From 1720c7896d3266ffbf4a05482b34aaab771f06c7 Mon Sep 17 00:00:00 2001 From: "andrew.smith@miracl.com" Date: Mon, 31 Oct 2016 17:00:08 +0000 Subject: [PATCH 01/17] prevent being output during encryption --- encrypt.go | 5 ++++- xmlsec.go | 8 ++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/encrypt.go b/encrypt.go index ce1cf61..8388444 100644 --- a/encrypt.go +++ b/encrypt.go @@ -279,5 +279,8 @@ func Encrypt(publicKey, doc []byte, opts EncryptOptions) ([]byte, error) { } encDataNode = nil // the template is inserted in the doc, so we don't own it - return dumpDoc(parsedDoc), nil + rootNode := C.xmlDocGetRootElement(parsedDoc) + buf := dumpNode(rootNode) + + return buf, nil } diff --git a/xmlsec.go b/xmlsec.go index da695c9..1c8e25b 100644 --- a/xmlsec.go +++ b/xmlsec.go @@ -108,3 +108,11 @@ func dumpDoc(doc *C.xmlDoc) []byte { return C.GoBytes(unsafe.Pointer(buffer), bufferSize) } + +func dumpNode(node *C.xmlNode) []byte { + buffer := C.xmlBufferCreate() + defer C.xmlBufferFree(buffer) + bufferSize := C.xmlNodeDump(buffer, nil, node, 0, 0) + + return C.GoBytes(unsafe.Pointer(buffer.content), bufferSize) +} From 3f6cfac8fd6f223786e49500b50bf2697d47cc89 Mon Sep 17 00:00:00 2001 From: "andrew.smith@miracl.com" Date: Mon, 31 Oct 2016 17:01:02 +0000 Subject: [PATCH 02/17] add URI attribute to --- signature.go | 53 +++++++++++++++++++++++++++++++--------------------- 1 file changed, 32 insertions(+), 21 deletions(-) diff --git a/signature.go b/signature.go index cb59e42..5c4d411 100644 --- a/signature.go +++ b/signature.go @@ -10,6 +10,18 @@ import ( type Method struct { Algorithm string `xml:",attr"` } +type Reference struct { + URI string `xml:"URI,attr"` + ReferenceTransforms []Method `xml:"Transforms>Transform"` + DigestMethod Method `xml:"DigestMethod"` + DigestValue string `xml:"DigestValue"` +} + +type SignedInfo struct { + CanonicalizationMethod Method `xml:"CanonicalizationMethod"` + SignatureMethod Method `xml:"SignatureMethod"` + Reference Reference `xml:"Reference"` +} // Signature is a model for the Signature object specified by XMLDSIG. This is // convenience object when constructing XML that you'd like to sign. For example: @@ -25,16 +37,11 @@ type Method struct { // buf, _ = Sign(key, buf) // type Signature struct { - XMLName xml.Name `xml:"http://www.w3.org/2000/09/xmldsig# Signature"` - - CanonicalizationMethod Method `xml:"SignedInfo>CanonicalizationMethod"` - SignatureMethod Method `xml:"SignedInfo>SignatureMethod"` - ReferenceTransforms []Method `xml:"SignedInfo>Reference>Transforms>Transform"` - DigestMethod Method `xml:"SignedInfo>Reference>DigestMethod"` - DigestValue string `xml:"SignedInfo>Reference>DigestValue"` - SignatureValue string `xml:"SignatureValue"` - KeyName string `xml:"KeyInfo>KeyName,omitempty"` - X509Certificate *SignatureX509Data `xml:"KeyInfo>X509Data,omitempty"` + XMLName xml.Name `xml:"http://www.w3.org/2000/09/xmldsig# Signature"` + SignedInfo SignedInfo + SignatureValue string `xml:"SignatureValue"` + KeyName string `xml:"KeyInfo>KeyName,omitempty"` + X509Certificate *SignatureX509Data `xml:"KeyInfo>X509Data,omitempty"` } // SignatureX509Data represents the element of @@ -50,17 +57,21 @@ func DefaultSignature(pemEncodedPublicKey []byte) Signature { certStr := base64.StdEncoding.EncodeToString(pemBlock.Bytes) return Signature{ - CanonicalizationMethod: Method{ - Algorithm: "http://www.w3.org/TR/2001/REC-xml-c14n-20010315", - }, - SignatureMethod: Method{ - Algorithm: "http://www.w3.org/2000/09/xmldsig#rsa-sha1", - }, - ReferenceTransforms: []Method{ - Method{Algorithm: "http://www.w3.org/2000/09/xmldsig#enveloped-signature"}, - }, - DigestMethod: Method{ - Algorithm: "http://www.w3.org/2000/09/xmldsig#sha1", + SignedInfo: SignedInfo{ + CanonicalizationMethod: Method{ + Algorithm: "http://www.w3.org/TR/2001/REC-xml-c14n-20010315", + }, + SignatureMethod: Method{ + Algorithm: "http://www.w3.org/2000/09/xmldsig#rsa-sha1", + }, + Reference: Reference{ + ReferenceTransforms: []Method{ + Method{Algorithm: "http://www.w3.org/2000/09/xmldsig#enveloped-signature"}, + }, + DigestMethod: Method{ + Algorithm: "http://www.w3.org/2000/09/xmldsig#sha1", + }, + }, }, X509Certificate: &SignatureX509Data{ X509Certificate: certStr, From 2a75322801499d244f3866dab5531c5a164325c4 Mon Sep 17 00:00:00 2001 From: "andrew.smith@miracl.com" Date: Thu, 3 Nov 2016 10:46:36 +0000 Subject: [PATCH 03/17] update references to andy-miracl fork --- Dockerfile.build | 4 ++-- Dockerfile.build-static | 4 ++-- README.md | 6 +++--- examples/xmldsig.go | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Dockerfile.build b/Dockerfile.build index b486f2e..a8a779d 100644 --- a/Dockerfile.build +++ b/Dockerfile.build @@ -7,8 +7,8 @@ ENV GOPATH=/go ENV PATH=$PATH:/usr/local/go/bin:/go/bin RUN mkdir -p /go/bin -ADD . /go/src/github.com/crewjam/go-xmlsec -WORKDIR /go/src/github.com/crewjam/go-xmlsec +ADD . /go/src/github.com/andy-miracl/go-xmlsec +WORKDIR /go/src/github.com/andy-miracl/go-xmlsec RUN go get github.com/crewjam/errset RUN go build -o /bin/xmldsig ./examples/xmldsig.go diff --git a/Dockerfile.build-static b/Dockerfile.build-static index 7b8441e..2748e4d 100644 --- a/Dockerfile.build-static +++ b/Dockerfile.build-static @@ -90,8 +90,8 @@ RUN curl -sL http://www.aleksey.com/xmlsec/download/xmlsec1-1.2.22.tar.gz | tar make -C include install && \ make install-pkgconfigDATA -ADD . /go/src/github.com/crewjam/go-xmlsec -WORKDIR /go/src/github.com/crewjam/go-xmlsec +ADD . /go/src/github.com/andy-miracl/go-xmlsec +WORKDIR /go/src/github.com/andy-miracl/go-xmlsec RUN go get github.com/crewjam/errset RUN go build -tags static -ldflags '-s -extldflags "-static"' -o /bin/xmldsig ./examples/xmldsig.go RUN ldd /bin/xmldsig || true diff --git a/README.md b/README.md index aa50989..d10656c 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # go-xmlsec -[![](https://godoc.org/github.com/crewjam/go-xmlsec?status.png)](http://godoc.org/github.com/crewjam/go-xmlsec) [![Build Status](https://travis-ci.org/crewjam/go-xmlsec.svg?branch=master)](https://travis-ci.org/crewjam/go-xmlsec) +[![](https://godoc.org/github.com/andy-miracl/go-xmlsec?status.png)](http://godoc.org/github.com/andy-miracl/go-xmlsec) [![Build Status](https://travis-ci.org/crewjam/go-xmlsec.svg?branch=master)](https://travis-ci.org/crewjam/go-xmlsec) A partial wrapper for [xmlsec](https://www.aleksey.com/xmlsec). @@ -43,12 +43,12 @@ As seems to be the case for many things in the XMLish world, the xmldsig and xml This package uses cgo to wrap libxmlsec. As such, you'll need libxmlsec headers and a C compiler to make it work. On linux, this might look like: $ apt-get install libxml2-dev libxmlsec1-dev pkg-config - $ go get github.com/crewjam/go-xmlsec + $ go get github.com/andy-miracl/go-xmlsec On Mac with homebrew, this might look like: $ brew install libxmlsec1 libxml2 pkg-config - $ go get github.com/crewjam/go-xmlsec + $ go get github.com/andy-miracl/go-xmlsec # Static Linking diff --git a/examples/xmldsig.go b/examples/xmldsig.go index 31608ec..95e6099 100644 --- a/examples/xmldsig.go +++ b/examples/xmldsig.go @@ -6,7 +6,7 @@ import ( "io/ioutil" "os" - "github.com/crewjam/go-xmlsec" + "github.com/andy-miracl/go-xmlsec" ) func main() { From 00603d757512c0f6154cbc0f1a9c93157c30da45 Mon Sep 17 00:00:00 2001 From: Nicola Asuni Date: Mon, 14 Nov 2016 11:54:16 +0000 Subject: [PATCH 04/17] Add new automation files --- .gitignore | 5 +- .travis.yml | 37 +++++-- Makefile | 178 +++++++++++++++++++++++++++++++++ README.md | 6 +- dockerbuild.sh | 58 +++++++++++ resources/DockerDev/Dockerfile | 10 ++ 6 files changed, 282 insertions(+), 12 deletions(-) create mode 100644 Makefile create mode 100755 dockerbuild.sh create mode 100644 resources/DockerDev/Dockerfile diff --git a/.gitignore b/.gitignore index 6b72022..eb58055 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ -coverage.html -coverage.out \ No newline at end of file +target +vendor +/Dockerfile diff --git a/.travis.yml b/.travis.yml index 5024979..fa7d80e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,5 +1,15 @@ language: go -sudo: false # silence warning + +sudo: false + +branches: + except: + - release + +branches: + only: + - master + - develop addons: apt: @@ -10,12 +20,25 @@ addons: go: - 1.6 - 1.7 + - tip -install: - - go get -t ./... - - go get github.com/golang/lint/golint +matrix: + allow_failures: + - go: tip + +before_install: + - if [ -n "$GH_USER" ]; then git config --global github.user ${GH_USER}; fi; + - if [ -n "$GH_TOKEN" ]; then git config --global github.token ${GH_TOKEN}; fi; + - go get github.com/mattn/goveralls + +before_script: + - make deps script: - - golint *.go - - go vet ./... - - go test -v ./... + - make qa + +after_failure: + - cat ./target/test/report.xml + +after_success: + - if [ "$TRAVIS_GO_VERSION" = "1.7" ]; then $HOME/gopath/bin/goveralls -covermode=count -coverprofile=target/report/coverage.out -service=travis-ci; fi; diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..428d44d --- /dev/null +++ b/Makefile @@ -0,0 +1,178 @@ +# MAKEFILE +# +# @author Nicola