Using context objects. The great flexibility of XML Digital Signature and XML Encryption specification is one of the most interesting and in the same time, most dangerouse feature for an application developer. For example, XPath and XSLT transform can make it very difficult to find out what exactly was signed by just looking at the transforms and the input data. Many protocols based on XML Digital Signature and XML Encryption restrict allowed key data types, allowed transforms or possible input data. For example, signature in a simple SAML Response should have only one <dsig:Reference/> element with an empty or NULL URI attribute and only one enveloped transform. XML Security Library uses "context" objects to let application enable or disable particular features, return the result data and the information collected during the processing. Also all the context objects defined in XML Security library have a special userData member which could be used by application to pass application specific data around. XML Security Library never use this field. The application creates a new xmlSecDSigCtx or xmlSecEncCtx object for each operation, sets necessary options and consumes result returned in the context after signature, verification, encryption or decryption. SAML signature validation. enabledReferenceUris = xmlSecTransformUriTypeEmpty; /* limit allowed transforms for siganture and reference processing */ if((xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformInclC14NId) < 0) || (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformExclC14NId) < 0) || (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformSha1Id) < 0) || (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformRsaSha1Id) < 0)) { fprintf(stderr,"Error: failed to limit allowed siganture transforms\n"); goto done; } if((xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformInclC14NId) < 0) || (xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformExclC14NId) < 0) || (xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformSha1Id) < 0) || (xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformEnvelopedId) < 0)) { fprintf(stderr,"Error: failed to limit allowed reference transforms\n"); goto done; } /* in addition, limit possible key data to valid X509 certificates only */ if(xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecKeyDataX509Id) < 0) { fprintf(stderr,"Error: failed to limit allowed key data\n"); goto done; } /* Verify signature */ if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) { fprintf(stderr,"Error: signature verify\n"); goto done; } /* check that we have only one Reference */ if((dsigCtx->status == xmlSecDSigStatusSucceeded) && (xmlSecPtrListGetSize(&(dsigCtx->signedInfoReferences)) != 1)) { fprintf(stderr,"Error: only one reference is allowed\n"); goto done; } /* print verification result to stdout */ if(dsigCtx->status == xmlSecDSigStatusSucceeded) { fprintf(stdout, "Signature is OK\n"); } else { fprintf(stdout, "Signature is INVALID\n"); } /* success */ res = 0; done: /* cleanup */ if(dsigCtx != NULL) { xmlSecDSigCtxDestroy(dsigCtx); } if(doc != NULL) { xmlFreeDoc(doc); } return(res); } ]]>