Use libxml2/xmsec1 for XAdES signature parsing and validation (#607)

IB-7948

Signed-off-by: Raul Metsma <[email protected]>

Author: metsma

.github/workflows/build.yml

@@ -5,7 +5,7 @@ permissions:
 env:
   BUILD_NUMBER: ${{ github.run_number }}
   CMAKE_BUILD_PARALLEL_LEVEL: 4
-  UBUNTU_DEPS: cmake xsdcxx libxml-security-c-dev libxml2-dev libxmlsec1-dev zlib1g-dev
+  UBUNTU_DEPS: cmake libxml2-dev libxmlsec1-dev zlib1g-dev
 jobs:
   macos:
     name: Build on macOS for ${{ matrix.target }}
@@ -21,8 +21,7 @@ jobs:
     - name: Install dependencies
       run: |
         brew update
-        brew install --formula swig doxygen boost xsd || brew link --overwrite xsd
-        brew unlink xerces-c
+        brew install --formula swig doxygen boost
         brew unlink [email protected] || true
         brew unlink [email protected] || true
         brew unlink xz
@@ -32,24 +31,15 @@ jobs:
       with:
         path: cache
         key: ${{ matrix.target }}-${{ hashFiles('prepare_osx_build_environment.sh') }}
-    - name: Build xerces-c
-      if: steps.cache.outputs.cache-hit != 'true'
-      run: ./prepare_osx_build_environment.sh xerces ${{ matrix.target }}
-    - name: Build xalan-c
-      if: steps.cache.outputs.cache-hit != 'true'
-      run: ./prepare_osx_build_environment.sh xalan ${{ matrix.target }}
     - name: Build openssl
       if: steps.cache.outputs.cache-hit != 'true'
       run: ./prepare_osx_build_environment.sh openssl ${{ matrix.target }}
-    - name: Build xml-security-c
-      if: steps.cache.outputs.cache-hit != 'true'
-      run: ./prepare_osx_build_environment.sh xmlsec ${{ matrix.target }}
     - name: Build libxml2
       if: steps.cache.outputs.cache-hit != 'true'
       run: ./prepare_osx_build_environment.sh libxml2 ${{ matrix.target }}
-    - name: Build xmlsec1
+    - name: Build xmlsec
       if: steps.cache.outputs.cache-hit != 'true'
-      run: ./prepare_osx_build_environment.sh xmlasec ${{ matrix.target }}
+      run: ./prepare_osx_build_environment.sh xmlsec ${{ matrix.target }}
     - name: Move to cache
       if: steps.cache.outputs.cache-hit != 'true'
       run: |
@@ -89,7 +79,7 @@ jobs:
     - name: Install Deps
       run: |
         dnf install -y --setopt=install_weak_deps=False \
-          git gcc-c++ cmake rpm-build xml-security-c-devel libxml2-devel xmlsec1-openssl-devel libtool-ltdl-devel zlib-devel doxygen boost-test swig python3-devel java-17-openjdk-devel xsd minizip-devel
+          git gcc-c++ cmake rpm-build libxml2-devel xmlsec1-openssl-devel libtool-ltdl-devel zlib-devel doxygen boost-test swig python3-devel java-17-openjdk-devel minizip-devel
     - name: Install CMake
       if: matrix.container == 39
       run: |
@@ -182,8 +172,6 @@ jobs:
       with:
         python-version: 3.11
         architecture: ${{ matrix.platform }}
-    - name: Build xsd
-      run: .\prepare_win_build_environment.ps1 -xsd
     - name: Install WiX
       run: |
         dotnet tool install -g wix --version 5.0.0

CMakeLists.txt

@@ -52,8 +52,6 @@ find_package(PKCS11)
 #find_package(PoDoFo)
 find_package(Threads)
 find_package(LibXml2 REQUIRED)
-find_package(XmlSecurityC REQUIRED)
-find_package(XSD 4.0 REQUIRED)
 find_package(ZLIB REQUIRED)
 find_package(MiniZip 1 QUIET)
 add_library(xmlsec INTERFACE)

build-library.sh

@@ -93,7 +93,6 @@ cmake --fresh -B ${TARGET} -S . \
     -DCMAKE_OSX_ARCHITECTURES="${ARCHS// /;}" \
     -DCMAKE_FIND_ROOT_PATH="${TARGET_PATH};/usr/local;/opt/homebrew" \
     -DOPENSSL_ROOT_DIR=${TARGET_PATH} \
-    -DXercesC_ROOT=${TARGET_PATH} \
     ${CMAKEARGS}
 cmake --build ${TARGET}
 

build.ps1

@@ -15,7 +15,6 @@ param(
   [string]$swig = $null,
   [string]$doxygen = $null,
   [switch]$boost = $false,
-  [string]$xsd = "$libdigidocpp\xsd",
   [string]$sign = $null
 )
 
@@ -43,7 +42,6 @@ foreach($type in @("Debug", "RelWithDebInfo")) {
     "-DCMAKE_INSTALL_LIBDIR=bin" `
     "-DCMAKE_TOOLCHAIN_FILE=$vcpkg_dir/scripts/buildsystems/vcpkg.cmake" `
     "-DVCPKG_INSTALLED_DIR=$vcpkg_installed\vcpkg_installed_$platform" `
-    "-DXSD_ROOT=$xsd" `
     "-DSIGNCERT=$sign" `
     $cmakeext "&&" $cmake --build $buildpath --target $target "&&" $cmake --install $buildpath
 }

cmake

@@ -6,8 +6,6 @@ Build-Depends:
  debhelper-compat (= 12),
  pkg-config,
  cmake,
- libxml-security-c-dev,
- xsdcxx (>= 4.0) | xsd (>= 4.0),
  libxml2-dev,
  libxmlsec1-dev,
  doxygen,

debian/control

@@ -33,6 +33,7 @@
 -->
 <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" targetNamespace="urn:oasis:names:tc:opendocument:xmlns:digitalsignature:1.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="urn:oasis:names:tc:opendocument:xmlns:digitalsignature:1.0">
   <xs:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
+  <xs:import namespace="http://uri.etsi.org/01903/v1.3.2#" schemaLocation="XAdES01903v132-201601.xsd"/>
   <xs:element name="document-signatures">
     <xs:complexType>
       <xs:sequence>