Проверьте XML-подпись с помощью libxmlsec1
Я могу проверить подпись XML с помощью безопасности Apache Santuario XML для Java. Код похож на:
ByteArrayInputStream bais = new ByteArrayInputStream(readData("signature.xml"));
DocumentBuilderFactory f = DocumentBuilderFactory.newInstance();
f.setNamespaceAware(true);
Document doc = f.newDocumentBuilder().parse(bais);
bais.close();
NodeList nodes = doc.getElementsByTagNameNS(Constants.SignatureSpecNS, Constants._TAG_SIGNATURE);
Element sigElement = (Element) nodes.item(0);
XMLSignature signature = new XMLSignature(sigElement, "");
signature.addResourceResolver(new ResolverWidget(this));
X509Certificate cert = signature.getKeyInfo().getX509Certificate();
signature.checkSignatureValue(cert);
Теперь я хочу реализовать это на C++. Я пробовал Apache Santuario XML security для C++, но потерпел неудачу, потому что сказал, что не поддерживает c14n11 (надеюсь, я ошибаюсь). Итак, я перешел на использование libxmlsec1, но проблема в том, что я не знаю, как реализовать с помощью libxmlsec1. Не нужно проверять все файлы элемента Reference. Я просто хочу проверить элемент SignedInfo. Я только сделал следующий код.
xmlDocPtr doc = xmlParseFile("signature.xml");
xmlNodePtr node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeX509Certificate, xmlSecDSigNs);
xmlNodePtr data = node->children;
mngr = xmlSecKeysMngrCreate();
xmlSecCryptoAppDefaultKeysMngrInit(mngr);
xmlSecCryptoAppKeysMngrCertLoadMemory(mngr, data->content, size, xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted);
Это терпит неудачу со следующими ошибками:
func=xmlSecOpenSSLAppCertLoadBIO:file=app.c:line=1254:obj=unknown:subj=PEM_read_bio_X509_AUX:error=4:crypto library function failed:
func=xmlSecOpenSSLAppKeysMngrCertLoadBIO:file=app.c:line=1139:obj=unknown:subj=xmlSecOpenSSLAppCertLoadBIO:error=1:xmlsec library function failed:
func=xmlSecOpenSSLAppKeysMngrCertLoadMemory:file=app.c:line=1091:obj=unknown:subj=xmlSecOpenSSLAppKeysMngrCertLoadBIO:error=1:xmlsec library function failed:
Кто-нибудь знает, как заставить xmlsec1 прочитать все элементы x509Certificate из signature.xml и проверить signature.xml?
Ниже приведен файл signature.xml.
<?xml version="1.0" encoding="UTF-8"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="DistributorSignature">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="config.xml">
