forked from lestrrat-go/xmlsec
-
Notifications
You must be signed in to change notification settings - Fork 1
/
xmlsec_example_test.go
143 lines (122 loc) · 3.48 KB
/
xmlsec_example_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
package xmlsec_test
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"io/ioutil"
"log"
"os"
"github.com/lestrrat-go/libxml2/parser"
"github.com/lestrrat-go/xmlsec"
"github.com/lestrrat-go/xmlsec/crypto"
"github.com/lestrrat-go/xmlsec/dsig"
)
func ExampleSignature_Sign() {
xmlsec.Init()
defer xmlsec.Shutdown()
p := parser.New(parser.XMLParseDTDLoad | parser.XMLParseDTDAttr | parser.XMLParseNoEnt)
doc, err := p.ParseString(`<?xml version="1.0" encoding="UTF-8"?>
<Message><Data>Hello, World!</Data></Message>`)
n, err := doc.DocumentElement()
if err != nil {
log.Printf("DocumentElement failed: %s", err)
return
}
// n is the node where you want your signature to be
// generated under
sig, err := dsig.NewSignature(n, dsig.ExclC14N, dsig.RsaSha1, "")
if err != nil {
log.Printf("failed to create signature: %s", err)
return
}
sig.AddReference(dsig.Sha1, "", "", "")
sig.AddTransform(dsig.Enveloped)
privkey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
log.Printf("failed to generate key: %s", err)
return
}
key, err := crypto.LoadKeyFromRSAPrivateKey(privkey)
if err := sig.Sign(key); err != nil {
log.Printf("failed to sign: %s", err)
return
}
log.Printf("%s", doc.Dump(true))
}
func ExampleDSigCtx_Sign() {
xmlsec.Init()
defer xmlsec.Shutdown()
ctx, err := dsig.NewCtx(nil)
if err != nil {
log.Printf("Failed to create signature context: %s", err)
return
}
defer ctx.Free()
// This stuff isn't necessary if you already have a key file
privkey, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
log.Printf("Failed to generate private key: %s", err)
return
}
var pemkey = &pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(privkey),
}
pemfile, err := ioutil.TempFile("", "xmlsec-test-")
if err != nil {
log.Printf("Failed to create temporary pemfile")
return
}
defer os.Remove(pemfile.Name())
defer pemfile.Close()
if err := pem.Encode(pemfile, pemkey); err != nil {
log.Printf("Failed to write to pemfile: %s", err)
return
}
if err := pemfile.Sync(); err != nil {
log.Printf("Failed to sync pemfile: %s", err)
return
}
key, err := crypto.LoadKeyFromFile(pemfile.Name(), crypto.KeyDataFormatPem)
if err != nil {
log.Printf("Faild to load key: %s", err)
return
}
ctx.SetKey(key)
p := parser.New(parser.XMLParseDTDLoad | parser.XMLParseDTDAttr | parser.XMLParseNoEnt)
doc, err := p.ParseString(`<?xml version="1.0" encoding="UTF-8"?>
<!-- XML Security Library example: Simple signature template file for sign1 example. -->
<Envelope xmlns="urn:envelope">
<Data>
Hello, World!
</Data>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue></DigestValue>
</Reference>
</SignedInfo>
<SignatureValue/>
<KeyInfo>
<KeyName/>
</KeyInfo>
</Signature>
</Envelope>`)
if err != nil {
log.Printf("Failed to parse source XML: %s", err)
return
}
defer doc.Free()
if err := ctx.Sign(doc); err != nil {
log.Printf("Failed to sign document: %s", err)
return
}
log.Printf("%s", doc.Dump(true))
}