2 * XML Security Library example: Signing a template file.
4 * Signs a template file using a key from PEM file
7 * ./sign1 <xml-tmpl> <pem-key>
10 * ./sign1 sign1-tmpl.xml rsakey.pem > sign1-res.xml
12 * The result signature could be validated using verify1 example:
13 * ./verify1 sign1-res.xml rsapub.pem
15 * This is free software; see Copyright file in the source
16 * distribution for preciese wording.
18 * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
24 #include <libxml/tree.h>
25 #include <libxml/xmlmemory.h>
26 #include <libxml/parser.h>
28 #ifndef XMLSEC_NO_XSLT
29 #include <libxslt/xslt.h>
30 #endif /* XMLSEC_NO_XSLT */
32 #include <xmlsec/xmlsec.h>
33 #include <xmlsec/xmltree.h>
34 #include <xmlsec/xmldsig.h>
35 #include <xmlsec/crypto.h>
37 int sign_file(const char* tmpl_file, const char* key_file);
40 main(int argc, char **argv) {
44 fprintf(stderr, "Error: wrong number of arguments.\n");
45 fprintf(stderr, "Usage: %s <tmpl-file> <key-file>\n", argv[0]);
49 /* Init libxml and libxslt libraries */
52 xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
53 xmlSubstituteEntitiesDefault(1);
54 #ifndef XMLSEC_NO_XSLT
55 xmlIndentTreeOutput = 1;
56 #endif /* XMLSEC_NO_XSLT */
58 /* Init xmlsec library */
59 if(xmlSecInit() < 0) {
60 fprintf(stderr, "Error: xmlsec initialization failed.\n");
64 /* Check loaded library version */
65 if(xmlSecCheckVersion() != 1) {
66 fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
70 /* Load default crypto engine if we are supporting dynamic
71 * loading for xmlsec-crypto libraries. Use the crypto library
72 * name ("openssl", "nss", etc.) to load corresponding
73 * xmlsec-crypto library.
75 #ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
76 if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) {
77 fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
78 "that you have it installed and check shared libraries path\n"
79 "(LD_LIBRARY_PATH) envornment variable.\n");
82 #endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
84 /* Init crypto library */
85 if(xmlSecCryptoAppInit(NULL) < 0) {
86 fprintf(stderr, "Error: crypto initialization failed.\n");
90 /* Init xmlsec-crypto library */
91 if(xmlSecCryptoInit() < 0) {
92 fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
96 if(sign_file(argv[1], argv[2]) < 0) {
100 /* Shutdown xmlsec-crypto library */
101 xmlSecCryptoShutdown();
103 /* Shutdown crypto library */
104 xmlSecCryptoAppShutdown();
106 /* Shutdown xmlsec library */
109 /* Shutdown libxslt/libxml */
110 #ifndef XMLSEC_NO_XSLT
111 xsltCleanupGlobals();
112 #endif /* XMLSEC_NO_XSLT */
120 * @tmpl_file: the signature template file name.
121 * @key_file: the PEM private key file name.
123 * Signs the #tmpl_file using private key from #key_file.
125 * Returns 0 on success or a negative value if an error occurs.
128 sign_file(const char* tmpl_file, const char* key_file) {
129 xmlDocPtr doc = NULL;
130 xmlNodePtr node = NULL;
131 xmlSecDSigCtxPtr dsigCtx = NULL;
138 doc = xmlParseFile(tmpl_file);
139 if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
140 fprintf(stderr, "Error: unable to parse file \"%s\"\n", tmpl_file);
144 /* find start node */
145 node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
147 fprintf(stderr, "Error: start node not found in \"%s\"\n", tmpl_file);
151 /* create signature context, we don't need keys manager in this example */
152 dsigCtx = xmlSecDSigCtxCreate(NULL);
153 if(dsigCtx == NULL) {
154 fprintf(stderr,"Error: failed to create signature context\n");
158 /* load private key, assuming that there is not password */
159 dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
160 if(dsigCtx->signKey == NULL) {
161 fprintf(stderr,"Error: failed to load private pem key from \"%s\"\n", key_file);
165 /* set key name to the file name, this is just an example! */
166 if(xmlSecKeySetName(dsigCtx->signKey, key_file) < 0) {
167 fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
171 /* sign the template */
172 if(xmlSecDSigCtxSign(dsigCtx, node) < 0) {
173 fprintf(stderr,"Error: signature failed\n");
177 /* print signed document to stdout */
178 xmlDocDump(stdout, doc);
185 if(dsigCtx != NULL) {
186 xmlSecDSigCtxDestroy(dsigCtx);