[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [libebics] branch master updated: Print well-formed (draft)
From: |
gnunet |
Subject: |
[GNUnet-SVN] [libebics] branch master updated: Print well-formed (draft) of HPB. |
Date: |
Tue, 16 Oct 2018 12:53:41 +0200 |
This is an automated email from the git hooks/post-receive script.
marcello pushed a commit to branch master
in repository libebics.
The following commit(s) were added to refs/heads/master by this push:
new e66617e Print well-formed (draft) of HPB.
e66617e is described below
commit e66617e1e55a4f4a3c45366c9601364b1a422d8b
Author: Marcello Stanisci <address@hidden>
AuthorDate: Tue Oct 16 12:53:08 2018 +0200
Print well-formed (draft) of HPB.
---
src/libebics.c | 26 ++++----
src/libebics.h | 8 +--
src/tests.c | 14 +++++
src/xmlmessages.c | 176 ++++++++++++++++++++++++++++++++----------------------
src/xmlmessages.h | 44 +++++++-------
src/xmlproto.c | 10 ++--
6 files changed, 160 insertions(+), 118 deletions(-)
diff --git a/src/libebics.c b/src/libebics.c
index b502898..8560f38 100644
--- a/src/libebics.c
+++ b/src/libebics.c
@@ -842,35 +842,37 @@ EBICS_generate_message_hia
* @return pointer to a freshly allocated document, NULL upon errors.
*/
struct EBICS_genex_document *
-EBICS_generate_message_hpb (struct EBICS_ARGS_build_header *header_args,
- struct EBICS_ARGS_build_auth *auth_args)
+EBICS_generate_message_hpb (struct EBICS_ARGS_build_header *header_args)
{
struct EBICS_genex_document *instance;
if (NULL == (instance = get_genex_instance
- (0))) // FIXME
+ (EBICS_HPB_UNIQUE_TEMPLATE)))
{
LOG (EBICS_ERROR,
"Could not allocate genex instance\n");
return NULL;
}
-
- struct EBICS_MSG_Spec foo[] = {
-
- EBICS_MSG_op_subcommand (EBICS_build_header_ebicsNoPubKeyDigestsRequest,
- header_args),
- EBICS_MSG_op_set_string ("//ebics:OrderDetails//ebics:OrderType",
- "HPB"),
+ struct EBICS_MSG_Spec spec[] = {
+ /* Put a nonce and timestamp */
+ EBICS_MSG_op_subcommand
+ (EBICS_build_header_ebicsNoPubKeyDigestsRequest,
+ header_args),
+ EBICS_MSG_op_set_string
+ ("//ebics:OrderDetails//ebics:OrderType",
+ "HPB"),
EBICS_MSG_op_del_node ("//ds:X509Data"),
+
EBICS_MSG_op_subcommand (EBICS_build_auth_signature,
- auth_args),
+ NULL),
EBICS_MSG_op_clean (),
EBICS_MSG_op_end ()
};
- EBICS_MSG_parse_spec(foo,
+ EBICS_MSG_parse_spec (spec,
instance);
+ return instance;
}
/**
diff --git a/src/libebics.h b/src/libebics.h
index cfdf4ba..ce88b6d 100644
--- a/src/libebics.h
+++ b/src/libebics.h
@@ -44,7 +44,7 @@
#define EBICS_INI_PAYLOAD_TEMPLATE 1
#define EBICS_HIA_WRAPPER_TEMPLATE 3
#define EBICS_HIA_PAYLOAD_TEMPLATE 2
-
+#define EBICS_HPB_UNIQUE_TEMPLATE 4
/**
* This struct forces the system to assign the
@@ -125,13 +125,11 @@ EBICS_generate_message_hia (struct
EBICS_ARGS_build_header *header_args,
/**
* Generator of HPB messages.
*
- * @param header_args TODO
- * @param auth_args TODO
+ * @param header_args general information like partner and bank IDs, ..
* @return pointer to a freshly allocated document, NULL upon errors.
