使用libxmlsec1验证XML签名

时间:2014-08-05 09:28:29

标签: c++ c xml-signature xmlsec xml-dsig

我可以使用Apache Santuario XML安全性验证XML签名。代码如下:

ByteArrayInputStream bais = new ByteArrayInputStream(readData("signature.xml"));
DocumentBuilderFactory f = DocumentBuilderFactory.newInstance();
f.setNamespaceAware(true);
Document doc = f.newDocumentBuilder().parse(bais);
bais.close();
NodeList nodes = doc.getElementsByTagNameNS(Constants.SignatureSpecNS, Constants._TAG_SIGNATURE);
Element sigElement = (Element) nodes.item(0);
XMLSignature signature = new XMLSignature(sigElement, "");
signature.addResourceResolver(new ResolverWidget(this));
X509Certificate cert = signature.getKeyInfo().getX509Certificate();
signature.checkSignatureValue(cert);

现在,我想用C ++实现它。我已经尝试过用于C ++的Apache Santuario XML安全性,但它失败了,因为它说它不支持c14n11(我希望我错了)。所以,我改为使用libxmlsec1,但问题是我不知道如何用libxmlsec1实现。它不必验证Reference元素的所有文件。我只想验证SignedInfo元素。我只做了以下代码。

xmlDocPtr doc = xmlParseFile("signature.xml");
xmlNodePtr node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeX509Certificate, xmlSecDSigNs);
xmlNodePtr data = node->children;
mngr = xmlSecKeysMngrCreate();
xmlSecCryptoAppDefaultKeysMngrInit(mngr);
xmlSecCryptoAppKeysMngrCertLoadMemory(mngr, data->content, size, xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted);

失败并出现以下错误:

func=xmlSecOpenSSLAppCertLoadBIO:file=app.c:line=1254:obj=unknown:subj=PEM_read_bio_X509_AUX:error=4:crypto library function failed: 
func=xmlSecOpenSSLAppKeysMngrCertLoadBIO:file=app.c:line=1139:obj=unknown:subj=xmlSecOpenSSLAppCertLoadBIO:error=1:xmlsec library function failed: 
func=xmlSecOpenSSLAppKeysMngrCertLoadMemory:file=app.c:line=1091:obj=unknown:subj=xmlSecOpenSSLAppKeysMngrCertLoadBIO:error=1:xmlsec library function failed: 

请知道如何让xmlsec1从signature.xml读取所有x509Certificate元素,并验证signature.xml吗?

以下是signature.xml。

<?xml version="1.0" encoding="UTF-8"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="DistributorSignature">
 <SignedInfo>
  <CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
  <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
  <Reference URI="config.xml">
   <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
   <DigestValue>ddnUD1cNeIG1a3uj96Y/VS+WBC5qT24PL/j/91Tfl/0=</DigestValue>
  </Reference>
  <Reference URI="index.html">
   <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
   <DigestValue>I+Sv8L0e9Px1aMAdlo5a2uQjXecYjv7wIyJxP50h8Fk=</DigestValue>
  </Reference>
  <Reference URI="LICENSE">
   <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
   <DigestValue>HVThAjM5iEcTVJB6dgC5zehhQjYVu1JV7oN+OyezI2Y=</DigestValue>
  </Reference>
  <Reference URI="#prop">
   <Transforms>
    <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
   </Transforms>
   <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
   <DigestValue>rf75zmIiY5uFijILpSBnhNEZA+5twK1OqDhjA/yri/A=</DigestValue>
  </Reference>
 </SignedInfo>
 <SignatureValue>Kbbugd59Tj/M1MhsWySrQAeTwz8zhf4RqQsO+xRInqsdDQdhv5vqaNqJOAWStYcr
g26RD426JcJc3P7qy2C8VHuZMQ30krrwCbaQcNIptjBD83xAbOzUu2ZiHmadNJFQ
MY1Uc5RAdJmxBZ0AaNKQaZ6n7NBkm/AM/G9OU9rNJ5AdjyeQIy81P3T6eTSVC4U3
6y++A3/FpWwHJyX6mFuNrgAXZENjBWUuPrpIFCgSvXKr0X8U4q7TMvGCntd+TMsl
YtSnRYdFokzCSuoY5Xi7qDnC9u91BPBiMDrwVvJk8cWKQ5QRRyO035QPwwv2+BaN
jd67IdmbzRr6jpPx4A/H9w==</SignatureValue>
 <KeyInfo>
  <X509Data>


