diff options
Diffstat (limited to 'examples')
| -rw-r--r-- | examples/Makefile | 7 | ||||
| -rw-r--r-- | examples/Makefile.w32 | 24 | ||||
| -rw-r--r-- | examples/README | 160 | ||||
| -rw-r--r-- | examples/ca2cert.pem | 64 | ||||
| -rw-r--r-- | examples/cacert.pem | 67 | ||||
| -rw-r--r-- | examples/decrypt1.c | 4 | ||||
| -rw-r--r-- | examples/decrypt2.c | 4 | ||||
| -rw-r--r-- | examples/decrypt3.c | 4 | ||||
| -rw-r--r-- | examples/encrypt1.c | 4 | ||||
| -rw-r--r-- | examples/encrypt2.c | 4 | ||||
| -rw-r--r-- | examples/encrypt3-res.xml | 16 | ||||
| -rw-r--r-- | examples/encrypt3.c | 4 | ||||
| -rw-r--r-- | examples/mywin32make.bat | 2 | ||||
| -rw-r--r-- | examples/rootcert.pem | 25 | ||||
| -rw-r--r-- | examples/rsacert.pem | 112 | ||||
| -rw-r--r-- | examples/rsakey.pem | 32 | ||||
| -rw-r--r-- | examples/rsapub.pem | 9 | ||||
| -rw-r--r-- | examples/sign1-res.xml | 10 | ||||
| -rw-r--r-- | examples/sign1.c | 4 | ||||
| -rw-r--r-- | examples/sign2-res.xml | 10 | ||||
| -rw-r--r-- | examples/sign2.c | 4 | ||||
| -rw-r--r-- | examples/sign3-res.xml | 57 | ||||
| -rw-r--r-- | examples/sign3.c | 6 | ||||
| -rw-r--r-- | examples/verify1.c | 4 | ||||
| -rw-r--r-- | examples/verify2.c | 4 | ||||
| -rw-r--r-- | examples/verify3.c | 6 | ||||
| -rw-r--r-- | examples/verify4-res.xml | 57 | ||||
| -rw-r--r-- | examples/verify4.c | 10 | ||||
| -rw-r--r-- | examples/xkms-server.c | 839 | ||||
| -rw-r--r-- | examples/xmldsigverify.c | 4 |
30 files changed, 364 insertions, 1193 deletions
diff --git a/examples/Makefile b/examples/Makefile index a237b987..89b1d61b 100644 --- a/examples/Makefile +++ b/examples/Makefile @@ -6,8 +6,7 @@ PROGRAMS = \ verify1 verify2 verify3 verify4 \ encrypt1 encrypt2 encrypt3 \ decrypt1 decrypt2 decrypt3 \ - xmldsigverify \ - xkms-server + xmldsigverify CC = gcc CFLAGS += -g $(shell xmlsec1-config --cflags) -DUNIX_SOCKETS @@ -26,8 +25,8 @@ check: $(PROGRAMS) ./verify1 sign2-res.xml rsapub.pem ./verify2 sign1-res.xml rsapub.pem ./verify2 sign2-res.xml rsapub.pem - ./verify3 sign3-res.xml rootcert.pem - ./verify4 verify4-res.xml rootcert.pem + ./verify3 sign3-res.xml ca2cert.pem cacert.pem + ./verify4 verify4-res.xml ca2cert.pem cacert.pem ./encrypt1 encrypt1-tmpl.xml deskey.bin ./encrypt2 encrypt2-doc.xml deskey.bin ./encrypt3 encrypt3-doc.xml rsakey.pem diff --git a/examples/Makefile.w32 b/examples/Makefile.w32 index ee81ab39..b7c5723f 100644 --- a/examples/Makefile.w32 +++ b/examples/Makefile.w32 @@ -1,12 +1,11 @@ # Makefile for xmlsec, specific for Windows, MSVC and NMAKE. # # Take a look at the beginning and modify the variables to suit your -# environment. Having done that, you can do a - -XMLSEC_STATIC = yes -XMLSEC_CRYPTO = openssl -XMLSEC_CFLAGS = -XMLSEC_LIBS = +# environment. +XMLSEC_STATIC = yes +XMLSEC_DEFAULT_CRYPTO = openssl +XMLSEC_CFLAGS = +XMLSEC_LIBS = # There should never be a need to modify anything below this line. XMLSEC_OBJS_DIR = build @@ -24,23 +23,22 @@ XMLSEC_EXAMPLES = \ $(XMLSEC_OBJS_DIR)\decrypt1.exe \ $(XMLSEC_OBJS_DIR)\decrypt2.exe \ $(XMLSEC_OBJS_DIR)\decrypt3.exe \ - $(XMLSEC_OBJS_DIR)\xkms-server.exe \ # -!IF "$(XMLSEC_CRYPTO)" == "openssl" -XMLSEC_CFLAGS = $(XMLSEC_CFLAGS) /D "XMLSEC_CRYPTO_OPENSSL" /D "XMLSEC_CRYPTO=\"openssl\"" +!IF "$(XMLSEC_DEFAULT_CRYPTO)" == "openssl" +XMLSEC_CFLAGS = $(XMLSEC_CFLAGS) /D "XMLSEC_CRYPTO_OPENSSL" /D "XMLSEC_DEFAULT_CRYPTO=\"openssl\"" XMLSEC_SOLIBS = libxmlsec-openssl.lib libeay32.lib wsock32.lib user32.lib gdi32.lib XMLSEC_ALIBS = libxmlsec-openssl_a.lib libeay32.lib wsock32.lib user32.lib gdi32.lib !ENDIF -!IF "$(XMLSEC_CRYPTO)" == "nss" -XMLSEC_CFLAGS = $(XMLSEC_CFLAGS) /D "XMLSEC_CRYPTO_NSS" /D "XMLSEC_CRYPTO=\"nss\"" +!IF "$(XMLSEC_DEFAULT_CRYPTO)" == "nss" +XMLSEC_CFLAGS = $(XMLSEC_CFLAGS) /D "XMLSEC_CRYPTO_NSS" /D "XMLSEC_DEFAULT_CRYPTO=\"nss\"" XMLSEC_SOLIBS = libxmlsec-nss.lib nss3.lib nspr4.lib plds4.lib plc4.lib XMLSEC_ALIBS = libxmlsec-nss_a.lib nss3.lib nspr4.lib plds4.lib plc4.lib !ENDIF -!IF "$(XMLSEC_CRYPTO)" == "mscrypto" -XMLSEC_CFLAGS = $(XMLSEC_CFLAGS) /D "XMLSEC_CRYPTO_MSCRYPTO" /D "XMLSEC_CRYPTO=\"mscrypto\"" +!IF "$(XMLSEC_DEFAULT_CRYPTO)" == "mscrypto" +XMLSEC_CFLAGS = $(XMLSEC_CFLAGS) /D "XMLSEC_CRYPTO_MSCRYPTO" /D "XMLSEC_DEFAULT_CRYPTO=\"mscrypto\"" XMLSEC_SOLIBS = libxmlsec-mscrypto.lib user32.lib gdi32.lib crypt32.lib advapi32.lib XMLSEC_ALIBS = libxmlsec-mscrypto_a.lib user32.lib gdi32.lib crypt32.lib advapi32.lib !ENDIF diff --git a/examples/README b/examples/README index bd680289..efbe0b2a 100644 --- a/examples/README +++ b/examples/README @@ -3,42 +3,43 @@ This folder contains XML Security Library examples. 1. Files List ------------------------- - README This file. - Makefile *nix makefile. - Makefile.w32 Win32 makefile. - rsakey.pem Private PEM key file - rsapub.pem Public PEM key file - rsacert.pem Certificate for rsakey.pem signed with rootcert.pem - rootcert.pem Root (trusted) certificate - deskey.bin A DES keys - sign1.c Signing with a template file - sign1-tmpl.xml An example template file for sign1 example - sign1-res.xml The result of processing sign1_tmpl.xml by sign1.c - sign2.c Signing a file with a dynamicaly created template - sign2-doc.xml An example XML file for signing by sign2.c - sign2-res.xml The result of signing sign2-doc.xml by sign2.c - sign3.c Signing a file with a dynamicaly created template and an X509 certificate - sign3-doc.xml An example XML file for signing by sign3.c - sign3-res.xml The result of signing sign3-doc.xml by sign3.c - verify1.c Verifying a signed document with a single key - verify2.c Verifying a signed document using keys manager - verify3.c Verifying a signed document using X509 certificate - verify4.c Verifying a simple SAML response using X509 certificate - verify4-tmpl.xml An example template file with a simple SAML response for verify4 example - verify4-res.xml Signed simple SAML response for verification by verify4.c - encrypt1.c Encrypting binary data with a template file - encrypt1-res.xml An example template file for encrypt1.c - encrypt1-tmpl.xml The result of processing encrypt1_tmpl.xml by encrypt1.c - encrypt2.c Encrypting XML file using a dynamicaly created template - encrypt2-doc.xml An example XML file for encryption by encrypt2.c - encrypt2-res.xml The result of encryptin encrypt2-doc.xml by encrypt2.c - encrypt2.c Encrypting XML file using a session DES key - encrypt2-doc.xml An example XML file for encryption by encrypt3.c - encrypt2-res.xml The result of encryptin encrypt3-doc.xml by encrypt3.c - decrypt1.c Decrypting binary data using a single key - decrypt2.c Decrypting binary data using keys manager - decrypt3.c Decrypting binary file using custom keys manager - xmldsigverify.c CGI script for signatures verifications + README This file. + Makefile *nix makefile. + Makefile.w32 Win32 makefile. + cacert.pem Root (trusted) certificate + ca2cert.pem CA (trusted) certificate (signed with cacert.pem) + rsakey.pem Private PEM key file + rsapub.pem Public PEM key file + rsacert.pem Certificate for rsakey.pem signed with ca2cert.pem + deskey.bin A DES keys + sign1.c Signing with a template file + sign1-tmpl.xml An example template file for sign1 example + sign1-res.xml The result of processing sign1_tmpl.xml by sign1.c + sign2.c Signing a file with a dynamicaly created template + sign2-doc.xml An example XML file for signing by sign2.c + sign2-res.xml The result of signing sign2-doc.xml by sign2.c + sign3.c Signing a file with a dynamicaly created template and an X509 certificate + sign3-doc.xml An example XML file for signing by sign3.c + sign3-res.xml The result of signing sign3-doc.xml by sign3.c + verify1.c Verifying a signed document with a single key + verify2.c Verifying a signed document using keys manager + verify3.c Verifying a signed document using X509 certificate + verify4.c Verifying a simple SAML response using X509 certificate + verify4-tmpl.xml An example template file with a simple SAML response for verify4 example + verify4-res.xml Signed simple SAML response for verification by verify4.c + encrypt1.c Encrypting binary data with a template file + encrypt1-res.xml An example template file for encrypt1.c + encrypt1-tmpl.xml The result of processing encrypt1_tmpl.xml by encrypt1.c + encrypt2.c Encrypting XML file using a dynamicaly created template + encrypt2-doc.xml An example XML file for encryption by encrypt2.c + encrypt2-res.xml The result of encryptin encrypt2-doc.xml by encrypt2.c + encrypt2.c Encrypting XML file using a session DES key + encrypt2-doc.xml An example XML file for encryption by encrypt3.c + encrypt2-res.xml The result of encryptin encrypt3-doc.xml by encrypt3.c + decrypt1.c Decrypting binary data using a single key + decrypt2.c Decrypting binary data using keys manager + decrypt3.c Decrypting binary file using custom keys manager + xmldsigverify.c CGI script for signatures verifications 2. Building Examples ------------------------- @@ -70,57 +71,44 @@ Other platforms: The following are just examples and you can use the programs from this folder with any other input files: - ./sign1 sign1-tmpl.xml rsakey.pem - ./sign2 sign2-doc.xml rsakey.pem - ./sign3 sign3-doc.xml rsakey.pem rsacert.pem - - ./verify1 sign1-res.xml rsapub.pem - ./verify1 sign2-res.xml rsapub.pem - ./verify2 sign1-res.xml rsapub.pem - ./verify2 sign2-res.xml rsapub.pem - ./verify3 sign3-res.xml rootcert.pem - ./verify4 verify4-res.xml rootcert.pem - - ./encrypt1 encrypt1-tmpl.xml