xmldsig.h

Name

xmldsig.h -- The XML Digital Signature standard implementation.

Synopsis



struct      xmlSecDSigCtx;
struct      xmlSecDSigResult;
enum        xmlSecReferenceType;
struct      xmlSecReferenceResult;
xmlSecDSigCtxPtr xmlSecDSigCtxCreate        (xmlSecKeysMngrPtr keysMngr);
void        xmlSecDSigCtxDestroy            (xmlSecDSigCtxPtr ctx);
int         xmlSecDSigValidate              (xmlSecDSigCtxPtr ctx,
                                             void *context,
                                             xmlSecKeyPtr key,
                                             xmlNodePtr signNode,
                                             xmlSecDSigResultPtr *result);
int         xmlSecDSigGenerate              (xmlSecDSigCtxPtr ctx,
                                             void *context,
                                             xmlSecKeyPtr key,
                                             xmlNodePtr signNode,
                                             xmlSecDSigResultPtr *result);
xmlSecDSigResultPtr xmlSecDSigResultCreate  (xmlSecDSigCtxPtr ctx,
                                             void *context,
                                             xmlNodePtr signNode,
                                             int sign);
void        xmlSecDSigResultDestroy         (xmlSecDSigResultPtr result);
void        xmlSecDSigResultDebugDump       (xmlSecDSigResultPtr result,
                                             FILE *output);
void        xmlSecDSigResultDebugXmlDump    (xmlSecDSigResultPtr result,
                                             FILE *output);

Description

Details

struct xmlSecDSigCtx

struct xmlSecDSigCtx {
    int				processManifests;
    int				storeSignatures;
    int				storeReferences;
    int				storeManifests;	
    int				fakeSignatures;

    xmlSecKeyInfoCtx		keyInfoCtx;
};

XML DSig context.

int processManifests if 0 then <dsig:Manifests> nodes are not processed.
int storeSignatures store the signed content just (<dsig:SignedInfo> element) before applying signature.
int storeReferences store the result of processing <dsig:Reference> nodes in <dsig:SignedInfo> nodes just before digesting.
int storeManifests store the result of processing <dsig:Reference> nodes in <dsig:Manifest> nodes just before digesting (ignored if processManifest is 0).
int fakeSignatures for performance testing only.
xmlSecKeyInfoCtx keyInfoCtx 


struct xmlSecDSigResult

struct xmlSecDSigResult {
    xmlSecDSigCtxPtr		ctx;
    void			*context;
    xmlNodePtr			self;
    int				sign;
    xmlSecTransformStatus	result;
    xmlSecTransformId		signMethod;
    xmlSecKeyPtr		key;
    xmlSecReferenceResultPtr	firstSignRef;
    xmlSecReferenceResultPtr	lastSignRef;
    xmlSecReferenceResultPtr	firstManifestRef;
    xmlSecReferenceResultPtr	lastManifestRef; 
    xmlSecBufferPtr		buffer;
};

XML DSig Result.

xmlSecDSigCtxPtr ctx the DSig context xmlSecDSigCtx.
void *context the pointer to application specific data.
xmlNodePtr self the pointer to <dsig:Signature> node.
int sign the sign/verify flag.
xmlSecTransformStatus result the signature verification/generation status.
xmlSecTransformId signMethod the signature algorithm .
xmlSecKeyPtr key the pointer to signature key.
xmlSecReferenceResultPtr firstSignRef the pointer to the first <dsig:SignedInfo> reference result.
xmlSecReferenceResultPtr lastSignRef the pointer to the last <dsig:SignedInfo> reference result.
xmlSecReferenceResultPtr firstManifestRef the pointer to the first <dsig:Manifest> reference result (valid only if the processManifests flag in ctx is set to 1).
xmlSecReferenceResultPtr lastManifestRef the pointer to the last <dsig:Manifest> reference result (valid only if the processManifests flag in ctx is set to 1).
xmlSecBufferPtr buffer the pointer to the signed content - the canonicalization of <dsig:SignedInfo> node (valid only if the storeSignatures flag in ctx structure is set to 1).


enum xmlSecReferenceType

typedef enum  {
    xmlSecSignedInfoReference,
    xmlSecManifestReference
} xmlSecReferenceType;

The possible <dsig:Reference> node locations: in the <dsig:SignedInfo> node or in the <dsig:Manifest> node.

xmlSecSignedInfoReference reference in <dsig:SignedInfo> node.
xmlSecManifestReference reference <dsig:Manifest> node.


