[xmlsec] how to load non-standard <KeyInfo/>
aleksey at aleksey.com
Thu Jul 17 15:10:57 PDT 2008
Correct. But I would use DataRetrieval as an example.
wz qiang wrote:
> hello Aleksey,
> Thank you for your kind reply.
> Just to make sure that I understand you correctly. You meant that I need
> to implement some special key data just like the
> xmlSecOpenSSLKeyDataX509Klass in src/openssl/x509.c, and the
> xmlSecKeyDataRetrieval method, finally I need to register it when by
> using "xmlSecKeyDataIdsRegister"?
> Thanks a lot,
> On 7/17/08, *Aleksey Sanin* <aleksey at aleksey.com
> <mailto:aleksey at aleksey.com>> wrote:
> The "right" way to do it is to create "key data" object for
> reading/writing wsse:SecurityTokenReference node. Look at
> xmlsec/src/keyinfo.c file and search for xmlSecKeyDataRetrieval
> for an example. Note that you don't need to modify xmlsec
> source code. You can create your custom "key data" object
> and then register in xmlsec from your application.
> wz qiang wrote:
> I am using the following node for <KeyInfo/> under <Signature/>
> When I verify it, of cause not like <X509Data/>, the above
> <KeyInfo/> can not be loaded by xmlsec library automatically. So
> how can I load it?
> I try to parser the pubkey out from the binarytoken by using:
> xmlSecOpenSSLAppKeyFromCertLoadBIO(bio, certformat);
> and then load the key into keymanager:
> xmlSecCryptoAppDefaultKeysMngrAdoptKey(keysmanager, key);
> I also loaded the trusted ca certificate by using:
> But it seem is the loaded trusted certificate does not effect
> at all. Becase even if I comment the line
> "xmlSecCryptoAppKeysMngrCertLoad", the verification also works.
> SO I think the trust chain has not been checked.
> Could you tell me how can I load the non-standard <KeyInfo/>,
> and make the trusted chain checkin work as well.
> Thanks in advance.
> Weizhong Qiang
> xmlsec mailing list
> xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
More information about the xmlsec