deskey.bin - ./encrypt2 encrypt2-doc.xml deskey.bin - ./encrypt3 encrypt3-doc.xml rsakey.pem - - ./decrypt1 encrypt1-res.xml deskey.bin - ./decrypt1 encrypt2-res.xml deskey.bin - ./decrypt2 encrypt1-res.xml deskey.bin - ./decrypt2 encrypt2-res.xml deskey.bin - ./decrypt3 encrypt1-res.xml - ./decrypt3 encrypt2-res.xml - ./decrypt3 encrypt3-res.xml + ./sign1 sign1-tmpl.xml rsakey.pem + ./sign2 sign2-doc.xml rsakey.pem + ./sign3 sign3-doc.xml rsakey.pem rsacert.pem + + ./verify1 sign1-res.xml rsapub.pem + ./verify1 sign2-res.xml rsapub.pem + ./verify2 sign1-res.xml rsapub.pem + ./verify2 sign2-res.xml rsapub.pem + ./verify3 sign3-res.xml ca2cert.pem cacert.pem + ./verify4 verify4-res.xml ca2cert.pem cacert.pem + + ./encrypt1 encrypt1-tmpl.xml deskey.bin + ./encrypt2 encrypt2-doc.xml deskey.bin + ./encrypt3 encrypt3-doc.xml rsakey.pem + + ./decrypt1 encrypt1-res.xml deskey.bin + ./decrypt1 encrypt2-res.xml deskey.bin + ./decrypt2 encrypt1-res.xml deskey.bin + ./decrypt2 encrypt2-res.xml deskey.bin + ./decrypt3 encrypt1-res.xml + ./decrypt3 encrypt2-res.xml + ./decrypt3 encrypt3-res.xml 4. Using xmlsec command line tool. ------------------------- -For Windows, use "xmlsec" instead of "xmlsec1". - xmlsec1 sign --privkey rsakey.pem --output sign1.xml sign1-tmpl.xml - xmlsec1 verify --pubkey rsapub.pem sign1.xml - xmlsec1 verify --pubkey rsapub.pem sign1-res.xml - xmlsec1 verify --pubkey rsapub.pem sign2-res.xml - xmlsec1 verify --trusted rootcert.pem sign3-res.xml - xmlsec1 verify --trusted rootcert.pem verify4-res.xml - - xmlsec1 encrypt --deskey deskey.bin --binary-data binary.dat --output encrypt1.xml encrypt1-tmpl.xml - xmlsec1 decrypt --deskey deskey.bin encrypt1.xml - xmlsec1 decrypt --deskey deskey.bin encrypt1-res.xml - xmlsec1 decrypt --deskey deskey.bin encrypt2-res.xml - xmlsec1 decrypt --privkey rsakey.pem encrypt3-res.xml - - - - - - - - - - - - - - - +For Windows, use "xmlsec" instead of "xmlsec1": + + xmlsec1 sign --privkey rsakey.pem --output sign1.xml sign1-tmpl.xml + xmlsec1 verify --pubkey rsapub.pem sign1.xml + xmlsec1 verify --pubkey rsapub.pem sign1-res.xml + xmlsec1 verify --pubkey rsapub.pem sign2-res.xml + xmlsec1 verify --trusted ca2cert.pem --trusted cacert.pem sign3-res.xml + xmlsec1 verify --trusted ca2cert.pem --trusted cacert.pem verify4-res.xml + + xmlsec1 encrypt --deskey deskey.bin --binary-data binary.dat --output encrypt1.xml encrypt1-tmpl.xml + xmlsec1 decrypt --deskey deskey.bin encrypt1.xml + xmlsec1 decrypt --deskey deskey.bin encrypt1-res.xml + xmlsec1 decrypt --deskey deskey.bin encrypt2-res.xml + xmlsec1 decrypt --privkey rsakey.pem encrypt3-res.xml + diff --git a/examples/ca2cert.pem b/examples/ca2cert.pem new file mode 100644 index 00000000..f978e960 --- /dev/null +++ b/examples/ca2cert.pem @@ -0,0 +1,64 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12655831530416757421 (0xafa28bb933addaad) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Root CA, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + Validity + Not Before: May 23 17:52:38 2014 GMT + Not After : Apr 29 17:52:38 2114 GMT + Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (512 bit) + Modulus: + 00:b2:ba:f2:89:d8:2b:94:3c:3d:f7:82:13:ed:e1: + 0f:0c:8a:57:ac:1f:15:5b:6e:9c:8a:7e:66:9b:ad: + 85:69:0c:65:43:98:e2:8a:a7:7d:fb:a8:95:19:67: + de:4a:7f:09:57:6d:1d:a3:d3:3c:8a:58:99:af:47: + 15:31:f8:fb:13 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + FE:E4:EC:53:24:F0:95:95:C7:10:B5:E1:44:B5:5D:39:65:5A:E3:7E + X509v3 Authority Key Identifier: + keyid:06:B5:A4:AC:A7:AA:75:44:EA:15:9C:4F:DF:05:83:4F:6A:1E:FE:0B + DirName:/C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Root CA/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + serial:AF:A2:8B:B9:33:AD:DA:AC + + Signature Algorithm: sha1WithRSAEncryption + 6e:4c:05:ba:dc:08:16:aa:a5:03:3c:68:bc:06:25:db:74:a1: + e1:14:fe:09:f2:a8:24:76:fe:56:31:ae:92:a5:25:95:80:d8: + 0e:61:79:0a:fc:14:a0:d5:a4:a6:42:d1:af:f3:ff:14:bc:14: + 4f:a0:99:ce:e3:2d:0d:8d:65:05:7f:5b:9b:3a:05:0d:99:e7: + 58:34:ba:bb:61:b4:e9:f3:24:c6:59:ea:20:0b:23:36:c5:d5: + 84:2c:c3:fc:04:c8:10:2f:4b:0f:f8:c0:c0:14:c2:8e:de:2b: + 58:98:45:a7:08:4b:0f:d7:91:ca:49:39:ac:e7:84:4d:8f:ba: + 09:f8 +-----BEGIN CERTIFICATE----- +MIIDzzCCAzigAwIBAgIJAK+ii7kzrdqtMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy +aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEQMA4G +A1UECxMHUm9vdCBDQTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3 +DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMCAXDTE0MDUyMzE3NTIzOFoYDzIxMTQw +NDI5MTc1MjM4WjCBnDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx +PTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtz +ZXkuY29tL3htbHNlYykxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkqhkiG +9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC +QQCyuvKJ2CuUPD33ghPt4Q8MilesHxVbbpyKfmabrYVpDGVDmOKKp337qJUZZ95K +fwlXbR2j0zyKWJmvRxUx+PsTAgMBAAGjggFFMIIBQTAMBgNVHRMEBTADAQH/MCwG +CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV +HQ4EFgQU/uTsUyTwlZXHELXhRLVdOWVa434wgeMGA1UdIwSB2zCB2IAUBrWkrKeq +dUTqFZxP3wWDT2oe/guhgbSkgbEwga4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD +YWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFyeSAoaHR0cDov +L3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMRAwDgYDVQQLEwdSb290IENBMRYwFAYD +VQQDEw1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3Nl +eS5jb22CCQCvoou5M63arDANBgkqhkiG9w0BAQUFAAOBgQBuTAW63AgWqqUDPGi8 +BiXbdKHhFP4J8qgkdv5WMa6SpSWVgNgOYXkK/BSg1aSmQtGv8/8UvBRPoJnO4y0N +jWUFf1ubOgUNmedYNLq7YbTp8yTGWeogCyM2xdWELMP8BMgQL0sP+MDAFMKO3itY +mEWnCEsP15HKSTms54RNj7oJ+A== +-----END CERTIFICATE----- diff --git a/examples/cacert.pem b/examples/cacert.pem new file mode 100644 index 00000000..ebbbe698 --- /dev/null +++ b/examples/cacert.pem @@ -0,0 +1,67 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 12655831530416757420 (0xafa28bb933addaac) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Root CA, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + Validity + Not Before: May 23 17:50:59 2014 GMT + Not After : Apr 29 17:50:59 2114 GMT + Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Root CA, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:b5:8e:0c:08:d8:ff:aa:b3:b3:56:e7:b1:d4:10: + ff:3e:e0:98:4c:30:ce:2c:b5:63:b6:92:97:42:d7: + 90:3e:ac:b4:92:03:30:b9:08:11:c1:d3:67:20:22: + 07:41:b9:c5:28:be:34:5e:8c:80:08:95:56:28:ce: + db:d0:b9:2f:58:93:5e:c9:5c:d7:3e:a1:04:f5:93: + e6:37:15:86:52:35:5c:af:ba:68:c1:3e:ef:f1:5e: + d2:d9:07:e5:52:7a:fc:66:f4:78:5d:6c:24:64:9f: + 44:60:a3:61:7a:78:a3:80:9e:72:60:3a:d7:09:67: + 6f:0b:e7:e7:8c:18:ef:d8:b7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 06:B5:A4:AC:A7:AA:75:44:EA:15:9C:4F:DF:05:83:4F:6A:1E:FE:0B + X509v3 Authority Key Identifier: + keyid:06:B5:A4:AC:A7:AA:75:44:EA:15:9C:4F:DF:05:83:4F:6A:1E:FE:0B + DirName:/C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Root CA/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + serial:AF:A2:8B:B9:33:AD:DA:AC + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: sha1WithRSAEncryption + 46:96:fc:e9:13:ff:72:4e:79:5f:e3:6e:9d:77:88:5f:cd:62: + ef:ad:db:8f:b6:75:54:9c:05:6c:0f:d0:7e:ea:73:c6:7a:89: + d8:83:ff:97:10:bc:63:12:77:06:9d:88:24:c2:3b:ac:2f:6b: + d2:9a:1a:e3:56:71:23:9a:c6:1e:2a:7d:ec:3a:60:b3:13:c5: + f6:59:11:52:62:81:05:08:e4:20:23:aa:d7:0f:f8:77:60:d1: + 22:70:68:a9:7b:6d:0f:ed:16:b2:a0:df:34:35:4a:fb:b9:12: + 13:4e:f2:b6:7d:d1:cc:70:a3:8f:48:2f:d0:f7:71:9a:e0:ac: + 47:f1 +-----BEGIN CERTIFICATE----- +MIID9zCCA2CgAwIBAgIJAK+ii7kzrdqsMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy +aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEQMA4G +A1UECxMHUm9vdCBDQTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3 +DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMCAXDTE0MDUyMzE3NTA1OVoYDzIxMTQw +NDI5MTc1MDU5WjCBrjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx +PTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtz +ZXkuY29tL3htbHNlYykxEDAOBgNVBAsTB1Jvb3QgQ0ExFjAUBgNVBAMTDUFsZWtz +ZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTCBnzAN +BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtY4MCNj/qrOzVuex1BD/PuCYTDDOLLVj +tpKXQteQPqy0kgMwuQgRwdNnICIHQbnFKL40XoyACJVWKM7b0LkvWJNeyVzXPqEE +9ZPmNxWGUjVcr7powT7v8V7S2QflUnr8ZvR4XWwkZJ9EYKNhenijgJ5yYDrXCWdv +C+fnjBjv2LcCAwEAAaOCARcwggETMB0GA1UdDgQWBBQGtaSsp6p1ROoVnE/fBYNP +ah7+CzCB4wYDVR0jBIHbMIHYgBQGtaSsp6p1ROoVnE/fBYNPah7+C6GBtKSBsTCB +rjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhN +TCBTZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNl +YykxEDAOBgNVBAsTB1Jvb3QgQ0ExFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAf +BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbYIJAK+ii7kzrdqsMAwGA1Ud +EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEARpb86RP/ck55X+NunXeIX81i763b +j7Z1VJwFbA/QfupzxnqJ2IP/lxC8YxJ3Bp2IJMI7rC9r0poa41ZxI5rGHip97Dpg +sxPF9lkRUmKBBQjkICOq1w/4d2DRInBoqXttD+0WsqDfNDVK+7kSE07ytn3RzHCj +j0gv0PdxmuCsR/E= +-----END CERTIFICATE----- diff --git a/examples/decrypt1.c b/examples/decrypt1.c index 39ad1039..881eb947 100644 --- a/examples/decrypt1.c +++ b/examples/decrypt1.c @@ -13,7 +13,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include <stdlib.h> #include <string.h> @@ -89,7 +89,7 @@ main(int argc, char **argv) { * xmlsec-crypto library. */ #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING - if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { + if(xmlSecCryptoDLLoadLibrary(NULL) < 0) { fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" "that you have it installed and check shared libraries path\n" "(LD_LIBRARY_PATH) envornment variable.