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>ddnUD1cNeIG1a3uj96Y/VS+WBC5qT24PL/j/91Tfl/0=</DigestValue>
</Reference>
<Reference URI="index.html">
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>I+Sv8L0e9Px1aMAdlo5a2uQjXecYjv7wIyJxP50h8Fk=</DigestValue>
</Reference>
<Reference URI="LICENSE">
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>HVThAjM5iEcTVJB6dgC5zehhQjYVu1JV7oN+OyezI2Y=</DigestValue>
</Reference>
<Reference URI="#prop">
<Transforms>
<Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>rf75zmIiY5uFijILpSBnhNEZA+5twK1OqDhjA/yri/A=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>Kbbugd59Tj/M1MhsWySrQAeTwz8zhf4RqQsO+xRInqsdDQdhv5vqaNqJOAWStYcr
g26RD426JcJc3P7qy2C8VHuZMQ30krrwCbaQcNIptjBD83xAbOzUu2ZiHmadNJFQ
MY1Uc5RAdJmxBZ0AaNKQaZ6n7NBkm/AM/G9OU9rNJ5AdjyeQIy81P3T6eTSVC4U3
6y++A3/FpWwHJyX6mFuNrgAXZENjBWUuPrpIFCgSvXKr0X8U4q7TMvGCntd+TMsl
YtSnRYdFokzCSuoY5Xi7qDnC9u91BPBiMDrwVvJk8cWKQ5QRRyO035QPwwv2+BaN
jd67IdmbzRr6jpPx4A/H9w==</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIDlDCCAnygAwIBAgIBAjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVSzEQ
MA4GA1UECBMHRW5nbGFuZDEMMAoGA1UEChMDVzNDMRAwDgYDVQQLEwdXZWJhcHBz
MQ4wDAYDVQQDEwUyLnJzYTAeFw0xMTA1MjUxNDI1MjRaFw0zMTA1MjAxNDI1MjRa
ME8xCzAJBgNVBAYTAlVLMRAwDgYDVQQIEwdFbmdsYW5kMQwwCgYDVQQKEwNXM0Mx
EDAOBgNVBAsTB1dlYmFwcHMxDjAMBgNVBAMTBTMucnNhMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAtgkBd9V2J1o+Ezsmvko8EiiTPtGwm3ZYkR8oxFje
4h1z6clJqCz20bdbjTb5flbq/sPt2cn0b9YY9cYuALJNq8ydtHtYfraltKodqtNj
2jZIAYrbUk2EXsNjISUyJamDHMKxz2ssUscQzPYulFLx+ZfSpaZdOIKV4ChOmXZw
WjW4TaEjh8DkAvS/qkTOW+2CKk8b//Q+VmxhCyeLgqqj3AX9hO3+ZB62zUEZekes
sQNT2ZudgM0M2pOAcAieBjEi7rXj59w89MRMF3rekp9UeXMmlTBPQbDD+yBi/bQh
DOYLr+nORI2AlBosKsqCb9+Qttpmk4XpGJWtqzDfxCRHAwIDAQABo3sweTAJBgNV
HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
Y2F0ZTAdBgNVHQ4EFgQUCP3WcRe6mbgSPueiisha3Lzd4WIwHwYDVR0jBBgwFoAU
frSCRp58oUe+iPCV3IgbnoTtf40wDQYJKoZIhvcNAQELBQADggEBABC5cDDE4SgP
z1w1OUrsBJ+d3ceU/2AKnu5iYfmkg8plDAYW5w8gZz+ha+KlO4vJtwljBFqBEzkf
vaRGIqSv3pVKEGWO1Tl9X5CnV6Bj65x21YbkbFJadEakoNWFpAkuGQYvVaf0d6TC
GJA5rJXePW5Th6uN4vmHyZLqwgZG9VnjSRWRlYytEXYQzxeXwts3e22BNr9Dv4kt
RCGe8FNU2b2WcZqqPmA33mS0Fn97BdqhAC7KKZrgLaKSPcNFjSJJZjMrIf5v/jWm
4fdl+GxvprkHsuP9HSHuDCCPtc8YzGFM+pptS8pHYTiJP1kZjFGdguazT8jYBFw+
Vkz5ajGl/zk=</X509Certificate>
<X509Certificate>MIIDlDCCAnygAwIBAgIBAjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVSzEQ
MA4GA1UECBMHRW5nbGFuZDEMMAoGA1UEChMDVzNDMRAwDgYDVQQLEwdXZWJhcHBz
MQ4wDAYDVQQDEwUyLnJzYTAeFw0xMTA1MjUxNDI1MjRaFw0zMTA1MjAxNDI1MjRa
ME8xCzAJBgNVBAYTAlVLMRAwDgYDVQQIEwdFbmdsYW5kMQwwCgYDVQQKEwNXM0Mx
EDAOBgNVBAsTB1dlYmFwcHMxDjAMBgNVBAMTBTMucnNhMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAtgkBd9V2J1o+Ezsmvko8EiiTPtGwm3ZYkR8oxFje
4h1z6clJqCz20bdbjTb5flbq/sPt2cn0b9YY9cYuALJNq8ydtHtYfraltKodqtNj
2jZIAYrbUk2EXsNjISUyJamDHMKxz2ssUscQzPYulFLx+ZfSpaZdOIKV4ChOmXZw
WjW4TaEjh8DkAvS/qkTOW+2CKk8b//Q+VmxhCyeLgqqj3AX9hO3+ZB62zUEZekes
sQNT2ZudgM0M2pOAcAieBjEi7rXj59w89MRMF3rekp9UeXMmlTBPQbDD+yBi/bQh
DOYLr+nORI2AlBosKsqCb9+Qttpmk4XpGJWtqzDfxCRHAwIDAQABo3sweTAJBgNV
HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
Y2F0ZTAdBgNVHQ4EFgQUCP3WcRe6mbgSPueiisha3Lzd4WIwHwYDVR0jBBgwFoAU
frSCRp58oUe+iPCV3IgbnoTtf40wDQYJKoZIhvcNAQELBQADggEBABC5cDDE4SgP
z1w1OUrsBJ+d3ceU/2AKnu5iYfmkg8plDAYW5w8gZz+ha+KlO4vJtwljBFqBEzkf
vaRGIqSv3pVKEGWO1Tl9X5CnV6Bj65x21YbkbFJadEakoNWFpAkuGQYvVaf0d6TC
GJA5rJXePW5Th6uN4vmHyZLqwgZG9VnjSRWRlYytEXYQzxeXwts3e22BNr9Dv4kt
RCGe8FNU2b2WcZqqPmA33mS0Fn97BdqhAC7KKZrgLaKSPcNFjSJJZjMrIf5v/jWm
4fdl+GxvprkHsuP9HSHuDCCPtc8YzGFM+pptS8pHYTiJP1kZjFGdguazT8jYBFw+
Vkz5ajGl/zk=</X509Certificate><X509Certificate>MIIDyTCCArGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBOMQ0wCwYDVQQDEwRyb290
MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHRW5nbGFuZDEMMAoGA1UEChMDVzNDMRAw
DgYDVQQLEwdXZWJhcHBzMB4XDTExMDUyNTE0MjUyM1oXDTMxMDUyMDE0MjUyM1ow
TzELMAkGA1UEBhMCVUsxEDAOBgNVBAgTB0VuZ2xhbmQxDDAKBgNVBAoTA1czQzEQ
MA4GA1UECxMHV2ViYXBwczEOMAwGA1UEAxMFMi5yc2EwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDQsgjNFZrz39tYbTrfZWQ/lwSTlDWXTvFgwpCqHWCV
natYVxC20rzBBqBr1IOf1zu0AZj4U4QiEcXIJuqlRJpPpWeS1RtBVqY+4R0PN8yk
KnAuv9piCMom05sLZX4WkQhjmf3yY7XJwIHRA6KLVax3khzdmRdggqNU2bAWeC0/
7Yd7wJ2/YeV2HeomYCxgN9SX6ZmJbNhkldwSTB+JDzMLKhoCtnZhXXFGTuvkDvtx
VW4NCSK5EeSN5QVHd1fe1teWpltOQbds19R8/QZ43uu+CLWRTsmBXqjv2BXPPEnw
TNuJfQhlifnTtREM46y+Xlgg7pVMZrt6N6fWQnqapDQ9AgMBAAGjgbAwga0wHQYD
VR0OBBYEFH60gkaefKFHvojwldyIG56E7X+NMH4GA1UdIwR3MHWAFAMbQ7uilTlm
5C/ZxL6UOJwdot6qoVKkUDBOMQ0wCwYDVQQDEwRyb290MQswCQYDVQQGEwJVSzEQ
MA4GA1UECBMHRW5nbGFuZDEMMAoGA1UEChMDVzNDMRAwDgYDVQQLEwdXZWJhcHBz
ggkAxGNiSsTHmF0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAL83h
DSYf/EdNmYtcBdN6HIGgjTFe+S0OG4+Sm7gvVR5QPbWlX8waVaSSrwnSWJ6QBSCf
3AabxE9/7Y1tw1dtj3pAraqAJP8NtqPwDyiIp8kePSmtmtPrs+D6wz6mpfw3F5pD
