You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by ka...@apache.org on 2007/02/27 08:48:50 UTC

svn commit: r512165 - in /webservices/axis2/trunk/c/rampart/src/omxmlsec: openssl/sign.c xml_signature.c

Author: kaushalye
Date: Mon Feb 26 23:48:50 2007
New Revision: 512165

URL: http://svn.apache.org/viewvc?view=rev&rev=512165
Log:
Bridging openssl routines and XML Signature routines to verify a digital signature.


Modified:
    webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/sign.c
    webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_signature.c

Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/sign.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/sign.c?view=diff&rev=512165&r1=512164&r2=512165
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/sign.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/sign.c Mon Feb 26 23:48:50 2007
@@ -53,7 +53,11 @@
 
     /*Set the digest according to the signature method*/
     digest = EVP_sha1();
-    
+
+    /*Init MD Ctx*/
+    EVP_MD_CTX_init(&md_ctx);
+   
+    /*Intialize verification*/
     ret = EVP_VerifyInit(&md_ctx, digest);
     if(ret != 1) {
         /*Error*/
@@ -107,8 +111,11 @@
 
     /*Set the digest according to the signature method*/
     digest = EVP_sha1();
+
+    /*MD Ctx init*/
+    EVP_MD_CTX_init(&md_ctx);
+
     /*Sign init*/
-    
     ret = EVP_SignInit(&md_ctx, digest);
     
     EVP_SignUpdate (&md_ctx, OXS_BUFFER_GET_DATA(input_buf, env), OXS_BUFFER_GET_SIZE(input_buf, env));

Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_signature.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_signature.c?view=diff&rev=512165&r1=512164&r2=512165
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_signature.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_signature.c Mon Feb 26 23:48:50 2007
@@ -571,9 +571,15 @@
     axiom_node_t *scope_node)
 {
     axis2_status_t status = AXIS2_FAILURE;
+    axiom_node_t *signed_info_node = NULL;
+    axiom_document_t *doc = NULL;
+    axis2_char_t *c14n_mtd = NULL;
+    axis2_char_t *content = NULL;
+    axis2_char_t *signature_val = NULL;
 
     /*Set operation to verify*/
     oxs_sign_ctx_set_operation(sign_ctx, env, OXS_SIGN_OPERATION_VERIFY);
+    
     /*Populate the sign_ctx by inspecting the ds:Signature node*/
     status = oxs_xml_sig_process_signature_node(env, sign_ctx, signature_node, scope_node);
     if(status != AXIS2_SUCCESS){
@@ -581,17 +587,32 @@
         oxs_error(env, ERROR_LOCATION, OXS_ERROR_SIG_VERIFICATION_FAILED,"<ds:Signature> node processing failed " );        
         return AXIS2_FAILURE;
     }
-    /*At this point we have a ready to process signature context. So why wait...? Verify*/ 
+    /*At this point we have a ready to process signature context. So start verification process*/ 
 
-    /*First step is to Verify the integrity of the signed parts by comparing the digest values of each and every reference.*/
+    /*Verify the integrity of the signed parts by comparing the digest values of each and every reference.*/
     status = oxs_xml_sig_verify_digests(env, sign_ctx);
 
     if(AXIS2_FAILURE == status){
         return AXIS2_FAILURE;
     }
-   
+
     /*At this point we have compared the digest. Next step is to compare the Signature value */ 
-    /*TODO*/
-    
+    /*First get the signature value from the context*/
+    signature_val = oxs_sign_ctx_get_sig_val(sign_ctx, env);
+
+    /*Then we apply the C14N for the ds:SignedInfo*/
+    signed_info_node = oxs_axiom_get_first_child_node_by_name(env, signature_node,
+                                OXS_NODE_SIGNEDINFO, OXS_DSIG_NS, OXS_DS );
+    c14n_mtd = oxs_sign_ctx_get_c14n_mtd(sign_ctx, env); 
+    doc = axiom_node_get_document(signed_info_node, env);
+    oxs_c14n_apply(env, doc, AXIS2_FALSE, &content, AXIS2_TRUE, NULL, signed_info_node);
+
+    /*In the final step we Verify*/ 
+    status = oxs_sig_verify(env, sign_ctx, content , signature_val);
+    if(AXIS2_FAILURE == status){
+        return AXIS2_FAILURE;
+    }
+
+
     return AXIS2_SUCCESS;
 }



---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org