*/
struct EBICS_genex_document *
-EBICS_generate_message_hpb (struct EBICS_ARGS_build_header *header_args,
- struct EBICS_ARGS_build_auth *auth_args);
+EBICS_generate_message_hpb (struct EBICS_ARGS_build_header *header_args);
/**
* Generator of CAMT.053 messages.
diff --git a/src/tests.c b/src/tests.c
index 12ef4bf..4bc2300 100644
--- a/src/tests.c
+++ b/src/tests.c
@@ -110,6 +110,20 @@ main (int argc,
util_dump_message (msg);
GNUNET_free (msg);
+ /**
+ * HPB
+ */
+ if (NULL == (msg = EBICS_generate_message_hpb
+ (&header_args)))
+ {
+ LOG (EBICS_LOGLEVEL_ERROR,
+ "Failed to instantiate HPB message\n");
+ return EBICS_ERROR;
+ }
+
+ util_dump_message (msg);
+ GNUNET_free (msg);
+
EBICS_close_library ();
return EBICS_SUCCESS;
}
diff --git a/src/xmlmessages.c b/src/xmlmessages.c
index dc227b9..ed6d5ee 100644
--- a/src/xmlmessages.c
+++ b/src/xmlmessages.c
@@ -260,13 +260,24 @@ EBICS_build_header_ebicsUnsecuredRequest (void *cls,
document);
}
+
+/**
+ * Put a nonce and timestamp into the message.
+ *
+ * @param cls currently unused.
+ * @param document the output document.
+ */
void
-EBICS_build_header_ebicsNoPubKeyDigestsRequest (void *cls,
- struct EBICS_genex_document
*document)
+EBICS_build_header_ebicsNoPubKeyDigestsRequest
+ (void *cls,
+ struct EBICS_genex_document *document)
{
+
char nonce[EBICS_NONCE_STRING_SIZE];
char date[DATE_STR_SIZE];
+
struct EBICS_MSG_Spec header[] = {
+
EBICS_MSG_op_subcommand (EBICS_build_header_generic,
cls),
EBICS_MSG_op_set_string ("//ebics:static//ebics:Nonce",
@@ -276,7 +287,8 @@ EBICS_build_header_ebicsNoPubKeyDigestsRequest (void *cls,
EBICS_MSG_op_end ()
};
- EBICS_MSG_parse_spec (header, document);
+ EBICS_MSG_parse_spec (header,
+ document);
}
void
@@ -578,71 +590,88 @@ void
EBICS_build_auth_signature (void *cls,
struct EBICS_genex_document *document)
{
- char *hash_mapping[2] = {"http://www.w3.org/2001/04/xmlenc#sha256",
- "http://www.w3.org/2001/04/xmlenc#sha512" };
- struct EBICS_ARGS_build_auth *data = (struct EBICS_ARGS_build_auth*) cls;
+ char *hash_mapping[2] = {
+ "http://www.w3.org/2001/04/xmlenc#sha256",
+ "http://www.w3.org/2001/04/xmlenc#sha512" };
struct EBICS_MSG_Spec auth[] = {
+
/* Prepare Signature Part */
- EBICS_MSG_op_del_attribute ("//ebics:AuthSignature/@Id"),
- EBICS_MSG_op_del_attribute ("//ebics:AuthSignature/ds:SignedInfo/@Id"),
- EBICS_MSG_op_set_attribute
("//ebics:AuthSignature/ds:SignedInfo/ds:CanonicalizationMethod/@Algorithm",
-
"http://www.w3.org/TR/2001/REC-xml-c14n-20010315"),
- EBICS_MSG_op_set_attribute
("//ebics:AuthSignature/ds:SignedInfo/ds:SignatureMethod/@Algorithm",
-
"http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"),
- EBICS_MSG_op_set_attribute
("//ebics:AuthSignature/ds:SignedInfo/ds:Reference/@URI",
- "#xpointer(//address@hidden'true'])"),
- EBICS_MSG_op_del_attribute
("//ebics:AuthSignature/ds:SignedInfo/ds:Reference/@Id"),
- EBICS_MSG_op_del_attribute
("//ebics:AuthSignature/ds:SignedInfo/ds:Reference/@Type"),
- EBICS_MSG_op_set_attribute
("//ebics:AuthSignature//ds:Transform/@Algorithm",
-
"http://www.w3.org/TR/2001/REC-xml-c14n-20010315"),
