// Sign populates the signature for the payload. The signature is generated // using the specified key func (s *Signature) Sign(key *crypto.Key) error { km, err := crypto.NewKeyManager() ctx, err := NewCtx(km) if err != nil { return err } defer ctx.Free() defer km.Free() if err := km.AdoptKey(key); err != nil { return err } return ctx.SignNode(s.signnode) }
func TestKeysManager(t *testing.T) { mngr, err := crypto.NewKeyManager() if !assert.NoError(t, err, "NewKeyManager succeeds") { return } defer mngr.Free() privkey, err := rsa.GenerateKey(rand.Reader, 2048) if !assert.NoError(t, err, "Generating private key should succeed") { return } if !assert.NoError(t, mngr.LoadKeyFromRSAPrivateKey(privkey), "LoadKeyFromRSAPrivateKey succeeds") { return } }
func (v *SignatureVerify) Verify(buf []byte) error { p := parser.New(parser.XMLParseDTDLoad | parser.XMLParseDTDAttr | parser.XMLParseNoEnt) doc, err := p.Parse(buf) if err != nil { return err } defer doc.Free() mngr, err := crypto.NewKeyManager() if err != nil { return err } defer mngr.Free() ctx, err := NewCtx(mngr) if err != nil { return err } defer ctx.Free() root, err := doc.DocumentElement() if err != nil { return err } signode, err := clib.FindSignatureNode(root) if err != nil { return err } // Create a key manager, load keys from KeyInfo prefix, err := signode.LookupNamespacePrefix(xmlsec.DSigNs) if err != nil { return err } if prefix == "" { prefix = xmlsec.Prefix } xpc, err := xpath.NewContext(signode) if err != nil { return err } xpc.RegisterNS(prefix, xmlsec.Prefix) iter := xpath.NodeIter(xpc.Find("//" + prefix + ":KeyInfo")) for iter.Next() { n := iter.Node() if err := mngr.GetKey(n); err != nil { return err } } if key := v.key; key != nil { cpy, err := key.Copy() if err != nil { return err } if err := ctx.SetKey(cpy); err != nil { return err } } return ctx.Verify(doc) }