, argv[0], usage); + goto done; } /* Load keys */ for(; argpos < argc; argpos++) { if(xmlSecCryptoAppDefaultKeysMngrLoad(mngr, argv[argpos]) < 0) { - fprintf(stderr, "Error %d: failed to load xml keys file \"%s\".\nUsage: %s %s\n", errno, argv[argpos], argv[0], usage); - goto done; - } - if(log_level >= LOG_LEVEL_INFO) { - fprintf(stdout, "Log: loaded keys from \"%s\"\n", argv[argpos]); - } + fprintf(stderr, "Error %d: failed to load xml keys file \"%s\".\nUsage: %s %s\n", errno, argv[argpos], argv[0], usage); + goto done; + } + if(log_level >= LOG_LEVEL_INFO) { + fprintf(stdout, "Log: loaded keys from \"%s\"\n", argv[argpos]); + } } /* Startup TCP server */ if(init_server(port) < 0) { - fprintf(stderr, "Error, errno: server initialization failed\n", errno); - goto done; + fprintf(stderr, "Error, errno: server initialization failed\n", errno); + goto done; } assert(sockfd != -1); /* main loop: accept connections and process requests */ while(finished == 0) { - fd_set fds; + fd_set fds; struct timeval timeout; - - /* Set up polling using select() */ - FD_ZERO(&fds); - FD_SET(sockfd, &fds); - memset(&timeout, 0, sizeof(timeout)); - timeout.tv_sec = 1; - ret = select(sockfd + 1, &fds, NULL, NULL, &timeout); - if((ret <= 0) || !FD_ISSET(sockfd, &fds)) { - /* error, timed out or not our socket: try again */ - continue; - } - - if(handle_connection(sockfd, xkmsCtx, format) < 0) { - fprintf(stderr, "Error %d: unable to accept incomming connection\n"); - goto done; - } + + /* Set up polling using select() */ + FD_ZERO(&fds); + FD_SET(sockfd, &fds); + memset(&timeout, 0, sizeof(timeout)); + timeout.tv_sec = 1; + ret = select(sockfd + 1, &fds, NULL, NULL, &timeout); + if((ret <= 0) || !FD_ISSET(sockfd, &fds)) { + /* error, timed out or not our socket: try again */ + continue; + } + + if(handle_connection(sockfd, xkmsCtx, format) < 0) { + fprintf(stderr, "Error %d: unable to accept incomming connection\n"); + goto done; + } } done: if(log_level >= LOG_LEVEL_INFO) { - fprintf(stdout, "Log: server is shutting down\n"); + fprintf(stdout, "Log: server is shutting down\n"); } /* Shutdown TCP server */ @@ -272,14 +256,14 @@ done: /* Destroy xkms server context */ if(xkmsCtx != NULL) { - xmlSecXkmsServerCtxDestroy(xkmsCtx); - xkmsCtx = NULL; + xmlSecXkmsServerCtxDestroy(xkmsCtx); + xkmsCtx = NULL; } /* Destroy keys manager */ if(mngr != NULL) { xmlSecKeysMngrDestroy(mngr); - mngr = NULL; + mngr = NULL; } /* Shutdown xmlsec-crypto library */ @@ -293,7 +277,6 @@ done: /* Shutdown libxslt/libxml */ #ifndef XMLSEC_NO_XSLT - xsltFreeSecurityPrefs(xsltSecPrefs); xsltCleanupGlobals(); #endif /* XMLSEC_NO_XSLT */ xmlCleanupParser(); @@ -304,7 +287,7 @@ done: /** * init_server: - * @port: the server'xmlSecBufferGetData(buffer) TCP port number. + * @port: the server'xmlSecBufferGetData(buffer) TCP port number. * * Starts up a TCP server listening on given @port. * @@ -320,8 +303,8 @@ init_server(unsigned short port) { #ifdef WIN32_SOCKETS if(WSAStartup(MAKEWORD(1,1), &data)) { - fprintf(stderr, "Error %d: WSAStartup() failed\n", errno); - return(-1); + fprintf(stderr, "Error %d: WSAStartup() failed\n", errno); + return(-1); } #endif /* WIN32_SOCKETS */ @@ -335,44 +318,44 @@ init_server(unsigned short port) { if(sockfd == INVALID_SOCKET) { #endif /* WIN32_SOCKETS */ - fprintf(stderr, "Error %d: socket() failed\n", errno); - return(-1); + fprintf(stderr, "Error %d: socket() failed\n", errno); + return(-1); } /* enable reuse of address */ flags = 1; if(setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, (char *)&flags, sizeof(flags)) != 0) { - fprintf(stderr, "Error %d: setsockopt(SO_REUSEADDR) failed\n", errno); - return(-1); + fprintf(stderr, "Error %d: setsockopt(SO_REUSEADDR) failed\n", errno); + return(-1); } #ifdef UNIX_SOCKETS /* set non-blocking */ flags = fcntl(sockfd, F_GETFL); if(flags < 0) { - fprintf(stderr, "Error %d: fcntl(F_GETFL) failed\n", errno); - return(-1); + fprintf(stderr, "Error %d: fcntl(F_GETFL) failed\n", errno); + return(-1); } if(fcntl(sockfd, F_SETFL, flags | O_NONBLOCK) < 0) { - fprintf(stderr, "Error %d: fcntl(F_SETFL) failed\n", errno); - return(-1); + fprintf(stderr, "Error %d: fcntl(F_SETFL) failed\n", errno); + return(-1); } #endif /* UNIX_SOCKETS */ /* preset socket structure for socket binding */ memset(&saddr, 0, sizeof(saddr)); - saddr.sin_family = AF_INET; - saddr.sin_port = htons(port); - saddr.sin_addr.s_addr = INADDR_ANY; + saddr.sin_family = AF_INET; + saddr.sin_port = htons(port); + saddr.sin_addr.s_addr = INADDR_ANY; if(bind(sockfd, (struct sockaddr *)&saddr, sizeof(struct sockaddr)) != 0) { - fprintf(stderr, "Error %d: bind() failed\n", errno); - return(-1); + fprintf(stderr, "Error %d: bind() failed\n", errno); + return(-1); } /* prepare for listening */ if(listen(sockfd, PENDING_QUEUE_SIZE) != 0) { - fprintf(stderr, "Error %d: listen() failed\n", errno); - return(-1); + fprintf(stderr, "Error %d: listen() failed\n", errno); + return(-1); } #ifdef UNIX_SOCKETS @@ -403,8 +386,8 @@ stop_server() { #ifdef WIN32_SOCKETS if(sockfd != -1) { - close(sockfd); - sockfd = -1; + close(sockfd); + sockfd = -1; } #endif /* WIN32_SOCKETS */ if(log_level >= LOG_LEVEL_INFO) { @@ -414,7 +397,7 @@ stop_server() { /** * int_signal_handler: - * @sig_num: the signal number. + * @sig_num: the signal number. * * Unix's Ctrl-C signal handler that stops the server. */ @@ -428,9 +411,9 @@ int_signal_handler(int sig_num) { /** * handle_connection: - * @sockfd: the server's socket. - * @xkmsCtx: the template XKMS server context. - * @format: the expected format of XKMS requests. + * @sockfd: the server's socket. + * @xkmsCtx: the template XKMS server context. + * @format: the expected format of XKMS requests. * * Establishs a connection, forks a child process (onUnix), reads the request, * processes it and writes back the response. @@ -474,8 +457,8 @@ handle_connection(int sockfd, xmlSecXkmsServerCtxPtr xkmsCtx, xmlSecXkmsServerFo if(sockfd == INVALID_SOCKET) { #endif /* WIN32_SOCKETS */ - fprintf(stderr, "Error %d: accept() failed\n", errno); - return(-1); + fprintf(stderr, "Error %d: accept() failed\n", errno); + return(-1); } if(log_level >= LOG_LEVEL_INFO) { fprintf(stdout, "Log [%s]: got connection\n", inet_ntoa(saddr.sin_addr)); @@ -484,19 +467,19 @@ handle_connection(int sockfd, xmlSecXkmsServerCtxPtr xkmsCtx, xmlSecXkmsServerFo /* Create a copy of XKMS server context */ xkmsCtx2 = xmlSecXkmsServerCtxCreate(NULL); if(xkmsCtx2 == NULL) { - fprintf(stderr, "Error %d [%s]: a copy of XKMS server context initialization failed\n", errno, inet_ntoa(saddr.sin_addr)); - goto done; + fprintf(stderr, "Error %d [%s]: a copy of XKMS server context initialization failed\n", errno, inet_ntoa(saddr.sin_addr)); + goto done; } if(xmlSecXkmsServerCtxCopyUserPref(xkmsCtx2, xkmsCtx) < 0) { - fprintf(stderr, "Error %d [%s]: XKMS server context copy failed\n", errno, inet_ntoa(saddr.sin_addr)); - goto done; + fprintf(stderr, "Error %d [%s]: XKMS server context copy failed\n", errno, inet_ntoa(saddr.sin_addr)); + goto done; } #ifdef UNIX_SOCKETS /* on Unix we use child process to process requests */ if(fork()) { - /* parent process */ - return(0); + /* parent process */ + return(0); } /* child process */ @@ -506,36 +489,36 @@ handle_connection(int sockfd, xmlSecXkmsServerCtxPtr xkmsCtx, xmlSecXkmsServerFo buffer = xmlSecBufferCreate(0); if(buffer == NULL) { - fprintf(stderr, "Error %d [%s]: xmlSecBufferCreate() failed\n", errno, inet_ntoa(saddr.sin_addr)); - goto done; + fprintf(stderr, "Error %d [%s]: xmlSecBufferCreate() failed\n", errno, inet_ntoa(saddr.sin_addr)); + goto done; } /* read input request */ ret = read_request(fd, inet_ntoa(saddr.sin_addr), buffer); if(ret < 0) { - fprintf(stderr, "Error %d [%s]: read_request() failed\n", errno, inet_ntoa(saddr.sin_addr)); - goto done; + fprintf(stderr, "Error %d [%s]: read_request() failed\n", errno, inet_ntoa(saddr.sin_addr)); + goto done; } /* parse request */ inDoc = xmlParseMemory(xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer) ); if((inDoc == NULL) || (xmlDocGetRootElement(inDoc) == NULL)) { - fprintf(stderr, "Error %d [%s]: failed to parse request\n", errno, inet_ntoa(saddr.sin_addr)); - goto done; + fprintf(stderr, "Error %d [%s]: failed to parse request\n", errno, inet_ntoa(saddr.sin_addr)); + goto done; } xmlSecBufferEmpty(buffer); /* prepare result document */ outDoc = xmlNewDoc(BAD_CAST "1.0"); if(outDoc == NULL) { - fprintf(stderr, "Error %d [%s]: failed to create result doc\n", errno, inet_ntoa(saddr.sin_addr)); - goto done; + fprintf(stderr, "Error %d [%s]: failed to create result doc\n", errno, inet_ntoa(saddr.sin_addr)); + goto done; } result = xmlSecXkmsServerCtxProcess(xkmsCtx2, xmlDocGetRootElement(inDoc), format, outDoc); if(result == NULL) { - fprintf(stderr, "Error %d [%s]: failed to process xkms server request\n", errno, inet_ntoa(saddr.sin_addr)); - goto done; + fprintf(stderr, "Error %d [%s]: failed to process xkms server request\n", errno, inet_ntoa(saddr.sin_addr)); + goto done; } /* apppend returned result node to the output document */ @@ -544,8 +527,8 @@ handle_connection(int sockfd, xmlSecXkmsServerCtxPtr xkmsCtx, xmlSecXkmsServerFo /* create LibXML2 output buffer */ output = xmlSecBufferCreateOutputBuffer(buffer); if(output == NULL) { - fprintf(stderr, "Error %d [%s]: xmlSecBufferCreateOutputBuffer() failed\n", errno, inet_ntoa(saddr.sin_addr)); - goto done; + fprintf(stderr, "Error %d [%s]: xmlSecBufferCreateOutputBuffer() failed\n", errno, inet_ntoa(saddr.sin_addr)); + goto done; } xmlNodeDumpOutput(output, result->doc, result, 0, 0, NULL); @@ -554,72 +537,72 @@ handle_connection(int sockfd, xmlSecXkmsServerCtxPtr xkmsCtx, xmlSecXkmsServerFo done: /* send back response */ if((resp_ready == 1) && (xmlSecBufferGetData(buffer) != NULL)) { - ret = send_response(fd, inet_ntoa(saddr.sin_addr), 200, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer)); - if(log_level >= LOG_LEVEL_INFO) { - fprintf(stdout, "Log [%s]: processed request\n", inet_ntoa(saddr.sin_addr)); - } + ret = send_response(fd, inet_ntoa(saddr.sin_addr), 200, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer)); + if(log_level >= LOG_LEVEL_INFO) { + fprintf(stdout, "Log [%s]: processed request\n", inet_ntoa(saddr.sin_addr)); + } } else if(fd >= 0) { - ret = send_response(fd, inet_ntoa(saddr.sin_addr), 503, http_503, strlen(http_503)); + ret = send_response(fd, inet_ntoa(saddr.sin_addr), 503, http_503, strlen(http_503)); if(log_level >= LOG_LEVEL_INFO) { - fprintf(stdout, "Log [%s]: failed to process request\n", inet_ntoa(saddr.sin_addr)); - } + fprintf(stdout, "Log [%s]: failed to process request\n", inet_ntoa(saddr.sin_addr)); + } } else { - ret = -1; + ret = -1; } if(ret < 0) { - fprintf(stderr, "Error %d [%s]: send_response() failed\n", errno, inet_ntoa(saddr.sin_addr)); + fprintf(stderr, "Error %d [%s]: send_response() failed\n", errno, inet_ntoa(saddr.sin_addr)); } /* cleanup */ if(output != NULL) { - xmlOutputBufferClose(output); - output = NULL; + xmlOutputBufferClose(output); + output = NULL; } if(outDoc != NULL) { - xmlFreeDoc(outDoc); - outDoc = NULL; + xmlFreeDoc(outDoc); + outDoc = NULL; } if(inDoc != NULL) { - xmlFreeDoc(inDoc); - inDoc = NULL; + xmlFreeDoc(inDoc); + inDoc = NULL; } if(buffer != NULL) { - xmlSecBufferDestroy(buffer); - buffer = NULL; + xmlSecBufferDestroy(buffer); + buffer = NULL; } if(xkmsCtx2 != NULL) { - xmlSecXkmsServerCtxDestroy(xkmsCtx2); - xkmsCtx2 = NULL; + xmlSecXkmsServerCtxDestroy(xkmsCtx2); + xkmsCtx2 = NULL; } if(fd >= 0) { #ifdef UNIX_SOCKETS - shutdown(fd, SHUT_RDWR); - close(fd); + shutdown(fd, SHUT_RDWR); + close(fd); #endif /* UNIX_SCOKETS */ #ifdef WIN32_SOCKETS - close(fd); + close(fd); #endif /* WIN32_SCOKETS */ - fd = -1; + fd = -1; } if(in_child_process) { - exit(0); + exit(0); } return(0); } /** * read_request: - * @fd: the request's socket. - * @in_ip: the request's IP address (for logging). - * @buffer: the output buffer. + * @fd: the request's socket. + * @in_ip: the request's IP address (for logging). + * @buffer: the output buffer. * * Reads the request from socket @fd and stores it in the @buffer. * @@ -642,16 +625,16 @@ read_request(int fd, const char* in_ip, xmlSecBufferPtr buffer) { /* first read the http headers */ counter = 5; while(my_strnstr(xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer), BAD_CAST "\r\n\r\n", 4) == NULL) { - nread = recv(fd, buf, sizeof(buf), 0); - if(nread < 0) { - fprintf(stderr, "Error %d [%s]: read() failed\n", errno, in_ip); - return(-1); - } + nread = recv(fd, buf, sizeof(buf), 0); + if(nread < 0) { + fprintf(stderr, "Error %d [%s]: read() failed\n", errno, in_ip); + return(-1); + } - if((nread > 0) && (xmlSecBufferAppend(buffer, buf, nread) < 0)) { - fprintf(stderr, "Error %d [%s]: xmlSecBufferAppend(%d) failed\n", errno, in_ip, nread); - return(-1); - } + if((nread > 0) && (xmlSecBufferAppend(buffer, buf, nread) < 0)) { + fprintf(stderr, "Error %d [%s]: xmlSecBufferAppend(%d) failed\n", errno, in_ip, nread); + return(-1); + } if(nread < sizeof(buffer)) { counter--; @@ -663,13 +646,13 @@ read_request(int fd, const char* in_ip, xmlSecBufferPtr buffer) { if(xmlSecBufferGetData(buffer) == NULL) { fprintf(stderr, "Error %d [%s]: no bytes read\n", errno, in_ip); - return(-1); + return(-1); } if(log_level >= LOG_LEVEL_DEBUG) { - xmlSecBufferAppend(buffer, BAD_CAST "\0", 1); + xmlSecBufferAppend(buffer, BAD_CAST "\0", 1); fprintf(stdout, "Debug [%s]: request headers:\n%s\n", in_ip, xmlSecBufferGetData(buffer)); - xmlSecBufferRemoveTail(buffer, 1); + xmlSecBufferRemoveTail(buffer, 1); } /* Parse the request and extract the body. We expect the request to look @@ -677,37 +660,37 @@ read_request(int fd, const char* in_ip, xmlSecBufferPtr buffer) { * POST <path> HTTP/1.x\r\n * <header1>\r\n * <header2>\r\n - * ... + * ... * <headerN>\r\n - * \r\n - * <body> + * \r\n + * <body> */ /* analyze the first line */ p = my_strnstr(xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer), BAD_CAST "\r\n", 2); if(p == NULL) { - fprintf(stderr, "Error %d [%s]: there is no HTTP header\n", errno, in_ip); - return(-1); + fprintf(stderr, "Error %d [%s]: there is no HTTP header\n", errno, in_ip); + return(-1); } if(xmlStrncasecmp(xmlSecBufferGetData(buffer), BAD_CAST "POST ", 5) != 0) { - fprintf(stderr, "Error %d [%s]: not a POST request\n", errno, in_ip); - return(-1); + fprintf(stderr, "Error %d [%s]: not a POST request\n", errno, in_ip); + return(-1); } /* "POST " + " HTTP/1.x" == 14 */ s = xmlSecBufferGetData(buffer); if(p - s <= 14) { - fprintf(stderr, "Error %d [%s]: first line has bad length\n", errno, in_ip); - return(-1); + fprintf(stderr, "Error %d [%s]: first line has bad length\n", errno, in_ip); + return(-1); } if((xmlStrncasecmp(p - 9, BAD_CAST " HTTP/1.0", 9) != 0) && (xmlStrncasecmp(p - 9, BAD_CAST " HTTP/1.1", 9) != 0)) { - + fprintf(stderr, "Error %d [%s]: first line does not end with \" HTTP/1.x\"\n", errno, in_ip); - return(-1); + return(-1); } if(xmlSecBufferRemoveHead(buffer, p - xmlSecBufferGetData(buffer) + 2) < 0) { - fprintf(stderr, "Error %d [%s]: failed to skip first line\n", errno, in_ip); - return(-1); + fprintf(stderr, "Error %d [%s]: failed to skip first line\n", errno, in_ip); + return(-1); } /* now skip all the headers (i.e. everything until empty line) */ @@ -716,19 +699,19 @@ read_request(int fd, const char* in_ip, xmlSecBufferPtr buffer) { p = my_strnstr(xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer), BAD_CAST "\r\n", 2); if(p == NULL) { fprintf(stderr, "Error %d [%s]: there is no HTTP body\n", errno, in_ip); - return(-1); - } - - if(p == xmlSecBufferGetData(buffer)) { - found = 1; - } else if(xmlStrncasecmp(xmlSecBufferGetData(buffer), BAD_CAST "Content-length: ", 16) == 0) { - length = atoi(xmlSecBufferGetData(buffer) + 16); - } - - if(xmlSecBufferRemoveHead(buffer, p - xmlSecBufferGetData(buffer) + 2) < 0) { - fprintf(stderr, "Error %d [%s]: failed to skip header line\n", errno, in_ip); - return(-1); - } + return(-1); + } + + if(p == xmlSecBufferGetData(buffer)) { + found = 1; + } else if(xmlStrncasecmp(xmlSecBufferGetData(buffer), BAD_CAST "Content-length: ", 16) == 0) { + length = atoi(xmlSecBufferGetData(buffer) + 16); + } + + if(xmlSecBufferRemoveHead(buffer, p - xmlSecBufferGetData(buffer) + 2) < 0) { + fprintf(stderr, "Error %d [%s]: failed to skip header line\n", errno, in_ip); + return(-1); + } } /* remove the trailing \0 we added */ @@ -737,16 +720,16 @@ read_request(int fd, const char* in_ip, xmlSecBufferPtr buffer) { /* now read the body */ counter = 5; while(xmlSecBufferGetSize(buffer) < length) { - nread = recv(fd, buf, sizeof(buf), 0); - if(nread < 0) { - fprintf(stderr, "Error %d [%s]: read() failed\n", errno, in_ip); - return(-1); - } - - if((nread > 0) && (xmlSecBufferAppend(buffer, buf, nread) < 0)) { - fprintf(stderr, "Error %d [%s]: xmlSecBufferAppend(%d) failed\n", errno, in_ip, nread); - return(-1); - } + nread = recv(fd, buf, sizeof(buf), 0); + if(nread < 0) { + fprintf(stderr, "Error %d [%s]: read() failed\n", errno, in_ip); + return(-1); + } + + if((nread > 0) && (xmlSecBufferAppend(buffer, buf, nread) < 0)) { + fprintf(stderr, "Error %d [%s]: xmlSecBufferAppend(%d) failed\n", errno, in_ip, nread); + return(-1); + } if(nread < sizeof(buffer)) { counter--; if(counter <= 0) { @@ -755,23 +738,23 @@ read_request(int fd, const char* in_ip, xmlSecBufferPtr buffer) { } } if(log_level >= LOG_LEVEL_INFO) { - fprintf(stdout, "Log [%s]: body size is %d bytes\n", in_ip, xmlSecBufferGetSize(buffer)); + fprintf(stdout, "Log [%s]: body size is %d bytes\n", in_ip, xmlSecBufferGetSize(buffer)); } if(log_level >= LOG_LEVEL_DATA) { - xmlSecBufferAppend(buffer, BAD_CAST "\0", 1); + xmlSecBufferAppend(buffer, BAD_CAST "\0", 1); fprintf(stdout, "Log [%s]: request body:\n%s\n", in_ip, xmlSecBufferGetData(buffer)); - xmlSecBufferRemoveTail(buffer, 1); + xmlSecBufferRemoveTail(buffer, 1); } return(0); } /** * send_response: - * @fd: the request's socket. - * @in_ip: the request's IP address (for logging). - * @resp_code: the HTTP response code. - * @body: the response body. - * @body_len: the response body length. + * @fd: the request's socket. + * @in_ip: the request's IP address (for logging). + * @resp_code: the HTTP response code. + * @body: the response body. + * @body_len: the response body length. * * Writes HTTP response headers and @body to the @socket. * @@ -789,20 +772,20 @@ send_response(int fd, const char* in_ip, int resp_code, const char* body, int bo /* prepare and send http header */ sprintf(header, http_header, resp_code, body_size); if(send(fd, header, strlen(header), 0) == -1) { - fprintf(stderr, "Error %d [%s]: send(header) failed\n", errno, in_ip); - return(-1); + fprintf(stderr, "Error %d [%s]: send(header) failed\n", errno, in_ip); + return(-1); } if(log_level >= LOG_LEVEL_DATA) { - xmlChar* tmp = xmlStrndup(body, body_size); + xmlChar* tmp = xmlStrndup(body, body_size); fprintf(stdout, "Log [%s]: response is\n%s\n", in_ip, tmp); - xmlFree(tmp); + xmlFree(tmp); } /* send body */ if(send(fd, body, body_size, 0) == -1) { - fprintf(stderr, "Error %d [%s]: send(body) failed\n", errno, in_ip); - return(-1); + fprintf(stderr, "Error %d [%s]: send(body) failed\n", errno, in_ip); + return(-1); } return(0); diff --git a/examples/xmldsigverify.c b/examples/xmldsigverify.c index f4c376ea..a4c9f532 100644 --- a/examples/xmldsigverify.c +++ b/examples/xmldsigverify.c @@ -17,7 +17,6 @@ #ifndef XMLSEC_NO_XSLT #include <libxslt/xslt.h> -#include <libxslt/security.h> #endif /* XMLSEC_NO_XSLT */ #include <xmlsec/xmlsec.h> @@ -25,9 +24,9 @@ #include <xmlsec/xmldsig.h> #include <xmlsec/crypto.h> -/* #define XMLDSIGVERIFY_DEFAULT_TRUSTED_CERTS_FOLDER "/etc/httpd/conf/ssl.crt" */ -#define XMLDSIGVERIFY_DEFAULT_TRUSTED_CERTS_FOLDER "/var/www/cgi-bin/keys-certs.def" -#define XMLDSIGVERIFY_KEY_AND_CERTS_FOLDER "/var/www/cgi-bin/keys-certs" +/* #define XMLDSIGVERIFY_DEFAULT_TRUSTED_CERTS_FOLDER "/etc/httpd/conf/ssl.crt" */ +#define XMLDSIGVERIFY_DEFAULT_TRUSTED_CERTS_FOLDER "/var/www/cgi-bin/keys-certs.def" +#define XMLDSIGVERIFY_KEY_AND_CERTS_FOLDER "/var/www/cgi-bin/keys-certs" int load_keys(xmlSecKeysMngrPtr mngr, const char* path, int report_loaded_keys); @@ -38,10 +37,7 @@ int url_decode(char *buf, size_t size); int main(int argc, char **argv) { xmlSecKeysMngrPtr mngr; -#ifndef XMLSEC_NO_XSLT - xsltSecurityPrefsPtr xsltSecPrefs = NULL; -#endif /* XMLSEC_NO_XSLT */ - + /* start response */ fprintf(stdout, "Content-type: text/plain\n"); fprintf(stdout, "\n"); @@ -57,29 +53,17 @@ main(int argc, char **argv) { /* make sure that we print out everything to stdout */ xmlGenericErrorContext = stdout; - - /* Init libxslt */ -#ifndef XMLSEC_NO_XSLT - /* disable everything */ - xsltSecPrefs = xsltNewSecurityPrefs(); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); - xsltSetDefaultSecurityPrefs(xsltSecPrefs); -#endif /* XMLSEC_NO_XSLT */ - + /* Init xmlsec library */ if(xmlSecInit() < 0) { - fprintf(stdout, "Error: xmlsec initialization failed.\n"); - return(-1); + fprintf(stdout, "Error: xmlsec initialization failed.\n"); + return(-1); } /* Check loaded library version */ if(xmlSecCheckVersion() != 1) { - fprintf(stdout, "Error: loaded xmlsec library version is not compatible.\n"); - return(-1); + fprintf(stdout, "Error: loaded xmlsec library version is not compatible.\n"); + return(-1); } /* Load default crypto engine if we are supporting dynamic @@ -89,49 +73,49 @@ main(int argc, char **argv) { */ #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { - fprintf(stdout, "Error: unable to load default xmlsec-crypto library. Make sure\n" - "that you have it installed and check shared libraries path\n" - "(LD_LIBRARY_PATH) envornment variable.\n"); - return(-1); + fprintf(stdout, "Error: unable to load default xmlsec-crypto library. Make sure\n" + "that you have it installed and check shared libraries path\n" + "(LD_LIBRARY_PATH) envornment variable.\n"); + return(-1); } #endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */ /* Init crypto library */ if(xmlSecCryptoAppInit(XMLDSIGVERIFY_DEFAULT_TRUSTED_CERTS_FOLDER) < 0) { - fprintf(stdout, "Error: crypto initialization failed.\n"); - return(-1); + fprintf(stdout, "Error: crypto initialization failed.\n"); + return(-1); } /* Init xmlsec-crypto library */ if(xmlSecCryptoInit() < 0) { - fprintf(stdout, "Error: xmlsec-crypto initialization failed.\n"); - return(-1); + fprintf(stdout, "Error: xmlsec-crypto initialization failed.\n"); + return(-1); } /* create keys manager */ mngr = xmlSecKeysMngrCreate(); if(mngr == NULL) { - fprintf(stdout, "Error: failed to create keys manager.\n"); - return(-1); + fprintf(stdout, "Error: failed to create keys manager.\n"); + return(-1); } if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) { - fprintf(stdout, "Error: failed to initialize keys manager.\n"); - return(-1); + fprintf(stdout, "Error: failed to initialize keys manager.\n"); + return(-1); } if(load_keys(mngr, XMLDSIGVERIFY_KEY_AND_CERTS_FOLDER, 0) < 0) { - xmlSecKeysMngrDestroy(mngr); - return(-1); + xmlSecKeysMngrDestroy(mngr); + return(-1); } if(load_trusted_certs(mngr, XMLDSIGVERIFY_KEY_AND_CERTS_FOLDER, 0) < 0) { - xmlSecKeysMngrDestroy(mngr); - return(-1); + xmlSecKeysMngrDestroy(mngr); + return(-1); } if(verify_request(mngr) < 0) { - xmlSecKeysMngrDestroy(mngr); - return(-1); + xmlSecKeysMngrDestroy(mngr); + return(-1); } /* Destroy keys manager */ @@ -148,10 +132,8 @@ main(int argc, char **argv) { /* Shutdown libxslt/libxml */ #ifndef XMLSEC_NO_XSLT - xsltFreeSecurityPrefs(xsltSecPrefs); xsltCleanupGlobals(); #endif /* XMLSEC_NO_XSLT */ - xmlCleanupParser(); return(0); @@ -159,8 +141,8 @@ main(int argc, char **argv) { /** * load_trusted_certs: - * @mngr: the keys manager. - * @path: the path to a folder that contains trusted certificates. + * @mngr: the keys manager. + * @path: the path to a folder that contains trusted certificates. * * Loads trusted certificates from @path. * @@ -177,33 +159,33 @@ int load_trusted_certs(xmlSecKeysMngrPtr mngr, const char* path, int report_load dir = opendir(path); if(dir == NULL) { - fprintf(stdout, "Error: failed to open folder \"%s\".\n", path); - return(-1); + fprintf(stdout, "Error: failed to open folder \"%s\".\n", path); + return(-1); } while((entry = readdir(dir)) != NULL) { - assert(entry->d_name); - len = strlen(entry->d_name); - if((len > 4) && (strcmp(entry->d_name + len - 4, ".pem") == 0)) { - snprintf(filename, sizeof(filename), "%s/%s", path, entry->d_name); - if(xmlSecCryptoAppKeysMngrCertLoad(mngr, filename, xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) { - fprintf(stdout,"Error: failed to load pem certificate from \"%s\"\n", filename); - closedir(dir); - return(-1); - } - if(report_loaded_certs) { - fprintf(stdout, "Loaded trusted certificate from \"%s\"...\n", filename); - } - } else if((len > 4) && (strcmp(entry->d_name + len - 4, ".der") == 0)) { - snprintf(filename, sizeof(filename), "%s/%s", path, entry->d_name); - if(xmlSecCryptoAppKeysMngrCertLoad(mngr, filename, xmlSecKeyDataFormatDer, xmlSecKeyDataTypeTrusted) < 0) { - fprintf(stdout,"Error: failed to load der certificate from \"%s\"\n", filename); - closedir(dir); - return(-1); - } - if(report_loaded_certs) { - fprintf(stdout, "Loaded trusted certificate from \"%s\"...\n", filename); - } - } + assert(entry->d_name); + len = strlen(entry->d_name); + if((len > 4) && (strcmp(entry->d_name + len - 4, ".pem") == 0)) { + snprintf(filename, sizeof(filename), "%s/%s", path, entry->d_name); + if(xmlSecCryptoAppKeysMngrCertLoad(mngr, filename, xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) { + fprintf(stdout,"Error: failed to load pem certificate from \"%s\"\n", filename); + closedir(dir); + return(-1); + } + if(report_loaded_certs) { + fprintf(stdout, "Loaded trusted certificate from \"%s\"...\n", filename); + } + } else if((len > 4) && (strcmp(entry->d_name + len - 4, ".der") == 0)) { + snprintf(filename, sizeof(filename), "%s/%s", path, entry->d_name); + if(xmlSecCryptoAppKeysMngrCertLoad(mngr, filename, xmlSecKeyDataFormatDer, xmlSecKeyDataTypeTrusted) < 0) { + fprintf(stdout,"Error: failed to load der certificate from \"%s\"\n", filename); + closedir(dir); + return(-1); + } + if(report_loaded_certs) { + fprintf(stdout, "Loaded trusted certificate from \"%s\"...\n", filename); + } + } } closedir(dir); return(0); @@ -216,8 +198,8 @@ int load_keys(xmlSecKeysMngrPtr mngr, const char* path, int report_loaded_keys) snprintf(filename, sizeof(filename), "%s/keys.xml", path); if(xmlSecCryptoAppDefaultKeysMngrLoad(mngr, filename) < 0) { - fprintf(stdout,"Error: failed to load keys from \"%s\"\n", filename); - return(-1); + fprintf(stdout,"Error: failed to load keys from \"%s\"\n", filename); + return(-1); } if(report_loaded_keys) { @@ -229,7 +211,7 @@ int load_keys(xmlSecKeysMngrPtr mngr, const char* path, int report_loaded_keys) /** * verify_request: - * @mng: the keys manager + * @mng: the keys manager * * Verifies XML signature in the request (stdin). * @@ -250,35 +232,35 @@ verify_request(xmlSecKeysMngrPtr mngr) { /* load request in the buffer */ buffer = xmlBufferCreate(); if(buffer == NULL) { - fprintf(stdout,"Error: failed to create buffer\n"); - goto done; + fprintf(stdout,"Error: failed to create buffer\n"); + goto done; } while(!feof(stdin)) { - ret = fread(buf, 1, sizeof(buf), stdin); - if(ret < 0) { - fprintf(stdout,"Error: read failed\n"); - goto done; - } - xmlBufferAdd(buffer, buf, ret); + ret = fread(buf, 