<X509Certificate>MIIDlDCCAnygAwIBAgIBAjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVSzEQ
MA4GA1UECBMHRW5nbGFuZDEMMAoGA1UEChMDVzNDMRAwDgYDVQQLEwdXZWJhcHBz
MQ4wDAYDVQQDEwUyLnJzYTAeFw0xMTA1MjUxNDI1MjRaFw0zMTA1MjAxNDI1MjRa
ME8xCzAJBgNVBAYTAlVLMRAwDgYDVQQIEwdFbmdsYW5kMQwwCgYDVQQKEwNXM0Mx
EDAOBgNVBAsTB1dlYmFwcHMxDjAMBgNVBAMTBTMucnNhMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAtgkBd9V2J1o+Ezsmvko8EiiTPtGwm3ZYkR8oxFje
4h1z6clJqCz20bdbjTb5flbq/sPt2cn0b9YY9cYuALJNq8ydtHtYfraltKodqtNj
2jZIAYrbUk2EXsNjISUyJamDHMKxz2ssUscQzPYulFLx+ZfSpaZdOIKV4ChOmXZw
WjW4TaEjh8DkAvS/qkTOW+2CKk8b//Q+VmxhCyeLgqqj3AX9hO3+ZB62zUEZekes
sQNT2ZudgM0M2pOAcAieBjEi7rXj59w89MRMF3rekp9UeXMmlTBPQbDD+yBi/bQh
DOYLr+nORI2AlBosKsqCb9+Qttpmk4XpGJWtqzDfxCRHAwIDAQABo3sweTAJBgNV
HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
Y2F0ZTAdBgNVHQ4EFgQUCP3WcRe6mbgSPueiisha3Lzd4WIwHwYDVR0jBBgwFoAU
frSCRp58oUe+iPCV3IgbnoTtf40wDQYJKoZIhvcNAQELBQADggEBABC5cDDE4SgP
z1w1OUrsBJ+d3ceU/2AKnu5iYfmkg8plDAYW5w8gZz+ha+KlO4vJtwljBFqBEzkf
vaRGIqSv3pVKEGWO1Tl9X5CnV6Bj65x21YbkbFJadEakoNWFpAkuGQYvVaf0d6TC
GJA5rJXePW5Th6uN4vmHyZLqwgZG9VnjSRWRlYytEXYQzxeXwts3e22BNr9Dv4kt
RCGe8FNU2b2WcZqqPmA33mS0Fn97BdqhAC7KKZrgLaKSPcNFjSJJZjMrIf5v/jWm
4fdl+GxvprkHsuP9HSHuDCCPtc8YzGFM+pptS8pHYTiJP1kZjFGdguazT8jYBFw+
Vkz5ajGl/zk=</X509Certificate>
<X509Certificate>MIIDlDCCAnygAwIBAgIBAjANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQGEwJVSzEQ
MA4GA1UECBMHRW5nbGFuZDEMMAoGA1UEChMDVzNDMRAwDgYDVQQLEwdXZWJhcHBz
MQ4wDAYDVQQDEwUyLnJzYTAeFw0xMTA1MjUxNDI1MjRaFw0zMTA1MjAxNDI1MjRa
ME8xCzAJBgNVBAYTAlVLMRAwDgYDVQQIEwdFbmdsYW5kMQwwCgYDVQQKEwNXM0Mx
EDAOBgNVBAsTB1dlYmFwcHMxDjAMBgNVBAMTBTMucnNhMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAtgkBd9V2J1o+Ezsmvko8EiiTPtGwm3ZYkR8oxFje
4h1z6clJqCz20bdbjTb5flbq/sPt2cn0b9YY9cYuALJNq8ydtHtYfraltKodqtNj
2jZIAYrbUk2EXsNjISUyJamDHMKxz2ssUscQzPYulFLx+ZfSpaZdOIKV4ChOmXZw
WjW4TaEjh8DkAvS/qkTOW+2CKk8b//Q+VmxhCyeLgqqj3AX9hO3+ZB62zUEZekes
sQNT2ZudgM0M2pOAcAieBjEi7rXj59w89MRMF3rekp9UeXMmlTBPQbDD+yBi/bQh
DOYLr+nORI2AlBosKsqCb9+Qttpmk4XpGJWtqzDfxCRHAwIDAQABo3sweTAJBgNV
HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
Y2F0ZTAdBgNVHQ4EFgQUCP3WcRe6mbgSPueiisha3Lzd4WIwHwYDVR0jBBgwFoAU
frSCRp58oUe+iPCV3IgbnoTtf40wDQYJKoZIhvcNAQELBQADggEBABC5cDDE4SgP
z1w1OUrsBJ+d3ceU/2AKnu5iYfmkg8plDAYW5w8gZz+ha+KlO4vJtwljBFqBEzkf
vaRGIqSv3pVKEGWO1Tl9X5CnV6Bj65x21YbkbFJadEakoNWFpAkuGQYvVaf0d6TC
GJA5rJXePW5Th6uN4vmHyZLqwgZG9VnjSRWRlYytEXYQzxeXwts3e22BNr9Dv4kt