ZIAJYXya6GCuSWb9am3fyqbEGLBOSRe3i7Tav8KWNrv1BuGh0ytRipMXPf3DNNP1
upFqMi0+bd6I3MV8ez+YXz51mR+cgHKEXbm2pF5ek55QKKHXrR2j/VjSo3Gr/qq6
w6fTJWAFcbsleU/g5FrhSkaY2uHwaBUPda249YZILqg21q8jWVv4rqi/E8Jfl7qH
xJ8PxxIDekRJ+d78xw==</X509Certificate><X509Certificate>MIIDyTCCArGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBOMQ0wCwYDVQQDEwRyb290
MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHRW5nbGFuZDEMMAoGA1UEChMDVzNDMRAw
DgYDVQQLEwdXZWJhcHBzMB4XDTExMDUyNTE0MjUyM1oXDTMxMDUyMDE0MjUyM1ow
TzELMAkGA1UEBhMCVUsxEDAOBgNVBAgTB0VuZ2xhbmQxDDAKBgNVBAoTA1czQzEQ
MA4GA1UECxMHV2ViYXBwczEOMAwGA1UEAxMFMi5yc2EwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDQsgjNFZrz39tYbTrfZWQ/lwSTlDWXTvFgwpCqHWCV
natYVxC20rzBBqBr1IOf1zu0AZj4U4QiEcXIJuqlRJpPpWeS1RtBVqY+4R0PN8yk
KnAuv9piCMom05sLZX4WkQhjmf3yY7XJwIHRA6KLVax3khzdmRdggqNU2bAWeC0/
7Yd7wJ2/YeV2HeomYCxgN9SX6ZmJbNhkldwSTB+JDzMLKhoCtnZhXXFGTuvkDvtx
VW4NCSK5EeSN5QVHd1fe1teWpltOQbds19R8/QZ43uu+CLWRTsmBXqjv2BXPPEnw
TNuJfQhlifnTtREM46y+Xlgg7pVMZrt6N6fWQnqapDQ9AgMBAAGjgbAwga0wHQYD
VR0OBBYEFH60gkaefKFHvojwldyIG56E7X+NMH4GA1UdIwR3MHWAFAMbQ7uilTlm
5C/ZxL6UOJwdot6qoVKkUDBOMQ0wCwYDVQQDEwRyb290MQswCQYDVQQGEwJVSzEQ
MA4GA1UECBMHRW5nbGFuZDEMMAoGA1UEChMDVzNDMRAwDgYDVQQLEwdXZWJhcHBz
ggkAxGNiSsTHmF0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAL83h
DSYf/EdNmYtcBdN6HIGgjTFe+S0OG4+Sm7gvVR5QPbWlX8waVaSSrwnSWJ6QBSCf
3AabxE9/7Y1tw1dtj3pAraqAJP8NtqPwDyiIp8kePSmtmtPrs+D6wz6mpfw3F5pD
ZIAJYXya6GCuSWb9am3fyqbEGLBOSRe3i7Tav8KWNrv1BuGh0ytRipMXPf3DNNP1
upFqMi0+bd6I3MV8ez+YXz51mR+cgHKEXbm2pF5ek55QKKHXrR2j/VjSo3Gr/qq6
w6fTJWAFcbsleU/g5FrhSkaY2uHwaBUPda249YZILqg21q8jWVv4rqi/E8Jfl7qH
xJ8PxxIDekRJ+d78xw==</X509Certificate><X509Certificate>MIID0DCCArigAwIBAgIJAMRjYkrEx5hdMA0GCSqGSIb3DQEBBQUAME4xDTALBgNV
BAMTBHJvb3QxCzAJBgNVBAYTAlVLMRAwDgYDVQQIEwdFbmdsYW5kMQwwCgYDVQQK
EwNXM0MxEDAOBgNVBAsTB1dlYmFwcHMwHhcNMTEwNTI1MTQyNTIyWhcNMzEwNTIw
MTQyNTIyWjBOMQ0wCwYDVQQDEwRyb290MQswCQYDVQQGEwJVSzEQMA4GA1UECBMH
RW5nbGFuZDEMMAoGA1UEChMDVzNDMRAwDgYDVQQLEwdXZWJhcHBzMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwA+/Qn3iCipUlvi6WY3kgrO5pyOyOP8h
yvPwCBTibxpLLJFhKiPX1mEwJoj8jKszaV4D2orRNJ7nefzpi8VoW2331v5PQNhX
IVbaNrg0fif6XWxtJYWjZ/Pi1skoSkmdL9cbDoabDs4gr7Nfb6wPq1z0KK8YFW0z
c3USst5sWePqBrlcRio/yoa/HiILnPtT9uOwpbHBTWtsfJ/f8b8+SsED9NnBl75V
ewdZO59dzYzP1L5Te0Uf9KakZYI1QavNBivUlgld9J8OBVr4brorpKKbRw477V9G
bAr3Q9cMwLlADIp3sdcBCNdwUicC6I4MpSSWjdlX/KXl73VEBkFqTQIDAQABo4Gw
