[xmlsec] Problem with xmlSecSimpleKeysMngrLoadPemCert

Aleksey Sanin aleksey at aleksey.com
Tue Sep 3 11:42:15 PDT 2002 

The cert will be saved to the keys file if (and only if) it is 
associated with a key.
xmlSecSimpleKeysMngrLoadPemCert() function has two purposes:
    1) load a "trusted" cert (i.e. root CA cert)
    2) load an "untrusted" cert which could be pointed from XML DSig 
<dsig:X509Data>
    element by subject, issuer serial/issuer name or SKI 
(http://www.w3.org/TR/xmldsig-core/#sec-X509Data)


Aleksey

Devin Heitmueller wrote:

>I am attempting to make use of the xmlSecSimpleKeysMngrLoadPemCert
>facility to load a certificate from a file into the key manager.  The
>call returns with  no errors, but it looks like the cert is never
>actually added to the key manager store.
>
>I wrote some sample code to demonstrate the problem (see attached).  I
>am attempting to add the DSA certificate dsacert.pem that is included
>with the distribution in the "tests/keys" directory.  The sample code
>creates the key manager instance, adds the certificate, then saves the
>key manager contents out to an XML file.
>
>I suspect I am using the function wrong, but any advice that could be
>offered would be greatly appreciated.
>
>Thanks,
>
>  
>
>------------------------------------------------------------------------
>
>-----BEGIN CERTIFICATE-----
>MIIEvTCCBGegAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBojELMAkGA1UEBhMCVVMx
>EzARBgNVBAgTCkNhbGlmb3JuaWExJjAkBgNVBAoTHWh0dHA6Ly93d3cuYWxla3Nl
>eS5jb20veG1sc2VjMRowGAYDVQQLExFTZWNvbmQgTGV2ZWwgQ2VydDEWMBQGA1UE
>AxMNQWxla3NleSBTYW5pbjEiMCAGCSqGSIb3DQEJARYTYWxla3NleUBhbGVrc2V5
>LmNvbTAeFw0wMjAzMjkyMjI2NTNaFw0wMzAzMjkyMjI2NTNaMIGkMQswCQYDVQQG
>EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEmMCQGA1UEChMdaHR0cDovL3d3dy5h
>bGVrc2V5LmNvbS94bWxzZWMxHDAaBgNVBAsTE0RTQSBLZXkgQ2VydGlmaWNhdGUx
>FjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xIjAgBgkqhkiG9w0BCQEWE2FsZWtzZXlA
>YWxla3NleS5jb20wggG2MIIBKwYHKoZIzjgEATCCAR4CgYEAimW6KYBPYXAf6itS
>AuYs1aLPfs8/vBEiusv/pl1XMiuMvB7vyiJgSj8/NTkRci/UX/rVXv8rbCRjvYFX
>3x5/53f4hc6HKz7JQI4qqB7Fl5N86zp+BsQxNQ4tzous9S2HTd2/zdTwVsvO+H9l
>3FahmVp/m2IHE4W27JYoF49qP10CFQC//HNaqNG+J6STasxbfCliylP1SwKBgFCM
>s1A5S3urggoBeEYffH4imb4OuFCeBTOS/lmwkjJlbBTdOn08Mct52jzzgs86Ln7B
>7/wb3toL6w73dO/KF1iSX/QOOKSGZyZHYxIZtkbAxaVzatLTymRXI1bHZqoODF+m
>DbsKb2bk8EqAxubtUDDdJph/YJmyE94/ceDDvuxGA4GEAAKBgDp/igSRN6tU0YRv
>UbKTV9NVSOQtFc0suDf0MguGMxBDaKtxiZChyGKvoK6vWalfcYNhnqP95qoXXBDT
>rWEZlhHzmSY9fKLpA+kzXHmEWeB4x4yt1mN8CtjlekDpcvpN38YBEKT/+yJQpGuW
>CAi7h1626o5+W9F3CvS9hg7Vjso7o4IBJjCCASIwCQYDVR0TBAIwADAsBglghkgB
>hvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYE
>FEe1ThoXo+wDwzhsCfW0cuROuISWMIHHBgNVHSMEgb8wgbyAFHjXLZFhL5UiSrvh
>1T3GJq+rl9IEoYGgpIGdMIGaMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv
>cm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMSYwJAYDVQQKEx1odHRwOi8vd3d3LmFs
>ZWtzZXkuY29tL3htbHNlYzEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEiMCAGCSqG
>SIb3DQEJARYTYWxla3NleUBhbGVrc2V5LmNvbYIBATANBgkqhkiG9w0BAQQFAANB
>AL2thaC8jmlUvEGLHR1B3+7XJho4sXllkHgclSXJnD/NGssj5XzQHpbLVSfNEEUe
>JKG28F0vyT05hEsXAHAtg9o=
>-----END CERTIFICATE-----
>  
>
>------------------------------------------------------------------------
>
>/*
> * Netilla License Display tool
> * Devin J. Heitmueller Aug 27 2002
> */
>
>#include <stdio.h>
>#include <string.h>
>#include <stdlib.h>
>
>/*
> * COMPAT using xml-config --cflags to get the include path this will
> * work with both 
> */
>#include <libxml/xmlmemory.h>
>#include <libxml/parser.h>
>
>/* Required for xmlsec */
>#include <xmlsec/xmlsec.h>
>#include <xmlsec/xmldsig.h> 
>#include <xmlsec/keysmngr.h>
>#include <xmlsec/xmltree.h>
>
>int
>main (int argc, char **argv)
>{
>  xmlSecKeyPtr pubkey;
>  xmlSecDSigCtxPtr dsigCtx = NULL;
>  xmlSecKeysMngrPtr keysMngr = NULL; 
>  int load_pub_cert_result = 0;
>  int rnd_seed = 0;
>
>  /** 
>   * Init OpenSSL
>   */    
>  while (RAND_status() != 1) {
>    RAND_seed(&rnd_seed, sizeof(rnd_seed));
>  }
>  
>  /*
>   * Init libxml
>   */     
>  xmlInitParser();
>  LIBXML_TEST_VERSION
>  
>  /*
>   * Init xmlsec
>   */
>  xmlSecInit();    
>
>  /** 
>   * Create Keys managers
>   */
>  keysMngr = xmlSecSimpleKeysMngrCreate();    
>  if(keysMngr == NULL) {
>    fprintf(stderr, "Error: failed to create keys manager\n");
>    return -1;
>  }
>
>  /** 
>   * Add the test cert to the public key list
>   */
>  load_pub_cert_result = xmlSecSimpleKeysMngrLoadPemCert (keysMngr,
>							  "dsacert.pem", 1);
>  if (load_pub_cert_result != 0)
>    {
>      fprintf(stderr, "Error: failed load public key\n");
>      return -1;
>    }
>
>  /* Write the keys back to a file */
>  xmlSecSimpleKeysMngrSave(keysMngr, "test.xml", xmlSecKeyTypeAny);
>
>  return 0;
>}
>  
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20020903/26d06481/attachment.htm

More information about the xmlsec mailing list