diff options
Diffstat (limited to 'docs/api/xmlsec-verify-with-restrictions.html')
-rw-r--r-- | docs/api/xmlsec-verify-with-restrictions.html | 122 |
1 files changed, 67 insertions, 55 deletions
diff --git a/docs/api/xmlsec-verify-with-restrictions.html b/docs/api/xmlsec-verify-with-restrictions.html index e1c47f24..d9b8d66a 100644 --- a/docs/api/xmlsec-verify-with-restrictions.html +++ b/docs/api/xmlsec-verify-with-restrictions.html @@ -36,8 +36,31 @@ .navigation .title { font-size: 200%; }</style> +<style type="text/css"> +table.CALSTABLE > tbody > tr:nth-child(1) > td:nth-child(1) { + width: 20em; +} +.synopsis, .classsynopsis { + background: #eeeeee; + border: solid 1px #aaaaaa; +} +.programlisting { + background: #eeeeee; + border: solid 1px #000000; +} +.navigation { + background: #eeeeee; + border: solid 1px #000000; +} +.navigation a { + color: initial; +} +.navigation a:visited { + color: initial; +} +</style> </head> -<body><table witdh="100%" valign="top"><tr valign="top"> +<body><table width="100%" valign="top"><tr valign="top"> <td valign="top" align="left" width="210"> <img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p> <ul> @@ -78,11 +101,11 @@ </td> <td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent"> <table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle"> -<td><a accesskey="p" href="xmlsec-verify-with-x509.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td> -<td><a accesskey="u" href="xmlsec-examples.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td> -<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td> +<td><a accesskey="p" href="xmlsec-verify-with-x509.html"><img src="left.png" width="16" height="16" border="0" alt="Prev"></a></td> +<td><a accesskey="u" href="xmlsec-examples.html"><img src="up.png" width="16" height="16" border="0" alt="Up"></a></td> +<td><a accesskey="h" href="index.html"><img src="home.png" width="16" height="16" border="0" alt="Home"></a></td> <th width="100%" align="center">XML Security Library Reference Manual</th> -<td><a accesskey="n" href="xmlsec-encrypt-template-file.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td> +<td><a accesskey="n" href="xmlsec-encrypt-template-file.html"><img src="right.png" width="16" height="16" border="0" alt="Next"></a></td> </tr></table> <br clear="all"><div class="SECT1"> <h1 class="SECT1"><a name="XMLSEC-VERIFY-WITH-RESTRICTIONS">Verifying a signature with additional restrictions.</a></h1> @@ -91,11 +114,11 @@ <p></p> <div class="INFORMALEXAMPLE"> <p></p> -<a name="AEN722"></a><pre class="PROGRAMLISTING">/** +<a name="AEN877"></a><pre class="PROGRAMLISTING">/** * XML Security Library example: Verifying a simple SAML response with X509 certificate * * Verifies a simple SAML response. In addition to refular verification - * we ensure that the signature has only one <dsig:Reference/> element + * we ensure that the signature has only one <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top"><dsig:Reference/></a> element * with an empty or NULL URI attribute and one enveloped signature transform * as it is required by SAML specification. * @@ -106,17 +129,17 @@ * verify4 <signed-file> <trusted-cert-pem-file1> [<trusted-cert-pem-file2> [...]] * * Example (sucecess): - * ./verify4 verify4-res.xml rootcert.pem + * ./verify4 verify4-res.xml ca2cert.pem cacert.pem * * Example (failure): - * ./verify4 verify4-bad-res.xml rootcert.pem + * ./verify4 verify4-bad-res.xml ca2cert.pem cacert.pem * In the same time, verify3 example successfuly verifies this signature: - * ./verify3 verify4-bad-res.xml rootcert.pem + * ./verify3 verify4-bad-res.xml ca2cert.pem cacert.pem * * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com> */ #include <stdlib.h> #include <string.h> @@ -407,7 +430,7 @@ done: <p></p> <div class="INFORMALEXAMPLE"> <p></p> -<a name="AEN727"></a><pre class="PROGRAMLISTING"><?xml version="1.0" encoding="UTF-8"?