<div>hello Aleksey,</div>
<div>Thank you for your kind reply.</div>
<div>Just to make sure that I understand you correctly. You meant that I need to implement some special key data just like the xmlSecOpenSSLKeyDataX509Klass in src/openssl/x509.c, and the xmlSecKeyDataRetrieval method, finally I need to register it when by using "xmlSecKeyDataIdsRegister"?</div>
<div> </div>
<div>Thanks a lot,</div>
<div>Weizhong<br><br> </div>
<div><span class="gmail_quote">On 7/17/08, <b class="gmail_sendername">Aleksey Sanin</b> <<a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">The "right" way to do it is to create "key data" object for<br>reading/writing wsse:SecurityTokenReference node. Look at<br>
xmlsec/src/keyinfo.c file and search for xmlSecKeyDataRetrieval<br>for an example. Note that you don't need to modify xmlsec<br>source code. You can create your custom "key data" object<br>and then register in xmlsec from your application.<br>
<br>Aleksey<br><br>wz qiang wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div><span class="e" id="q_11b319dc86fdeb97_1">hi,<br>I am using the following node for <KeyInfo/> under <Signature/><br><KeyInfo><wsse:SecurityTokenReference><wsse:Reference URI="#binarytoken"/></wsse:SecurityTokenReference></KeyInfo><br>
When I verify it, of cause not like <X509Data/>, the above <KeyInfo/> can not be loaded by xmlsec library automatically. So how can I load it?<br>I try to parser the pubkey out from the binarytoken by using:<br>
xmlSecOpenSSLAppKeyFromCertLoadBIO(bio, certformat);<br>and then load the key into keymanager:<br>xmlSecCryptoAppDefaultKeysMngrAdoptKey(keysmanager, key);<br> I also loaded the trusted ca certificate by using:<br>xmlSecCryptoAppKeysMngrCertLoad(...);<br>
But it seem is the loaded trusted certificate does not effect at all. Becase even if I comment the line "xmlSecCryptoAppKeysMngrCertLoad", the verification also works.<br> SO I think the trust chain has not been checked.<br>
Could you tell me how can I load the non-standard <KeyInfo/>, and make the trusted chain checkin work as well.<br> Thanks in advance.<br> Weizhong Qiang<br> <br><br></span></div>------------------------------------------------------------------------<br>
<br>_______________________________________________<br>xmlsec mailing list<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a><br><a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.aleksey.com/mailman/listinfo/xmlsec" target="_blank">http://www.aleksey.com/mailman/listinfo/xmlsec</a><br>
</blockquote></blockquote></div><br>