[xmlsec] how to load non-standard <KeyInfo/>
weizhongqiang at gmail.com
Fri Jul 18 04:43:15 PDT 2008
It seems a little bit complicated if use your method, because it seems I
need to implement the whole certificate chain checking as well. So for now I
just put this method into my TODO list, and alternatively use some hack
method by inserting <X509Data/> into <KeyInfo/> and delete the node after
verification, it works :)
Thanks a lot,
On 7/18/08, Aleksey Sanin <aleksey at aleksey.com> wrote:
> Correct. But I would use DataRetrieval as an example.
> wz qiang wrote:
>> hello Aleksey,
>> Thank you for your kind reply.
>> Just to make sure that I understand you correctly. You meant that I need
>> to implement some special key data just like the
>> xmlSecOpenSSLKeyDataX509Klass in src/openssl/x509.c, and the
>> xmlSecKeyDataRetrieval method, finally I need to register it when by using
>> Thanks a lot,
>> On 7/17/08, *Aleksey Sanin* <aleksey at aleksey.com <mailto:
>> aleksey at aleksey.com>> wrote:
>> The "right" way to do it is to create "key data" object for
>> reading/writing wsse:SecurityTokenReference node. Look at
>> xmlsec/src/keyinfo.c file and search for xmlSecKeyDataRetrieval
>> for an example. Note that you don't need to modify xmlsec
>> source code. You can create your custom "key data" object
>> and then register in xmlsec from your application.
>> wz qiang wrote:
>> I am using the following node for <KeyInfo/> under <Signature/>
>> When I verify it, of cause not like <X509Data/>, the above
>> <KeyInfo/> can not be loaded by xmlsec library automatically. So
>> how can I load it?
>> I try to parser the pubkey out from the binarytoken by using:
>> xmlSecOpenSSLAppKeyFromCertLoadBIO(bio, certformat);
>> and then load the key into keymanager:
>> xmlSecCryptoAppDefaultKeysMngrAdoptKey(keysmanager, key);
>> I also loaded the trusted ca certificate by using:
>> But it seem is the loaded trusted certificate does not effect
>> at all. Becase even if I comment the line
>> "xmlSecCryptoAppKeysMngrCertLoad", the verification also works.
>> SO I think the trust chain has not been checked.
>> Could you tell me how can I load the non-standard <KeyInfo/>,
>> and make the trusted chain checkin work as well.
>> Thanks in advance.
>> Weizhong Qiang
>> xmlsec mailing list
>> xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the xmlsec