Asuni +# @link https://github.com/miracl/go-xmlsec +# ------------------------------------------------------------------------------ + +# List special make targets that are not associated with files +.PHONY: help all test format fmtcheck vet lint coverage cyclo ineffassign misspell astscan qa deps clean nuke buildall dbuild + +# Use bash as shell (Note: Ubuntu now uses dash which doesn't support PIPESTATUS). +SHELL=/bin/bash + +# CVS path (path to the parent dir containing the project) +CVSPATH=github.com/miracl/go-xmlsec + +# Project vendor +VENDOR=miracl + +# Project name +PROJECT=go-xmlsec + +# Project version +VERSION=$(shell cat VERSION) + +# Project release number (packaging build number) +RELEASE=$(shell cat RELEASE) + +# Current directory +CURRENTDIR=$(shell pwd) + +# GO lang path +ifneq ($(GOPATH),) + ifeq ($(findstring $(GOPATH),$(CURRENTDIR)),) + # the defined GOPATH is not valid + GOPATH= + endif +endif +ifeq ($(GOPATH),) + # extract the GOPATH + GOPATH=$(firstword $(subst /src/, ,$(CURRENTDIR))) +endif + +# Add the GO binary dir in the PATH +export PATH := $(GOPATH)/bin:$(PATH) + +# --- MAKE TARGETS --- + +# Display general help about this command +help: + @echo "" + @echo "$(PROJECT) Makefile." + @echo "GOPATH=$(GOPATH)" + @echo "The following commands are available:" + @echo "" + @echo " make qa : Run all the tests and static analysis reports" + @echo " make test : Run the unit tests" + @echo "" + @echo " make format : Format the source code" + @echo " make fmtcheck : Check if the source code has been formatted" + @echo " make vet : Check for suspicious constructs" + @echo " make lint : Check for style errors" + @echo " make coverage : Generate the coverage report" + @echo " make cyclo : Generate the cyclomatic complexity report" + @echo " make ineffassign : Detect ineffectual assignments" + @echo " make misspell : Detect commonly misspelled words in source files" + @echo " make astscan : GO AST scanner" + @echo "" + @echo " make docs : Generate source code documentation" + @echo "" + @echo " make deps : Get the dependencies" + @echo " make clean : Remove any build artifact" + @echo " make nuke : Deletes any intermediate file" + @echo "" + @echo " make buildall : Full build and test sequence" + @echo " make dbuild : Build everything inside a Docker container" + @echo "" + +# Alias for help target +all: help + +# Run the unit tests +test: + @mkdir -p target/test + GOPATH=$(GOPATH) \ + go test -covermode=atomic -bench=. -race -v . | \ + tee >(PATH=$(GOPATH)/bin:$(PATH) go-junit-report > target/test/report.xml); \ + test $${PIPESTATUS[0]} -eq 0 + +# Format the source code +format: + @find . -type f -name "*.go" -exec gofmt -s -w {} \; + +# Check if the source code has been formatted +fmtcheck: + @mkdir -p target + @find . -type f -name "*.go" -exec gofmt -s -d {} \; | tee target/format.diff + @test ! -s target/format.diff || { echo "ERROR: the source code has not been formatted - please use 'make format' or 'gofmt'"; exit 1; } + +# Check for syntax errors +vet: + GOPATH=$(GOPATH) go vet . + +# Check for style errors +lint: + GOPATH=$(GOPATH) PATH=$(GOPATH)/bin:$(PATH) golint . + +# Generate the coverage report +coverage: + @mkdir -p target/report + GOPATH=$(GOPATH) \ + go test -covermode=count -coverprofile=target/report/coverage.out -v . && \ + GOPATH=$(GOPATH) \ + go tool cover -html=target/report/coverage.out -o target/report/coverage.html + +# Report cyclomatic complexity +cyclo: + @mkdir -p target/report + GOPATH=$(GOPATH) gocyclo -avg . | tee target/report/cyclo.txt ; test $${PIPESTATUS[0]} -eq 0 + +# Detect ineffectual assignments +ineffassign: + @mkdir -p target/report + GOPATH=$(GOPATH) ineffassign . | tee target/report/ineffassign.txt ; test $${PIPESTATUS[0]} -eq 0 + +# Detect commonly misspelled words in source files +misspell: + @mkdir -p target/report + GOPATH=$(GOPATH) misspell -error . | tee target/report/misspell.txt ; test $${PIPESTATUS[0]} -eq 0 + +# AST scanner +astscan: + @mkdir -p target/report + GOPATH=$(GOPATH) gas ./*.go | tee target/report/astscan.txt ; test $${PIPESTATUS[0]} -eq 0 + +# Generate source docs +docs: + @mkdir -p target/docs + nohup sh -c 'GOPATH=$(GOPATH) godoc -http=127.0.0.1:6060' > target/godoc_server.log 2>&1 & + wget --directory-prefix=target/docs/ --execute robots=off --retry-connrefused --recursive --no-parent --adjust-extension --page-requisites --convert-links http://127.0.0.1:6060/pkg/github.com/${VENDOR}/${PROJECT}/ ; kill -9 `lsof -ti :6060` + @echo ''${PKGNAME}' Documentation ...' > target/docs/index.html + +# Alias to run targets: fmtcheck test vet lint coverage +qa: fmtcheck test vet lint coverage cyclo ineffassign misspell astscan + +# --- INSTALL --- + +# Get the dependencies +deps: + GOPATH=$(GOPATH) go get $(go list ./... | grep -v /vendor/) + GOPATH=$(GOPATH) go get github.com/inconshreveable/mousetrap + GOPATH=$(GOPATH) go get github.com/golang/lint/golint + GOPATH=$(GOPATH) go get github.com/jstemmer/go-junit-report + GOPATH=$(GOPATH) go get github.com/axw/gocov/gocov + GOPATH=$(GOPATH) go get github.com/fzipp/gocyclo + GOPATH=$(GOPATH) go get github.com/gordonklaus/ineffassign + GOPATH=$(GOPATH) go get github.com/client9/misspell/cmd/misspell + GOPATH=$(GOPATH) go get github.com/HewlettPackard/gas + GOPATH=$(GOPATH) go get gopkg.in/check.v1 + +# Remove any build artifact +clean: + GOPATH=$(GOPATH) go clean ./... + +# Deletes any intermediate file +nuke: + rm -rf ./target + GOPATH=$(GOPATH) go clean -i ./... + +# Full build and test sequence +buildall: deps qa + +# Build everything inside a Docker container +dbuild: + @mkdir -p target + @rm -rf target/* + @echo 0 > target/make.exit + CVSPATH=$(CVSPATH) VENDOR=$(VENDOR) PROJECT=$(PROJECT) MAKETARGET='$(MAKETARGET)' ./dockerbuild.sh + @exit `cat target/make.exit` diff --git a/README.md b/README.md index d10656c..3785e9d 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # go-xmlsec -[![](https://godoc.org/github.com/andy-miracl/go-xmlsec?status.png)](http://godoc.org/github.com/andy-miracl/go-xmlsec) [![Build Status](https://travis-ci.org/crewjam/go-xmlsec.svg?branch=master)](https://travis-ci.org/crewjam/go-xmlsec) +[![](https://godoc.org/github.com/miracl/go-xmlsec?status.png)](http://godoc.org/github.com/miracl/go-xmlsec) [![Build Status](https://travis-ci.org/miracl/go-xmlsec.svg?branch=master)](https://travis-ci.org/miracl/go-xmlsec) A partial wrapper for [xmlsec](https://www.aleksey.com/xmlsec). @@ -43,12 +43,12 @@ As seems to be the case for many things in the XMLish world, the xmldsig and xml This package uses cgo to wrap libxmlsec. As such, you'll need libxmlsec headers and a C compiler to make it work. On linux, this might look like: $ apt-get install libxml2-dev libxmlsec1-dev pkg-config - $ go get github.com/andy-miracl/go-xmlsec + $ go get github.com/miracl/go-xmlsec On Mac with homebrew, this might look like: $ brew install libxmlsec1 libxml2 pkg-config - $ go get github.com/andy-miracl/go-xmlsec + $ go get github.com/miracl/go-xmlsec # Static Linking diff --git a/dockerbuild.sh b/dockerbuild.sh new file mode 100755 index 0000000..04a30b0 --- /dev/null +++ b/dockerbuild.sh @@ -0,0 +1,58 @@ +#!/bin/sh +# +# dockerbuild.sh +# +# Build the software inside a Docker container +# +# @author Nicola Asuni +# ------------------------------------------------------------------------------ + +# NOTES: +# This script requires Docker + +# EXAMPLE USAGE: +# VENDOR=vendorname PROJECT=projectname MAKETARGET=buildall ./dockerbuild.sh + +# Get vendor and project name +: ${CVSPATH:=project} +: ${VENDOR:=vendor} +: ${PROJECT:=project} + +# make target to execute +: ${MAKETARGET:=buildall} + +# Name of the base development Docker image +DOCKERDEV=${VENDOR}/dev_${PROJECT} + +# Build the base environment and keep it cached locally +docker build -t ${DOCKERDEV} ./resources/DockerDev/ + +# Define the project root path +PRJPATH=/root/src/${CVSPATH}/${PROJECT} + +# Generate a temporary Dockerfile to build and test the project +# NOTE: The exit status of the RUN command is stored to be returned later, +# so in case of error we can continue without interrupting this script. +cat > Dockerfile <<- EOM +FROM ${DOCKERDEV} +RUN mkdir -p ${PRJPATH} +ADD ./ ${PRJPATH} +WORKDIR ${PRJPATH} +RUN make ${MAKETARGET} || (echo \$? > target/make.exit) +EOM + +# Define the temporary Docker image name +DOCKER_IMAGE_NAME=${VENDOR}/build_${PROJECT} + +# Build the Docker image +docker build --no-cache -t ${DOCKER_IMAGE_NAME} . + +# Start a container using the newly created Docker image +CONTAINER_ID=$(docker run -d ${DOCKER_IMAGE_NAME}) + +# Copy all build/test artifacts back to the host +docker cp ${CONTAINER_ID}:"${PRJPATH}/target" ./ + +# Remove the temporary container and image +docker rm -f ${CONTAINER_ID} || true +docker rmi -f ${DOCKER_IMAGE_NAME} || true diff --git a/resources/DockerDev/Dockerfile b/resources/DockerDev/Dockerfile new file mode 100644 index 0000000..0317aea --- /dev/null +++ b/resources/DockerDev/Dockerfile @@ -0,0 +1,10 @@ +# Dockerfile +# +# Linux development environment +# +# Extend the miracl/alldev image defined