\n"); diff --git a/examples/decrypt2.c b/examples/decrypt2.c index 49513e12..c07e988b 100644 --- a/examples/decrypt2.c +++ b/examples/decrypt2.c @@ -14,7 +14,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include <stdlib.h> #include <string.h> @@ -92,7 +92,7 @@ main(int argc, char **argv) { * xmlsec-crypto library. */ #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING - if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { + if(xmlSecCryptoDLLoadLibrary(NULL) < 0) { fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" "that you have it installed and check shared libraries path\n" "(LD_LIBRARY_PATH) envornment variable.\n"); diff --git a/examples/decrypt3.c b/examples/decrypt3.c index 253920fb..a1371332 100644 --- a/examples/decrypt3.c +++ b/examples/decrypt3.c @@ -15,7 +15,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include <stdlib.h> #include <string.h> @@ -94,7 +94,7 @@ main(int argc, char **argv) { * xmlsec-crypto library. */ #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING - if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { + if(xmlSecCryptoDLLoadLibrary(NULL) < 0) { fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" "that you have it installed and check shared libraries path\n" "(LD_LIBRARY_PATH) envornment variable.\n"); diff --git a/examples/encrypt1.c b/examples/encrypt1.c index fb4d103f..ef132482 100644 --- a/examples/encrypt1.c +++ b/examples/encrypt1.c @@ -15,7 +15,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include <stdlib.h> #include <string.h> @@ -91,7 +91,7 @@ main(int argc, char **argv) { * xmlsec-crypto library. */ #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING - if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { + if(xmlSecCryptoDLLoadLibrary(NULL) < 0) { fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" "that you have it installed and check shared libraries path\n" "(LD_LIBRARY_PATH) envornment variable.\n"); diff --git a/examples/encrypt2.c b/examples/encrypt2.c index 4f1ad588..cda3447c 100644 --- a/examples/encrypt2.c +++ b/examples/encrypt2.c @@ -16,7 +16,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include <stdlib.h> #include <string.h> @@ -92,7 +92,7 @@ main(int argc, char **argv) { * xmlsec-crypto library. */ #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING - if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { + if(xmlSecCryptoDLLoadLibrary(NULL) < 0) { fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" "that you have it installed and check shared libraries path\n" "(LD_LIBRARY_PATH) envornment variable.\n"); diff --git a/examples/encrypt3-res.xml b/examples/encrypt3-res.xml index bcf7439c..2fca87e7 100644 --- a/examples/encrypt3-res.xml +++ b/examples/encrypt3-res.xml @@ -1,27 +1,23 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- -XML Security Library example: XML doc file encrypted with a session DES key (encrypt3 example). +XML Security Library example: Original XML doc file before encryption (encrypt3 example). --> <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#"> -<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> +<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <KeyName>rsakey.pem</KeyName> </KeyInfo> <CipherData> -<CipherValue>IPiEu9Nv+EsGyvVeXO9nl5iZhhi+uzQH1I3/DTs3+eamBvioyaawRIlvTql7LYL5 -Mi91Qs8ozfW/fWZ8zB8AE2PosaX37SqiuEta68+65/Ed4v1rkGN0Awux8+gJqJmp -c2kJhzAoQIAIGAW4nTGP9tl9QUHfwKh2KPA104vezk70ijvF7TrbTmhdfmULAuWK -Tbsg8sXAPhGmPh5KckM2Xe387iPh4ue2+2TGdWqwXygVdvIUIbcIMq6F+/mWlcmf -Gs5FVI7CTjaLmeyO4ho+FGmicmqH2hEkZW0a2ktDh4BU/MxYF6L7oayrVWDGp2IH -dzQAwUT2qJcFjElO8xUz3g==</CipherValue> +<CipherValue>QYYKljhcX20QyP20hYmq8CSES875oIdbrsjMOxnb0VnYDn01Jk00OIPpb9gdIdZg +MLOtSy26mWrQ+XqfPGuyaA==</CipherValue> </CipherData> </EncryptedKey> </KeyInfo> <CipherData> -<CipherValue>xrfPSA+BEI+8ca23RN34gtee5lOMx8Cn+ZGWyxitiktdZ1+XREH+57li63VutCwp -s6ifbZgXIBsFdxPpMBUFlyTWAAO+NLooIwGoczXi14z62lHr7Ck6FA==</CipherValue> +<CipherValue>+UiDv73SE8K8KwXuOmHLHK7N2hNWDakTAEu6NprbCdULC1w/LXT9FLtNRJetmwwO +XpBqTY56AAMeMgpxPWN3SPO0ETeQw7pR+bp0IjUvcGlFSXz6yE1qgQ==</CipherValue> </CipherData> </EncryptedData> diff --git a/examples/encrypt3.c b/examples/encrypt3.c index aa9465a2..cf2882da 100644 --- a/examples/encrypt3.c +++ b/examples/encrypt3.c @@ -16,7 +16,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include <stdlib.h> #include <string.h> @@ -94,7 +94,7 @@ main(int argc, char **argv) { * xmlsec-crypto library. */ #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING - if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { + if(xmlSecCryptoDLLoadLibrary(NULL) < 0) { fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" "that you have it installed and check shared libraries path\n" "(LD_LIBRARY_PATH) envornment variable.\n"); diff --git a/examples/mywin32make.bat b/examples/mywin32make.bat index a7d22803..b837a369 100644 --- a/examples/mywin32make.bat +++ b/examples/mywin32make.bat @@ -3,7 +3,7 @@ REM REM This is my personal configuration file. REM I am lazy to type all this crap again and again REM You are welcome to customize this file for your -REM needs but do not check it into the CVS, please. +REM needs but do not check it into the GitHub, please. REM REM Aleksey Sanin <aleksey@aleksey.com> REM diff --git a/examples/rootcert.pem b/examples/rootcert.pem deleted file mode 100644 index 38144d65..00000000 --- a/examples/rootcert.pem +++ /dev/null @@ -1,25 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEPDCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCVVMx -EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE -ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v -eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl -a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4X -DTAyMDIwMjA4MDAzOFoXDTEyMDEzMTA4MDAzOFowgcsxCzAJBgNVBAYTAlVTMRMw -EQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxPTA7BgNVBAoT -NFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3ht -bHNlYykxGTAXBgNVBAsTEFJvb3QgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtz -ZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTCBnzAN -BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvSvv4RNOzsjL+FQEoMwkidOOjJQciB2x -WxI1QPkwFVC5Z86BcQugOWVJ+4JVTtE2uDjFElNI9SMINhd+4GkxlK+TVHvSZfCT -Ia/EichBfRfZcPjVnXH3pzFCC9JkbGOIFAzuhBcz+KvN8gntuumolN2/fBYCbFZX -4otzgMd5Rm8CAwEAAaOCASwwggEoMB0GA1UdDgQWBBS0ue+a5pcOaGUemM76VQ2J -BttMfDCB+AYDVR0jBIHwMIHtgBS0ue+a5pcOaGUemM76VQ2JBttMfKGB0aSBzjCB -yzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1 -bm55dmFsZTE9MDsGA1UEChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93 -d3cuYWxla3NleS5jb20veG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0 -ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2Vj -QGFsZWtzZXkuY29tggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEA -J/+WEipxRms7bdg0ORf+ipHNwgdvWDxaLeQqqKMSacHDFVZyKdurm4onypNI2w9K -Gk6XKipJT67ew4QpVMgv5LAIoErMxIcVYu1tAfhjtNK5neF6X5v/r/cRQkdIYaaF -BlnBUmHY6x83aiSMC2ASG2MKL8UDqF/y2/SlPuxmG50= ------END CERTIFICATE----- diff --git a/examples/rsacert.pem b/examples/rsacert.pem index 02489a43..1955e05d 100644 --- a/examples/rsacert.pem +++ b/examples/rsacert.pem @@ -1,83 +1,59 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 5 (0x5) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=US, ST=California, L=Sunnyvale, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Root Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + Serial Number: 12655831530416757423 (0xafa28bb933addaaf) + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com Validity - Not Before: Mar 31 04:02:22 2003 GMT - Not After : Mar 28 04:02:22 2013 GMT - Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Examples RSA Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + Not Before: May 23 17:55:34 2014 GMT + Not After : Apr 29 17:55:34 2114 GMT + Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Third Level RSA Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:97:b8:fe:b4:3f:83:35:78:16:89:04:ec:2b:61: - 8c:bf:c4:5f:00:81:4a:45:e6:d9:cd:e9:e2:3c:97: - 3b:45:ad:aa:e6:8d:0b:77:71:07:01:4f:7c:f9:7d: - e2:19:aa:dd:91:59:f4:f1:cf:3d:ba:78:46:96:11: - 9c:b6:5b:46:39:73:55:23:aa:f7:9e:00:5c:e5:e9: - 49:ec:3b:9c:3f:84:99:3a:90:ad:df:7e:64:86:c6: - 26:72:ce:31:08:79:7e:13:15:b8:e5:bf:d6:56:02: - 8d:60:21:4c:27:18:64:fb:fb:55:70:f6:33:bd:2f: - 55:70:d5:5e:7e:99:ae:a4:e0:aa:45:47:13:a8:30: - d5:a0:8a:9d:cc:20:ec:e4:8e:51:c9:54:c5:7f:3e: - 66:2d:74:bf:a3:7a:f8:f3:ec:94:57:39:b4:ac:00: - 75:62:61:54:b4:d0:e0:52:86:f8:5e:77:ec:50:43: - 9c:d2:ba:a7:8c:62:5a:bc:b2:fe:f3:cc:62:7e:23: - 60:6b:c7:51:49:37:78:7e:25:15:30:ab:fa:b4:ae: - 25:8f:22:fc:a3:48:7f:f2:0a:8a:6e:e0:fe:8d:f0: - 01:ed:c6:33:cc:6b:a1:fd:a6:80:ef:06:8c:af:f6: - 40:3a:8e:42:14:20:61:12:1f:e3:fc:05:b1:05:d5: - 65:c3 + Public-Key: (512 bit) + Modulus: + 00:d3:d0:6d:0f:76:9e:56:de:83:54:39:24:d1:d2: + 3b:56:1e:cb:8e:a7:67:b1:89:96:d2:d6:c3:57:1c: + 4a:fa:7b:a6:7b:e6:7d:49:be:33:9d:b5:0a:91:69: + 7e:be:04:00:4d:d4:54:13:28:53:d8:ff:86:aa:b7: + 74:50:1c:d8:7d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: - CA:FALSE + CA:TRUE Netscape Comment: - OpenSSL Generated Certificate + OpenSSL Generated Certificate X509v3 Subject Key Identifier: - 24:84:2C:F2:D4:59:20:62:8B:2E:5C:86:90:A3:AA:30:BA:27:1A:9C + D7:F4:C6:46:77:CE:37:04:23:AD:29:54:FB:B0:0E:A4:CC:43:28:19 