From 109617ef267ea0a13e8a3645fdd47664545a45f4 Mon Sep 17 00:00:00 2001
From: Ross Kinder <rkinder@secureworks.com>
Date: Tue, 6 Oct 2015 10:18:59 -0400
Subject: [PATCH] clean up readme, add example

---
 README.md           | 55 +++++++++-----------------------------------
 examples/xmldsig.go | 56 +++++++++++++++++++++++++++++++++++++++++++++
 xmldsig/xmldsig.go  |  7 +++++-
 3 files changed, 73 insertions(+), 45 deletions(-)
 create mode 100644 examples/xmldsig.go

diff --git a/README.md b/README.md
index 285cf6d..cf96811 100644
--- a/README.md
+++ b/README.md
@@ -4,49 +4,16 @@ A (partial) wrapper for [xmlsec](https://www.aleksey.com/xmlsec).
 
 ## Signing Example
 
-    key := []byte(`-----BEGIN PRIVATE KEY-----
-    MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAOK9uFHs/nXrH9Lc
-    GorG6lB7Qs42iWK6mIE56wI7dIdsOuXf6r0ht+d+YTTis24xw+wjEHXrVN0Okh6w
-    sKftzxo8chIo60+UB5NlKdvxAC7tpGNmrf49us/m5bdNx8IY+0pPK0c6B786Uluj
-    Tvx1WFdDXh3UQPBclbWtFe5S3gLxAgMBAAECgYAPj9ngtZVZXoPWowinUbOvRmZ1
-    ZMTVI91nsSPyCUacLM92C4I+7NuEZeYiDRUnkP7TbCyrCzXN3jwlIxdczzORhlXB
-    Bgg9Sw2fkV61CnDEMgw+aEeD5A0GDA6eTwkrawiOMs8vupjsi2/stPsa+bmpI6Rn
-    fdEKBdyDP6iQQhAxiQJBAPNtM7IMvRzlZBXoDaTTpP9rN2FR0ZcX0LT5aRZJ81qi
-    +ZOBFeHUb6MyWvzZKfPinj9JO3s/9e3JbMXemRWBmvcCQQDuc+NfAeW200QyjoC3
-    Ed3jueLMrY1Q3zTcSUhRPw/0pIKgRGZJerro8N6QY2JziV2mxK855gKTwwBigMHL
-    2S9XAkEAwuBfjGDqXOG/uFHn6laNNvWshjqsIdus99Tbrj5RlfP2/YFP9VTOcsXz
-    VYy9K0P3EA8ekVLpHQ4uCFJmF3OEjQJBAMvwO69/HOufhv1CWZ25XzAsRGhPqsRX
-    Eouw9XPfXpMavEm8FkuT9xXRJFkTVxl/i6RdJYx8Rwn/Rm34t0bUKqMCQQCrAtKC
-    Un0PLcemAzPi8ADJlbMDG/IDXNbSej0Y4tw9Cdho1Q38XLZJi0RNdNvQJD1fWu3x
-    9+QU/vJr7lMLzdoy
-    -----END PRIVATE KEY-----`)
-    
-    docStr := `<?xml version="1.0" encoding="UTF-8"?>
-    <!--
-    XML Security Library example: Simple signature template file for sign1 example.
-    -->
-    <Envelope xmlns="urn:envelope">
-      <Data>
-        Hello, World!
-      </Data>
-      <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
-        <SignedInfo>
-          <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
-          <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
-          <Reference URI="">
-            <Transforms>
-              <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
-            </Transforms>
-            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
-            <DigestValue></DigestValue>
-          </Reference>
-        </SignedInfo>
-        <SignatureValue/>
-        <KeyInfo>
-        <KeyName/>
-        </KeyInfo>
-      </Signature>
-    </Envelope>`
-
+    key, _ := ioutil.ReadFile("saml.key")
+    doc, _ := ioutil.ReadAll(os.Stdin)
     signedDoc, err := xmldsig.Sign(key, doc)
     os.Stdout.Write(signedDoc)
+
+## Verifying Example
+
+    key, _ := ioutil.ReadFile("saml.crt")
+    doc, _ := ioutil.ReadAll(os.Stdin)
+    err := xmldsig.Verify(key, doc)
+    if err == xmldsig.ErrVerificationFailed {
+      os.Exit(1)
+    }
\ No newline at end of file
diff --git a/examples/xmldsig.go b/examples/xmldsig.go
new file mode 100644
index 0000000..712c5b6
--- /dev/null
+++ b/examples/xmldsig.go
@@ -0,0 +1,56 @@
+package main
+
+import (
+	"flag"
+	"fmt"
+	"io/ioutil"
+	"os"
+
+	"github.com/crewjam/go-xmlsec/xmldsig"
+)
+
+func main() {
+	doVerify := flag.Bool("v", false, "verify the document")
+	doSign := flag.Bool("s", false, "sign the document")
+	keyPath := flag.String("k", "", "the path to the key")
+	flag.Parse()
+
+	if !*doVerify && !*doSign {
+		fmt.Println("you must specify -v to verify or -s to sign")
+		os.Exit(1)
+	}
+	if *keyPath == "" {
+		fmt.Println("you must specify a key file")
+		os.Exit(1)
+	}
+
+	key, err := ioutil.ReadFile(*keyPath)
+	if err != nil {
+		fmt.Printf("%s\n", err)
+		os.Exit(1)
+	}
+
+	buf, err := ioutil.ReadAll(os.Stdin)
+
+	if *doSign {
+		signedBuf, err := xmldsig.Sign(key, string(buf))
+		if err != nil {
+			fmt.Printf("%s\n", err)
+			os.Exit(1)
+		}
+		fmt.Print(signedBuf)
+	}
+
+	if *doVerify {
+		err := xmldsig.Verify(key, string(buf))
+		if err == xmldsig.ErrVerificationFailed {
+			fmt.Println("signature is not correct")
+			os.Exit(1)
+		}
+		if err != nil {
+			fmt.Printf("error: %s\n", err)
+			os.Exit(1)
+		}
+		fmt.Println("signature is correct")
+	}
+}
diff --git a/xmldsig/xmldsig.go b/xmldsig/xmldsig.go
index bfd1af3..f445bdd 100644
--- a/xmldsig/xmldsig.go
+++ b/xmldsig/xmldsig.go
@@ -18,6 +18,10 @@ import "C"
 // #include "libxml/parser.h"
 // #include "libxml/parserInternals.h"
 // #include "libxml/xmlmemory.h"
+// // Macro wrapper function
+// static inline void MY_xmlFree(void *p) {
+//   xmlFree(p);
+// }
 import "C"
 
 func init() {
@@ -81,7 +85,7 @@ func dumpDoc(doc *C.xmlDoc) string {
 	var bufferSize C.int
 	C.xmlDocDumpMemory(doc, &buffer, &bufferSize)
 	rv := C.GoStringN((*C.char)(unsafe.Pointer(buffer)), bufferSize)
-	C.xmlMemFree(unsafe.Pointer(buffer))
+	C.MY_xmlFree(unsafe.Pointer(buffer))
 	return rv
 }
 
@@ -120,6 +124,7 @@ func Sign(key []byte, docStr string) (string, error) {
 	return dumpDoc(doc), nil
 }
 
+// ErrVerificationFailed is returned from Verify when the signature is incorrect
 var ErrVerificationFailed = errors.New("signature verification failed")
 
 const (