struct xmlSecReferenceResult

struct xmlSecReferenceResult {
    xmlSecDSigCtxPtr		ctx;
    xmlNodePtr			self;
    xmlSecReferenceType		refType;
    xmlSecTransformStatus	result;
    xmlSecReferenceResultPtr	next;
    xmlSecReferenceResultPtr	prev;
    xmlChar			*uri;
    xmlChar			*id;
    xmlChar			*type;
    xmlSecTransformId		digestMethod;
    xmlSecBufferPtr		buffer;
}; 

The result of <dsig:Reference> processing.

xmlSecDSigCtxPtr ctx the pointer to DSig context.
xmlNodePtr self the pointer to <dsig:Reference> node.
xmlSecReferenceType refType the <dsig:Reference> node location.
xmlSecTransformStatus result the verification/generation result.
xmlSecReferenceResultPtr next the next reference result.
xmlSecReferenceResultPtr prev the prev reference result.
xmlChar *uri the <dsig:Reference> node URI attribute.
xmlChar *id the <dsig:Reference> node Id attribute.
xmlChar *type the <dsig:Reference> node Type attribute.
xmlSecTransformId digestMethod the used digest algorithm id.
xmlSecBufferPtr buffer the pointer to digested content (valid only if the storeReferences or storeManifests flags in xmlSecDSigCtx).


xmlSecDSigCtxCreate ()

xmlSecDSigCtxPtr xmlSecDSigCtxCreate        (xmlSecKeysMngrPtr keysMngr);

Creates new xmlSecDSigCtx structure.

keysMngr : 
Returns :pointer to newly allocated xmlSecDSigCtx structure or NULL if an error occurs.


xmlSecDSigCtxDestroy ()

void        xmlSecDSigCtxDestroy            (xmlSecDSigCtxPtr ctx);

Destroys xmlSecDSigCtx structure ctx.

ctx : the pointer to xmlSecDSigCtx structure.


xmlSecDSigValidate ()

int         xmlSecDSigValidate              (xmlSecDSigCtxPtr ctx,
                                             void *context,
                                             xmlSecKeyPtr key,
                                             xmlNodePtr signNode,
                                             xmlSecDSigResultPtr *result);

Validates the signature in signNode and stores the pointer to validation result structure xmlSecDSigResult in the result.

ctx : the pointer to xmlSecDSigCtx structure.
context : the pointer to application specific data that will be passed to all callback functions.
key : the key to use (if NULL then the key specified in <dsig:KeyInfo> will be used).
signNode : the pointer to <dsig:Signature> node that will be validated.
result : the pointer where to store validation results.
Returns :0 if there were no processing errors during validation or a negative value otherwise. The return value equal to 0 DOES NOT mean that the signature is valid: check the result member of xmlSecDSigResult structure instead.


xmlSecDSigGenerate ()

int         xmlSecDSigGenerate              (xmlSecDSigCtxPtr ctx,
                                             void *context,
                                             xmlSecKeyPtr key,
                                             xmlNodePtr signNode,
                                             xmlSecDSigResultPtr *result);

Signs the data according to the template in signNode node.

ctx : the pointer to xmlSecDSigCtx structure.
context : the pointer to application specific data that will be passed to all callback functions.
key : the key to use (if NULL then the key specified in <dsig:KeyInfo> will be used).
signNode : the pointer to <dsig:Signature> template node.
result : the pointer where to store signature results.
Returns :0 on success and a negative value otherwise.


xmlSecDSigResultCreate ()

xmlSecDSigResultPtr xmlSecDSigResultCreate  (xmlSecDSigCtxPtr ctx,
                                             void *context,
                                             xmlNodePtr signNode,
                                             int sign);

Creates new xmlSecDSigResult structure.

ctx : the pointer to xmlSecDSigCtx structure.
context : the pointer to application specific data that will be passed to all callback functions.
signNode : the pointer to <dsig:Signature> node that will be validated.
sign : the sign or verify flag.
Returns :newly created xmlSecDSigResult structure or NULL if an error occurs.


xmlSecDSigResultDestroy ()

void        xmlSecDSigResultDestroy         (xmlSecDSigResultPtr result);

Destroys the xmlSecDSigResult structure result.

result : the pointer to xmlSecDSigResult structure.


xmlSecDSigResultDebugDump ()

void        xmlSecDSigResultDebugDump       (xmlSecDSigResultPtr result,
                                             FILE *output);

Prints the xmlSecDSigResult structure result to file output.

result : the pointer to xmlSecDSigResult structure.
output : the pointer to destination FILE.


xmlSecDSigResultDebugXmlDump ()

void        xmlSecDSigResultDebugXmlDump    (xmlSecDSigResultPtr result,
                                             FILE *output);

Prints the xmlSecDSigResult structure result to file output in XML format.

result : the pointer to xmlSecDSigResult structure.
output : the pointer to destination FILE.