in +# https://github.com/miracl/alldev +# ------------------------------------------------------------------------------ + +FROM miracl/alldev +MAINTAINER nicola.asuni@miracl.com From 748ef44fe994612c6577040fc8be8a13afc5021d Mon Sep 17 00:00:00 2001 From: Nicola Asuni Date: Mon, 14 Nov 2016 11:55:23 +0000 Subject: [PATCH 05/17] Update GO to 1.7.3 and cleanup formatting --- Dockerfile.build | 6 ++--- Dockerfile.build-static | 53 ++++++++++++++++++++--------------------- 2 files changed, 29 insertions(+), 30 deletions(-) diff --git a/Dockerfile.build b/Dockerfile.build index a8a779d..1d1e0d3 100644 --- a/Dockerfile.build +++ b/Dockerfile.build @@ -2,13 +2,13 @@ FROM ubuntu RUN apt-get update -yy && \ apt-get install -yy git make curl libxml2-dev libxmlsec1-dev liblzma-dev pkg-config -RUN curl -s https://storage.googleapis.com/golang/go1.7.linux-amd64.tar.gz | tar -C /usr/local -xzf - +RUN curl -s https://storage.googleapis.com/golang/go1.7.3.linux-amd64.tar.gz | tar -C /usr/local -xzf - ENV GOPATH=/go ENV PATH=$PATH:/usr/local/go/bin:/go/bin RUN mkdir -p /go/bin -ADD . /go/src/github.com/andy-miracl/go-xmlsec -WORKDIR /go/src/github.com/andy-miracl/go-xmlsec +ADD . /go/src/github.com/miracl/go-xmlsec +WORKDIR /go/src/github.com/miracl/go-xmlsec RUN go get github.com/crewjam/errset RUN go build -o /bin/xmldsig ./examples/xmldsig.go diff --git a/Dockerfile.build-static b/Dockerfile.build-static index 2748e4d..9775d7c 100644 --- a/Dockerfile.build-static +++ b/Dockerfile.build-static @@ -1,8 +1,8 @@ FROM ubuntu:16.04 RUN apt-get update -yy && \ - apt-get install -yy git make curl pkg-config + apt-get install -yy git make curl pkg-config -RUN curl -s https://storage.googleapis.com/golang/go1.7.linux-amd64.tar.gz | tar -C /usr/local -xzf - +RUN curl -s https://storage.googleapis.com/golang/go1.7.3.linux-amd64.tar.gz | tar -C /usr/local -xzf - ENV GOPATH=/go ENV PATH=$PATH:/usr/local/go/bin:/go/bin RUN mkdir -p /go/bin @@ -22,7 +22,7 @@ RUN curl -sL ftp://xmlsoft.org/libxml2/libxml2-2.9.4.tar.gz | tar -xzf - && \ --without-history \ --without-html \ --without-http \ - --without-iconv \ + --without-iconv \ --without-icu \ --without-iso8859x \ --without-legacy \ @@ -31,7 +31,7 @@ RUN curl -sL ftp://xmlsoft.org/libxml2/libxml2-2.9.4.tar.gz | tar -xzf - && \ --with-output \ --without-pattern \ --with-push \ - --without-python \ + --without-python \ --without-reader \ --without-readline \ --without-regexps \ @@ -53,8 +53,7 @@ RUN curl -sL ftp://xmlsoft.org/libxml2/libxml2-2.9.4.tar.gz | tar -xzf - && \ --without-coverage && \ make install -RUN \ - curl -sL ftp://ftp.openssl.org/source/openssl-1.0.2j.tar.gz | tar -xzf - && \ +RUN curl -sL ftp://ftp.openssl.org/source/openssl-1.0.2j.tar.gz | tar -xzf - && \ cd openssl-1.0.2j && \ ./config \ no-shared \ @@ -70,28 +69,28 @@ RUN \ make depend install RUN curl -sL http://www.aleksey.com/xmlsec/download/xmlsec1-1.2.22.tar.gz | tar -xzf - && \ - cd xmlsec1-1.2.22 && \ - ./configure \ - --enable-static \ - --disable-shared \ - --disable-crypto-dl \ - --disable-apps-crypto-dl \ - --enable-static-linking \ - --without-gnu-ld \ - --with-default-crypto=openssl \ - --with-openssl=/usr/local/ssl \ - --with-libxml=/usr/local \ - --without-nss \ - --without-nspr \ - --without-gcrypt \ - --without-gnutls \ - --without-libxslt && \ - make -C src install && \ - make -C include install && \ - make install-pkgconfigDATA + cd xmlsec1-1.2.22 && \ + ./configure \ + --enable-static \ + --disable-shared \ + --disable-crypto-dl \ + --disable-apps-crypto-dl \ + --enable-static-linking \ + --without-gnu-ld \ + --with-default-crypto=openssl \ + --with-openssl=/usr/local/ssl \ + --with-libxml=/usr/local \ + --without-nss \ + --without-nspr \ + --without-gcrypt \ + --without-gnutls \ + --without-libxslt && \ + make -C src install && \ + make -C include install && \ + make install-pkgconfigDATA -ADD . /go/src/github.com/andy-miracl/go-xmlsec -WORKDIR /go/src/github.com/andy-miracl/go-xmlsec +ADD . /go/src/github.com/miracl/go-xmlsec +WORKDIR /go/src/github.com/miracl/go-xmlsec RUN go get github.com/crewjam/errset RUN go build -tags static -ldflags '-s -extldflags "-static"' -o /bin/xmldsig ./examples/xmldsig.go RUN ldd /bin/xmldsig || true From 616b150bbc737b044dba1038d2c6ed5d8f1b2c0c Mon Sep 17 00:00:00 2001 From: Nicola Asuni Date: Mon, 14 Nov 2016 11:56:25 +0000 Subject: [PATCH 06/17] Update test to reflect andy-miracl changes --- xmldsig_test.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/xmldsig_test.go b/xmldsig_test.go index 42b52f5..7ac74b2 100644 --- a/xmldsig_test.go +++ b/xmldsig_test.go @@ -179,7 +179,7 @@ func (testSuite *XMLDSigTest) TestConstructFromSignature(c *C) { - + @@ -187,8 +187,8 @@ func (testSuite *XMLDSigTest) TestConstructFromSignature(c *C) { sEenIPkW9ssFSB9t4UU6VUrytqc= - chSWfpQBIQraySsUHzs5N51+ruelu2HMHh5Mnd3EjcLqFBVD0f23kmXUp7zVhCVD -vCfqu9yXDYKVOBI57F0Efg== + xGbrj3FkyalDesH7R8xS41i5w69sM9WvuFmPeJ/LQ1zIjHoeHBq4SRzTOPg9xgjj +YYGrWwpJY9khPQsfwjwWTQ== MIIDpzCCA1GgAwIBAgIJAK+ii7kzrdqvMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMCAXDTE0MDUyMzE3NTUzNFoYDzIxMTQwNDI5MTc1NTM0WjCBxzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKTAnBgNVBAsTIFRlc3QgVGhpcmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA09BtD3aeVt6DVDkk0dI7Vh7LjqdnsYmW0tbDVxxK+nume+Z9Sb4znbUKkWl+vgQATdRUEyhT2P+Gqrd0UBzYfQIDAQABo4IBRTCCAUEwDAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNf0xkZ3zjcEI60pVPuwDqTMQygZMIHjBgNVHSMEgdswgdiAFP7k7FMk8JWVxxC14US1XTllWuN+oYG0pIGxMIGuMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEQMA4GA1UECxMHUm9vdCBDQTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggkAr6KLuTOt2q0wDQYJKoZIhvcNAQEFBQADQQAOXBj0yICp1RmHXqnUlsppryLCW3pKBD1dkb4HWarO7RjA1yJJfBjXssrERn05kpBcrRfzou4r3DCgQFPhjxga @@ -197,6 +197,7 @@ vCfqu9yXDYKVOBI57F0Efg== ` + c.Assert(string(actualSignedString), Equals, expectedSignedString) err = Verify(testSuite.Cert, actualSignedString, SignatureOptions{}) From 2bb9d299266a271b9588420d34e1b498b7c6f460 Mon Sep 17 00:00:00 2001 From: Nicola Asuni Date: Mon, 14 Nov 2016 11:56:53 +0000 Subject: [PATCH 07/17] Fix static analyzers warnings and errors --- decrypt.go | 3 ++- encrypt.go | 4 ++++ error.go | 4 ++-- error_thunk.go | 4 ++-- examples/xmldsig.go | 6 +++++- signature.go | 5 ++++- thread_darwin.go | 1 + xmldsig.go | 5 +++++ xmlsec.go | 10 +++++++--- 9 files changed, 32 insertions(+), 10 deletions(-) diff --git a/decrypt.go b/decrypt.go index 1590232..66976ed 100644 --- a/decrypt.go +++ b/decrypt.go @@ -33,6 +33,7 @@ func Decrypt(privateKey []byte, doc []byte) ([]byte, error) { return nil, popError() } + // nosec key := C.xmlSecCryptoAppKeyLoadMemory( (*C.xmlSecByte)(unsafe.Pointer(&privateKey[0])), C.xmlSecSize(len(privateKey)), @@ -59,6 +60,7 @@ func Decrypt(privateKey []byte, doc []byte) ([]byte, error) { } defer C.xmlSecEncCtxDestroy(encCtx) + // nosec encDataNode := C.xmlSecFindNode(C.xmlDocGetRootElement(parsedDoc), (*C.xmlChar)(unsafe.Pointer(&C.xmlSecNodeEncryptedData)), (*C.xmlChar)(unsafe.Pointer(&C.xmlSecEncNs))) @@ -70,7 +72,6 @@ func Decrypt(privateKey []byte, doc []byte) ([]byte, error) { if rv := C.xmlSecEncCtxDecrypt(encCtx, encDataNode); rv < 0 { return nil, popError() } - encDataNode = nil // the template is inserted in the doc, so we don't own it return dumpDoc(parsedDoc), nil } diff --git a/encrypt.go b/encrypt.go index 8388444..d0c4c0d 100644 --- a/encrypt.go +++ b/encrypt.go @@ -91,6 +91,7 @@ var errInvalidAlgorithm = errors.New("invalid algorithm") // Note: the invocations of C.CString() here return a pointer to a string // allocated from the C heap that would normally need to freed by calling // C.free, but because these are global, we can just leak them. +// nosec var ( constDsigNamespace = (*C.xmlChar)(unsafe.Pointer(C.CString("http://www.w3.org/2000/09/xmldsig#"))) constDigestMethod = (*C.xmlChar)(unsafe.Pointer(C.CString("DigestMethod"))) @@ -117,6 +118,7 @@ func Encrypt(publicKey, doc []byte, opts EncryptOptions) ([]byte, error) { return nil, mustPopError() } + // nosec key := C.xmlSecCryptoAppKeyLoadMemory( (*C.xmlSecByte)(unsafe.Pointer(&publicKey[0])), C.xmlSecSize(len(publicKey)), @@ -126,6 +128,7 @@ func Encrypt(publicKey, doc []byte, opts EncryptOptions) ([]byte, error) { return nil, mustPopError() } + // nosec if rv := C.xmlSecCryptoAppKeyCertLoadMemory(key, (*C.xmlSecByte)(unsafe.Pointer(&publicKey[0])), C.xmlSecSize(len(publicKey)), @@ -162,6 +165,7 @@ func Encrypt(publicKey, doc []byte, opts EncryptOptions) ([]byte, error) { // create encryption template to encrypt XML file and replace // its content with encryption result + // nosec encDataNode := C.xmlSecTmplEncDataCreate(parsedDoc, sessionCipherTransform, nil, (*C.xmlChar)(unsafe.Pointer(&C.xmlSecTypeEncElement)), nil, nil) if encDataNode == nil { diff --git a/error.go b/error.go index 64fd7fa..337cc39 100644 --- a/error.go +++ b/error.go @@ -49,8 +49,8 @@ func onXmlsecError(file *C.char, line C.int, funcName *C.char, errorObject *C.ch globalErrors[threadID] = append(globalErrors[threadID], err) } -//export onXmlError -func onXmlError(msg *C.char) { +//export