[xmlsec] corrupt context after verify call
Erik Smith
cruisercoder at gmail.com
Tue Oct 12 23:36:39 PDT 2010
After I call xmlSecDSigCtxVerify, the status in the contex is corrupted with
a large number. However xmlsec1 reports validation as OK.
xmlsec1 --verify --pubkey-cert-pem cert.crt --store-references
--id-attr:ResponseID urn:oasis:names:tc:SAML:1.0:protocol:Response /saml.xml
Also xmlSecDSigCtxDebugDump output is exactly the same for xmlsec1 and my
program.
I've reduced the code down to what is below and I'm having trouble seeing
what could be wrong.
libxml version: 2.6.27
xmlsec version: 1.2.11
Thanks for any help.
#include <iostream>
#include <xmlsec/xmltree.h>
#include <xmlsec/xmldsig.h>
#include <xmlsec/crypto.h>
#include <xmlsec/errors.h>
#ifndef XMLSEC_NO_XSLT
#include <libxslt/xslt.h>
#endif
void error(const char *);
int main(int argc, char **argv) {
using namespace std;
int status(0);
xmlSecKeysMngrPtr mngr_;
xmlSecDSigCtxPtr dsigCtx;
xmlDocPtr doc_;
cout << "libxml version: " << LIBXML_DOTTED_VERSION << endl;
cout << "xmlsec version: " << XMLSEC_VERSION << endl;
xmlInitParser();
LIBXML_TEST_VERSION;
xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
xmlSubstituteEntitiesDefault(1);
#ifndef XMLSEC_NO_XSLT
xmlIndentTreeOutput = 1;
#endif
// Init xmlsec library
if (xmlSecInit() < 0) error("xmlSecInit");
if (xmlSecCheckVersion() != 1) error("xmlSecCheckVersion");
#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
if(xmlSecCryptoDLLoadLibrary(BAD_CAST "openssl") < 0)
error("xmlSecCryptoDLLoadLibrary");
#endif
if(xmlSecCryptoAppInit(NULL) < 0) error("Error: crypto initialization
failed.");
if(xmlSecCryptoInit() < 0) error("Error: xmlsec-crypto initialization
failed.");
mngr_ = xmlSecKeysMngrCreate();
if (!mngr_) error("bad");
if (xmlSecCryptoAppDefaultKeysMngrInit(mngr_) < 0) error("bad");
xmlSecKeyDataFormat format(xmlSecKeyDataFormatCertPem);
xmlSecKeyPtr key = xmlSecCryptoAppKeyLoad("cert.crt", format, NULL,
NULL, NULL);
if (!key) error("key load error");
if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr_, key) < 0) error("could
not add key");
doc_ = xmlParseFile("saml.xml");
if (!doc_ || !xmlDocGetRootElement(doc_)) error("bad");
set_id(doc_);
xmlNodePtr node = xmlSecFindNode(xmlDocGetRootElement(doc_),
xmlSecNodeSignature, xmlSecDSigNs);
if (!node) error("start node not
found");
dsigCtx =
xmlSecDSigCtxCreate(mngr_);
if (!dsigCtx) error("failed to create signature
context");
std::cout << "status before: " << dsigCtx->status <<
std::endl;
if (xmlSecDSigCtxVerify(dsigCtx, node) < 0) error("signature verify
error");
std::cout << "status: " << dsigCtx->status <<
std::endl;
//xmlSecDSigCtxDebugDump(dsigCtx,
stdout);
return
status;
}
void set_id(xmlDocPtr doc) {
using namespace std;
xmlNodePtr node = xmlSecFindNode(
xmlDocGetRootElement(doc),
BAD_CAST "Response",
BAD_CAST "urn:oasis:names:tc:SAML:1.0:protocol");
cout << "element name: " << node->name<< endl;
xmlAttrPtr attr = xmlHasProp(node, BAD_CAST "ResponseID");
if (!attr) error("attribute not found");
cout << "attribute name: " << attr->name<< endl;
xmlChar *value = xmlNodeListGetString(node->doc, attr->children, 1);
if (!value) error("xmlNodeListGetString");
cout << "value: " << value << endl;
xmlAttrPtr tmp(xmlGetID(node->doc, value));
if (tmp) {
cout << "id already registered" << endl;
} else {
xmlIDPtr id = xmlAddID(NULL, doc, BAD_CAST value, attr);
if (!id) {
xmlFree(value); // fix
error("xmlAddID error");
}
cout << "id added" << endl;
}
//xmlFree(value); // fix
}
void error(const char *e) {
std::cout << e << std::endl;
std::cout << "exiting" << std::endl;
exit(0);
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20101012/55c371d3/attachment.html>
More information about the xmlsec
mailing list