- EBICS_MSG_op_set_attribute
("//ebics:AuthSignature//ds:DigestMethod/@Algorithm",
- "http://www.w3.org/2001/04/xmlenc#sha256"),
- EBICS_MSG_op_set_string ("//ebics:AuthSignature//ds:DigestValue",
- ""),
- EBICS_MSG_op_del_attribute ("//ebics:AuthSignature//ds:KeyInfo/@Id"),
- EBICS_MSG_op_unique_choice ("//ebics:AuthSignature//ds:KeyName"),
- EBICS_MSG_op_del_node ("//ebics:AuthSignature//ds:KeyName"),
- EBICS_MSG_op_del_attribute ("//ebics:AuthSignature/ds:SignatureValue/@Id"),
- EBICS_MSG_op_set_string ("//ebics:AuthSignature//ds:SignatureValue",
- ""),
- EBICS_MSG_op_del_node ("//ebics:AuthSignature//ds:Object"),
+ EBICS_MSG_op_del_attribute
+ ("//ebics:AuthSignature/@Id"),
+ EBICS_MSG_op_del_attribute
+ ("//ebics:AuthSignature/ds:SignedInfo/@Id"),
+ EBICS_MSG_op_set_attribute
+
("//ebics:AuthSignature/ds:SignedInfo/ds:CanonicalizationMethod/@Algorithm",
+ "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"),
+ EBICS_MSG_op_set_attribute
+ ("//ebics:AuthSignature/ds:SignedInfo/ds:SignatureMethod/@Algorithm",
+ "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"),
+ EBICS_MSG_op_set_attribute
+ ("//ebics:AuthSignature/ds:SignedInfo/ds:Reference/@URI",
+ "#xpointer(//address@hidden'true'])"),
+ EBICS_MSG_op_del_attribute
+ ("//ebics:AuthSignature/ds:SignedInfo/ds:Reference/@Id"),
+ EBICS_MSG_op_del_attribute
+ ("//ebics:AuthSignature/ds:SignedInfo/ds:Reference/@Type"),
+ EBICS_MSG_op_set_attribute
+ ("//ebics:AuthSignature//ds:Transform/@Algorithm",
+ "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"),
+ EBICS_MSG_op_set_attribute
+ ("//ebics:AuthSignature//ds:DigestMethod/@Algorithm",
+ "http://www.w3.org/2001/04/xmlenc#sha256"),
+ EBICS_MSG_op_set_string
+ ("//ebics:AuthSignature//ds:DigestValue",
+ ""),
+ EBICS_MSG_op_del_attribute
+ ("//ebics:AuthSignature//ds:KeyInfo/@Id"),
+ EBICS_MSG_op_unique_choice
+ ("//ebics:AuthSignature//ds:KeyName"),
+ EBICS_MSG_op_del_node
+ ("//ebics:AuthSignature//ds:KeyName"),
+ EBICS_MSG_op_del_attribute
+ ("//ebics:AuthSignature/ds:SignatureValue/@Id"),
+ EBICS_MSG_op_set_string
+ ("//ebics:AuthSignature/ds:SignatureValue",
+ ""),
+ EBICS_MSG_op_del_node
+ ("//ebics:AuthSignature//ds:Object"),
EBICS_MSG_op_end ()
};
- EBICS_MSG_parse_spec (auth, document);
+
+ EBICS_MSG_parse_spec (auth,
+ document);
LOG (EBICS_LOGLEVEL_DEBUG,
"Message building finished, now signign");
- EBICS_sign_message (data->bankAuthentication,
- data->bankEncryption,
- data->userAuthentication,
+ EBICS_sign_message (&keyList[EBICS_USER_SIG_KEY],
document);
}
/**
- * Sign a EBICS message.
+ * Sign a EBICS message. It relies on the "xml sec"
+ * library that scans the document to sign, and signs
+ * over all the nodes that have a "authenticate = true"
+ * attribute.
*
- * @param bankAuthentication fixme UNUSED.
- * @param bankEncryption fixme UNUSED.
- * @param userAuthentication has the sign key.
- * @param document the document to equip with signature.
+ * @param userAuthentication the user key
+ * @param document the document to get signed over. The
+ * final signature will then be appended to this document.
*/
void
-EBICS_sign_message (const struct EBICS_Key *bankAuthentication,
- const struct EBICS_Key *bankEncryption,
- const struct EBICS_Key *userAuthentication,
+EBICS_sign_message (const struct EBICS_Key *userAuthentication,
struct EBICS_genex_document *document)
{
-
+
int res;
int retv;
xmlNodePtr node;
xmlSecDSigCtxPtr dsigCtx;
gnutls_datum_t out;
- /* Rename ebics:AuthSignature so
- * xmlsec will not cry and break ... */
+ /* Rename ebics:AuthSignature to Signature,
+ * so xmlsec will not cry and break ... */
{
xmlXPathObjectPtr xpathObjPtr;
xmlNodeSetPtr nodeset;
@@ -674,68 +703,73 @@ EBICS_sign_message (const struct EBICS_Key
*bankAuthentication,
node = xmlSecFindNode (xmlDocGetRootElement (document->document),
xmlSecNodeSignature,
BAD_CAST "http://www.w3.org/2000/09/xmldsig#");
- if (node == NULL)
+ if (NULL == node)
{
- LOG (EBICS_LOGLEVEL_ERROR, "Error: start node not found.");
+ LOG (EBICS_LOGLEVEL_ERROR,
+ "Error: start node not found.");
GNUNET_assert(0);
}
dsigCtx = xmlSecDSigCtxCreate (NULL);
- xmlSecDSigCtxInitialize (dsigCtx, NULL);
+ xmlSecDSigCtxInitialize (dsigCtx,
+ NULL);
- if(dsigCtx == NULL)
+ if(NULL == dsigCtx)
{
LOG (EBICS_LOGLEVEL_ERROR,
"Error: failed to create signature context.");
GNUNET_assert (0);
}
- retv = gnutls_x509_privkey_export2 (userAuthentication->privatekey,
- GNUTLS_X509_FMT_DER,
- &out);
+ retv = gnutls_x509_privkey_export2
+ (userAuthentication->privatekey,
+ GNUTLS_X509_FMT_DER,
+ &out);
+
if (GNUTLS_E_SUCCESS != retv)
{
LOG (EBICS_LOGLEVEL_ERROR,
- "Could not export key for reimport with xmlsec: %s",
+ "Could not export key for reimport with xmlsec: %s\n",
gnutls_strerror (retv));
}
- dsigCtx->signKey = xmlSecCryptoAppKeyLoadMemory (out.data,
- out.size,
- xmlSecKeyDataFormatDer,
- NULL,
- NULL,
- NULL);
+ dsigCtx->signKey = xmlSecCryptoAppKeyLoadMemory
+ (out.data,
+ out.size,
+ xmlSecKeyDataFormatDer,
+ NULL,
+ NULL,
+ NULL);
gnutls_free (out.data);
- if (dsigCtx->signKey == NULL)
+ if (NULL == dsigCtx->signKey)
{
LOG (EBICS_LOGLEVEL_ERROR,
- "Error: failed to load private pem key from buffer.");
+ "Error: failed to load private pem key from buffer\n");
GNUNET_assert (0);
}
- if (xmlSecKeySetName (dsigCtx->signKey,
- BAD_CAST "userAuthKey") < 0)
+ if (0 > xmlSecKeySetName (dsigCtx->signKey,
+ BAD_CAST "userAuthKey"))
{
LOG (EBICS_LOGLEVEL_FATAL,
- "Error: failed to set key name for key.");
+ "Error: failed to set key name for key\n");
GNUNET_assert (0);
}
+ /* Signs everything (?) */
if (0 > xmlSecDSigCtxSign (dsigCtx,
node))
{
- LOG (EBICS_LOGLEVEL_FATAL,"Error: signature failed.");
- // xmlSecDSigCtxDebugXmlDump (dsigCtx, stdout);
+ LOG (EBICS_LOGLEVEL_FATAL,"Error: signature failed\n");
+ /*xmlSecDSigCtxDebugXmlDump (dsigCtx, stdout);*/
GNUNET_assert (0);
}
- LOG (EBICS_LOGLEVEL_DEBUG,
- "Error is below me!");
-
if(dsigCtx != NULL) {
+ LOG (EBICS_LOGLEVEL_WARNING,
+ "The signature object did NOT get finalized\n");
/**
* TODO: Calling Finalize generates some
* assert errors inside xmlsec..Disabled for now.