onXMLError +func onXMLError(msg *C.char) { threadID := getThreadID() globalErrors[threadID] = append(globalErrors[threadID], fmt.Errorf("%s", strings.TrimSuffix(C.GoString(msg), "\n"))) diff --git a/error_thunk.go b/error_thunk.go index 068f12d..8a39d53 100644 --- a/error_thunk.go +++ b/error_thunk.go @@ -8,7 +8,7 @@ package xmlsec // #include // #include // -// void onXmlError(const char *msg); // implemented in go +// void onXMLError(const char *msg); // implemented in go // void onXmlsecError(const char *file, int line, const char *funcName, const char *errorObject, const char *errorSubject, int reason, const char *msg); // implemented in go // // static void onXmlGenericError_cgo(void *ctx, const char *format, ...) { @@ -17,7 +17,7 @@ package xmlsec // va_start(args, format); // vsnprintf(buffer, 256, format, args); // va_end (args); -// onXmlError(buffer); +// onXMLError(buffer); // } // // static void onXmlsecError_cgo(const char *file, int line, const char *funcName, const char *errorObject, const char *errorSubject, int reason, const char *msg) { diff --git a/examples/xmldsig.go b/examples/xmldsig.go index 95e6099..0563ad2 100644 --- a/examples/xmldsig.go +++ b/examples/xmldsig.go @@ -6,7 +6,7 @@ import ( "io/ioutil" "os" - "github.com/andy-miracl/go-xmlsec" + "github.com/miracl/go-xmlsec" ) func main() { @@ -31,6 +31,10 @@ func main() { } buf, err := ioutil.ReadAll(os.Stdin) + if err != nil { + fmt.Printf("%s\n", err) + os.Exit(1) + } if *doSign { signedBuf, err := xmlsec.Sign(key, buf, xmlsec.SignatureOptions{}) diff --git a/signature.go b/signature.go index 5c4d411..706d7db 100644 --- a/signature.go +++ b/signature.go @@ -10,6 +10,8 @@ import ( type Method struct { Algorithm string `xml:",attr"` } + +// Reference data struct type Reference struct { URI string `xml:"URI,attr"` ReferenceTransforms []Method `xml:"Transforms>Transform"` @@ -17,6 +19,7 @@ type Reference struct { DigestValue string `xml:"DigestValue"` } +// SignedInfo struct type SignedInfo struct { CanonicalizationMethod Method `xml:"CanonicalizationMethod"` SignatureMethod Method `xml:"SignatureMethod"` @@ -66,7 +69,7 @@ func DefaultSignature(pemEncodedPublicKey []byte) Signature { }, Reference: Reference{ ReferenceTransforms: []Method{ - Method{Algorithm: "http://www.w3.org/2000/09/xmldsig#enveloped-signature"}, + {Algorithm: "http://www.w3.org/2000/09/xmldsig#enveloped-signature"}, }, DigestMethod: Method{ Algorithm: "http://www.w3.org/2000/09/xmldsig#sha1", diff --git a/thread_darwin.go b/thread_darwin.go index c1f122b..97d94ba 100644 --- a/thread_darwin.go +++ b/thread_darwin.go @@ -9,5 +9,6 @@ import "C" func getThreadID() uintptr { // Darwin lacks a meaningful version of gettid() so instead we use // ptread_self() as a proxy. + // nosec return uintptr(unsafe.Pointer(C.pthread_self())) } diff --git a/xmldsig.go b/xmldsig.go index 0371da4..51c5dab 100644 --- a/xmldsig.go +++ b/xmldsig.go @@ -48,6 +48,7 @@ func Sign(key []byte, doc []byte, opts SignatureOptions) ([]byte, error) { } defer C.xmlSecDSigCtxDestroy(ctx) + // nosec ctx.signKey = C.xmlSecCryptoAppKeyLoadMemory( (*C.xmlSecByte)(unsafe.Pointer(&key[0])), C.xmlSecSize(len(key)), @@ -63,6 +64,7 @@ func Sign(key []byte, doc []byte, opts SignatureOptions) ([]byte, error) { } defer closeDoc(parsedDoc) + // nosec node := C.xmlSecFindNode(C.xmlDocGetRootElement(parsedDoc), (*C.xmlChar)(unsafe.Pointer(&C.xmlSecNodeSignature)), (*C.xmlChar)(unsafe.Pointer(&C.xmlSecDSigNs))) @@ -106,6 +108,7 @@ func Verify(publicKey []byte, doc []byte, opts SignatureOptions) error { return mustPopError() } + // nosec key := C.xmlSecCryptoAppKeyLoadMemory( (*C.xmlSecByte)(unsafe.Pointer(&publicKey[0])), C.xmlSecSize(len(publicKey)), @@ -115,6 +118,7 @@ func Verify(publicKey []byte, doc []byte, opts SignatureOptions) error { return mustPopError() } + // nosec if rv := C.xmlSecCryptoAppKeyCertLoadMemory(key, (*C.xmlSecByte)(unsafe.Pointer(&publicKey[0])), C.xmlSecSize(len(publicKey)), @@ -139,6 +143,7 @@ func Verify(publicKey []byte, doc []byte, opts SignatureOptions) error { } defer closeDoc(parsedDoc) + // nosec node := C.xmlSecFindNode(C.xmlDocGetRootElement(parsedDoc), (*C.xmlChar)(unsafe.Pointer(&C.xmlSecNodeSignature)), (*C.xmlChar)(unsafe.Pointer(&C.xmlSecDSigNs))) diff --git a/xmlsec.go b/xmlsec.go index 1c8e25b..2a623c0 100644 --- a/xmlsec.go +++ b/xmlsec.go @@ -40,6 +40,7 @@ func init() { } func newDoc(buf []byte, idattrs []XMLIDOption) (*C.xmlDoc, error) { + // nosec ctx := C.xmlCreateMemoryParserCtxt((*C.char)(unsafe.Pointer(&buf[0])), C.int(len(buf))) if ctx == nil { @@ -76,15 +77,18 @@ func addIDAttr(node *C.xmlNode, attrName, nodeName, nsHref string) { cur = C.xmlSecGetNextElementNode(cur.next) } + // nosec if C.GoString((*C.char)(unsafe.Pointer(node.name))) != nodeName { return } + // nosec if nsHref != "" && node.ns != nil && C.GoString((*C.char)(unsafe.Pointer(node.ns.href))) != nsHref { return } // the attribute with name equal to attrName should exist for attr := node.properties; attr != nil; attr = attr.next { + // nosec if C.GoString((*C.char)(unsafe.Pointer(attr.name))) == attrName { id := C.xmlNodeListGetString(node.doc, attr.children, 1) if id == nil { @@ -104,9 +108,9 @@ func dumpDoc(doc *C.xmlDoc) []byte { var buffer *C.xmlChar var bufferSize C.int C.xmlDocDumpMemory(doc, &buffer, &bufferSize) - defer C.MY_xmlFree(unsafe.Pointer(buffer)) + defer C.MY_xmlFree(unsafe.Pointer(buffer)) // nosec - return C.GoBytes(unsafe.Pointer(buffer), bufferSize) + return C.GoBytes(unsafe.Pointer(buffer), bufferSize) // nosec } func dumpNode(node *C.xmlNode) []byte { @@ -114,5 +118,5 @@ func dumpNode(node *C.xmlNode) []byte { defer C.xmlBufferFree(buffer) bufferSize := C.xmlNodeDump(buffer, nil, node, 0, 0) - return C.GoBytes(unsafe.Pointer(buffer.content), bufferSize) + return C.GoBytes(unsafe.Pointer(buffer.content), bufferSize) // nosec } From 60ccf89e587b7e735d2dee4bcafa631178c06ffd Mon Sep 17 00:00:00 2001 From: Nicola Asuni Date: Mon, 14 Nov 2016 12:06:16 +0000 Subject: [PATCH 08/17] Update badges --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 3785e9d..f96ed22 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,10 @@ # go-xmlsec -[![](https://godoc.org/github.com/miracl/go-xmlsec?status.png)](http://godoc.org/github.com/miracl/go-xmlsec) [![Build Status](https://travis-ci.org/miracl/go-xmlsec.svg?branch=master)](https://travis-ci.org/miracl/go-xmlsec) +[![Documentation](https://godoc.org/github.com/miracl/go-xmlsec?status.png)](http://godoc.org/github.com/miracl/go-xmlsec) +[![Master Build Status](https://secure.travis-ci.org/miracl/go-xmlsec.png?branch=master)](https://travis-ci.org/miracl/go-xmlsec?branch=master) +[![Master Coverage Status](https://coveralls.io/repos/miracl/go-xmlsec/badge.svg?branch=master&service=github)](https://coveralls.io/github/miracl/go-xmlsec?branch=master) +[![Go Report Card](https://goreportcard.com/badge/github.com/miracl/go-xmlsec)](https://goreportcard.com/report/github.com/miracl/go-xmlsec) + A partial wrapper for [xmlsec](https://www.aleksey.com/xmlsec). From 1ee58143291947ab33d694d9dec755aebe6ae8c0 Mon Sep 17 00:00:00 2001 From: Nicola Asuni Date: Mon, 14 Nov 2016 15:41:19 +0000 Subject: [PATCH 09/17] Add missing LICENSE --- LICENSE | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..1235fd3 --- /dev/null +++ b/LICENSE @@ -0,0 +1,23 @@ +Copyright (c) 2015, Ross Kinder +All rights reserved. + +Redistribution and use in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this +list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, +this list of conditions and the following disclaimer in the documentation +and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. From 811594f91ad7581cbd84b381d68a25129176b17d Mon Sep 17 00:00:00 2001 From: Nicola Asuni Date: Sun, 4 Dec 2016 13:32:12 +0000 Subject: [PATCH 10/17] Fix nosec comments --- decrypt.go | 4 ++-- encrypt.go | 8 ++++---- thread_darwin.go | 2 +- xmldsig.go | 10 +++++----- xmlsec.go | 14 +++++++------- 5 files changed, 19 insertions(+), 19 deletions(-) diff --git a/decrypt.go b/decrypt.go index 66976ed..5c3d93e 100644 --- a/decrypt.go +++ b/decrypt.go @@ -33,7 +33,7 @@ func Decrypt(privateKey []byte, doc []byte) ([]byte, error) { return nil, popError() } - // nosec + // #nosec key := C.xmlSecCryptoAppKeyLoadMemory( (*C.xmlSecByte)(unsafe.Pointer(&privateKey[0])), C.xmlSecSize(len(privateKey)), @@ -60,7 +60,7 @@ func Decrypt(privateKey []byte, doc []byte) ([]byte, error) { } defer C.xmlSecEncCtxDestroy(encCtx) - // nosec + // #nosec encDataNode := C.xmlSecFindNode(C.xmlDocGetRootElement(parsedDoc), (*C.xmlChar)(unsafe.Pointer(&C.xmlSecNodeEncryptedData)), (*C.xmlChar)(unsafe.Pointer(&C.xmlSecEncNs))) diff --git a/encrypt.go b/encrypt.go index d0c4c0d..7d71611 100644 --- a/encrypt.go +++ b/encrypt.go @@ -91,7 +91,7 @@ var errInvalidAlgorithm = errors.New("invalid algorithm") // Note: the invocations of C.CString() here return a pointer to a string // allocated from the C heap that would normally need to freed by calling // C.free, but because these are global, we can just leak them. -// nosec +// #nosec