RCGe8FNU2b2WcZqqPmA33mS0Fn97BdqhAC7KKZrgLaKSPcNFjSJJZjMrIf5v/jWm
4fdl+GxvprkHsuP9HSHuDCCPtc8YzGFM+pptS8pHYTiJP1kZjFGdguazT8jYBFw+
Vkz5ajGl/zk=</X509Certificate><X509Certificate>MIIDyTCCArGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBOMQ0wCwYDVQQDEwRyb290
MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHRW5nbGFuZDEMMAoGA1UEChMDVzNDMRAw
DgYDVQQLEwdXZWJhcHBzMB4XDTExMDUyNTE0MjUyM1oXDTMxMDUyMDE0MjUyM1ow
TzELMAkGA1UEBhMCVUsxEDAOBgNVBAgTB0VuZ2xhbmQxDDAKBgNVBAoTA1czQzEQ
MA4GA1UECxMHV2ViYXBwczEOMAwGA1UEAxMFMi5yc2EwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDQsgjNFZrz39tYbTrfZWQ/lwSTlDWXTvFgwpCqHWCV
natYVxC20rzBBqBr1IOf1zu0AZj4U4QiEcXIJuqlRJpPpWeS1RtBVqY+4R0PN8yk
KnAuv9piCMom05sLZX4WkQhjmf3yY7XJwIHRA6KLVax3khzdmRdggqNU2bAWeC0/
7Yd7wJ2/YeV2HeomYCxgN9SX6ZmJbNhkldwSTB+JDzMLKhoCtnZhXXFGTuvkDvtx
VW4NCSK5EeSN5QVHd1fe1teWpltOQbds19R8/QZ43uu+CLWRTsmBXqjv2BXPPEnw
TNuJfQhlifnTtREM46y+Xlgg7pVMZrt6N6fWQnqapDQ9AgMBAAGjgbAwga0wHQYD
VR0OBBYEFH60gkaefKFHvojwldyIG56E7X+NMH4GA1UdIwR3MHWAFAMbQ7uilTlm
5C/ZxL6UOJwdot6qoVKkUDBOMQ0wCwYDVQQDEwRyb290MQswCQYDVQQGEwJVSzEQ
MA4GA1UECBMHRW5nbGFuZDEMMAoGA1UEChMDVzNDMRAwDgYDVQQLEwdXZWJhcHBz
ggkAxGNiSsTHmF0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAL83h
DSYf/EdNmYtcBdN6HIGgjTFe+S0OG4+Sm7gvVR5QPbWlX8waVaSSrwnSWJ6QBSCf
3AabxE9/7Y1tw1dtj3pAraqAJP8NtqPwDyiIp8kePSmtmtPrs+D6wz6mpfw3F5pD
ZIAJYXya6GCuSWb9am3fyqbEGLBOSRe3i7Tav8KWNrv1BuGh0ytRipMXPf3DNNP1
upFqMi0+bd6I3MV8ez+YXz51mR+cgHKEXbm2pF5ek55QKKHXrR2j/VjSo3Gr/qq6
w6fTJWAFcbsleU/g5FrhSkaY2uHwaBUPda249YZILqg21q8jWVv4rqi/E8Jfl7qH
xJ8PxxIDekRJ+d78xw==</X509Certificate><X509Certificate>MIIDyTCCArGgAwIBAgIBATANBgkqhkiG9w0BAQsFADBOMQ0wCwYDVQQDEwRyb290
MQswCQYDVQQGEwJVSzEQMA4GA1UECBMHRW5nbGFuZDEMMAoGA1UEChMDVzNDMRAw
DgYDVQQLEwdXZWJhcHBzMB4XDTExMDUyNTE0MjUyM1oXDTMxMDUyMDE0MjUyM1ow
TzELMAkGA1UEBhMCVUsxEDAOBgNVBAgTB0VuZ2xhbmQxDDAKBgNVBAoTA1czQzEQ
MA4GA1UECxMHV2ViYXBwczEOMAwGA1UEAxMFMi5yc2EwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDQsgjNFZrz39tYbTrfZWQ/lwSTlDWXTvFgwpCqHWCV
natYVxC20rzBBqBr1IOf1zu0AZj4U4QiEcXIJuqlRJpPpWeS1RtBVqY+4R0PN8yk
KnAuv9piCMom05sLZX4WkQhjmf3yY7XJwIHRA6KLVax3khzdmRdggqNU2bAWeC0/
7Yd7wJ2/YeV2HeomYCxgN9SX6ZmJbNhkldwSTB+JDzMLKhoCtnZhXXFGTuvkDvtx
VW4NCSK5EeSN5QVHd1fe1teWpltOQbds19R8/QZ43uu+CLWRTsmBXqjv2BXPPEnw
TNuJfQhlifnTtREM46y+Xlgg7pVMZrt6N6fWQnqapDQ9AgMBAAGjgbAwga0wHQYD
VR0OBBYEFH60gkaefKFHvojwldyIG56E7X+NMH4GA1UdIwR3MHWAFAMbQ7uilTlm
5C/ZxL6UOJwdot6qoVKkUDBOMQ0wCwYDVQQDEwRyb290MQswCQYDVQQGEwJVSzEQ
MA4GA1UECBMHRW5nbGFuZDEMMAoGA1UEChMDVzNDMRAwDgYDVQQLEwdXZWJhcHBz