> +<a name="AEN883"></a><pre class="PROGRAMLISTING"><?xml version="1.0" encoding="UTF-8"?> <!-- XML Security Library example: A simple SAML response template (verify4 example). @@ -425,12 +448,12 @@ Sign it using the following command (replace __ with double dashes): <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> - <dsig:DigestValue/> + <a href="http://www.w3.org/TR/xmldsig-core/#sec-DigestValue" target="_top"><dsig:DigestValue/></a> </dsig:Reference> </dsig:SignedInfo> - <dsig:SignatureValue/> + <a href="http://www.w3.org/TR/xmldsig-core/#sec-SignatureValue" target="_top"><dsig:SignatureValue/></a> <dsig:KeyInfo> - <dsig:X509Data/> + <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509Data" target="_top"><dsig:X509Data/></a> </dsig:KeyInfo> </dsig:Signature> <Status> @@ -462,11 +485,11 @@ Sign it using the following command (replace __ with double dashes): <p></p> <div class="INFORMALEXAMPLE"> <p></p> -<a name="AEN732"></a><pre class="PROGRAMLISTING"><?xml version="1.0" encoding="UTF-8"?> +<a name="AEN891"></a><pre class="PROGRAMLISTING"><?xml version="1.0" encoding="UTF-8"?> <!-- XML Security Library example: A simple SAML response template (verify4 example). -This file was signed using the following command (replace __ with double dashes): +Sign it using the following command (replace __ with double dashes): ../apps/xmlsec sign __privkey rsakey.pem,rsacert.pem __output verify4-res.xml verify4-tmpl.xml --> @@ -483,41 +506,30 @@ This file was signed using the following command (replace __ with double dashes) <dsig:DigestValue>t1nvDq1bZXEhBIXc/DHcqIrjRyI=</dsig:DigestValue> </dsig:Reference> </dsig:SignedInfo> - <dsig:SignatureValue>EsNm7mOj9XY6pq1bfeuzFd1F/LQwbc1K/YgOYgrElk4tr8BhSd5OcrzXBgsivPvm -HpjvSOBkjctGOFVE7x+6+G8TMudTja1IchEmGMh+pjMBlGNpvxSTedwtnoZBGWAz -RlfRhRFThskup0T7Or+VBHYygPGM3gmwX0ZWVYpNzM/rfYSk7+obgIp9DxLDIXlW -oLrJGVivubE+T63CPfBPaUIv1CbfBAzdo+11+8CiVsdWn2qwtGe5Fsmc3eCg06Oj -sl1nyCIu3AONq1w8jIPOgmITF8PpwDm0+XoQUH0P4kHJqNLphnJZY+GlPAC6VlAW -2bcAFr4Ul5yzHUBpxCDZfg==</dsig:SignatureValue> + <dsig:SignatureValue>cj28Qr33wTqwHJzpI+7Mth7HUTr9MKACSH4x/1/AO64FEGiQRoOBB8XuUHZ8tzkP +Azy8FwoZE/Jv5d/0N3ru4Q==</dsig:SignatureValue> <dsig:KeyInfo> <dsig:X509Data> -<X509Certificate xmlns="http://www.w3.org/2000/09/xmldsig#">MIIE3zCCBEigAwIBAgIBBTANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCVVMx -EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE -ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v -eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl -a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4X -DTAzMDMzMTA0MDIyMloXDTEzMDMyODA0MDIyMlowgb8xCzAJBgNVBAYTAlVTMRMw -EQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFy -eSAoaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMSEwHwYDVQQLExhFeGFt -cGxlcyBSU0EgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAf -BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAJe4/rQ/gzV4FokE7CthjL/EXwCBSkXm2c3p4jyXO0Wt -quaNC3dxBwFPfPl94hmq3ZFZ9PHPPbp4RpYRnLZbRjlzVSOq954AXOXpSew7nD+E -mTqQrd9+ZIbGJnLOMQh5fhMVuOW/1lYCjWAhTCcYZPv7VXD2M70vVXDVXn6ZrqTg -qkVHE6gw1aCKncwg7OSOUclUxX8+Zi10v6N6+PPslFc5tKwAdWJhVLTQ4FKG+F53 -7FBDnNK6p4xiWryy/vPMYn4jYGvHUUk3eH4lFTCr+rSuJY8i/KNIf/IKim7g/o3w -Ae3GM8xrof2mgO8GjK/2QDqOQhQgYRIf4/wFsQXVZcMCAwEAAaOCAVcwggFTMAkG -A1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRp -ZmljYXRlMB0GA1UdDgQWBBQkhCzy1FkgYosuXIaQo6owuicanDCB+AYDVR0jBIHw -MIHtgBS0ue+a5pcOaGUemM76VQ2JBttMfKGB0aSBzjCByzELMAkGA1UEBhMCVVMx -EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE -ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v -eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl -a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggEA -MA0GCSqGSIb3DQEBBAUAA4GBALU/mzIxSv8vhDuomxFcplzwdlLZbvSQrfoNkMGY -1UoS3YJrN+jZLWKSyWE3mIaPpElqXiXQGGkwD5iPQ1iJMbI7BeLvx6ZxX/f+c8Wn -ss0uc1NxfahMaBoyG15IL4+beqO182fosaKJTrJNG3mc//ANGU9OsQM9mfBEt4oL -NJ2D</X509Certificate> +<dsig:X509Certificate>MIIDpzCCA1GgAwIBAgIJAK+ii7kzrdqvMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy +aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEWMBQG +A1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtz +ZXkuY29tMCAXDTE0MDUyMzE3NTUzNFoYDzIxMTQwNDI5MTc1NTM0WjCBxzELMAkG +A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1 +cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKTAn +BgNVBAsTIFRlc3QgVGhpcmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD +Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j +b20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA09BtD3aeVt6DVDkk0dI7Vh7Ljqdn +sYmW0tbDVxxK+nume+Z9Sb4znbUKkWl+vgQATdRUEyhT2P+Gqrd0UBzYfQIDAQAB +o4IBRTCCAUEwDAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBH +ZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNf0xkZ3zjcEI60pVPuwDqTM +QygZMIHjBgNVHSMEgdswgdiAFP7k7FMk8JWVxxC14US1XTllWuN+oYG0pIGxMIGu +MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1M +IFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2Vj +KTEQMA4GA1UECxMHUm9vdCBDQTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8G +CSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggkAr6KLuTOt2q0wDQYJKoZI +hvcNAQEFBQADQQAOXBj0yICp1RmHXqnUlsppryLCW3pKBD1dkb4HWarO7RjA1yJJ +fBjXssrERn05kpBcrRfzou4r3DCgQFPhjxga</dsig:X509Certificate> </dsig:X509Data> </dsig:KeyInfo> </dsig:Signature> @@ -550,7 +562,7 @@ NJ2D</X509Certificate> <p></p> <div class="INFORMALEXAMPLE"> <p></p> -<a name="AEN737"></a><pre class="PROGRAMLISTING"><?xml version="1.0" encoding="UTF-8"?> +<a name="AEN896"></a><pre class="PROGRAMLISTING"><?xml version="1.0" encoding="UTF-8"?> <!-- XML Security Library example: A simple bad SAML response template (verify4 example). @@ -575,12 +587,12 @@ Sign it using the following command (replace __ with double dashes): </dsig:Transform> </dsig:Transforms> <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> - <dsig:DigestValue/> + <a href="http://www.w3.org/TR/xmldsig-core/#sec-DigestValue" target="_top"><dsig:DigestValue/></a> </dsig:Reference> </dsig:SignedInfo> - <dsig:SignatureValue/> + <a href="http://www.w3.org/TR/xmldsig-core/#sec-SignatureValue" target="_top"><dsig:SignatureValue/></a> <dsig:KeyInfo> - <dsig:X509Data/> + <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509Data" target="_top"><dsig:X509Data/></a> </dsig:KeyInfo> </dsig:Signature> <Status> @@ -612,7 +624,7 @@ Sign it using the following command (replace __ with double dashes): <p></p> <div class="INFORMALEXAMPLE"> <p></p> -<a name="AEN742"></a><pre class="PROGRAMLISTING"><?xml version="1.0" encoding="UTF-8"?> +<a name="AEN904"></a><pre class="PROGRAMLISTING"><?xml version="1.0" encoding="UTF-8"?> <!-- XML Security Library example: A simple bad SAML response (verify4 example). |