X509v3 Authority Key Identifier: - keyid:B4:B9:EF:9A:E6:97:0E:68:65:1E:98:CE:FA:55:0D:89:06:DB:4C:7C - DirName:/C=US/ST=California/L=Sunnyvale/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Root Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com - serial:00 + keyid:FE:E4:EC:53:24:F0:95:95:C7:10:B5:E1:44:B5:5D:39:65:5A:E3:7E + DirName:/C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Root CA/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com + serial:AF:A2:8B:B9:33:AD:DA:AD - Signature Algorithm: md5WithRSAEncryption - b5:3f:9b:32:31:4a:ff:2f:84:3b:a8:9b:11:5c:a6:5c:f0:76: - 52:d9:6e:f4:90:ad:fa:0d:90:c1:98:d5:4a:12:dd:82:6b:37: - e8:d9:2d:62:92:c9:61:37:98:86:8f:a4:49:6a:5e:25:d0:18: - 69:30:0f:98:8f:43:58:89:31:b2:3b:05:e2:ef:c7:a6:71:5f: - f7:fe:73:c5:a7:b2:cd:2e:73:53:71:7d:a8:4c:68:1a:32:1b: - 5e:48:2f:8f:9b:7a:a3:b5:f3:67:e8:b1:a2:89:4e:b2:4d:1b: - 79:9c:ff:f0:0d:19:4f:4e:b1:03:3d:99:f0:44:b7:8a:0b:34: - 9d:83 + Signature Algorithm: sha1WithRSAEncryption + 0e:5c:18:f4:c8:80:a9:d5:19:87:5e:a9:d4:96:ca:69:af:22: + c2:5b:7a:4a:04:3d:5d:91:be:07:59:aa:ce:ed:18:c0:d7:22: + 49:7c:18:d7:b2:ca:c4:46:7d:39:92:90:5c:ad:17:f3:a2:ee: + 2b:dc:30:a0:40:53:e1:8f:18:1a -----BEGIN CERTIFICATE----- -MIIE3zCCBEigAwIBAgIBBTANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCVVMx -EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE -ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v -eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl -a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4X -DTAzMDMzMTA0MDIyMloXDTEzMDMyODA0MDIyMlowgb8xCzAJBgNVBAYTAlVTMRMw -EQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFy -eSAoaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMSEwHwYDVQQLExhFeGFt -cGxlcyBSU0EgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAf -BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAJe4/rQ/gzV4FokE7CthjL/EXwCBSkXm2c3p4jyXO0Wt -quaNC3dxBwFPfPl94hmq3ZFZ9PHPPbp4RpYRnLZbRjlzVSOq954AXOXpSew7nD+E -mTqQrd9+ZIbGJnLOMQh5fhMVuOW/1lYCjWAhTCcYZPv7VXD2M70vVXDVXn6ZrqTg -qkVHE6gw1aCKncwg7OSOUclUxX8+Zi10v6N6+PPslFc5tKwAdWJhVLTQ4FKG+F53 -7FBDnNK6p4xiWryy/vPMYn4jYGvHUUk3eH4lFTCr+rSuJY8i/KNIf/IKim7g/o3w -Ae3GM8xrof2mgO8GjK/2QDqOQhQgYRIf4/wFsQXVZcMCAwEAAaOCAVcwggFTMAkG -A1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRp -ZmljYXRlMB0GA1UdDgQWBBQkhCzy1FkgYosuXIaQo6owuicanDCB+AYDVR0jBIHw -MIHtgBS0ue+a5pcOaGUemM76VQ2JBttMfKGB0aSBzjCByzELMAkGA1UEBhMCVVMx -EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE -ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v -eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl -a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggEA -MA0GCSqGSIb3DQEBBAUAA4GBALU/mzIxSv8vhDuomxFcplzwdlLZbvSQrfoNkMGY -1UoS3YJrN+jZLWKSyWE3mIaPpElqXiXQGGkwD5iPQ1iJMbI7BeLvx6ZxX/f+c8Wn -ss0uc1NxfahMaBoyG15IL4+beqO182fosaKJTrJNG3mc//ANGU9OsQM9mfBEt4oL -NJ2D +MIIDpzCCA1GgAwIBAgIJAK+ii7kzrdqvMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy +aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEWMBQG +A1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtz +ZXkuY29tMCAXDTE0MDUyMzE3NTUzNFoYDzIxMTQwNDI5MTc1NTM0WjCBxzELMAkG +A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1 +cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKTAn +BgNVBAsTIFRlc3QgVGhpcmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD +Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j +b20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA09BtD3aeVt6DVDkk0dI7Vh7Ljqdn +sYmW0tbDVxxK+nume+Z9Sb4znbUKkWl+vgQATdRUEyhT2P+Gqrd0UBzYfQIDAQAB +o4IBRTCCAUEwDAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBH +ZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNf0xkZ3zjcEI60pVPuwDqTM +QygZMIHjBgNVHSMEgdswgdiAFP7k7FMk8JWVxxC14US1XTllWuN+oYG0pIGxMIGu +MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1M +IFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2Vj +KTEQMA4GA1UECxMHUm9vdCBDQTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8G +CSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggkAr6KLuTOt2q0wDQYJKoZI +hvcNAQEFBQADQQAOXBj0yICp1RmHXqnUlsppryLCW3pKBD1dkb4HWarO7RjA1yJJ +fBjXssrERn05kpBcrRfzou4r3DCgQFPhjxga -----END CERTIFICATE----- diff --git a/examples/rsakey.pem b/examples/rsakey.pem index 55d2fd9b..8ea653ff 100644 --- a/examples/rsakey.pem +++ b/examples/rsakey.pem @@ -1,27 +1,9 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAl7j+tD+DNXgWiQTsK2GMv8RfAIFKRebZzeniPJc7Ra2q5o0L -d3EHAU98+X3iGardkVn08c89unhGlhGctltGOXNVI6r3ngBc5elJ7DucP4SZOpCt -335khsYmcs4xCHl+ExW45b/WVgKNYCFMJxhk+/tVcPYzvS9VcNVefpmupOCqRUcT -qDDVoIqdzCDs5I5RyVTFfz5mLXS/o3r48+yUVzm0rAB1YmFUtNDgUob4XnfsUEOc -0rqnjGJavLL+88xifiNga8dRSTd4fiUVMKv6tK4ljyL8o0h/8gqKbuD+jfAB7cYz -zGuh/aaA7waMr/ZAOo5CFCBhEh/j/AWxBdVlwwIDAQABAoIBAQCAvt6DnZF9gdW9 -l4vAlBqXb88d4phgELCp5tmviLUnP2NSGEWuqR7Eoeru2z9NgIxblvYfazh6Ty22 -kmNk6rcAcTnB9oYAcVZjUj8EUuEXlTFhXPvuNpafNu3RZd59znqJP1mSu+LpQWku -NZMlabHnkTLDlGf7FXtvL9/rlgV4qk3QcDVF793JFszWrtK3mnld3KHQ6cuo9iSm -0rQKtkDjeHsRell8qTQvfBsgG1q2bv8QWT45/eQrra9mMbGTr3DbnXvoeJmTj1VN -XJV7tBNllxxPahlYMByJaf/Tuva5j6HWUEIfYky5ihr2z1P/fNQ2OSCM6SQHpkiG -EXQDueXBAoGBAMfW7KcmToEQEcTiqfey6C1LOLoemcX0/ROUktPq/5JQJRRrT4t7 -XevLX0ed8sLyR5T29XQtdnuV0DJfvcJD+6ZwfOcQ+f6ZzCaNXJP97JtEt5kSWY01 -Ei+nphZ0RFvPb04V3qDU9dElU26GR36CRBYJyM2WQPx4v+/YyDSZH9kLAoGBAMJc -ZBU8pRbIia/FFOHUlS3v5P18nVmXyOd0fvRq0ZelaQCebTZ4K9wjnCfw//yzkb2Z -0vZFNB+xVBKB0Pt6nVvnSNzxdQ8EAXVFwHtXa25FUyP2RERQgTvmajqmgWjZsDYp -6GHcK3ZhmdmscQHF/Q2Uo4scvBcheahm9IXiNskpAoGAXelEgTBhSAmTMCEMmti6 -fz6QQ/bJcNu2apMxhOE0hT+gjT34vaWV9481EWTKho5w0TJVGumaem1mz6VqeXaV -Nhw6tiOmN91ysNNRpEJ6BGWAmjCjYNaF21s/k+HDlhmfRuTEIHSzqDuQP6pewrbY -5Dpo4SQxGfRsznvjacRj0Q0CgYBN247oBvQnDUxCkhNMZ8kersOvW5T4x9neBge5 -R3UQZ12Jtu0O7dK8C7PJODyDcTeHmTAuIQjBTVrdUw1xP+v7XcoNX9hBnJws6zUw -85MAiFrGxCcSqqEqaqHRPtQGOXXiLKV/ViA++tgTn4VhbXtyTkG5P1iFd45xjFSV -sUm7CQKBgDn92tHxzePly1L1mK584TkVryx4cP9RFHpebnmNduGwwjnRuYipoj8y -pPPAkVbbaA3f9OB2go48rN0Ft9nHdlqgh9BpIKCVtkIb1XN0K3Oa/8BW8W/GAiNG -HJcsrOtIrGVRdlyJG6bDaN8T49DnhOcsqMbf+IkIvfh50VeE9L/e +MIIBPAIBAAJBANPQbQ92nlbeg1Q5JNHSO1Yey46nZ7GJltLWw1ccSvp7pnvmfUm+ +M521CpFpfr4EAE3UVBMoU9j/hqq3dFAc2H0CAwEAAQJBALFVCjmsAZyQ5jqZLO5N +qEfNuHZSSUol+xPBogFIOq3BWa269eNNcAK5or5g0XWWon7EPdyGT4qyDVH9KzXK +RLECIQDzm/Nj0epUGN51/rKJgRXWkXW/nfSCMO9fvQR6Ujoq3wIhAN6WeHK9vgWg +wBWqMdq5sR211+LlDH7rOUQ6rBpbsoQjAiEA7jzpfglgPPZFOOfo+oh/LuP6X3a+ +FER/FQXpRyb7M8kCIETUrwZ8WkiPPxbz/Fqw1W5kjw/g2I5e2uSYaCP2eyuVAiEA +mOI6RhRyMqgxQyy0plJVjG1s4fdu92AWYy9AwYeyd/8= -----END RSA PRIVATE KEY----- diff --git a/examples/rsapub.pem b/examples/rsapub.pem index 838a346d..88b4ad60 100644 --- a/examples/rsapub.pem +++ b/examples/rsapub.pem @@ -1,9 +1,4 @@ -----BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl7j+tD+DNXgWiQTsK2GM -v8RfAIFKRebZzeniPJc7Ra2q5o0Ld3EHAU98+X3iGardkVn08c89unhGlhGctltG -OXNVI6r3ngBc5elJ7DucP4SZOpCt335khsYmcs4xCHl+ExW45b/WVgKNYCFMJxhk -+/tVcPYzvS9VcNVefpmupOCqRUcTqDDVoIqdzCDs5I5RyVTFfz5mLXS/o3r48+yU -Vzm0rAB1YmFUtNDgUob4XnfsUEOc0rqnjGJavLL+88xifiNga8dRSTd4fiUVMKv6 -tK4ljyL8o0h/8gqKbuD+jfAB7cYzzGuh/aaA7waMr/ZAOo5CFCBhEh/j/AWxBdVl -wwIDAQAB +MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANPQbQ92nlbeg1Q5JNHSO1Yey46nZ7GJ +ltLWw1ccSvp7pnvmfUm+M521CpFpfr4EAE3UVBMoU9j/hqq3dFAc2H0CAwEAAQ== -----END PUBLIC KEY----- diff --git a/examples/sign1-res.xml b/examples/sign1-res.xml index 04d8fed0..2ea2b6b7 100644 --- a/examples/sign1-res.xml +++ b/examples/sign1-res.xml @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- -XML Security Library example: Signed file (sign1 example). +XML Security Library example: Simple signature template file for sign1 example. --> <Envelope xmlns="urn:envelope"> <Data> @@ -18,12 +18,8 @@ XML Security Library example: Signed file (sign1 example). <DigestValue>9H/rQr2Axe9hYTV2n/tCp+3UIQQ=</DigestValue> </Reference> </SignedInfo> - <SignatureValue>Mx4psIy9/UY+u8QBJRDrwQWKRaCGz0WOVftyDzAe6WHAFSjMNr7qb2ojq9kdipT8 -Oub5q2OQ7mzdSLiiejkrO1VeqM/90yEIGI4En6KEB6ArEzw+iq4N1wm6EptcyxXx -M9StAOOa9ilWYqR9Tfx3SW1urUIuKYgUitxsONiUHBVaW6HeX51bsXoTF++4ZI+D -jiPBjN4HHmr0cbJ6BXk91S27ffZIfp1Qj5nL9onFLUGbR6EFgu2luiRzQbPuM2tP -XxyI7GZ8AfHnRJK28ARvBC9oi+O1ej20S79CIV7gdBxbLbFprozBHAwOEC57YgJc -x+YEjSjcO7SBIR1FiUA7pw==</SignatureValue> + <SignatureValue>fDKK0so/zFcmmq2X+BaVFmS0t8KB7tyW53YN6n221OArzGCs4OyWsAjj/BUR+wNF +elOnt4fo2gPK1a3IVEhMGg==</SignatureValue> <KeyInfo> <KeyName>rsakey.pem</KeyName> </KeyInfo> diff --git a/examples/sign1.c b/examples/sign1.c index e545843f..050211cc 100644 --- a/examples/sign1.c +++ b/examples/sign1.c @@ -15,7 +15,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include <stdlib.h> #include <string.h> @@ -90,7 +90,7 @@ main(int argc, char **argv) { * xmlsec-crypto library. */ #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING - if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { + if(xmlSecCryptoDLLoadLibrary(NULL) < 0) { fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" "that you have it installed and check shared libraries path\n" "(LD_LIBRARY_PATH) envornment variable.