You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by ka...@apache.org on 2007/02/27 08:48:50 UTC
svn commit: r512165 - in /webservices/axis2/trunk/c/rampart/src/omxmlsec:
openssl/sign.c xml_signature.c
Author: kaushalye
Date: Mon Feb 26 23:48:50 2007
New Revision: 512165
URL: http://svn.apache.org/viewvc?view=rev&rev=512165
Log:
Bridging openssl routines and XML Signature routines to verify a digital signature.
Modified:
webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/sign.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_signature.c
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/sign.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/sign.c?view=diff&rev=512165&r1=512164&r2=512165
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/sign.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/sign.c Mon Feb 26 23:48:50 2007
@@ -53,7 +53,11 @@
/*Set the digest according to the signature method*/
digest = EVP_sha1();
-
+
+ /*Init MD Ctx*/
+ EVP_MD_CTX_init(&md_ctx);
+
+ /*Intialize verification*/
ret = EVP_VerifyInit(&md_ctx, digest);
if(ret != 1) {
/*Error*/
@@ -107,8 +111,11 @@
/*Set the digest according to the signature method*/
digest = EVP_sha1();
+
+ /*MD Ctx init*/
+ EVP_MD_CTX_init(&md_ctx);
+
/*Sign init*/
-
ret = EVP_SignInit(&md_ctx, digest);
EVP_SignUpdate (&md_ctx, OXS_BUFFER_GET_DATA(input_buf, env), OXS_BUFFER_GET_SIZE(input_buf, env));
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_signature.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_signature.c?view=diff&rev=512165&r1=512164&r2=512165
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_signature.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_signature.c Mon Feb 26 23:48:50 2007
@@ -571,9 +571,15 @@
axiom_node_t *scope_node)
{
axis2_status_t status = AXIS2_FAILURE;
+ axiom_node_t *signed_info_node = NULL;
+ axiom_document_t *doc = NULL;
+ axis2_char_t *c14n_mtd = NULL;
+ axis2_char_t *content = NULL;
+ axis2_char_t *signature_val = NULL;
/*Set operation to verify*/
oxs_sign_ctx_set_operation(sign_ctx, env, OXS_SIGN_OPERATION_VERIFY);
+
/*Populate the sign_ctx by inspecting the ds:Signature node*/
status = oxs_xml_sig_process_signature_node(env, sign_ctx, signature_node, scope_node);
if(status != AXIS2_SUCCESS){
@@ -581,17 +587,32 @@
oxs_error(env, ERROR_LOCATION, OXS_ERROR_SIG_VERIFICATION_FAILED,"<ds:Signature> node processing failed " );
return AXIS2_FAILURE;
}
- /*At this point we have a ready to process signature context. So why wait...? Verify*/
+ /*At this point we have a ready to process signature context. So start verification process*/
- /*First step is to Verify the integrity of the signed parts by comparing the digest values of each and every reference.*/
+ /*Verify the integrity of the signed parts by comparing the digest values of each and every reference.*/
status = oxs_xml_sig_verify_digests(env, sign_ctx);
if(AXIS2_FAILURE == status){
return AXIS2_FAILURE;
}
-
+
/*At this point we have compared the digest. Next step is to compare the Signature value */
- /*TODO*/
-
+ /*First get the signature value from the context*/
+ signature_val = oxs_sign_ctx_get_sig_val(sign_ctx, env);
+
+ /*Then we apply the C14N for the ds:SignedInfo*/
+ signed_info_node = oxs_axiom_get_first_child_node_by_name(env, signature_node,
+ OXS_NODE_SIGNEDINFO, OXS_DSIG_NS, OXS_DS );
+ c14n_mtd = oxs_sign_ctx_get_c14n_mtd(sign_ctx, env);
+ doc = axiom_node_get_document(signed_info_node, env);
+ oxs_c14n_apply(env, doc, AXIS2_FALSE, &content, AXIS2_TRUE, NULL, signed_info_node);
+
+ /*In the final step we Verify*/
+ status = oxs_sig_verify(env, sign_ctx, content , signature_val);
+ if(AXIS2_FAILURE == status){
+ return AXIS2_FAILURE;
+ }
+
+
return AXIS2_SUCCESS;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org