var ( constDsigNamespace = (*C.xmlChar)(unsafe.Pointer(C.CString("http://www.w3.org/2000/09/xmldsig#"))) constDigestMethod = (*C.xmlChar)(unsafe.Pointer(C.CString("DigestMethod"))) @@ -118,7 +118,7 @@ func Encrypt(publicKey, doc []byte, opts EncryptOptions) ([]byte, error) { return nil, mustPopError() } - // nosec + // #nosec key := C.xmlSecCryptoAppKeyLoadMemory( (*C.xmlSecByte)(unsafe.Pointer(&publicKey[0])), C.xmlSecSize(len(publicKey)), @@ -128,7 +128,7 @@ func Encrypt(publicKey, doc []byte, opts EncryptOptions) ([]byte, error) { return nil, mustPopError() } - // nosec + // #nosec if rv := C.xmlSecCryptoAppKeyCertLoadMemory(key, (*C.xmlSecByte)(unsafe.Pointer(&publicKey[0])), C.xmlSecSize(len(publicKey)), @@ -165,7 +165,7 @@ func Encrypt(publicKey, doc []byte, opts EncryptOptions) ([]byte, error) { // create encryption template to encrypt XML file and replace // its content with encryption result - // nosec + // #nosec encDataNode := C.xmlSecTmplEncDataCreate(parsedDoc, sessionCipherTransform, nil, (*C.xmlChar)(unsafe.Pointer(&C.xmlSecTypeEncElement)), nil, nil) if encDataNode == nil { diff --git a/thread_darwin.go b/thread_darwin.go index 97d94ba..52a8d7e 100644 --- a/thread_darwin.go +++ b/thread_darwin.go @@ -9,6 +9,6 @@ import "C" func getThreadID() uintptr { // Darwin lacks a meaningful version of gettid() so instead we use // ptread_self() as a proxy. - // nosec + // #nosec return uintptr(unsafe.Pointer(C.pthread_self())) } diff --git a/xmldsig.go b/xmldsig.go index 51c5dab..f48be47 100644 --- a/xmldsig.go +++ b/xmldsig.go @@ -48,7 +48,7 @@ func Sign(key []byte, doc []byte, opts SignatureOptions) ([]byte, error) { } defer C.xmlSecDSigCtxDestroy(ctx) - // nosec + // #nosec ctx.signKey = C.xmlSecCryptoAppKeyLoadMemory( (*C.xmlSecByte)(unsafe.Pointer(&key[0])), C.xmlSecSize(len(key)), @@ -64,7 +64,7 @@ func Sign(key []byte, doc []byte, opts SignatureOptions) ([]byte, error) { } defer closeDoc(parsedDoc) - // nosec + // #nosec node := C.xmlSecFindNode(C.xmlDocGetRootElement(parsedDoc), (*C.xmlChar)(unsafe.Pointer(&C.xmlSecNodeSignature)), (*C.xmlChar)(unsafe.Pointer(&C.xmlSecDSigNs))) @@ -108,7 +108,7 @@ func Verify(publicKey []byte, doc []byte, opts SignatureOptions) error { return mustPopError() } - // nosec + // #nosec key := C.xmlSecCryptoAppKeyLoadMemory( (*C.xmlSecByte)(unsafe.Pointer(&publicKey[0])), C.xmlSecSize(len(publicKey)), @@ -118,7 +118,7 @@ func Verify(publicKey []byte, doc []byte, opts SignatureOptions) error { return mustPopError() } - // nosec + // #nosec if rv := C.xmlSecCryptoAppKeyCertLoadMemory(key, (*C.xmlSecByte)(unsafe.Pointer(&publicKey[0])), C.xmlSecSize(len(publicKey)), @@ -143,7 +143,7 @@ func Verify(publicKey []byte, doc []byte, opts SignatureOptions) error { } defer closeDoc(parsedDoc) - // nosec + // #nosec node := C.xmlSecFindNode(C.xmlDocGetRootElement(parsedDoc), (*C.xmlChar)(unsafe.Pointer(&C.xmlSecNodeSignature)), (*C.xmlChar)(unsafe.Pointer(&C.xmlSecDSigNs))) diff --git a/xmlsec.go b/xmlsec.go index 2a623c0..2d6f20a 100644 --- a/xmlsec.go +++ b/xmlsec.go @@ -40,7 +40,7 @@ func init() { } func newDoc(buf []byte, idattrs []XMLIDOption) (*C.xmlDoc, error) { - // nosec + // #nosec ctx := C.xmlCreateMemoryParserCtxt((*C.char)(unsafe.Pointer(&buf[0])), C.int(len(buf))) if ctx == nil { @@ -77,18 +77,18 @@ func addIDAttr(node *C.xmlNode, attrName, nodeName, nsHref string) { cur = C.xmlSecGetNextElementNode(cur.next) } - // nosec + // #nosec if C.GoString((*C.char)(unsafe.Pointer(node.name))) != nodeName { return } - // nosec + // #nosec if nsHref != "" && node.ns != nil && C.GoString((*C.char)(unsafe.Pointer(node.ns.href))) != nsHref { return } // the attribute with name equal to attrName should exist for attr := node.properties; attr != nil; attr = attr.next { - // nosec + // #nosec if C.GoString((*C.char)(unsafe.Pointer(attr.name))) == attrName { id := C.xmlNodeListGetString(node.doc, attr.children, 1) if id == nil { @@ -108,9 +108,9 @@ func dumpDoc(doc *C.xmlDoc) []byte { var buffer *C.xmlChar var bufferSize C.int C.xmlDocDumpMemory(doc, &buffer, &bufferSize) - defer C.MY_xmlFree(unsafe.Pointer(buffer)) // nosec + defer C.MY_xmlFree(unsafe.Pointer(buffer)) // #nosec - return C.GoBytes(unsafe.Pointer(buffer), bufferSize) // nosec + return C.GoBytes(unsafe.Pointer(buffer), bufferSize) // #nosec } func dumpNode(node *C.xmlNode) []byte { @@ -118,5 +118,5 @@ func dumpNode(node *C.xmlNode) []byte { defer C.xmlBufferFree(buffer) bufferSize := C.xmlNodeDump(buffer, nil, node, 0, 0) - return C.GoBytes(unsafe.Pointer(buffer.content), bufferSize) // nosec + return C.GoBytes(unsafe.Pointer(buffer.content), bufferSize) // #nosec } From 9b9bbf4ed168d471422358fcb9501867dfae005e Mon Sep 17 00:00:00 2001 From: root Date: Thu, 15 Mar 2018 11:06:15 +0000 Subject: [PATCH 11/17] cgo pkg config directives no longer support --static --- cgo_static.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cgo_static.go b/cgo_static.go index eeb4791..0745f3b 100644 --- a/cgo_static.go +++ b/cgo_static.go @@ -4,7 +4,7 @@ package xmlsec // #cgo linux CFLAGS: -w // #cgo darwin CFLAGS: -Wno-invalid-pp-token -Wno-header-guard -// #cgo pkg-config: --static xmlsec1 +// #cgo pkg-config: xmlsec1 // #include // #include // #include @@ -12,7 +12,7 @@ package xmlsec // #include import "C" -// #cgo pkg-config: --static libxml-2.0 +// #cgo pkg-config: libxml-2.0 // #include // #include // #include From a38a3fabe1bef94084b956e38220bdcfe6b1e640 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 15 Mar 2018 11:15:37 +0000 Subject: [PATCH 12/17] attempt to fix build --- Makefile | 51 ++++++++++++++++++++--------------------- cgo_static.go => cgo.go | 9 ++------ cgo_dl.go | 19 --------------- examples/xmldsig.go | 2 +- 4 files changed, 28 insertions(+), 53 deletions(-) rename cgo_static.go => cgo.go (66%) delete mode 100644 cgo_dl.go diff --git a/Makefile b/Makefile index 428d44d..4246785 100644 --- a/Makefile +++ b/Makefile @@ -43,6 +43,8 @@ endif # Add the GO binary dir in the PATH export PATH := $(GOPATH)/bin:$(PATH) +GOENV=GOPATH=$(GOPATH) CGO_CFLAGS_ALLOW='-w' + # --- MAKE TARGETS --- # Display general help about this command @@ -81,9 +83,8 @@ all: help # Run the unit tests test: @mkdir -p target/test - GOPATH=$(GOPATH) \ - go test -covermode=atomic -bench=. -race -v . | \ - tee >(PATH=$(GOPATH)/bin:$(PATH) go-junit-report > target/test/report.xml); \ + $(GOENV) go test -covermode=atomic -bench=. -race -v . | \ + tee >($(GOENV) go-junit-report > target/test/report.xml); \ test $${PIPESTATUS[0]} -eq 0 # Format the source code @@ -98,44 +99,42 @@ fmtcheck: # Check for syntax errors vet: - GOPATH=$(GOPATH) go vet . + $(GOENV) go vet . # Check for style errors lint: - GOPATH=$(GOPATH) PATH=$(GOPATH)/bin:$(PATH) golint . + $(GOENV) golint . # Generate the coverage report coverage: @mkdir -p target/report - GOPATH=$(GOPATH) \ - go test -covermode=count -coverprofile=target/report/coverage.out -v . && \ - GOPATH=$(GOPATH) \ - go tool cover -html=target/report/coverage.out -o target/report/coverage.html + $(GOENV) go test -covermode=count -coverprofile=target/report/coverage.out -v . && \ + $(GOENV) go tool cover -html=target/report/coverage.out -o target/report/coverage.html # Report cyclomatic complexity cyclo: @mkdir -p target/report - GOPATH=$(GOPATH) gocyclo -avg . | tee target/report/cyclo.txt ; test $${PIPESTATUS[0]} -eq 0 + $(GOENV) gocyclo -avg . | tee target/report/cyclo.txt ; test $${PIPESTATUS[0]} -eq 0 # Detect ineffectual assignments ineffassign: @mkdir -p target/report - GOPATH=$(GOPATH) ineffassign . | tee target/report/ineffassign.txt ; test $${PIPESTATUS[0]} -eq 0 + $(GOENV) ineffassign . | tee target/report/ineffassign.txt ; test $${PIPESTATUS[0]} -eq 0 # Detect commonly misspelled words in source files misspell: @mkdir -p target/report - GOPATH=$(GOPATH) misspell -error . | tee target/report/misspell.txt ; test $${PIPESTATUS[0]} -eq 0 + $(GOENV) misspell -error . | tee target/report/misspell.txt ; test $${PIPESTATUS[0]} -eq 0 # AST scanner astscan: @mkdir -p target/report - GOPATH=$(GOPATH) gas ./*.go | tee target/report/astscan.txt ; test $${PIPESTATUS[0]} -eq 0 + $(GOENV) gas ./... | tee target/report/astscan.txt ; test $${PIPESTATUS[0]} -eq 0 # Generate source docs docs: @mkdir -p target/docs - nohup sh -c 'GOPATH=$(GOPATH) godoc -http=127.0.0.1:6060' > target/godoc_server.log 2>&1 & + nohup sh -c '$(GOENV) godoc -http=127.0.0.1:6060' > target/godoc_server.log 2>&1 & wget --directory-prefix=target/docs/ --execute robots=off --retry-connrefused --recursive --no-parent --adjust-extension --page-requisites --convert-links http://127.0.0.1:6060/pkg/github.com/${VENDOR}/${PROJECT}/ ; kill -9 `lsof -ti :6060` @echo ''${PKGNAME}' Documentation ...' > target/docs/index.html @@ -146,25 +145,25 @@ qa: fmtcheck test vet lint coverage cyclo ineffassign misspell astscan # Get the dependencies deps: - GOPATH=$(GOPATH) go get $(go list ./... | grep -v /vendor/) - GOPATH=$(GOPATH) go get github.com/inconshreveable/mousetrap - GOPATH=$(GOPATH) go get github.com/golang/lint/golint - GOPATH=$(GOPATH) go get