ggkAxGNiSsTHmF0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAL83h
DSYf/EdNmYtcBdN6HIGgjTFe+S0OG4+Sm7gvVR5QPbWlX8waVaSSrwnSWJ6QBSCf
3AabxE9/7Y1tw1dtj3pAraqAJP8NtqPwDyiIp8kePSmtmtPrs+D6wz6mpfw3F5pD
ZIAJYXya6GCuSWb9am3fyqbEGLBOSRe3i7Tav8KWNrv1BuGh0ytRipMXPf3DNNP1
upFqMi0+bd6I3MV8ez+YXz51mR+cgHKEXbm2pF5ek55QKKHXrR2j/VjSo3Gr/qq6
w6fTJWAFcbsleU/g5FrhSkaY2uHwaBUPda249YZILqg21q8jWVv4rqi/E8Jfl7qH
xJ8PxxIDekRJ+d78xw==</X509Certificate><X509Certificate>MIID0DCCArigAwIBAgIJAMRjYkrEx5hdMA0GCSqGSIb3DQEBBQUAME4xDTALBgNV
BAMTBHJvb3QxCzAJBgNVBAYTAlVLMRAwDgYDVQQIEwdFbmdsYW5kMQwwCgYDVQQK
EwNXM0MxEDAOBgNVBAsTB1dlYmFwcHMwHhcNMTEwNTI1MTQyNTIyWhcNMzEwNTIw
MTQyNTIyWjBOMQ0wCwYDVQQDEwRyb290MQswCQYDVQQGEwJVSzEQMA4GA1UECBMH
RW5nbGFuZDEMMAoGA1UEChMDVzNDMRAwDgYDVQQLEwdXZWJhcHBzMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwA+/Qn3iCipUlvi6WY3kgrO5pyOyOP8h
yvPwCBTibxpLLJFhKiPX1mEwJoj8jKszaV4D2orRNJ7nefzpi8VoW2331v5PQNhX
IVbaNrg0fif6XWxtJYWjZ/Pi1skoSkmdL9cbDoabDs4gr7Nfb6wPq1z0KK8YFW0z
c3USst5sWePqBrlcRio/yoa/HiILnPtT9uOwpbHBTWtsfJ/f8b8+SsED9NnBl75V
ewdZO59dzYzP1L5Te0Uf9KakZYI1QavNBivUlgld9J8OBVr4brorpKKbRw477V9G
bAr3Q9cMwLlADIp3sdcBCNdwUicC6I4MpSSWjdlX/KXl73VEBkFqTQIDAQABo4Gw
MIGtMB0GA1UdDgQWBBQDG0O7opU5ZuQv2cS+lDicHaLeqjB+BgNVHSMEdzB1gBQD
G0O7opU5ZuQv2cS+lDicHaLeqqFSpFAwTjENMAsGA1UEAxMEcm9vdDELMAkGA1UE
BhMCVUsxEDAOBgNVBAgTB0VuZ2xhbmQxDDAKBgNVBAoTA1czQzEQMA4GA1UECxMH
V2ViYXBwc4IJAMRjYkrEx5hdMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
ggEBADUEFRxMI6afI48kNn7QZF6pCyzQtANLA4+wvx5Chl+SFmxnSkj9aXWZ/fSE
zWB5IGtu/pYZVxyjFiRsxPemangYDxapcEKVzGKhBYXRu4t27jo1t8h+2JIIgaA1
ttNay/iW+mpFcdZ08W6VV+v/6m7UZ57ecBTr2aHtdglG3k1JsBT1K5zXlITiFLR8
1CFK0bEo1TJ0qIVTps4rMkygmDApJ9u1QKKlK6IUhlPl57LVfj2y+K8Ku2na4rpH
vz4eKljBcrsPAp36oRzhzmzp+a6AA5AnXoy5++P7hWClhvrtObQDNbsiJaTnXcf3
+8eOQwONqby8T25RGtwKk7ajPVU=</X509Certificate></X509Data>
 </KeyInfo>
 <Object Id="prop">
  <SignatureProperties xmlns:dsp="http://www.w3.org/2009/xmldsig-properties">
   <SignatureProperty Id="profile" Target="#DistributorSignature">
    <dsp:Profile URI="http://www.w3.org/ns/widgets-digsig#profile"/>
   </SignatureProperty>
   <SignatureProperty Id="role" Target="#DistributorSignature">
    <dsp:Role URI="http://www.w3.org/ns/widgets-digsig#role-author"/>
   </SignatureProperty>
   <SignatureProperty Id="identifier" Target="#DistributorSignature">
    <dsp:Identifier>61622c00-0e67-11e4-aec7-af2396515bcf</dsp:Identifier>
   </SignatureProperty>

