[xmlsec] X509 Data Has Empty Nodes

Sergio Garcia sergio at ginx.com.br
Mon Jun 6 09:19:37 PDT 2016 

The sign3 example doesn't include the additional X509 key info, like
subject name.
I started with sign3 and included the subject name and what I saw is when
the X509 has nodes, the when signing only that nodes are populated. When I
included the subject name and certificate, I got an additional text node,
containing only a CR. To each additional node I request, an additional text
node is included.
Those text nodes are been included during sign.

I just changed the sign3 example to instead of just add the empty X509Data:

xmlSecTmplKeyInfoAddX509Data(keyInfoNode);
if(x509DataNode == NULL) {
    fprintf(stderr, "Error: failed to add X509Data node\n");
    goto done;
}

It include more key details:

x509DataNode = xmlSecTmplKeyInfoAddX509Data(keyInfoNode);
if(x509DataNode == NULL) {
    fprintf(stderr, "Error: failed to add X509Data node\n");
    goto done;
}

if(xmlSecTmplX509DataAddSubjectName(x509DataNode) == NULL) {
    fprintf(stderr, "Error: failed to add X509SubjectName node\n");
    goto done;
}

if(xmlSecTmplX509DataAddCertificate(x509DataNode) == NULL) {
    fprintf(stderr, "Error: failed to add X509Certificate node\n");
    goto done;
}

On Mon, Jun 6, 2016 at 1:05 PM Aleksey Sanin <aleksey at aleksey.com> wrote:

> Please take a look at the examples/sign3.c -- it does exactly what you
> want and doesn't print any extra lines.
>
> https://github.com/lsh123/xmlsec/blob/master/examples/sign3-res.xml
>
> Aleksey
>
> On 6/5/16 4:36 PM, Sergio Garcia wrote:
> > Hi,
> >
> > I was including the missing functions to handle X509 information when
> > signing XML files to the python-xmlsec wrapper library and noted that
> > when using the subject name I got additional empty nodes to X509Data
> node.
> >
> > This is the X509Data node right before signing the template.
> >
> > <X509Data>
> > <X509SubjectName/>
> > <X509Certificate/>
> > </X509Data>
> >
> > And this is the signed node:
> >
> > <X509Data>
> >
> > <X509Certificate>MIIE3zC...</X509Certificate>
> > <X509SubjectName>emailAddress=xmlsec at aleksey.com
> > <mailto:xmlsec at aleksey.com>,CN=Aleksey Sanin,OU=Examples RSA
> > Certificate,O=XML Security Library
> > (http://www.aleksey.com/xmlsec),ST=California,C=US</X509SubjectName>
> > </X509Data>
> >
> > I put a sample for this (sign4) in my fork
> > at https://github.com/sergio-garcia/xmlsec, but I was unable to
> > determine what is causing this additional empty text nodes.
> >
> > I used Ubuntu 14.04 with the supplied libxmlsec1-dev on my tests.
> >
> > There is something that I'm probably missing?
> >
> > Thanks,
> > --
> >
> >
> > _______________________________________________
> > xmlsec mailing list
> > xmlsec at aleksey.com
> > http://www.aleksey.com/mailman/listinfo/xmlsec
> >
>
--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20160606/65912820/attachment.html>

More information about the xmlsec mailing list