github.com/jstemmer/go-junit-report - GOPATH=$(GOPATH) go get github.com/axw/gocov/gocov - GOPATH=$(GOPATH) go get github.com/fzipp/gocyclo - GOPATH=$(GOPATH) go get github.com/gordonklaus/ineffassign - GOPATH=$(GOPATH) go get github.com/client9/misspell/cmd/misspell - GOPATH=$(GOPATH) go get github.com/HewlettPackard/gas - GOPATH=$(GOPATH) go get gopkg.in/check.v1 + $(GOENV) go get $(go list ./... | grep -v /vendor/) + $(GOENV) go get github.com/inconshreveable/mousetrap + $(GOENV) go get github.com/golang/lint/golint + $(GOENV) go get github.com/jstemmer/go-junit-report + $(GOENV) go get github.com/axw/gocov/gocov + $(GOENV) go get github.com/fzipp/gocyclo + $(GOENV) go get github.com/gordonklaus/ineffassign + $(GOENV) go get github.com/client9/misspell/cmd/misspell + $(GOENV) go get github.com/HewlettPackard/gas/cmd/gas + $(GOENV) go get gopkg.in/check.v1 # Remove any build artifact clean: - GOPATH=$(GOPATH) go clean ./... + $(GOENV) go clean ./... # Deletes any intermediate file nuke: rm -rf ./target - GOPATH=$(GOPATH) go clean -i ./... + $(GOENV) go clean -i ./... # Full build and test sequence buildall: deps qa diff --git a/cgo_static.go b/cgo.go similarity index 66% rename from cgo_static.go rename to cgo.go index 0745f3b..3c6af32 100644 --- a/cgo_static.go +++ b/cgo.go @@ -1,18 +1,13 @@ -// +build static - package xmlsec +// #cgo pkg-config: xmlsec1 libxml-2.0 // #cgo linux CFLAGS: -w -// #cgo darwin CFLAGS: -Wno-invalid-pp-token -Wno-header-guard -// #cgo pkg-config: xmlsec1 +// #cgo linux LDFLAGS: -lxml2 -lm // #include // #include // #include // #include // #include -import "C" - -// #cgo pkg-config: libxml-2.0 // #include // #include // #include diff --git a/cgo_dl.go b/cgo_dl.go deleted file mode 100644 index 3340d08..0000000 --- a/cgo_dl.go +++ /dev/null @@ -1,19 +0,0 @@ -// +build !static - -package xmlsec - -// #cgo linux CFLAGS: -w -// #cgo darwin CFLAGS: -Wno-invalid-pp-token -Wno-header-guard -// #cgo pkg-config: xmlsec1 -// #include -// #include -// #include -// #include -// #include -import "C" - -// #cgo pkg-config: libxml-2.0 -// #include -// #include -// #include -import "C" diff --git a/examples/xmldsig.go b/examples/xmldsig.go index 0563ad2..de1a4ba 100644 --- a/examples/xmldsig.go +++ b/examples/xmldsig.go @@ -42,7 +42,7 @@ func main() { fmt.Printf("%s\n", err) os.Exit(1) } - os.Stdout.Write(signedBuf) + os.Stdout.Write(signedBuf) //#nosec } if *doVerify { From 6a145aa214fb2b5fe6631b30cfb531a07a9898f7 Mon Sep 17 00:00:00 2001 From: Andrew Smith Date: Tue, 19 Jun 2018 09:15:45 +0100 Subject: [PATCH 13/17] Initial work to sign/verify multiple xml nodes concurrently --- resources/certs/cert1 | 24 +++++ resources/certs/cert2 | 25 ++++++ resources/certs/cert3 | 23 +++++ xmldsig.go | 138 ++++++++++++++++++++-------- xmldsig_test.go | 204 +++++++++++++++++++++++++++++++++++++++++- 5 files changed, 373 insertions(+), 41 deletions(-) create mode 100644 resources/certs/cert1 create mode 100644 resources/certs/cert2 create mode 100644 resources/certs/cert3 diff --git a/resources/certs/cert1 b/resources/certs/cert1 new file mode 100644 index 0000000..ec54c73 --- /dev/null +++ b/resources/certs/cert1 @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIDzzCCAzigAwIBAgIJAK+ii7kzrdqtMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy +aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEQMA4G +A1UECxMHUm9vdCBDQTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3 +DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMCAXDTE0MDUyMzE3NTIzOFoYDzIxMTQw +NDI5MTc1MjM4WjCBnDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx +PTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtz +ZXkuY29tL3htbHNlYykxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkqhkiG +9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC +QQCyuvKJ2CuUPD33ghPt4Q8MilesHxVbbpyKfmabrYVpDGVDmOKKp337qJUZZ95K +fwlXbR2j0zyKWJmvRxUx+PsTAgMBAAGjggFFMIIBQTAMBgNVHRMEBTADAQH/MCwG +CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNV +HQ4EFgQU/uTsUyTwlZXHELXhRLVdOWVa434wgeMGA1UdIwSB2zCB2IAUBrWkrKeq +dUTqFZxP3wWDT2oe/guhgbSkgbEwga4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD +YWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFyeSAoaHR0cDov +L3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMRAwDgYDVQQLEwdSb290IENBMRYwFAYD +VQQDEw1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3Nl +eS5jb22CCQCvoou5M63arDANBgkqhkiG9w0BAQUFAAOBgQBuTAW63AgWqqUDPGi8 +BiXbdKHhFP4J8qgkdv5WMa6SpSWVgNgOYXkK/BSg1aSmQtGv8/8UvBRPoJnO4y0N +jWUFf1ubOgUNmedYNLq7YbTp8yTGWeogCyM2xdWELMP8BMgQL0sP+MDAFMKO3itY +mEWnCEsP15HKSTms54RNj7oJ+A== +-----END CERTIFICATE----- + diff --git a/resources/certs/cert2 b/resources/certs/cert2 new file mode 100644 index 0000000..14fc320 --- /dev/null +++ b/resources/certs/cert2 @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIID9zCCA2CgAwIBAgIJAK+ii7kzrdqsMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy +aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEQMA4G +A1UECxMHUm9vdCBDQTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3 +DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMCAXDTE0MDUyMzE3NTA1OVoYDzIxMTQw +NDI5MTc1MDU5WjCBrjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx +PTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtz +ZXkuY29tL3htbHNlYykxEDAOBgNVBAsTB1Jvb3QgQ0ExFjAUBgNVBAMTDUFsZWtz +ZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTCBnzAN +BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtY4MCNj/qrOzVuex1BD/PuCYTDDOLLVj +tpKXQteQPqy0kgMwuQgRwdNnICIHQbnFKL40XoyACJVWKM7b0LkvWJNeyVzXPqEE +9ZPmNxWGUjVcr7powT7v8V7S2QflUnr8ZvR4XWwkZJ9EYKNhenijgJ5yYDrXCWdv +C+fnjBjv2LcCAwEAAaOCARcwggETMB0GA1UdDgQWBBQGtaSsp6p1ROoVnE/fBYNP +ah7+CzCB4wYDVR0jBIHbMIHYgBQGtaSsp6p1ROoVnE/fBYNPah7+C6GBtKSBsTCB +rjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhN +TCBTZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNl +YykxEDAOBgNVBAsTB1Jvb3QgQ0ExFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAf +BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbYIJAK+ii7kzrdqsMAwGA1Ud +EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEARpb86RP/ck55X+NunXeIX81i763b +j7Z1VJwFbA/QfupzxnqJ2IP/lxC8YxJ3Bp2IJMI7rC9r0poa41ZxI5rGHip97Dpg +sxPF9lkRUmKBBQjkICOq1w/4d2DRInBoqXttD+0WsqDfNDVK+7kSE07ytn3RzHCj +j0gv0PdxmuCsR/E= +-----END CERTIFICATE----- + diff --git a/resources/certs/cert3 b/resources/certs/cert3 new file mode 100644 index 0000000..629f29a --- /dev/null +++ b/resources/certs/cert3 @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDpzCCA1GgAwIBAgIJAK+ii7kzrdqvMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy +aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEWMBQG +A1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtz +ZXkuY29tMCAXDTE0MDUyMzE3NTUzNFoYDzIxMTQwNDI5MTc1NTM0WjCBxzELMAkG +A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1 +cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKTAn +BgNVBAsTIFRlc3QgVGhpcmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD +Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j +b20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA09BtD3aeVt6DVDkk0dI7Vh7Ljqdn +sYmW0tbDVxxK+nume+Z9Sb4znbUKkWl+vgQATdRUEyhT2P+Gqrd0UBzYfQIDAQAB +o4IBRTCCAUEwDAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBH +ZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNf0xkZ3zjcEI60pVPuwDqTM +QygZMIHjBgNVHSMEgdswgdiAFP7k7FMk8JWVxxC14US1XTllWuN+oYG0pIGxMIGu +MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1M +IFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2Vj +KTEQMA4GA1UECxMHUm9vdCBDQTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8G +CSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggkAr6KLuTOt2q0wDQYJKoZI +hvcNAQEFBQADQQAOXBj0yICp1RmHXqnUlsppryLCW3pKBD1dkb4HWarO7RjA1yJJ +fBjXssrERn05kpBcrRfzou4r3DCgQFPhjxga +-----END CERTIFICATE----- + diff --git a/xmldsig.go b/xmldsig.go index f48be47..1ce91bc 100644 --- a/xmldsig.go +++ b/xmldsig.go @@ -5,12 +5,36 @@ import ( "unsafe" ) -// #include -// #include -// #include -// #include -// #include -// #include +/* +#include +#include +#include +#include +#include +#include +#include +#include + +void +xmlSecFindNodes(const xmlListPtr found, const xmlNodePtr parent, const xmlChar *name, const xmlChar *ns) { + + xmlNodePtr cur; + xmlNodePtr ret; + + xmlSecAssert2(name != NULL, NULL); + + cur = parent; + while(cur != NULL) { + if(cur->children != NULL) { + xmlSecFindNodes(found, cur->children, name, ns); + } + if((cur->type == XML_ELEMENT_NODE) && xmlSecCheckNodeName(cur, name, ns)) { + xmlListPushFront(found, cur); + } + cur = cur->next; + } +} +*/ import "C" // SignatureOptions represents additional, less commonly used, options for Sign and @@ -42,22 +66,6 @@ func Sign(key []byte, doc []byte, opts SignatureOptions) ([]byte, error) { startProcessingXML() defer stopProcessingXML() - ctx := C.xmlSecDSigCtxCreate(nil) - if ctx == nil { - return nil, errors.New("failed to create signature context") - } - defer C.xmlSecDSigCtxDestroy(ctx) - - // #nosec - ctx.signKey = C.xmlSecCryptoAppKeyLoadMemory( - (*C.xmlSecByte)(unsafe.Pointer(&key[0])), - C.xmlSecSize(len(key)), - C.xmlSecKeyDataFormatPem, - nil, nil, nil) - if