\n"); diff --git a/examples/sign2-res.xml b/examples/sign2-res.xml index b37cad94..20eca909 100644 --- a/examples/sign2-res.xml +++ b/examples/sign2-res.xml @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- -XML Security Library example: Signed XML doc file (sign2 example). +XML Security Library example: Original XML doc file for sign2 example. --> <Envelope xmlns="urn:envelope"> <Data> @@ -18,12 +18,8 @@ XML Security Library example: Signed XML doc file (sign2 example). <DigestValue>HjY8ilZAIEM2tBbPn5mYO1ieIX4=</DigestValue> </Reference> </SignedInfo> -<SignatureValue>SIaj/6KY3C1SmDXU2++Gm31U1xTadFp04WhBgfsJFbxrL+q7GKSKN9kfQ+UpN9+i -D5fWmuavXEHe4Gw6RMaMEkq2URQo7F68+d5J/ajq8/l4n+xE6/reGScVwT6L4dEP -XXVJcAi2ZnQ3O7GTNvNGCPibL9mUcyCWBFZ92Uemtc/vJFCQ7ZyKMdMfACgxOwyN -T/9971oog241/2doudhonc0I/3mgPYWkZdX6yvr62mEjnG+oUZkhWYJ4ewZJ4hM4 -JjbFqZO+OEzDRSbw3DkmuBA/mtlx+3t13SESfEub5hqoMdVmtth/eTb64dsPdl9r -3k1ACVX9f8aHfQQdJOmLFQ==</SignatureValue> +<SignatureValue>GnYgZdzPeXd/gPTJmQ506qmxWkd3VK1Y23kh5Qpq8y4LMNY+LJJeCWK5wpo/vufR +nIH/KUqvIvtk9nb2IjF5Uw==</SignatureValue> <KeyInfo> <KeyName>rsakey.pem</KeyName> </KeyInfo> diff --git a/examples/sign2.c b/examples/sign2.c index 146bbbaa..2e05dfae 100644 --- a/examples/sign2.c +++ b/examples/sign2.c @@ -17,7 +17,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include <stdlib.h> #include <string.h> @@ -93,7 +93,7 @@ main(int argc, char **argv) { * xmlsec-crypto library. */ #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING - if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { + if(xmlSecCryptoDLLoadLibrary(NULL) < 0) { fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" "that you have it installed and check shared libraries path\n" "(LD_LIBRARY_PATH) envornment variable.\n"); diff --git a/examples/sign3-res.xml b/examples/sign3-res.xml index 847e1af2..4b9ccd03 100644 --- a/examples/sign3-res.xml +++ b/examples/sign3-res.xml @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- -XML Security Library example: Signed XML doc file (sign3 example). +XML Security Library example: Original XML doc file for sign3 example. --> <Envelope xmlns="urn:envelope"> <Data> @@ -18,41 +18,30 @@ XML Security Library example: Signed XML doc file (sign3 example). <DigestValue>HjY8ilZAIEM2tBbPn5mYO1ieIX4=</DigestValue> </Reference> </SignedInfo> -<SignatureValue>SIaj/6KY3C1SmDXU2++Gm31U1xTadFp04WhBgfsJFbxrL+q7GKSKN9kfQ+UpN9+i -D5fWmuavXEHe4Gw6RMaMEkq2URQo7F68+d5J/ajq8/l4n+xE6/reGScVwT6L4dEP -XXVJcAi2ZnQ3O7GTNvNGCPibL9mUcyCWBFZ92Uemtc/vJFCQ7ZyKMdMfACgxOwyN -T/9971oog241/2doudhonc0I/3mgPYWkZdX6yvr62mEjnG+oUZkhWYJ4ewZJ4hM4 -JjbFqZO+OEzDRSbw3DkmuBA/mtlx+3t13SESfEub5hqoMdVmtth/eTb64dsPdl9r -3k1ACVX9f8aHfQQdJOmLFQ==</SignatureValue> +<SignatureValue>GnYgZdzPeXd/gPTJmQ506qmxWkd3VK1Y23kh5Qpq8y4LMNY+LJJeCWK5wpo/vufR +nIH/KUqvIvtk9nb2IjF5Uw==</SignatureValue> <KeyInfo> <X509Data> -<X509Certificate>MIIE3zCCBEigAwIBAgIBBTANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCVVMx -EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE -ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v -eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl -a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4X -DTAzMDMzMTA0MDIyMloXDTEzMDMyODA0MDIyMlowgb8xCzAJBgNVBAYTAlVTMRMw -EQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFy -eSAoaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMSEwHwYDVQQLExhFeGFt -cGxlcyBSU0EgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAf -BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAJe4/rQ/gzV4FokE7CthjL/EXwCBSkXm2c3p4jyXO0Wt -quaNC3dxBwFPfPl94hmq3ZFZ9PHPPbp4RpYRnLZbRjlzVSOq954AXOXpSew7nD+E -mTqQrd9+ZIbGJnLOMQh5fhMVuOW/1lYCjWAhTCcYZPv7VXD2M70vVXDVXn6ZrqTg -qkVHE6gw1aCKncwg7OSOUclUxX8+Zi10v6N6+PPslFc5tKwAdWJhVLTQ4FKG+F53 -7FBDnNK6p4xiWryy/vPMYn4jYGvHUUk3eH4lFTCr+rSuJY8i/KNIf/IKim7g/o3w -Ae3GM8xrof2mgO8GjK/2QDqOQhQgYRIf4/wFsQXVZcMCAwEAAaOCAVcwggFTMAkG -A1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRp -ZmljYXRlMB0GA1UdDgQWBBQkhCzy1FkgYosuXIaQo6owuicanDCB+AYDVR0jBIHw -MIHtgBS0ue+a5pcOaGUemM76VQ2JBttMfKGB0aSBzjCByzELMAkGA1UEBhMCVVMx -EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE -ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v -eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl -a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggEA -MA0GCSqGSIb3DQEBBAUAA4GBALU/mzIxSv8vhDuomxFcplzwdlLZbvSQrfoNkMGY -1UoS3YJrN+jZLWKSyWE3mIaPpElqXiXQGGkwD5iPQ1iJMbI7BeLvx6ZxX/f+c8Wn -ss0uc1NxfahMaBoyG15IL4+beqO182fosaKJTrJNG3mc//ANGU9OsQM9mfBEt4oL -NJ2D</X509Certificate> +<X509Certificate>MIIDpzCCA1GgAwIBAgIJAK+ii7kzrdqvMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy +aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEWMBQG +A1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtz +ZXkuY29tMCAXDTE0MDUyMzE3NTUzNFoYDzIxMTQwNDI5MTc1NTM0WjCBxzELMAkG +A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1 +cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKTAn +BgNVBAsTIFRlc3QgVGhpcmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD +Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j +b20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA09BtD3aeVt6DVDkk0dI7Vh7Ljqdn +sYmW0tbDVxxK+nume+Z9Sb4znbUKkWl+vgQATdRUEyhT2P+Gqrd0UBzYfQIDAQAB +o4IBRTCCAUEwDAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBH +ZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNf0xkZ3zjcEI60pVPuwDqTM +QygZMIHjBgNVHSMEgdswgdiAFP7k7FMk8JWVxxC14US1XTllWuN+oYG0pIGxMIGu +MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1M +IFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2Vj +KTEQMA4GA1UECxMHUm9vdCBDQTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8G +CSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggkAr6KLuTOt2q0wDQYJKoZI +hvcNAQEFBQADQQAOXBj0yICp1RmHXqnUlsppryLCW3pKBD1dkb4HWarO7RjA1yJJ +fBjXssrERn05kpBcrRfzou4r3DCgQFPhjxga</X509Certificate> </X509Data> </KeyInfo> </Signature></Envelope> diff --git a/examples/sign3.c b/examples/sign3.c index 9d16cf72..847daa09 100644 --- a/examples/sign3.c +++ b/examples/sign3.c @@ -16,12 +16,12 @@ * ./sign3 sign3-doc.xml rsakey.pem rsacert.pem > sign3-res.xml * * The result signature could be validated using verify3 example: - * ./verify3 sign3-res.xml rootcert.pem + * ./verify3 sign3-res.xml ca2cert.pem cacert.pem * * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include <stdlib.h> #include <string.h> @@ -97,7 +97,7 @@ main(int argc, char **argv) { * xmlsec-crypto library. */ #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING - if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { + if(xmlSecCryptoDLLoadLibrary(NULL) < 0) { fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" "that you have it installed and check shared libraries path\n" "(LD_LIBRARY_PATH) envornment variable.\n"); diff --git a/examples/verify1.c b/examples/verify1.c index 04917e5a..182da2d0 100644 --- a/examples/verify1.c +++ b/examples/verify1.c @@ -13,7 +13,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include <stdlib.h> #include <string.h> @@ -88,7 +88,7 @@ main(int argc, char **argv) { * xmlsec-crypto library. */ #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING - if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { + if(xmlSecCryptoDLLoadLibrary(NULL) < 0) { fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" "that you have it installed and check shared libraries path\n" "(LD_LIBRARY_PATH) envornment variable.\n"); diff --git a/examples/verify2.c b/examples/verify2.c index 36fde2d3..f7a84768 100644 --- a/examples/verify2.c +++ b/examples/verify2.c @@ -13,7 +13,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include <stdlib.h> #include <string.h> @@ -91,7 +91,7 @@ main(int argc, char **argv) { * xmlsec-crypto library. */ #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING - if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { + if(xmlSecCryptoDLLoadLibrary(NULL) < 0) { fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" "that you have it installed and check shared libraries path\n" "(LD_LIBRARY_PATH) envornment variable.\n"); diff --git a/examples/verify3.c b/examples/verify3.c index 5f0666bb..7f80bb56 100644 --- a/examples/verify3.c +++ b/examples/verify3.c @@ -10,12 +10,12 @@ * verify3 <signed-file> <trusted-cert-pem-file1> [<trusted-cert-pem-file2> [...]] * * Example: - * ./verify3 sign3-res.xml rootcert.pem + * ./verify3 sign3-res.xml ca2cert.pem cacert.pem * * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include <stdlib.h> #include <string.h> @@ -92,7 +92,7 @@ main(int argc, char **argv) { * xmlsec-crypto library. */ #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING - if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { + if(xmlSecCryptoDLLoadLibrary(NULL) < 0) { fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" "that you have it installed and check shared libraries path\n" "(LD_LIBRARY_PATH) envornment variable.\n"); diff --git a/examples/verify4-res.xml b/examples/verify4-res.xml index 7abe539f..04d7196b 100644 --- a/examples/verify4-res.xml +++ b/examples/verify4-res.xml @@ -2,7 +2,7 @@ <!