    <SignatureProperty Id="created" Target="#DistributorSignature"> 
        <dsp:Created>2011-06-10T18:13:51.0Z</dsp:Created> 
    </SignatureProperty> 
    <SignatureProperty Id="expires" Target="#DistributorSignature"> 
        <dsp:Expires>2050-01-02T10:00:00.0Z</dsp:Expires> 
    </SignatureProperty> 
    <SignatureProperty Id="replayprotect" Target="#DistributorSignature"> 
        <dsp:ReplayProtect> 
          <dsp:timestamp>2011-06-10T18:13:51.0Z</dsp:timestamp> 
          <dsp:nonce>ax87au3</dsp:nonce> 
        </dsp:ReplayProtect>  
    </SignatureProperty>    
  </SignatureProperties>
 </Object>
</Signature>

1 个答案:

答案 0 :(得分:1)

好吧,没有人回答我的问题,但我已经发现了,但希望它可以帮助像我这样的其他人。

xmlDocPtr doc = xmlParseFile("signature.xml");
xmlNodePtr node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeX509Certificate, xmlSecDSigNs);
xmlNodePtr data = node->children;
mngr = xmlSecKeysMngrCreate();
xmlSecCryptoAppDefaultKeysMngrInit(mngr);
// Add this 2 line then it works
char cert[2000];
sprintf(cert, "-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----\n", xmlNodeGetContent(x509cert_node->children));
xmlSecCryptoAppKeysMngrCertLoadMemory(mngr, data->content, size, xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted);