}
/* search the element node of id. NOTE : not optimized at all */
-static xmlNodePtr search_id(const char *id)
+static xmlNodePtr search_for(const char *attrname, const char *value)
{
char *val;
xmlNodePtr iter, next;
result = NULL;
iter = xmlDocGetRootElement(document);
while (iter != NULL) {
- val = xmlGetProp(iter, "Id");
- if (val != NULL && !strcmp(val, id)) {
+ val = xmlGetProp(iter, attrname);
+ if (val != NULL && !strcmp(val, value)) {
if (result != NULL) {
- syslog(LOG_ERR, "duplicated Id %s", id);
+ syslog(LOG_ERR, "duplicated %s %s", attrname, value);
free(val);
return NULL;
}
iter = next;
}
if (result == NULL)
- syslog(LOG_ERR, "node of Id '%s' not found", id);
+ syslog(LOG_ERR, "node of %s '%s' not found", attrname, value);
return result;
}
+
+/* search the element node of id. NOTE : not optimized at all */
+static xmlNodePtr search_id(const char *id)
+{
+ return search_for("Id", id);
+}
#endif
/* check the digest of one element */
/* parse the uri */
u = xmlParseURI(uri);
- if (u == NULL) {
+ if (!u) {
syslog(LOG_ERR, "error while parsing URI %s", uri);
goto error2;
}
+ /* check that unexpected parts are not there */
if (u->scheme || u->opaque || u->authority || u->server || u->user || u->query) {
syslog(LOG_ERR, "unexpected uri component in %s", uri);
goto error3;
}
+ /* check path and fragment */
+ if (!u->path && !u->fragment) {
+ syslog(LOG_ERR, "invalid uri %s", uri);
+ goto error3;
+ }
if (u->path && u->fragment) {
syslog(LOG_ERR, "not allowed to sign foreign fragment in %s", uri);
goto error3;
}
if (u->path) {
+ /* check that the path is valid */
fdesc = file_of_name(u->path);
if (fdesc == NULL) {
syslog(LOG_ERR, "reference to unknown file %s", u->path);
return 0;
}
+/* checks the current document */
static int checkdocument()
{
int rc;
return rc;
}
+/* verify the digital signature of the file described by 'fdesc' */
int verify_digsig(struct filedesc *fdesc)
{
int res;
assert ((fdesc->flags & flag_signature) != 0);
-printf("\n\nchecking file %s\n\n",fdesc->name);
+ debug("-- checking file %s",fdesc->name);
/* reset the flags */
file_clear_flags();
return res;
}
+/* check all the signature files */
int check_all_signatures()
{
int rc, irc;
rc = 0;
for (i = n ; i-- > 0 ; ) {
fdesc = signature_of_index(i);
- assert ((fdesc->flags & flag_signature) != 0);
irc = verify_digsig(fdesc);
if (!irc)
rc = irc;
return rc;
}
+/* create a signature of 'index' (0 for author, other values for distributors)
+using the private 'key' (filename) and the certificates 'certs' (filenames)
+as trusted chain */
int create_digsig(int index, const char *key, const char **certs)
{
struct filedesc *fdesc;
int rc, len;
rc = -1;
+
+ /* create the doc */
doc = xmlsec_create(index, key, certs);
if (doc == NULL)
goto error;
+ /* instanciate the filename */
fdesc = create_signature(index);
if (fdesc == NULL)
goto error2;
+ /* save the doc as file */
len = xmlSaveFormatFileEnc(fdesc->name, doc, NULL, 0);
if (len < 0) {
syslog(LOG_ERR, "xmlSaveFormatFileEnc to %s failed", fdesc->name);