-- XML Security Library example: A simple SAML response template (verify4 example). -This file was signed using the following command (replace __ with double dashes): +Sign it using the following command (replace __ with double dashes): ../apps/xmlsec sign __privkey rsakey.pem,rsacert.pem __output verify4-res.xml verify4-tmpl.xml --> @@ -19,41 +19,30 @@ This file was signed using the following command (replace __ with double dashes) <dsig:DigestValue>t1nvDq1bZXEhBIXc/DHcqIrjRyI=</dsig:DigestValue> </dsig:Reference> </dsig:SignedInfo> - <dsig:SignatureValue>EsNm7mOj9XY6pq1bfeuzFd1F/LQwbc1K/YgOYgrElk4tr8BhSd5OcrzXBgsivPvm -HpjvSOBkjctGOFVE7x+6+G8TMudTja1IchEmGMh+pjMBlGNpvxSTedwtnoZBGWAz -RlfRhRFThskup0T7Or+VBHYygPGM3gmwX0ZWVYpNzM/rfYSk7+obgIp9DxLDIXlW -oLrJGVivubE+T63CPfBPaUIv1CbfBAzdo+11+8CiVsdWn2qwtGe5Fsmc3eCg06Oj -sl1nyCIu3AONq1w8jIPOgmITF8PpwDm0+XoQUH0P4kHJqNLphnJZY+GlPAC6VlAW -2bcAFr4Ul5yzHUBpxCDZfg==</dsig:SignatureValue> + <dsig:SignatureValue>cj28Qr33wTqwHJzpI+7Mth7HUTr9MKACSH4x/1/AO64FEGiQRoOBB8XuUHZ8tzkP +Azy8FwoZE/Jv5d/0N3ru4Q==</dsig:SignatureValue> <dsig:KeyInfo> <dsig:X509Data> -<X509Certificate xmlns="http://www.w3.org/2000/09/xmldsig#">MIIE3zCCBEigAwIBAgIBBTANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCVVMx -EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE -ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v -eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl -a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4X -DTAzMDMzMTA0MDIyMloXDTEzMDMyODA0MDIyMlowgb8xCzAJBgNVBAYTAlVTMRMw -EQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFy -eSAoaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMSEwHwYDVQQLExhFeGFt -cGxlcyBSU0EgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAf -BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAJe4/rQ/gzV4FokE7CthjL/EXwCBSkXm2c3p4jyXO0Wt -quaNC3dxBwFPfPl94hmq3ZFZ9PHPPbp4RpYRnLZbRjlzVSOq954AXOXpSew7nD+E -mTqQrd9+ZIbGJnLOMQh5fhMVuOW/1lYCjWAhTCcYZPv7VXD2M70vVXDVXn6ZrqTg -qkVHE6gw1aCKncwg7OSOUclUxX8+Zi10v6N6+PPslFc5tKwAdWJhVLTQ4FKG+F53 -7FBDnNK6p4xiWryy/vPMYn4jYGvHUUk3eH4lFTCr+rSuJY8i/KNIf/IKim7g/o3w -Ae3GM8xrof2mgO8GjK/2QDqOQhQgYRIf4/wFsQXVZcMCAwEAAaOCAVcwggFTMAkG -A1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRp -ZmljYXRlMB0GA1UdDgQWBBQkhCzy1FkgYosuXIaQo6owuicanDCB+AYDVR0jBIHw -MIHtgBS0ue+a5pcOaGUemM76VQ2JBttMfKGB0aSBzjCByzELMAkGA1UEBhMCVVMx -EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE -ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v -eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl -a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggEA -MA0GCSqGSIb3DQEBBAUAA4GBALU/mzIxSv8vhDuomxFcplzwdlLZbvSQrfoNkMGY -1UoS3YJrN+jZLWKSyWE3mIaPpElqXiXQGGkwD5iPQ1iJMbI7BeLvx6ZxX/f+c8Wn -ss0uc1NxfahMaBoyG15IL4+beqO182fosaKJTrJNG3mc//ANGU9OsQM9mfBEt4oL -NJ2D</X509Certificate> +<dsig:X509Certificate>MIIDpzCCA1GgAwIBAgIJAK+ii7kzrdqvMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy +aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEWMBQG +A1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtz +ZXkuY29tMCAXDTE0MDUyMzE3NTUzNFoYDzIxMTQwNDI5MTc1NTM0WjCBxzELMAkG +A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1 +cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKTAn +BgNVBAsTIFRlc3QgVGhpcmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD +Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j +b20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA09BtD3aeVt6DVDkk0dI7Vh7Ljqdn +sYmW0tbDVxxK+nume+Z9Sb4znbUKkWl+vgQATdRUEyhT2P+Gqrd0UBzYfQIDAQAB +o4IBRTCCAUEwDAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBH +ZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNf0xkZ3zjcEI60pVPuwDqTM +QygZMIHjBgNVHSMEgdswgdiAFP7k7FMk8JWVxxC14US1XTllWuN+oYG0pIGxMIGu +MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1M +IFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2Vj +KTEQMA4GA1UECxMHUm9vdCBDQTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8G +CSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggkAr6KLuTOt2q0wDQYJKoZI +hvcNAQEFBQADQQAOXBj0yICp1RmHXqnUlsppryLCW3pKBD1dkb4HWarO7RjA1yJJ +fBjXssrERn05kpBcrRfzou4r3DCgQFPhjxga</dsig:X509Certificate> </dsig:X509Data> </dsig:KeyInfo> </dsig:Signature> diff --git a/examples/verify4.c b/examples/verify4.c index f55f58c5..e438d748 100644 --- a/examples/verify4.c +++ b/examples/verify4.c @@ -13,17 +13,17 @@ * verify4 <signed-file> <trusted-cert-pem-file1> [<trusted-cert-pem-file2> [...]] * * Example (sucecess): - * ./verify4 verify4-res.xml rootcert.pem + * ./verify4 verify4-res.xml ca2cert.pem cacert.pem * * Example (failure): - * ./verify4 verify4-bad-res.xml rootcert.pem + * ./verify4 verify4-bad-res.xml ca2cert.pem cacert.pem * In the same time, verify3 example successfuly verifies this signature: - * ./verify3 verify4-bad-res.xml rootcert.pem + * ./verify3 verify4-bad-res.xml ca2cert.pem cacert.pem * * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include <stdlib.h> #include <string.h> @@ -100,7 +100,7 @@ main(int argc, char **argv) { * xmlsec-crypto library. */ #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING - if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { + if(xmlSecCryptoDLLoadLibrary(NULL) < 0) { fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n" "that you have it installed and check shared libraries path\n" "(LD_LIBRARY_PATH) envornment variable.\n"); diff --git a/examples/xkms-server.c b/examples/xkms-server.c deleted file mode 100644 index 188d5c73..00000000 --- a/examples/xkms-server.c +++ /dev/null @@ -1,839 +0,0 @@ -/** - * XML Security Library example: simple XKMS server - * - * Starts XKMS server on specified port. - * - * Usage: - * ./xkms-server [--port <port>] [--format plain|soap-1.1|soap-1.2] <keys-file> - * - * Example: - * ./xkms-server --port 8080 --format soap-1.1 keys.xml - * - * This is free software; see Copyright file in the source - * distribution for preciese wording. - * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> - */ -#include <stdlib.h> -#include <stdio.h> -#include <string.h> -#include <assert.h> -#include <errno.h> - -#ifdef XMLSEC_NO_XKMS - -int main(int argc, char** argv) { - fprintf(stderr, "ERROR: XKMS is disabled.\n"); - return 1; -} - -#else /* XMLSEC_NO_XKMS */ - -#include <libxml/tree.h> -#include <libxml/xmlmemory.h> -#include <libxml/parser.h> - -#ifndef XMLSEC_NO_XSLT -#include <libxslt/xslt.h> -#include <libxslt/security.h> -#endif /* XMLSEC_NO_XSLT */ - -#include <xmlsec/xmlsec.h> -#include <xmlsec/xmltree.h> -#include <xmlsec/buffer.h> -#include <xmlsec/xkms.h> -#include <xmlsec/crypto.h> - -#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING -#include <xmlsec/app.h> -#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */ - -#ifdef UNIX_SOCKETS -#include <netinet/in.h> -#include <sys/socket.h> -#include <arpa/inet.h> -#include <netinet/tcp.h> -#include <netdb.h> -#include <fcntl.h> -#include <signal.h> -#else /* UNIX_SOCKETS */ -#ifdef WIN32_SOCKETS -#include <windows.h> -#include <winsock.h> -#else /* WIN32_SOCKETS */ -#error "Your operating system is not supported" -#endif /* WIN32_SOCKETS */ -#endif /* UNIX_SOCKETS */ - -#define DEFAULT_PORT 1234 -#define PENDING_QUEUE_SIZE 100 - -#define LOG_LEVEL_SILENT 0 -#define LOG_LEVEL_INFO 1 -#define LOG_LEVEL_DATA 2 -#define LOG_LEVEL_DEBUG 3 - -#ifdef UNIX_SOCKETS -static int sockfd = -1; -#endif /* UNIX_SOCKETS */ - -#ifdef WIN32_SOCKETS -static SOCKET sockfd = -1; -#endif /* WIN32_SOCKETS */ - -static int finished = 0; -static int log_level = LOG_LEVEL_INFO; - -static int init_server(unsigned short port); -static void stop_server(); -static void int_signal_handler(int sig_num); -static const xmlChar* my_strnstr(const xmlChar* str, xmlSecSize strLen, const xmlChar* tmpl, xmlSecSize tmplLen); - -static int handle_connection(int fd, xmlSecXkmsServerCtxPtr xkmsCtx, xmlSecXkmsServerFormat format); -static int read_request(int fd, const char* in_ip, xmlSecBufferPtr buffer); -static int send_response(int fd, const char* in_ip, int resp_code, - const char* body, int body_size); - -static char usage[] = "[--port <port>] [--format plain|soap-1.1|soap-1.2] <keys-file>"; -static char http_header[] = - "HTTP/1.0 %d\n" - "Server: XML Security Library: Simple XKMS Server/1.0\n" - "Content-length: %d\n" - "\n"; -static char http_503[] = - "Error 503 - Service Unavailable\n"; - -int main(int argc, char** argv) { - int argpos; - unsigned short port = DEFAULT_PORT; -#ifndef XMLSEC_NO_XSLT - xsltSecurityPrefsPtr xsltSecPrefs = NULL; -#endif /* XMLSEC_NO_XSLT */ - xmlSecKeysMngrPtr mngr = NULL; - xmlSecXkmsServerCtxPtr xkmsCtx = NULL; - xmlSecXkmsServerFormat format = xmlSecXkmsServerFormatPlain; - int ret; - - fprintf(stdout, "Log: server is starting up\n"); - - /* Init libxml and libxslt libraries */ - xmlInitParser(); - LIBXML_TEST_VERSION - xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS; - xmlSubstituteEntitiesDefault(1); -#ifndef XMLSEC_NO_XSLT - xmlIndentTreeOutput = 1; -#endif /* XMLSEC_NO_XSLT */ - - /* Init libxslt */ -#ifndef XMLSEC_NO_XSLT - /* disable everything */ - xsltSecPrefs = xsltNewSecurityPrefs(); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); - xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); - xsltSetDefaultSecurityPrefs(xsltSecPrefs); -#endif /* XMLSEC_NO_XSLT */ - - /* Init xmlsec library */ - if(xmlSecInit() < 0) { - fprintf(stderr, "Error %d: xmlsec initialization failed.\n", errno); - return(-1); - } - - /* Check loaded library version */ - if(xmlSecCheckVersion() != 1) { - fprintf(stderr, "Error %d: loaded xmlsec library version is not compatible.\n", errno); - return(-1); - } - - /* Load default crypto engine if we are supporting dynamic - * loading for xmlsec-crypto libraries. Use the crypto library - * name ("openssl", "nss", etc.) to load corresponding - * xmlsec-crypto library. - */ -#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING - if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { - fprintf(stderr, "Error %d: unable to load default xmlsec-crypto library. Make sure\n" - "that you have it installed and check shared libraries path\n" - "(LD_LIBRARY_PATH) envornment variable.\n", errno); - return(-1); - } -#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */ - - /* Init crypto library */ - if(xmlSecCryptoAppInit(NULL) < 0) { - fprintf(stderr, "Error %d: crypto initialization failed.