MIGtMB0GA1UdDgQWBBQDG0O7opU5ZuQv2cS+lDicHaLeqjB+BgNVHSMEdzB1gBQD
G0O7opU5ZuQv2cS+lDicHaLeqqFSpFAwTjENMAsGA1UEAxMEcm9vdDELMAkGA1UE
BhMCVUsxEDAOBgNVBAgTB0VuZ2xhbmQxDDAKBgNVBAoTA1czQzEQMA4GA1UECxMH
V2ViYXBwc4IJAMRjYkrEx5hdMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
ggEBADUEFRxMI6afI48kNn7QZF6pCyzQtANLA4+wvx5Chl+SFmxnSkj9aXWZ/fSE
zWB5IGtu/pYZVxyjFiRsxPemangYDxapcEKVzGKhBYXRu4t27jo1t8h+2JIIgaA1
ttNay/iW+mpFcdZ08W6VV+v/6m7UZ57ecBTr2aHtdglG3k1JsBT1K5zXlITiFLR8
1CFK0bEo1TJ0qIVTps4rMkygmDApJ9u1QKKlK6IUhlPl57LVfj2y+K8Ku2na4rpH
vz4eKljBcrsPAp36oRzhzmzp+a6AA5AnXoy5++P7hWClhvrtObQDNbsiJaTnXcf3
+8eOQwONqby8T25RGtwKk7ajPVU=</X509Certificate></X509Data>
</KeyInfo>
<Object Id="prop">
<SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties">
<SignatureProperty Id="profile" Target="#DistributorSignature">
<dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"/>
</SignatureProperty>
<SignatureProperty Id="role" Target="#DistributorSignature">
<dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-author"/>
</SignatureProperty>
<SignatureProperty Id="identifier" Target="#DistributorSignature">
<dsp:Identifier>61622c00-0e67-11e4-aec7-af2396515bcf</dsp:Identifier>
</SignatureProperty>
<SignatureProperty Id="created" Target="#DistributorSignature">
<dsp:Created>2011-06-10T18:13:51.0Z</dsp:Created>
</SignatureProperty>
<SignatureProperty Id="expires" Target="#DistributorSignature">
<dsp:Expires>2050-01-02T10:00:00.0Z</dsp:Expires>
</SignatureProperty>
<SignatureProperty Id="replayprotect" Target="#DistributorSignature">
<dsp:ReplayProtect>
<dsp:timestamp>2011-06-10T18:13:51.0Z</dsp:timestamp>
<dsp:nonce>ax87au3</dsp:nonce>
</dsp:ReplayProtect>
</SignatureProperty>
</SignatureProperties>
</Object>
</Signature>
1 ответ
Ну, никто не ответил на мой вопрос, но я выяснил это, хотя, надеясь, что это может помочь кому-то, как я.
xmlDocPtr doc = xmlParseFile("signature.xml");
xmlNodePtr node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeX509Certificate, xmlSecDSigNs);
xmlNodePtr data = node->children;
mngr = xmlSecKeysMngrCreate();
xmlSecCryptoAppDefaultKeysMngrInit(mngr);
// Add this 2 line then it works
char cert[2000];
sprintf(cert, "-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----\n", xmlNodeGetContent(x509cert_node->children));
xmlSecCryptoAppKeysMngrCertLoadMemory(mngr, data->content, size, xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted);