<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

<head>

  <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">

  <title></title>

</head>

<body>

The cert will be saved to the keys file if (and only if) it is associated

with a key.<br>

xmlSecSimpleKeysMngrLoadPemCert() function has two purposes:<br>

&nbsp;&nbsp;&nbsp; 1) load a "trusted" cert (i.e. root CA cert)<br>

&nbsp;&nbsp;&nbsp; 2) load an "untrusted" cert which could be pointed from XML DSig &lt;dsig:X509Data&gt;<br>

&nbsp;&nbsp;&nbsp; element by subject, issuer serial/issuer name or SKI (<a class="moz-txt-link-freetext" href="http://www.w3.org/TR/xmldsig-core/#sec-X509Data">http://www.w3.org/TR/xmldsig-core/#sec-X509Data</a>)<br>

<br>

<br>

Aleksey<br>

<br>

Devin Heitmueller wrote:<br>

<blockquote type="cite"

 cite="mid1031077369.14178.4.camel@devin.netilla.com">

  <pre wrap="">I am attempting to make use of the xmlSecSimpleKeysMngrLoadPemCert

facility to load a certificate from a file into the key manager.  The

call returns with  no errors, but it looks like the cert is never

actually added to the key manager store.

I wrote some sample code to demonstrate the problem (see attached).  I

am attempting to add the DSA certificate dsacert.pem that is included

with the distribution in the "tests/keys" directory.  The sample code

creates the key manager instance, adds the certificate, then saves the

key manager contents out to an XML file.

I suspect I am using the function wrong, but any advice that could be

offered would be greatly appreciated.

Thanks,

  </pre>

  <pre wrap="">

<hr width="90%" size="4">

-----BEGIN CERTIFICATE-----

MIIEvTCCBGegAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBojELMAkGA1UEBhMCVVMx

EzARBgNVBAgTCkNhbGlmb3JuaWExJjAkBgNVBAoTHWh0dHA6Ly93d3cuYWxla3Nl

eS5jb20veG1sc2VjMRowGAYDVQQLExFTZWNvbmQgTGV2ZWwgQ2VydDEWMBQGA1UE

AxMNQWxla3NleSBTYW5pbjEiMCAGCSqGSIb3DQEJARYTYWxla3NleUBhbGVrc2V5

LmNvbTAeFw0wMjAzMjkyMjI2NTNaFw0wMzAzMjkyMjI2NTNaMIGkMQswCQYDVQQG

EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEmMCQGA1UEChMdaHR0cDovL3d3dy5h

bGVrc2V5LmNvbS94bWxzZWMxHDAaBgNVBAsTE0RTQSBLZXkgQ2VydGlmaWNhdGUx

FjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xIjAgBgkqhkiG9w0BCQEWE2FsZWtzZXlA

YWxla3NleS5jb20wggG2MIIBKwYHKoZIzjgEATCCAR4CgYEAimW6KYBPYXAf6itS

AuYs1aLPfs8/vBEiusv/pl1XMiuMvB7vyiJgSj8/NTkRci/UX/rVXv8rbCRjvYFX

3x5/53f4hc6HKz7JQI4qqB7Fl5N86zp+BsQxNQ4tzous9S2HTd2/zdTwVsvO+H9l

3FahmVp/m2IHE4W27JYoF49qP10CFQC//HNaqNG+J6STasxbfCliylP1SwKBgFCM

s1A5S3urggoBeEYffH4imb4OuFCeBTOS/lmwkjJlbBTdOn08Mct52jzzgs86Ln7B

7/wb3toL6w73dO/KF1iSX/QOOKSGZyZHYxIZtkbAxaVzatLTymRXI1bHZqoODF+m

DbsKb2bk8EqAxubtUDDdJph/YJmyE94/ceDDvuxGA4GEAAKBgDp/igSRN6tU0YRv

UbKTV9NVSOQtFc0suDf0MguGMxBDaKtxiZChyGKvoK6vWalfcYNhnqP95qoXXBDT

rWEZlhHzmSY9fKLpA+kzXHmEWeB4x4yt1mN8CtjlekDpcvpN38YBEKT/+yJQpGuW

CAi7h1626o5+W9F3CvS9hg7Vjso7o4IBJjCCASIwCQYDVR0TBAIwADAsBglghkgB

hvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYE

FEe1ThoXo+wDwzhsCfW0cuROuISWMIHHBgNVHSMEgb8wgbyAFHjXLZFhL5UiSrvh

1T3GJq+rl9IEoYGgpIGdMIGaMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv

cm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMSYwJAYDVQQKEx1odHRwOi8vd3d3LmFs

ZWtzZXkuY29tL3htbHNlYzEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEiMCAGCSqG

SIb3DQEJARYTYWxla3NleUBhbGVrc2V5LmNvbYIBATANBgkqhkiG9w0BAQQFAANB

AL2thaC8jmlUvEGLHR1B3+7XJho4sXllkHgclSXJnD/NGssj5XzQHpbLVSfNEEUe

JKG28F0vyT05hEsXAHAtg9o=

-----END CERTIFICATE-----

  </pre>

  <pre wrap="">

<hr width="90%" size="4">

/*

 * Netilla License Display tool

 * Devin J. Heitmueller Aug 27 2002

 */

#include &lt;stdio.h&gt;

#include &lt;string.h&gt;

#include &lt;stdlib.h&gt;

/*

 * COMPAT using xml-config --cflags to get the include path this will

 * work with both 

 */

#include &lt;libxml/xmlmemory.h&gt;

#include &lt;libxml/parser.h&gt;

/* Required for xmlsec */

#include &lt;xmlsec/xmlsec.h&gt;

#include &lt;xmlsec/xmldsig.h&gt; 

#include &lt;xmlsec/keysmngr.h&gt;

#include &lt;xmlsec/xmltree.h&gt;

int

main (int argc, char **argv)

{

  xmlSecKeyPtr pubkey;

  xmlSecDSigCtxPtr dsigCtx = NULL;

  xmlSecKeysMngrPtr keysMngr = NULL; 

  int load_pub_cert_result = 0;

  int rnd_seed = 0;

  /** 

   * Init OpenSSL

   */    

  while (RAND_status() != 1) {

    RAND_seed(&amp;rnd_seed, sizeof(rnd_seed));

  }

  /*

   * Init libxml

   */     

  xmlInitParser();

  LIBXML_TEST_VERSION

  /*

   * Init xmlsec

   */

  xmlSecInit();    

  /** 

   * Create Keys managers

   */

  keysMngr = xmlSecSimpleKeysMngrCreate();    

  if(keysMngr == NULL) {

    fprintf(stderr, "Error: failed to create keys manager\n");

    return -1;

  }

  /** 

   * Add the test cert to the public key list

   */

  load_pub_cert_result = xmlSecSimpleKeysMngrLoadPemCert (keysMngr,

                                                          "dsacert.pem", 1);

  if (load_pub_cert_result != 0)

    {

      fprintf(stderr, "Error: failed load public key\n");

      return -1;

    }

  /* Write the keys back to a file */

  xmlSecSimpleKeysMngrSave(keysMngr, "test.xml", xmlSecKeyTypeAny);

  return 0;

}

  </pre>

</blockquote>

<br>

</body>

</html>