\n", errno); - return(-1); - } - - /* Init xmlsec-crypto library */ - if(xmlSecCryptoInit() < 0) { - fprintf(stderr, "Error %d: xmlsec-crypto initialization failed.\n", errno); - return(-1); - } - - /* Create and initialize keys manager */ - mngr = xmlSecKeysMngrCreate(); - if(mngr == NULL) { - fprintf(stderr, "Error %d: failed to create keys manager.\n", errno); - goto done; - } - if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) { - fprintf(stderr, "Error %d: failed to initialize keys manager.\n", errno); - goto done; - } - - /* Create XKMS server context */ - xkmsCtx = xmlSecXkmsServerCtxCreate(mngr); - if(xkmsCtx == NULL) { - fprintf(stderr, "Error %d: XKMS server context initialization failed\n", errno); - goto done; - } - - /* Process input parameters */ - for(argpos = 1; (argpos < argc) && (argv[argpos][0] == '-'); argpos++) { - if((strcmp(argv[argpos], "--port") == 0) || (strcmp(argv[argpos], "-p") == 0)) { - argpos++; - port = atoi(argv[argpos]); - if(port == 0) { - fprintf(stderr, "Error %d: invalid port number \"%s\".\nUsage: %s %s\n", errno, argv[argpos], argv[0], usage); - goto done; - } - } else if((strcmp(argv[argpos], "--format") == 0) || (strcmp(argv[argpos], "-f") == 0)) { - argpos++; - format = xmlSecXkmsServerFormatFromString(BAD_CAST argv[argpos]); - if(format == xmlSecXkmsServerFormatUnknown) { - fprintf(stderr, "Error %d: invalid format \"%s\".\nUsage: %s %s\n", errno, argv[argpos], argv[0], usage); - goto done; - } - } else if((strcmp(argv[argpos], "--log-level") == 0) || (strcmp(argv[argpos], "-l") == 0)) { - argpos++; - log_level = atoi(argv[argpos]); - } else { - fprintf(stderr, "Error %d: unknown parameter \"%s\".\nUsage: %s %s\n", errno, argv[argpos], argv[0], usage); - goto done; - } - } - if(argpos >= argc) { - fprintf(stderr, "Error %d: keys file is not specified.\nUsage: %s %s\n", errno, argv[0], usage); - goto done; - } - - /* Load keys */ - for(; argpos < argc; argpos++) { - if(xmlSecCryptoAppDefaultKeysMngrLoad(mngr, argv[argpos]) < 0) { - fprintf(stderr, "Error %d: failed to load xml keys file \"%s\".\nUsage: %s %s\n", errno, argv[argpos], argv[0], usage); - goto done; - } - if(log_level >= LOG_LEVEL_INFO) { - fprintf(stdout, "Log: loaded keys from \"%s\"\n", argv[argpos]); - } - } - - /* Startup TCP server */ - if(init_server(port) < 0) { - fprintf(stderr, "Error, errno: server initialization failed\n", errno); - goto done; - } - assert(sockfd != -1); - - /* main loop: accept connections and process requests */ - while(finished == 0) { - fd_set fds; - struct timeval timeout; - - /* Set up polling using select() */ - FD_ZERO(&fds); - FD_SET(sockfd, &fds); - memset(&timeout, 0, sizeof(timeout)); - timeout.tv_sec = 1; - ret = select(sockfd + 1, &fds, NULL, NULL, &timeout); - if((ret <= 0) || !FD_ISSET(sockfd, &fds)) { - /* error, timed out or not our socket: try again */ - continue; - } - - if(handle_connection(sockfd, xkmsCtx, format) < 0) { - fprintf(stderr, "Error %d: unable to accept incomming connection\n"); - goto done; - } - } - -done: - if(log_level >= LOG_LEVEL_INFO) { - fprintf(stdout, "Log: server is shutting down\n"); - } - - /* Shutdown TCP server */ - stop_server(); - - /* Destroy xkms server context */ - if(xkmsCtx != NULL) { - xmlSecXkmsServerCtxDestroy(xkmsCtx); - xkmsCtx = NULL; - } - - /* Destroy keys manager */ - if(mngr != NULL) { - xmlSecKeysMngrDestroy(mngr); - mngr = NULL; - } - - /* Shutdown xmlsec-crypto library */ - xmlSecCryptoShutdown(); - - /* Shutdown crypto library */ - xmlSecCryptoAppShutdown(); - - /* Shutdown xmlsec library */ - xmlSecShutdown(); - - /* Shutdown libxslt/libxml */ -#ifndef XMLSEC_NO_XSLT - xsltFreeSecurityPrefs(xsltSecPrefs); - xsltCleanupGlobals(); -#endif /* XMLSEC_NO_XSLT */ - xmlCleanupParser(); - - fprintf(stdout, "Log: server is down, bye!\n"); - return(0); -} - -/** - * init_server: - * @port: the server'xmlSecBufferGetData(buffer) TCP port number. - * - * Starts up a TCP server listening on given @port. - * - * Returns 0 on success or a negative value if an error occurs. - */ -static int -init_server(unsigned short port) { -#ifdef WIN32_SOCKETS - WSADATA data; -#endif /* WIN32_SOCKETS */ - struct sockaddr_in saddr; - int flags; - -#ifdef WIN32_SOCKETS - if(WSAStartup(MAKEWORD(1,1), &data)) { - fprintf(stderr, "Error %d: WSAStartup() failed\n", errno); - return(-1); - } -#endif /* WIN32_SOCKETS */ - - /* create socket */ - sockfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); -#ifdef UNIX_SOCKETS - if(sockfd == -1) { -#endif /* UNIX_SOCKETS */ - -#ifdef WIN32_SOCKETS - if(sockfd == INVALID_SOCKET) { -#endif /* WIN32_SOCKETS */ - - fprintf(stderr, "Error %d: socket() failed\n", errno); - return(-1); - } - - /* enable reuse of address */ - flags = 1; - if(setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, (char *)&flags, sizeof(flags)) != 0) { - fprintf(stderr, "Error %d: setsockopt(SO_REUSEADDR) failed\n", errno); - return(-1); - } - -#ifdef UNIX_SOCKETS - /* set non-blocking */ - flags = fcntl(sockfd, F_GETFL); - if(flags < 0) { - fprintf(stderr, "Error %d: fcntl(F_GETFL) failed\n", errno); - return(-1); - } - if(fcntl(sockfd, F_SETFL, flags | O_NONBLOCK) < 0) { - fprintf(stderr, "Error %d: fcntl(F_SETFL) failed\n", errno); - return(-1); - } -#endif /* UNIX_SOCKETS */ - - /* preset socket structure for socket binding */ - memset(&saddr, 0, sizeof(saddr)); - saddr.sin_family = AF_INET; - saddr.sin_port = htons(port); - saddr.sin_addr.s_addr = INADDR_ANY; - if(bind(sockfd, (struct sockaddr *)&saddr, sizeof(struct sockaddr)) != 0) { - fprintf(stderr, "Error %d: bind() failed\n", errno); - return(-1); - } - - /* prepare for listening */ - if(listen(sockfd, PENDING_QUEUE_SIZE) != 0) { - fprintf(stderr, "Error %d: listen() failed\n", errno); - return(-1); - } - -#ifdef UNIX_SOCKETS - /* setup SIGINT handler that will stop the server */ - signal(SIGINT, int_signal_handler); -#endif /* UNIX_SOCKETS */ - - if(log_level >= LOG_LEVEL_INFO) { - fprintf(stdout, "Log: server is ready and listening on port %d\n", port); - } - return(0); -} - -/** - * stop_server: - * - * Shuts down TCP server. - */ -static void -stop_server() { -#ifdef UNIX_SOCKETS - if(sockfd != -1) { - shutdown(sockfd, SHUT_RDWR); - close(sockfd); - sockfd = -1; - } -#endif /* UNIX_SOCKETS */ - -#ifdef WIN32_SOCKETS - if(sockfd != -1) { - close(sockfd); - sockfd = -1; - } -#endif /* WIN32_SOCKETS */ - if(log_level >= LOG_LEVEL_INFO) { - fprintf(stdout, "Log: server is shutted down\n"); - } -} - -/** - * int_signal_handler: - * @sig_num: the signal number. - * - * Unix's Ctrl-C signal handler that stops the server. - */ -static void -int_signal_handler(int sig_num) { - if(log_level >= LOG_LEVEL_INFO) { - fprintf(stdout, "Log: server is asked to shutdown\n"); - } - finished = 1; -} - -/** - * handle_connection: - * @sockfd: the server's socket. - * @xkmsCtx: the template XKMS server context. - * @format: the expected format of XKMS requests. - * - * Establishs a connection, forks a child process (onUnix), reads the request, - * processes it and writes back the response. - * - * Returns 0 on success or a negative value if an error occurs. - */ -static int -handle_connection(int sockfd, xmlSecXkmsServerCtxPtr xkmsCtx, xmlSecXkmsServerFormat format) { -#ifdef UNIX_SOCKETS - int fd = -1; -#endif /* UNIX_SOCKETS */ - -#ifdef WIN32_SOCKETS - SOCKET fd = -1; -#endif /* WIN32_SOCKETS */ - - int in_child_process = 0; - struct sockaddr_in saddr; - int saddr_size; - xmlSecXkmsServerCtxPtr xkmsCtx2 = NULL; - xmlSecBufferPtr buffer = NULL; - xmlDocPtr inDoc = NULL; - xmlDocPtr outDoc = NULL; - xmlNodePtr result = NULL; - xmlOutputBufferPtr output = NULL; - int resp_ready = 0; - int ret; - - assert(sockfd != -1); - assert(xkmsCtx != NULL); - - /* Get the socket connection */ - saddr_size = sizeof(struct sockaddr_in); - fd = accept(sockfd, (struct sockaddr *)&saddr, &saddr_size); - -#ifdef UNIX_SOCKETS - if(sockfd == -1) { -#endif /* UNIX_SOCKETS */ - -#ifdef WIN32_SOCKETS - if(sockfd == INVALID_SOCKET) { -#endif /* WIN32_SOCKETS */ - - fprintf(stderr, "Error %d: accept() failed\n", errno); - return(-1); - } - if(log_level >= LOG_LEVEL_INFO) { - fprintf(stdout, "Log [%s]: got connection\n", inet_ntoa(saddr.sin_addr)); - } - - /* Create a copy of XKMS server context */ - xkmsCtx2 = xmlSecXkmsServerCtxCreate(NULL); - if(xkmsCtx2 == NULL) { - fprintf(stderr, "Error %d [%s]: a copy of XKMS server context initialization failed\n", errno, inet_ntoa(saddr.sin_addr)); - goto done; - } - if(xmlSecXkmsServerCtxCopyUserPref(xkmsCtx2, xkmsCtx) < 0) { - fprintf(stderr, "Error %d [%s]: XKMS server context copy failed\n", errno, inet_ntoa(saddr.sin_addr)); - goto done; - } - -#ifdef UNIX_SOCKETS - /* on Unix we use child process to process requests */ - if(fork()) { - /* parent process */ - return(0); - } - - /* child process */ - in_child_process = 1; - close(sockfd); /* we don't need listening socket */ -#endif /* UNIX_SOCKETS */ - - buffer = xmlSecBufferCreate(0); - if(buffer == NULL) { - fprintf(stderr, "Error %d [%s]: xmlSecBufferCreate() failed\n", errno, inet_ntoa(saddr.sin_addr)); - goto done; - } - - /* read input request */ - ret = read_request(fd, inet_ntoa(saddr.sin_addr), buffer); - if(ret < 0) { - fprintf(stderr, "Error %d [%s]: read_request() failed\n", errno, inet_ntoa(saddr.sin_addr)); - goto done; - } - - /* parse request */ - inDoc = xmlParseMemory(xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer) ); - if((inDoc == NULL) || (xmlDocGetRootElement(inDoc) == NULL)) { - fprintf(stderr, "Error %d [%s]: failed to parse request\n", errno, inet_ntoa(saddr.sin_addr)); - goto done; - } - xmlSecBufferEmpty(buffer); - - /* prepare result document */ - outDoc = xmlNewDoc(BAD_CAST "1.0"); - if(outDoc == NULL) { - fprintf(stderr, "Error %d [%s]: failed to create result doc\n", errno, inet_ntoa(saddr.sin_addr)); - goto done; - } - - result = xmlSecXkmsServerCtxProcess(xkmsCtx2, xmlDocGetRootElement(inDoc), format, outDoc); - if(result == NULL) { - fprintf(stderr, "Error %d [%s]: failed to process xkms server request\n", errno, inet_ntoa(saddr.sin_addr)); - goto done; - } - - /* apppend returned result node to the output document */ - xmlDocSetRootElement(outDoc, result); - - /* create LibXML2 output buffer */ - output = xmlSecBufferCreateOutputBuffer(buffer); - if(output == NULL) { - fprintf(stderr, "Error %d [%s]: xmlSecBufferCreateOutputBuffer() failed\n", errno, inet_ntoa(saddr.sin_addr)); - goto done; - } - xmlNodeDumpOutput(output, result->doc, result, 0, 0, NULL); - - xmlOutputBufferClose(output); output = NULL; - resp_ready = 1; -done: - /* send back response */ - if((resp_ready == 1) && (xmlSecBufferGetData(buffer) != NULL)) { - ret = send_response(fd, inet_ntoa(saddr.sin_addr), 200, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer)); - if(log_level >= LOG_LEVEL_INFO) { - fprintf(stdout, "Log [%s]: processed request\n", inet_ntoa(saddr.sin_addr)); - } - } else if(fd >= 0) { - ret = send_response(fd, inet_ntoa(saddr.sin_addr), 503, http_503, strlen(http_503)); - if(log_level >= LOG_LEVEL_INFO) { - fprintf(stdout, "Log [%s]: failed to process request\n", inet_ntoa(saddr.sin_addr)); - } - } else { - ret = -1; - } - if(ret < 0) { - fprintf(stderr, "Error %d [%s]: send_response() failed\n", errno, inet_ntoa(saddr.sin_addr)); - } - - /* cleanup */ - if(output != NULL) { - xmlOutputBufferClose(output); - output = NULL; - } - - if(outDoc != NULL) { - xmlFreeDoc(outDoc); - outDoc = NULL; - } - - if(inDoc != NULL) { - xmlFreeDoc(inDoc); - inDoc = NULL; - } - - if(buffer != NULL) { - xmlSecBufferDestroy(buffer); - buffer = NULL; - } - - if(xkmsCtx2 != NULL) { - xmlSecXkmsServerCtxDestroy(xkmsCtx2); - xkmsCtx2 = NULL; - } - - if(fd >= 0) { -#ifdef UNIX_SOCKETS - shutdown(fd, SHUT_RDWR); - close(fd); -#endif /* UNIX_SCOKETS */ - -#ifdef WIN32_SOCKETS - close(fd); -#endif /* WIN32_SCOKETS */ - - fd = -1; - } - - if(in_child_process) { - exit(0); - } - return(0); -} - -/** - * read_request: - * @fd: the request's socket. - * @in_ip: the request's IP address (for logging). - * @buffer: the output buffer. - * - * Reads the request from socket @fd and stores it in the @buffer. - * - * Returns 0 on success or a negative value if an error occurs. - */ -static int -read_request(int fd, const char* in_ip, xmlSecBufferPtr buffer) { - char buf[1024]; - const xmlChar* s; - const xmlChar* p; - int nread; - int length = 0; - int found = 0; - int counter; - - assert(fd != -1); - assert(in_ip != NULL); - assert(buffer); - - /* first read the http headers */ - counter = 5; - while(my_strnstr(xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer), BAD_CAST "\r\n\r\n", 4) == NULL) { - nread = recv(fd, buf, sizeof(buf), 0); - if(nread < 0) { - fprintf(stderr, "Error %d [%s]: read() failed\n", errno, in_ip); - return(-1); - } - - if((nread > 0) && (xmlSecBufferAppend(buffer, buf, nread) < 0)) { - fprintf(stderr, "Error %d [%s]: xmlSecBufferAppend(%d) failed\n", errno, in_ip, nread); - return(-1); - } - - if(nread < sizeof(buffer)) { - counter--; - if(counter <= 0) { - break; - } - } - } - - if(xmlSecBufferGetData(buffer) == NULL) { - fprintf(stderr, "Error %d [%s]: no bytes read\n", errno, in_ip); - return(-1); - } - - if(log_level >= LOG_LEVEL_DEBUG) { - xmlSecBufferAppend(buffer, BAD_CAST "\0", 1); - fprintf(stdout, "Debug [%s]: request headers:\n%s\n", in_ip, xmlSecBufferGetData(buffer)); - xmlSecBufferRemoveTail(buffer, 1); - } - - /* Parse the request and extract the body. We expect the request to look - * like this: - * POST <path> HTTP/1.x\r\n - * <header1>\r\n - * <header2>\r\n - * ... - * <headerN>\r\n - * \r\n - * <body> - */ - - /* analyze the first line */ - p = my_strnstr(xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer), BAD_CAST "\r\n", 2); - if(p == NULL) { - fprintf(stderr, "Error %d [%s]: there is no HTTP header\n", errno, in_ip); - return(-1); - } - if(xmlStrncasecmp(xmlSecBufferGetData(buffer), BAD_CAST "POST ", 5) != 0) { - fprintf(stderr, "Error %d [%s]: not a POST request\n", errno, in_ip); - return(-1); - } - /* "POST " + " HTTP/1.x" == 14 */ - s = xmlSecBufferGetData(buffer); - if(p - s <= 14) { - fprintf(stderr, "Error %d [%s]: first line has bad length\n", errno, in_ip); - return(-1); - } - if((xmlStrncasecmp(p - 9, BAD_CAST " HTTP/1.0", 9) != 0) && - (xmlStrncasecmp(p - 9, BAD_CAST " HTTP/1.1", 9) != 0)) { - - fprintf(stderr, "Error %d [%s]: first line does not end with \" HTTP/1.x\"\n", errno, in_ip); - return(-1); - } - if(xmlSecBufferRemoveHead(buffer, p - xmlSecBufferGetData(buffer) + 2) < 0) { - fprintf(stderr, "Error %d [%s]: failed to skip first line\n", errno, in_ip); - return(-1); - } - - /* now skip all the headers (i.e. everything until empty line) */ - found = 0; - while(!found) { - p = my_strnstr(xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer), BAD_CAST "\r\n", 2); - if(p == NULL) { - fprintf(stderr, "Error %d [%s]: there is no HTTP body\n", errno, in_ip); - return(-1); - } - - if(p == xmlSecBufferGetData(buffer)) { - found = 1; - } else if(xmlStrncasecmp(xmlSecBufferGetData(buffer), BAD_CAST "Content-length: ", 16) == 0) { - length = atoi(xmlSecBufferGetData(buffer) + 16); - } - - if(xmlSecBufferRemoveHead(buffer, p - xmlSecBufferGetData(buffer) + 2) < 0) { - fprintf(stderr, "Error %d [%s]: failed to skip header line\n", errno, in_ip); - return(-1); - } - } - - /* remove the trailing \0 we added */ - xmlSecBufferRemoveTail(buffer, 1); - - /* now read the body */ - counter = 5; - while(xmlSecBufferGetSize(buffer) < length) { - nread = recv(fd, buf, sizeof(buf), 0); - if(nread < 0) { - fprintf(stderr, "Error %d [%s]: read() failed\n", errno, in_ip); - return(-1); - } - - if((nread > 0) && (xmlSecBufferAppend(buffer, buf, nread) < 0)) { - fprintf(stderr, "Error %d [%s]: xmlSecBufferAppend(%d) failed\n", errno, in_ip, nread); - return(-1); - } - if(nread < sizeof(buffer)) { - counter--; - if(counter <= 0) { - break; - } - } - } - if(log_level >= LOG_LEVEL_INFO) { - fprintf(stdout, "Log [%s]: body size is %d bytes\n", in_ip, xmlSecBufferGetSize(buffer)); - } - if(log_level >= LOG_LEVEL_DATA) { - xmlSecBufferAppend(buffer, BAD_CAST "\0", 1); - fprintf(stdout, "Log [%s]: request body:\n%s\n", in_ip, xmlSecBufferGetData(buffer)); - xmlSecBufferRemoveTail(buffer, 1); - } - return(0); -} - -/** - * send_response: - * @fd: the request's socket. - * @in_ip: the request's IP address (for logging). - * @resp_code: the HTTP response code. - * @body: the response body. - * @body_len: the response body length. - * - * Writes HTTP response headers and @body to the @socket. - * - * Returns 0 on success or a negative value if an error occurs. - */ -static int -send_response(int fd, const char* in_ip, int resp_code, const char* body, int body_size) { - char header[sizeof(http_header) + 100]; - - assert(fd != -1); - assert(in_ip != NULL); - assert(resp_code > 0); - assert(body != NULL); - - /* prepare and send http header */ - sprintf(header, http_header, resp_code, body_size); - if(send(fd, header, strlen(header), 0) == -1) { - fprintf(stderr, "Error %d [%s]: send(header) failed\n", errno, in_ip); - return(-1); - } - - if(log_level >= LOG_LEVEL_DATA) { - xmlChar* tmp = xmlStrndup(body, body_size); - fprintf(stdout, "Log [%s]: response is\n%s\n", in_ip, tmp); - xmlFree(tmp); - } - - /* send body */ - if(send(fd, body, body_size, 0) == -1) { - fprintf(stderr, "Error %d [%s]: send(body) failed\n", errno, in_ip); - return(-1); - } - - return(0); -} - -/** - * my_strnstr: - * @str: the soruce string. - * @strLen: the source string length. - * @tmpl: the template string. - * @tmplLen: the template string length. - * - * Searches for the first occurence of @tmpl in @str. - * - * Returns pointer to the first occurence of @tmpl in @str or NULL if it is not found. - */ -static const xmlChar* -my_strnstr(const xmlChar* str, xmlSecSize strLen, const xmlChar* tmpl, xmlSecSize tmplLen) { - xmlSecSize pos; - - if((str == NULL) || (tmpl == NULL)) { - return(NULL); - } - for(pos = 0; pos + tmplLen <= strLen; pos++) { - if(xmlStrncmp(str + pos, tmpl, tmplLen) == 0) { - return(str + pos); - } - } - - return(NULL); -} - -#endif /* XMLSEC_NO_XKMS */ - diff --git a/examples/xmldsigverify.c b/examples/xmldsigverify.c index f4c376ea..f6a9c847 100644 --- a/examples/xmldsigverify.c +++ b/examples/xmldsigverify.c @@ -4,7 +4,7 @@ * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ #include <stdlib.h> #include <string.h> @@ -88,7 +88,7 @@ main(int argc, char **argv) { * xmlsec-crypto library. */ #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING - if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) { + if(xmlSecCryptoDLLoadLibrary(NULL) < 0) { fprintf(stdout, "Error: unable to load default xmlsec-crypto library. Make sure\n" "that you have it installed and check shared libraries path\n" "(LD_LIBRARY_PATH) envornment variable.\n"); |