@@ -744,12 +778,9 @@ EBICS_sign_message (const struct EBICS_Key
*bankAuthentication,
**/
xmlSecDSigCtxDestroy(dsigCtx);
}
-
- LOG (EBICS_LOGLEVEL_DEBUG,
- "Error is Above me!");
/**
* Rename ds:Signature so the
- * message validates with ebics schema
+ * message validates with EBICS schema
**/
{
xmlXPathObjectPtr xpathObjPtr;
@@ -763,6 +794,7 @@ EBICS_sign_message (const struct EBICS_Key
*bankAuthentication,
GNUNET_assert (NULL != xpathObjPtr);
GNUNET_assert (NULL != xpathObjPtr->nodesetval);
+
nodeset = xpathObjPtr->nodesetval;
node = nodeset->nodeTab[0];
xmlXPathFreeObject (xpathObjPtr);
diff --git a/src/xmlmessages.h b/src/xmlmessages.h
index 50a9dae..23f9227 100644
--- a/src/xmlmessages.h
+++ b/src/xmlmessages.h
@@ -92,32 +92,21 @@ struct EBICS_ARGS_build_content_camt053
/* Struct for all subcommands that need access to user or bank keys. */
struct EBICS_ARGS_build_auth
{
- /* Bank key hashes */
- /* Authentication hash key from bank */
- const struct EBICS_Key *bankAuthentication;
- /* Encryption key hash from bank */
- const struct EBICS_Key *bankEncryption;
- /* Signature key hash from bank
- * TODO: currently only planned but not yet enforced by the standard */
- const struct EBICS_Key *bankSignature;
-
- /* User keys */
- /* Authentication key(pair) from user */
+ /**
+ * Authentication key(pair) from user
+ */
const struct EBICS_Key *userAuthentication;
- /* Encryption key(pair) from user */
- const struct EBICS_Key *userEncryption;
- /* Signature key(pair) from user */
- const struct EBICS_Key *userSignature;
};
/* Generate a "ebicsNoPubKeyDigestsRequest" style header.
*
* @param cls Pointer to a EBICS_ARGS_build_header struct.
- * @param document Pointer to a EBICS_genex_document containing the
"ebicsNoPubKeyDigestsRequest" genex definition.
- *
+ * @param document Pointer to a EBICS_genex_document containing
+ * the "ebicsNoPubKeyDigestsRequest" genex definition.
*/
void
-EBICS_build_header_ebicsNoPubKeyDigestsRequest (void *cls, struct
EBICS_genex_document *document);
+EBICS_build_header_ebicsNoPubKeyDigestsRequest
+ (void *cls, struct EBICS_genex_document *document);
/* Generate a "ebicsUnsecuredRequest" style header.
*
@@ -179,11 +168,18 @@ EBICS_build_bankPubKeyDigest (void *cls, struct
EBICS_genex_document *document);
void
EBICS_build_auth_signature (void *cls, struct EBICS_genex_document *document);
-void
-EBICS_sign_message(const struct EBICS_Key *bankAuthentication,
- const struct EBICS_Key *bankEncryption,
- const struct EBICS_Key *userAuthentication,
- struct EBICS_genex_document *document);
-
+/**
+ * Sign a EBICS message. It relies on the "xml sec"
+ * library that scans the document to sign, and signs
+ * over all the nodes that have a "authenticate = true"
+ * attribute.
+ *
+ * @param userAuthentication the user key
+ * @param document the document to get signed over. The
+ * final signature will then be appended to this document.
+ */
+void
+EBICS_sign_message (const struct EBICS_Key *userAuthentication,
+ struct EBICS_genex_document *document);
#endif
diff --git a/src/xmlproto.c b/src/xmlproto.c
index 66fb7cb..6ee1ead 100644
--- a/src/xmlproto.c
+++ b/src/xmlproto.c
@@ -204,11 +204,11 @@ EBICS_MSG_op_add_attribute (const char *xpath, const char
*name, const char *val
struct EBICS_MSG_Spec
EBICS_MSG_op_del_attribute (const char *xpath)
{
- struct EBICS_MSG_Spec result =
- {
- .operation = EBICS_MSG_OP_DEL_ATTRIBUTE,
- .xpath = xpath,
- };
+ struct EBICS_MSG_Spec result = {
+ .operation = EBICS_MSG_OP_DEL_ATTRIBUTE,
+ .xpath = xpath,
+ };
+
return result;
};
--
To stop receiving notification emails like this one, please contact
address@hidden
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] [libebics] branch master updated: Print well-formed (draft) of HPB.,
gnunet <=