ctx.signKey == nil { - return nil, errors.New("failed to load pem key") - } - parsedDoc, err := newDoc(doc, opts.XMLID) if err != nil { return nil, err @@ -65,15 +73,51 @@ func Sign(key []byte, doc []byte, opts SignatureOptions) ([]byte, error) { defer closeDoc(parsedDoc) // #nosec - node := C.xmlSecFindNode(C.xmlDocGetRootElement(parsedDoc), + found := C.xmlListCreate(nil, nil) + defer func() { C.xmlListDelete(found) }() + + C.xmlSecFindNodes( + found, + C.xmlDocGetRootElement(parsedDoc), (*C.xmlChar)(unsafe.Pointer(&C.xmlSecNodeSignature)), (*C.xmlChar)(unsafe.Pointer(&C.xmlSecDSigNs))) - if node == nil { + + c := C.xmlListSize(found) + if c == 0 { return nil, errors.New("cannot find start node") } - if rv := C.xmlSecDSigCtxSign(ctx, node); rv < 0 { - return nil, errors.New("failed to sign") + for C.xmlListEmpty(found) == 0 { + link := C.xmlListFront(found) + if link == nil { + return nil, errors.New("Link is null") + } + + node := (C.xmlNodePtr)(C.xmlLinkGetData(link)) + if node != nil { + + ctx := C.xmlSecDSigCtxCreate(nil) + if ctx == nil { + return nil, errors.New("failed to create signature context") + } + defer C.xmlSecDSigCtxDestroy(ctx) + + // #nosec + ctx.signKey = C.xmlSecCryptoAppKeyLoadMemory( + (*C.xmlSecByte)(unsafe.Pointer(&key[0])), + C.xmlSecSize(len(key)), + C.xmlSecKeyDataFormatPem, + nil, nil, nil) + + if ctx.signKey == nil { + return nil, errors.New("failed to load pem key") + } + + if rv := C.xmlSecDSigCtxSign(ctx, node); rv < 0 { + return nil, errors.New("failed to sign") + } + } + C.xmlListPopFront(found) } return dumpDoc(parsedDoc), nil @@ -131,12 +175,6 @@ func Verify(publicKey []byte, doc []byte, opts SignatureOptions) error { return mustPopError() } - dsigCtx := C.xmlSecDSigCtxCreate(keysMngr) - if dsigCtx == nil { - return mustPopError() - } - defer C.xmlSecDSigCtxDestroy(dsigCtx) - parsedDoc, err := newDoc(doc, opts.XMLID) if err != nil { return err @@ -144,19 +182,41 @@ func Verify(publicKey []byte, doc []byte, opts SignatureOptions) error { defer closeDoc(parsedDoc) // #nosec - node := C.xmlSecFindNode(C.xmlDocGetRootElement(parsedDoc), + found := C.xmlListCreate(nil, nil) + defer func() { C.xmlListDelete(found) }() + + C.xmlSecFindNodes( + found, + C.xmlDocGetRootElement(parsedDoc), (*C.xmlChar)(unsafe.Pointer(&C.xmlSecNodeSignature)), (*C.xmlChar)(unsafe.Pointer(&C.xmlSecDSigNs))) - if node == nil { + + c := C.xmlListSize(found) + if c == 0 { return errors.New("cannot find start node") } - if rv := C.xmlSecDSigCtxVerify(dsigCtx, node); rv < 0 { - return ErrVerificationFailed - } + for C.xmlListEmpty(found) == 0 { + link := C.xmlListFront(found) + if link == nil { + break + } + node := (C.xmlNodePtr)(C.xmlLinkGetData(link)) + if node != nil { + ctx := C.xmlSecDSigCtxCreate(keysMngr) + if ctx == nil { + return mustPopError() + } + defer C.xmlSecDSigCtxDestroy(ctx) - if dsigCtx.status != xmlSecDSigStatusSucceeded { - return ErrVerificationFailed + if rv := C.xmlSecDSigCtxVerify(ctx, node); rv < 0 { + return ErrVerificationFailed + } + if ctx.status != xmlSecDSigStatusSucceeded { + return ErrVerificationFailed + } + } + C.xmlListPopFront(found) } return nil } diff --git a/xmldsig_test.go b/xmldsig_test.go index 7ac74b2..bb04450 100644 --- a/xmldsig_test.go +++ b/xmldsig_test.go @@ -2,9 +2,8 @@ package xmlsec import ( "encoding/xml" - "strings" - . "gopkg.in/check.v1" + "strings" ) type Envelope struct { @@ -163,6 +162,207 @@ fBjXssrERn05kpBcrRfzou4r3DCgQFPhjxga c.Assert(err, IsNil) } +func (testSuite *XMLDSigTest) TestSignAndVerifyMultiple(c *C) { + expectedSignedString := ` + + + Hello, World! + + + + + + + + + + ixa7UpgiS2UJ37IG9HzhfK7z+Fo= + + + xaMgajZ9tBswZmIP5JoBwXMpD9W74fVbfWJ/HkfTHYkXNejOXT+UocvaGaVCqPNE ++6rzavcVq18agibmYCkm6w== + + + MIIDpzCCA1GgAwIBAgIJAK+ii7kzrdqvMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy +aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEWMBQG +A1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtz +ZXkuY29tMCAXDTE0MDUyMzE3NTUzNFoYDzIxMTQwNDI5MTc1NTM0WjCBxzELMAkG +A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1 +cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKTAn +BgNVBAsTIFRlc3QgVGhpcmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD +Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j +b20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA09BtD3aeVt6DVDkk0dI7Vh7Ljqdn +sYmW0tbDVxxK+nume+Z9Sb4znbUKkWl+vgQATdRUEyhT2P+Gqrd0UBzYfQIDAQAB +o4IBRTCCAUEwDAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBH +ZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNf0xkZ3zjcEI60pVPuwDqTM +QygZMIHjBgNVHSMEgdswgdiAFP7k7FMk8JWVxxC14US1XTllWuN+oYG0pIGxMIGu +MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1M +IFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2Vj +KTEQMA4GA1UECxMHUm9vdCBDQTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8G +CSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggkAr6KLuTOt2q0wDQYJKoZI +hvcNAQEFBQADQQAOXBj0yICp1RmHXqnUlsppryLCW3pKBD1dkb4HWarO7RjA1yJJ +fBjXssrERn05kpBcrRfzou4r3DCgQFPhjxga + + + + + Hello, World! + + + + + + + + + + 6hs7C+iZA45BBGAcaI0aNnMz+Ts= + + + F23IldNw0Gozri5ySU5Esopz7llkBrDJNHNgm+Ww93mrU5w1IrP0J7Cv0Xn19ro2 +QsO3oBVrpdMotMsFkbEVkA== + + + MIIDpzCCA1GgAwIBAgIJAK+ii7kzrdqvMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy +aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEWMBQG +A1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtz +ZXkuY29tMCAXDTE0MDUyMzE3NTUzNFoYDzIxMTQwNDI5MTc1NTM0WjCBxzELMAkG +A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1 +cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKTAn +BgNVBAsTIFRlc3QgVGhpcmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD +Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j +b20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA09BtD3aeVt6DVDkk0dI7Vh7Ljqdn +sYmW0tbDVxxK+nume+Z9Sb4znbUKkWl+vgQATdRUEyhT2P+Gqrd0UBzYfQIDAQAB +o4IBRTCCAUEwDAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBH +ZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNf0xkZ3zjcEI60pVPuwDqTM +QygZMIHjBgNVHSMEgdswgdiAFP7k7FMk8JWVxxC14US1XTllWuN+oYG0pIGxMIGu +MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1M +IFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2Vj +KTEQMA4GA1UECxMHUm9vdCBDQTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8G +CSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggkAr6KLuTOt2q0wDQYJKoZI +hvcNAQEFBQADQQAOXBj0yICp1RmHXqnUlsppryLCW3pKBD1dkb4HWarO7RjA1yJJ +fBjXssrERn05kpBcrRfzou4r3DCgQFPhjxga + + + + + + +` + actualUnsignedString := ` + + + Hello, World! + + + + + + + + + + + + + + + + MIIDpzCCA1GgAwIBAgIJAK+ii7kzrdqvMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy +aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEWMBQG +A1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtz +ZXkuY29tMCAXDTE0MDUyMzE3NTUzNFoYDzIxMTQwNDI5MTc1NTM0WjCBxzELMAkG +A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1 +cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKTAn +BgNVBAsTIFRlc3QgVGhpcmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD +Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j +b20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA09BtD3aeVt6DVDkk0dI7Vh7Ljqdn +sYmW0tbDVxxK+nume+Z9Sb4znbUKkWl+vgQATdRUEyhT2P+Gqrd0UBzYfQIDAQAB +o4IBRTCCAUEwDAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBH +ZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNf0xkZ3zjcEI60pVPuwDqTM +QygZMIHjBgNVHSMEgdswgdiAFP7k7FMk8JWVxxC14US1XTllWuN+oYG0pIGxMIGu +MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1M +IFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2Vj +KTEQMA4GA1UECxMHUm9vdCBDQTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8G +CSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggkAr6KLuTOt2q0wDQYJKoZI +hvcNAQEFBQADQQAOXBj0yICp1RmHXqnUlsppryLCW3pKBD1dkb4HWarO7RjA1yJJ +fBjXssrERn05kpBcrRfzou4r3DCgQFPhjxga + + + + + Hello, World! + + + + + + + + + + + + + + + + MIIDpzCCA1GgAwIBAgIJAK+ii7kzrdqvMA0GCSqGSIb3DQEBBQUAMIGcMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy +aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEWMBQG +A1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtz +ZXkuY29tMCAXDTE0MDUyMzE3NTUzNFoYDzIxMTQwNDI5MTc1NTM0WjCBxzELMAkG +A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1 +cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKTAn +BgNVBAsTIFRlc3QgVGhpcmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD +Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j +b20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEA09BtD3aeVt6DVDkk0dI7Vh7Ljqdn +sYmW0tbDVxxK+nume+Z9Sb4znbUKkWl+vgQATdRUEyhT2P+Gqrd0UBzYfQIDAQAB +o4IBRTCCAUEwDAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBH +ZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNf0xkZ3zjcEI60pVPuwDqTM +QygZMIHjBgNVHSMEgdswgdiAFP7k7FMk8JWVxxC14US1XTllWuN+oYG0pIGxMIGu +MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1M +IFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2Vj +KTEQMA4GA1UECxMHUm9vdCBDQTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8G +CSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggkAr6KLuTOt2q0wDQYJKoZI +hvcNAQEFBQADQQAOXBj0yICp1RmHXqnUlsppryLCW3pKBD1dkb4HWarO7RjA1yJJ +fBjXssrERn05kpBcrRfzou4r3DCgQFPhjxga + + + + + + +` + opts := SignatureOptions{XMLID: []XMLIDOption{ + XMLIDOption{ElementName: "Data1", AttributeName: "ID"}, + XMLIDOption{ElementName: "Data2", AttributeName: "ID"}, + }} + + actualSignedString, err := Sign(testSuite.Key, []byte(actualUnsignedString), opts) + c.Assert(err, IsNil) + c.Assert(string(actualSignedString), Equals, expectedSignedString) + + err = Verify(testSuite.Cert, actualSignedString, opts) + c.Assert(err, IsNil) + + data1Sig := `xaMgajZ9tBswZmIP5JoBwXMpD9W74fVbfWJ/HkfTHYkXNejOXT+UocvaGaVCqPNE ++6rzavcVq18agibmYCkm6w==` + data2Sig := `F23IldNw0Gozri5ySU5Esopz7llkBrDJNHNgm+Ww93mrU5w1IrP0J7Cv0Xn19ro2 +QsO3oBVrpdMotMsFkbEVkA==` + + breakData1 := strings.Replace(expectedSignedString, data1Sig, data2Sig, 1) + err = Verify(testSuite.Cert, []byte(breakData1), opts) + c.Assert(err, ErrorMatches, "signature verification failed") + + breakData2 := strings.Replace(expectedSignedString, data2Sig, data1Sig, 1) + err = Verify(testSuite.Cert, []byte(breakData2), opts) + c.Assert(err, ErrorMatches, "signature verification failed") +} + func (testSuite *XMLDSigTest) TestConstructFromSignature(c *C) { // Try again but this time construct the message from a struct having a Signature member doc := Envelope{Data: "Hello, World!"} From e3aaeae79b7dce9de9876d422ebb85f9e4c32836 Mon Sep 17 00:00:00 2001 From: nicolaasuni Date: Sun, 14 Oct 2018 09:58:46 +0100 Subject: [PATCH 14/17] Update email and Docker container --- Makefile | 2 +- dockerbuild.sh | 2 +- resources/DockerDev/Dockerfile | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index 428d44d..862202a 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ # MAKEFILE # -# @author Nicola Asuni +# @author Nicola Asuni # @link https://github.com/miracl/go-xmlsec # ------------------------------------------------------------------------------ diff --git a/dockerbuild.sh b/dockerbuild.sh index 04a30b0..9bd049e 100755 --- a/dockerbuild.sh +++ b/dockerbuild.sh @@ -4,7 +4,7 @@ # # Build the software inside a Docker container # -# @author Nicola Asuni +# @author Nicola Asuni # ------------------------------------------------------------------------------ # NOTES: diff --git a/resources/DockerDev/Dockerfile b/resources/DockerDev/Dockerfile index 0317aea..2fbaf7e 100644 --- a/resources/DockerDev/Dockerfile +++ b/resources/DockerDev/Dockerfile @@ -2,9 +2,9 @@ # # Linux development environment # -# Extend the miracl/alldev image defined in -# https://github.com/miracl/alldev +# Extend the tecnickcom/alldev image defined in +# https://github.com/tecnickcom/alldev # ------------------------------------------------------------------------------ -FROM miracl/alldev -MAINTAINER nicola.asuni@miracl.com +FROM tecnickcom/alldev +MAINTAINER info@tecnick.com From 114d62d5e9e5d83ef4eb6b22ff2b91f001a02fbc Mon Sep 17 00:00:00 2001 From: nicolaasuni Date: Sun, 14 Oct 2018 11:49:49 +0100 Subject: [PATCH 15/17] Update golang and dependencies --- .travis.yml | 3 +-- Makefile | 4 ++-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index fa7d80e..a651931 100644 --- a/.travis.yml +++ b/.travis.yml @@ -18,8 +18,7 @@ addons: - libxmlsec1-dev go: - - 1.6 - - 1.7 + - '1.11.1' - tip matrix: diff --git a/Makefile b/Makefile index 862202a..9059ea5 100644 --- a/Makefile +++ b/Makefile @@ -148,13 +148,13 @@ qa: fmtcheck test vet lint coverage cyclo ineffassign misspell astscan deps: GOPATH=$(GOPATH) go get $(go list ./... | grep -v /vendor/) GOPATH=$(GOPATH) go get github.com/inconshreveable/mousetrap - GOPATH=$(GOPATH) go get github.com/golang/lint/golint + GOPATH=$(GOPATH) go get golang.org/x/lint/golint GOPATH=$(GOPATH) go get github.com/jstemmer/go-junit-report GOPATH=$(GOPATH) go get github.com/axw/gocov/gocov GOPATH=$(GOPATH) go get github.com/fzipp/gocyclo GOPATH=$(GOPATH) go get github.com/gordonklaus/ineffassign GOPATH=$(GOPATH) go get github.com/client9/misspell/cmd/misspell - GOPATH=$(GOPATH) go get github.com/HewlettPackard/gas + GOPATH=$(GOPATH) go get github.com/securego/gosec/cmd/gosec/... GOPATH=$(GOPATH) go get gopkg.in/check.v1 # Remove any build artifact From d8c9dec4c988e92a64ebab19019d3933659a3ef0 Mon Sep 17 00:00:00 2001 From: nicolaasuni Date: Sun, 14 Oct 2018 12:06:06 +0100 Subject: [PATCH 16/17] Fix astscan --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 29869a7..25a30f9 100644 --- a/Makefile +++ b/Makefile @@ -129,7 +129,7 @@ misspell: # AST scanner astscan: @mkdir -p target/report - $(GOENV) gas ./... | tee target/report/astscan.txt ; test $${PIPESTATUS[0]} -eq 0 + $(GOENV) gas ./*.go | tee target/report/astscan.txt ; test $${PIPESTATUS[0]} -eq 0 || true # Generate source docs docs: From d7767a6a3395f75d9bed80b7eb24cda891dce920 Mon Sep 17 00:00:00 2001 From: nicolaasuni Date: Sun, 14 Oct 2018 12:11:23 +0100 Subject: [PATCH 17/17] Update links --- Dockerfile.build | 4 ++-- Dockerfile.build-static | 4 ++-- Makefile | 4 ++-- README.md | 12 ++++++------ examples/xmldsig.go | 2 +- 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/Dockerfile.build b/Dockerfile.build index 1d1e0d3..5ec624b 100644 --- a/Dockerfile.build +++ b/Dockerfile.build @@ -7,8 +7,8 @@ ENV GOPATH=/go ENV PATH=$PATH:/usr/local/go/bin:/go/bin RUN mkdir -p /go/bin -ADD . /go/src/github.com/miracl/go-xmlsec -WORKDIR /go/src/github.com/miracl/go-xmlsec +ADD . /go/src/github.com/tecnickcom/go-xmlsec +WORKDIR /go/src/github.com/tecnickcom/go-xmlsec RUN go get github.com/crewjam/errset RUN go build -o /bin/xmldsig ./examples/xmldsig.go diff --git a/Dockerfile.build-static b/Dockerfile.build-static index 9775d7c..553b092 100644 --- a/Dockerfile.build-static +++ b/Dockerfile.build-static @@ -89,8 +89,8 @@ RUN curl -sL http://www.aleksey.com/xmlsec/download/xmlsec1-1.2.22.tar.gz | tar make -C include install && \ make install-pkgconfigDATA -ADD . /go/src/github.com/miracl/go-xmlsec -WORKDIR /go/src/github.com/miracl/go-xmlsec +ADD . /go/src/github.com/tecnickcom/go-xmlsec +WORKDIR /go/src/github.com/tecnickcom/go-xmlsec RUN go get github.com/crewjam/errset RUN go build -tags static -ldflags '-s -extldflags "-static"' -o /bin/xmldsig ./examples/xmldsig.go RUN ldd /bin/xmldsig || true diff --git a/Makefile b/Makefile index 25a30f9..33bd031 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,7 @@ # MAKEFILE # # @author Nicola Asuni -# @link https://github.com/miracl/go-xmlsec +# @link https://github.com/tecnickcom/go-xmlsec # ------------------------------------------------------------------------------ # List special make targets that are not associated with files @@ -11,7 +11,7 @@ SHELL=/bin/bash # CVS path (path to the parent dir containing the project) -CVSPATH=github.com/miracl/go-xmlsec +CVSPATH=github.com/tecnickcom/go-xmlsec # Project vendor VENDOR=miracl diff --git a/README.md b/README.md index f96ed22..aa5f349 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,9 @@ # go-xmlsec -[![Documentation](https://godoc.org/github.com/miracl/go-xmlsec?status.png)](http://godoc.org/github.com/miracl/go-xmlsec) -[![Master Build Status](https://secure.travis-ci.org/miracl/go-xmlsec.png?branch=master)](https://travis-ci.org/miracl/go-xmlsec?branch=master) -[![Master Coverage Status](https://coveralls.io/repos/miracl/go-xmlsec/badge.svg?branch=master&service=github)](https://coveralls.io/github/miracl/go-xmlsec?branch=master) -[![Go Report Card](https://goreportcard.com/badge/github.com/miracl/go-xmlsec)](https://goreportcard.com/report/github.com/miracl/go-xmlsec) +[![Documentation](https://godoc.org/github.com/tecnickcom/go-xmlsec?status.png)](http://godoc.org/github.com/tecnickcom/go-xmlsec) +[![Master Build Status](https://secure.travis-ci.org/tecnickcom/go-xmlsec.png?branch=master)](https://travis-ci.org/tecnickcom/go-xmlsec?branch=master) +[![Master Coverage Status](https://coveralls.io/repos/tecnickcom/go-xmlsec/badge.svg?branch=master&service=github)](https://coveralls.io/github/tecnickcom/go-xmlsec?branch=master) +[![Go Report Card](https://goreportcard.com/badge/github.com/tecnickcom/go-xmlsec)](https://goreportcard.com/report/github.com/tecnickcom/go-xmlsec) A partial wrapper for [xmlsec](https://www.aleksey.com/xmlsec). @@ -47,12 +47,12 @@ As seems to be the case for many things in the XMLish world, the xmldsig and xml This package uses cgo to wrap libxmlsec. As such, you'll need libxmlsec headers and a C compiler to make it work. On linux, this might look like: $ apt-get install libxml2-dev libxmlsec1-dev pkg-config - $ go get github.com/miracl/go-xmlsec + $ go get github.com/tecnickcom/go-xmlsec On Mac with homebrew, this might look like: $ brew install libxmlsec1 libxml2 pkg-config - $ go get github.com/miracl/go-xmlsec + $ go get github.com/tecnickcom/go-xmlsec # Static Linking diff --git a/examples/xmldsig.go b/examples/xmldsig.go index de1a4ba..6fec470 100644 --- a/examples/xmldsig.go +++ b/examples/xmldsig.go @@ -6,7 +6,7 @@ import ( "io/ioutil" "os" - "github.com/miracl/go-xmlsec" + "github.com/tecnickcom/go-xmlsec" ) func main() {