// Sign populates the signature for the payload. The signature is generated
// using the specified key
func (s *Signature) Sign(key *crypto.Key) error {
km, err := crypto.NewKeyManager()
ctx, err := NewCtx(km)
if err != nil {
return err
}
defer ctx.Free()
defer km.Free()
if err := km.AdoptKey(key); err != nil {
return err
}
return ctx.SignNode(s.signnode)
}
func TestKeysManager(t *testing.T) {
mngr, err := crypto.NewKeyManager()
if !assert.NoError(t, err, "NewKeyManager succeeds") {
return
}
defer mngr.Free()
privkey, err := rsa.GenerateKey(rand.Reader, 2048)
if !assert.NoError(t, err, "Generating private key should succeed") {
return
}
if !assert.NoError(t, mngr.LoadKeyFromRSAPrivateKey(privkey), "LoadKeyFromRSAPrivateKey succeeds") {
return
}
}
func (v *SignatureVerify) Verify(buf []byte) error {
p := parser.New(parser.XMLParseDTDLoad | parser.XMLParseDTDAttr | parser.XMLParseNoEnt)
doc, err := p.Parse(buf)
if err != nil {
return err
}
defer doc.Free()
mngr, err := crypto.NewKeyManager()
if err != nil {
return err
}
defer mngr.Free()
ctx, err := NewCtx(mngr)
if err != nil {
return err
}
defer ctx.Free()
root, err := doc.DocumentElement()
if err != nil {
return err
}
signode, err := clib.FindSignatureNode(root)
if err != nil {
return err
}
// Create a key manager, load keys from KeyInfo
prefix, err := signode.LookupNamespacePrefix(xmlsec.DSigNs)
if err != nil {
return err
}
if prefix == "" {
prefix = xmlsec.Prefix
}
xpc, err := xpath.NewContext(signode)
if err != nil {
return err
}
xpc.RegisterNS(prefix, xmlsec.Prefix)
iter := xpath.NodeIter(xpc.Find("//" + prefix + ":KeyInfo"))
for iter.Next() {
n := iter.Node()
if err := mngr.GetKey(n); err != nil {
return err
}
}
if key := v.key; key != nil {
cpy, err := key.Copy()
if err != nil {
return err
}
if err := ctx.SetKey(cpy); err != nil {
return err
}
}
return ctx.Verify(doc)
}
