<div>hello Aleksey,</div>
<div>It seems a little bit complicated if use your method, because it seems I need to implement the whole certificate chain checking as well. So for now I just put this method into my TODO list, and alternatively use some hack method by inserting <X509Data/> into <KeyInfo/> and delete the node after verification, it works :)</div>
<div> </div>
<div>Thanks a lot,</div>
<div>Weizhong<br><br> </div>
<div><span class="gmail_quote">On 7/18/08, <b class="gmail_sendername">Aleksey Sanin</b> <<a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Correct. But I would use DataRetrieval as an example.<br><br>Aleksey<br><br>wz qiang wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid"><span class="q">hello Aleksey,<br>Thank you for your kind reply.<br>Just to make sure that I understand you correctly. You meant that I need to implement some special key data just like the xmlSecOpenSSLKeyDataX509Klass in src/openssl/x509.c, and the xmlSecKeyDataRetrieval method, finally I need to register it when by using "xmlSecKeyDataIdsRegister"?<br>
Thanks a lot,<br>Weizhong<br><br></span>
<div><span class="e" id="q_11b33137ce7339a6_2"> On 7/17/08, *Aleksey Sanin* <<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a> <mailto:<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>>> wrote:<br>
<br> The "right" way to do it is to create "key data" object for<br> reading/writing wsse:SecurityTokenReference node. Look at<br> xmlsec/src/keyinfo.c file and search for xmlSecKeyDataRetrieval<br>
for an example. Note that you don't need to modify xmlsec<br> source code. You can create your custom "key data" object<br> and then register in xmlsec from your application.<br><br> Aleksey<br><br>
wz qiang wrote:<br><br> hi,<br> I am using the following node for <KeyInfo/> under <Signature/><br> <KeyInfo><wsse:SecurityTokenReference><wsse:Reference<br> URI="#binarytoken"/></wsse:SecurityTokenReference></KeyInfo><br>
When I verify it, of cause not like <X509Data/>, the above<br> <KeyInfo/> can not be loaded by xmlsec library automatically. So<br> how can I load it?<br> I try to parser the pubkey out from the binarytoken by using:<br>
xmlSecOpenSSLAppKeyFromCertLoadBIO(bio, certformat);<br> and then load the key into keymanager:<br> xmlSecCryptoAppDefaultKeysMngrAdoptKey(keysmanager, key);<br> I also loaded the trusted ca certificate by using:<br>
xmlSecCryptoAppKeysMngrCertLoad(...);<br> But it seem is the loaded trusted certificate does not effect<br> at all. Becase even if I comment the line<br> "xmlSecCryptoAppKeysMngrCertLoad", the verification also works.<br>
SO I think the trust chain has not been checked.<br> Could you tell me how can I load the non-standard <KeyInfo/>,<br> and make the trusted chain checkin work as well.<br> Thanks in advance.<br>
Weizhong Qiang<br> <br> ------------------------------------------------------------------------<br><br> _______________________________________________<br> xmlsec mailing list<br></span></div>
<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a> <mailto:<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>><span class="q"><br>
<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.aleksey.com/mailman/listinfo/xmlsec" target="_blank">http://www.aleksey.com/mailman/listinfo/xmlsec</a><br><br><br></span></blockquote></blockquote>
</div><br>