1, sizeof(buf), stdin); + if(ret < 0) { + fprintf(stdout,"Error: read failed\n"); + goto done; + } + xmlBufferAdd(buffer, buf, ret); } /* is the document subbmitted from the form? */ if(strncmp((char*)xmlBufferContent(buffer), "_xmldoc=", 8) == 0) { - xmlBufferShrink(buffer, 8); - buffer->use = url_decode((char*)xmlBufferContent(buffer), xmlBufferLength(buffer)); + xmlBufferShrink(buffer, 8); + buffer->use = url_decode((char*)xmlBufferContent(buffer), xmlBufferLength(buffer)); } /** * Load doc */ doc = xmlReadMemory(xmlBufferContent(buffer), xmlBufferLength(buffer), - NULL, NULL, - XML_PARSE_NOENT | XML_PARSE_NOCDATA | - XML_PARSE_PEDANTIC | XML_PARSE_NOCDATA); + NULL, NULL, + XML_PARSE_NOENT | XML_PARSE_NOCDATA | + XML_PARSE_PEDANTIC | XML_PARSE_NOCDATA); if (doc == NULL) { - fprintf(stdout, "Error: unable to parse xml document (syntax error)\n"); - goto done; + fprintf(stdout, "Error: unable to parse xml document (syntax error)\n"); + goto done; } /* @@ -286,41 +268,41 @@ verify_request(xmlSecKeysMngrPtr mngr) { */ if(xmlDocGetRootElement(doc) == NULL) { fprintf(stdout,"Error: empty document\n"); - goto done; + goto done; } /* find start node */ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs); if(node == NULL) { - fprintf(stdout, "Error: start <dsig:Signature/> node not found\n"); - goto done; + fprintf(stdout, "Error: start <dsig:Signature/> node not found\n"); + goto done; } /* create signature context */ dsigCtx = xmlSecDSigCtxCreate(mngr); if(dsigCtx == NULL) { fprintf(stdout,"Error: failed to create signature context\n"); - goto done; + goto done; } /* we would like to store and print out everything */ /* actually we would not because it opens a security hole dsigCtx->flags = XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES | - XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES | - XMLSEC_DSIG_FLAGS_STORE_SIGNATURE; + XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES | + XMLSEC_DSIG_FLAGS_STORE_SIGNATURE; */ /* Verify signature */ if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) { fprintf(stdout,"Error: signature verification failed\n"); - goto done; + goto done; } /* print verification result to stdout */ if(dsigCtx->status == xmlSecDSigStatusSucceeded) { - fprintf(stdout, "RESULT: Signature is OK\n"); + fprintf(stdout, "RESULT: Signature is OK\n"); } else { - fprintf(stdout, "RESULT: Signature is INVALID\n"); + fprintf(stdout, "RESULT: Signature is INVALID\n"); } fprintf(stdout, "---------------------------------------------------\n"); xmlSecDSigCtxDebugDump(dsigCtx, stdout); @@ -331,30 +313,30 @@ verify_request(xmlSecKeysMngrPtr mngr) { done: /* cleanup */ if(dsigCtx != NULL) { - xmlSecDSigCtxDestroy(dsigCtx); + xmlSecDSigCtxDestroy(dsigCtx); } if(doc != NULL) { - xmlFreeDoc(doc); + xmlFreeDoc(doc); } if(buffer != NULL) { - xmlBufferFree(buffer); + xmlBufferFree(buffer); } return(res); } /* not the best way to do it */ #define toHex(c) ( ( ('0' <= (c)) && ((c) <= '9') ) ? (c) - '0' : \ - ( ( ('A' <= (c)) && ((c) <= 'F') ) ? (c) - 'A' + 10 : 0 ) ) + ( ( ('A' <= (c)) && ((c) <= 'F') ) ? (c) - 'A' + 10 : 0 ) ) /** * url_decode: - * @buf: the input buffer. - * @size: the input buffer size. + * @buf: the input buffer. + * @size: the input buffer size. * * Does url decoding in-place. - * + * * Returns length of the decoded result on success or * a negative value if an error occurs. */ @@ -365,15 +347,15 @@ int url_decode(char *buf, size_t size) { p1 = p2 = buf; while(p1 - buf < size) { - if(((*p1) == '%') && ((p1 - buf) <= (size - 3))) { - *(p2++) = (char)(toHex(p1[1]) * 16 + toHex(p1[2])); - p1 += 3; - } else if((*p1) == '+') { - *(p2++) = ' '; - p1++; - } else { - *(p2++) = *(p1++); - } + if(((*p1) == '%') && ((p1 - buf) <= (size - 3))) { + *(p2++) = (char)(toHex(p1[1]) * 16 + toHex(p1[2])); + p1 += 3; + } else if((*p1) == '+') { + *(p2++) = ' '; + p1++; + } else { + *(p2++) = *(p1++); + } } return(p2 - buf); } |