[xmlsec] how to load non-standard <KeyInfo/>
wz qiang
weizhongqiang at gmail.com
Thu Jul 17 14:54:52 PDT 2008
hello Aleksey,
Thank you for your kind reply.
Just to make sure that I understand you correctly. You meant that I need to
implement some special key data just like the xmlSecOpenSSLKeyDataX509Klass
in src/openssl/x509.c, and the xmlSecKeyDataRetrieval method, finally I need
to register it when by using "xmlSecKeyDataIdsRegister"?
Thanks a lot,
Weizhong
On 7/17/08, Aleksey Sanin <aleksey at aleksey.com> wrote:
>
> The "right" way to do it is to create "key data" object for
> reading/writing wsse:SecurityTokenReference node. Look at
> xmlsec/src/keyinfo.c file and search for xmlSecKeyDataRetrieval
> for an example. Note that you don't need to modify xmlsec
> source code. You can create your custom "key data" object
> and then register in xmlsec from your application.
>
> Aleksey
>
> wz qiang wrote:
>
>> hi,
>> I am using the following node for <KeyInfo/> under <Signature/>
>> <KeyInfo><wsse:SecurityTokenReference><wsse:Reference
>> URI="#binarytoken"/></wsse:SecurityTokenReference></KeyInfo>
>> When I verify it, of cause not like <X509Data/>, the above <KeyInfo/> can
>> not be loaded by xmlsec library automatically. So how can I load it?
>> I try to parser the pubkey out from the binarytoken by using:
>> xmlSecOpenSSLAppKeyFromCertLoadBIO(bio, certformat);
>> and then load the key into keymanager:
>> xmlSecCryptoAppDefaultKeysMngrAdoptKey(keysmanager, key);
>> I also loaded the trusted ca certificate by using:
>> xmlSecCryptoAppKeysMngrCertLoad(...);
>> But it seem is the loaded trusted certificate does not effect at all.
>> Becase even if I comment the line "xmlSecCryptoAppKeysMngrCertLoad", the
>> verification also works.
>> SO I think the trust chain has not been checked.
>> Could you tell me how can I load the non-standard <KeyInfo/>, and make
>> the trusted chain checkin work as well.
>> Thanks in advance.
>> Weizhong Qiang
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20080717/792927f9/attachment-0002.htm
More information about the xmlsec
mailing list