[xmlsec] Verifying fails to find KeyInfo
Alexander Alderweireldt
alex at aalex.be
Fri Aug 10 01:23:28 PDT 2007
Hi all,
I have problems with verifying a signature, using its keyvalue in keyinfo.
When I verify the signature with the same pem file I used to sign it, it
works like a charm.
I recently added :
[code]
// add <dsig:KeyInfo/> node to signature
keyInfoNode = xmlSecTmplSignatureEnsureKeyInfo(signNode, NULL);
// adds <dsig:KeyValue/> node to the <dsig:KeyInfo/> node
xmlSecTmplKeyInfoAddKeyValue(keyInfoNode);
[/code]
to the signature generation so I didn't need the pem file to verify the
signature. But I now get the error that xmlSecDSigCtxProcessKeyInfoNode
can't find the key ?
Can anyone give me a hint or a pointer what I do wrong ?
Many thnx !!!
Alex
[Errors]
func=xmlSecDSigCtxProcessKeyInfoNode:file=xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key
is not found:
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
library function failed:
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
library function failed:
Error: signature verify
[/Errors]
[verify_C_code]
int verify_file(char* xmlMessage)
{
xmlDocPtr doc = NULL;
xmlNodePtr node = NULL;
xmlSecDSigCtxPtr dsigCtx = NULL;
char* key_file = "key.pem";
const xmlChar* ids[] = {BAD_CAST "Id", NULL };
int res = -1;
doc = xmlParseDoc((xmlChar *) xmlMessage) ;
if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
fprintf(stderr, "Error: unable to parse file \"%s\"\n", xmlMessage);
goto done;
}
/* find start node */
node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature,
xmlSecDSigNs);
if(node == NULL) {
fprintf(stdout, "Error: start node not found in \"%s\"\n", xmlMessage);
goto done;
}
/* create signature context */
dsigCtx = xmlSecDSigCtxCreate(NULL);
if(dsigCtx == NULL) {
fprintf(stdout,"Error: failed to create signature context\n");
goto done;
}
/* load public key | currently trying to verify through keyinfo*/
// dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file,
xmlSecKeyDataFormatPem, NULL, NULL, NULL);
// if(dsigCtx->signKey == NULL) {
// fprintf(stdout,"Error: failed to load public pem key from \"%s\"\n",
key_file);
// goto done;
// }
/* Verify signature */
if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
fprintf(stdout,"Error: signature verify\n");
goto done;
}
/* print verification result to stdout */
if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
fprintf(stdout, "Test : Signature is OK!!\n\n");
} else {
fprintf(stdout, "Test : Signature is INVALID\n\n");
}
/* success */
res = 1;
done:
/* cleanup */
if(dsigCtx != NULL) {
xmlSecDSigCtxDestroy(dsigCtx);
}
if(doc != NULL) {
xmlFreeDoc(doc);
}
return(res);
}
[/verify_C_code]
[signed_XML]
<?xml version="1.0" encoding="UTF-8"?>
<tsp:TimeStampResponse xmlns:xades="http://uri.etsi.org/01903/v1.1.1#"
xmlns:tsp="http://www.esat.kuleuven.ac.be/~kwouters/2002/08/xmltsp#"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
Type="http://localhost/studjob1/timestampserver/timestampserver.wsdl"
CertReq="true"
xsi:schemaLocation="http://www.esat.kuleuven.ac.be/~kwouters/2002/08/xmltsp#TimeStampSchema.xsd">
<tsp:Status>
<tsp:MajorStatus Code="0">Time-stamp
Granted..</tsp:MajorStatus>
</tsp:Status>
<tsp:TimeStampToken>
<tsp:MessageImprints xml:id="ImprintID">
<tsp:DigestAlgValue Id="DigestID1">
<xades:DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#ripemd160"/>
<xades:DigestValue>YTJhMzE5OWJiOTA1MDI3MWJkNTQwODljOTM2NGM3MzM1OTBlOWYxOQ==</xades:DigestValue>
</tsp:DigestAlgValue>
<tsp:DigestAlgValue Id="DigestID2">
<xades:DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#ripemd160"/>
<xades:DigestValue>NzJiNzQ2ODhmODZiZGE2Yjk2ZWQzMjg1YzlkMjUxZDU4Y2MyOGMyMQ==</xades:DigestValue>
</tsp:DigestAlgValue>
</tsp:MessageImprints>
<tsp:TSTInfo xml:id="TSTInfoID">
<xades:SignaturePolicyIdentifier>
<xades:SignaturePolicyImplied/>
</xades:SignaturePolicyIdentifier>
<tsp:SerialNumber>666</tsp:SerialNumber>
<tsp:GenTime>2007-08-02T8:33:30</tsp:GenTime>
</tsp:TSTInfo>
<tsp:bindingInfo Algorithm="LinearLinking-URI-HS91"
xml:id="BindingID">
<tsp:DigestAlgValue>
<xades:DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#ripemd160"/>
<xades:DigestValue>OUIzQjBDOUM1QjI5MjI5OEFFMEY3OTA2MEZERkYyRTg3OUY2NkY5RHJpLmUx</xades:DigestValue>
</tsp:DigestAlgValue>
</tsp:bindingInfo>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#ImprintID">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#ripemd160"/>
<DigestValue>JNUyEMSnMC9v1ysZkgLIVyGOcZE=</DigestValue>
</Reference>
<Reference URI="#TSTInfoID">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#ripemd160"/>
<DigestValue>bVK6SI09ea9MJO31WamnkH4Fw64=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>kicg8f+ttAsNsn19wAmZtiXOxzxnLam9fmHgFBZohXp97tPDlmM3zRhiAPfFycL9
H02zvxu22sm9NJICtNKim71Zpz0waCVsjfsGf/TchEIxbBtIjKYEWVTHaFMrKsdb
3ijG4PMWXS/3cCJN2fuyFbWp+afIjmSkBNyzArWFD54=</SignatureValue>
<KeyInfo>
<KeyValue>
<RSAKeyValue>
<Modulus>
4HTQeETBkM7f1/1PHI3eshgOrZ1axHFmrjsN4Vf1hmDUNgoJ/sMMrPnj2HVA3fIT
vRMb3Cd6Eb4gvapPHnMuB/xlyEbwIMj+L5gNfWfhxbaIKbN3jcp2n7oD2dlInnKr
3lJYEqC9u0jUUZJJr0VtDl0bOPNIalw1YVoodGI1vTs=
</Modulus>
<Exponent>
AQAB
</Exponent>
</RSAKeyValue>
</KeyValue>
<KeyName/>
</KeyInfo>
</Signature></tsp:TimeStampToken>
</tsp:TimeStampResponse>
[signed_XML]
More information about the xmlsec
mailing list