[xmlsec] Problem with xmlSecSimpleKeysMngrLoadPemCert

Devin Heitmueller dheitmueller at netilla.com
Tue Sep 3 11:51:38 PDT 2002 

So, if I wanted to verify an XML file given a specific cert, I should
perform an xmlSecSimpleKeysMngrLoadPemKey() with the privateKey flag set
to 'public', then perform an xmlSecSimpleKeysMngrAddKey ()?

Thanks,

Devin

On Tue, 2002-09-03 at 14:42, Aleksey Sanin wrote:
> The cert will be saved to the keys file if (and only if) it is 
> associated with a key.
> xmlSecSimpleKeysMngrLoadPemCert() function has two purposes:
>     1) load a "trusted" cert (i.e. root CA cert)
>     2) load an "untrusted" cert which could be pointed from XML DSig 
> <dsig:X509Data>
>     element by subject, issuer serial/issuer name or SKI 
> (http://www.w3.org/TR/xmldsig-core/#sec-X509Data)
> 
> 
> Aleksey
> 
> Devin Heitmueller wrote:
> 
> >I am attempting to make use of the xmlSecSimpleKeysMngrLoadPemCert
> >facility to load a certificate from a file into the key manager.  The
> >call returns with  no errors, but it looks like the cert is never
> >actually added to the key manager store.
> >
> >I wrote some sample code to demonstrate the problem (see attached).  I
> >am attempting to add the DSA certificate dsacert.pem that is included
> >with the distribution in the "tests/keys" directory.  The sample code
> >creates the key manager instance, adds the certificate, then saves the
> >key manager contents out to an XML file.
> >
> >I suspect I am using the function wrong, but any advice that could be
> >offered would be greatly appreciated.
> >
> >Thanks,
> >
> >  
> >
> >------------------------------------------------------------------------
> >
> >-----BEGIN CERTIFICATE-----
> >MIIEvTCCBGegAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBojELMAkGA1UEBhMCVVMx
> >EzARBgNVBAgTCkNhbGlmb3JuaWExJjAkBgNVBAoTHWh0dHA6Ly93d3cuYWxla3Nl
> >eS5jb20veG1sc2VjMRowGAYDVQQLExFTZWNvbmQgTGV2ZWwgQ2VydDEWMBQGA1UE
> >AxMNQWxla3NleSBTYW5pbjEiMCAGCSqGSIb3DQEJARYTYWxla3NleUBhbGVrc2V5
> >LmNvbTAeFw0wMjAzMjkyMjI2NTNaFw0wMzAzMjkyMjI2NTNaMIGkMQswCQYDVQQG
> >EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEmMCQGA1UEChMdaHR0cDovL3d3dy5h
> >bGVrc2V5LmNvbS94bWxzZWMxHDAaBgNVBAsTE0RTQSBLZXkgQ2VydGlmaWNhdGUx
> >FjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xIjAgBgkqhkiG9w0BCQEWE2FsZWtzZXlA
> >YWxla3NleS5jb20wggG2MIIBKwYHKoZIzjgEATCCAR4CgYEAimW6KYBPYXAf6itS
> >AuYs1aLPfs8/vBEiusv/pl1XMiuMvB7vyiJgSj8/NTkRci/UX/rVXv8rbCRjvYFX
> >3x5/53f4hc6HKz7JQI4qqB7Fl5N86zp+BsQxNQ4tzous9S2HTd2/zdTwVsvO+H9l
> >3FahmVp/m2IHE4W27JYoF49qP10CFQC//HNaqNG+J6STasxbfCliylP1SwKBgFCM
> >s1A5S3urggoBeEYffH4imb4OuFCeBTOS/lmwkjJlbBTdOn08Mct52jzzgs86Ln7B
> >7/wb3toL6w73dO/KF1iSX/QOOKSGZyZHYxIZtkbAxaVzatLTymRXI1bHZqoODF+m
> >DbsKb2bk8EqAxubtUDDdJph/YJmyE94/ceDDvuxGA4GEAAKBgDp/igSRN6tU0YRv
> >UbKTV9NVSOQtFc0suDf0MguGMxBDaKtxiZChyGKvoK6vWalfcYNhnqP95qoXXBDT
> >rWEZlhHzmSY9fKLpA+kzXHmEWeB4x4yt1mN8CtjlekDpcvpN38YBEKT/+yJQpGuW
> >CAi7h1626o5+W9F3CvS9hg7Vjso7o4IBJjCCASIwCQYDVR0TBAIwADAsBglghkgB
> >hvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYE
> >FEe1ThoXo+wDwzhsCfW0cuROuISWMIHHBgNVHSMEgb8wgbyAFHjXLZFhL5UiSrvh
> >1T3GJq+rl9IEoYGgpIGdMIGaMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv
> >cm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMSYwJAYDVQQKEx1odHRwOi8vd3d3LmFs
> >ZWtzZXkuY29tL3htbHNlYzEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEiMCAGCSqG
> >SIb3DQEJARYTYWxla3NleUBhbGVrc2V5LmNvbYIBATANBgkqhkiG9w0BAQQFAANB
> >AL2thaC8jmlUvEGLHR1B3+7XJho4sXllkHgclSXJnD/NGssj5XzQHpbLVSfNEEUe
> >JKG28F0vyT05hEsXAHAtg9o=
> >-----END CERTIFICATE-----
> >  
> >
> >------------------------------------------------------------------------
> >
> >/*
> > * Netilla License Display tool
> > * Devin J. Heitmueller Aug 27 2002
> > */
> >
> >#include <stdio.h>
> >#include <string.h>
> >#include <stdlib.h>
> >
> >/*
> > * COMPAT using xml-config --cflags to get the include path this will
> > * work with both 
> > */
> >#include <libxml/xmlmemory.h>
> >#include <libxml/parser.h>
> >
> >/* Required for xmlsec */
> >#include <xmlsec/xmlsec.h>
> >#include <xmlsec/xmldsig.h> 
> >#include <xmlsec/keysmngr.h>
> >#include <xmlsec/xmltree.h>
> >
> >int
> >main (int argc, char **argv)
> >{
> >  xmlSecKeyPtr pubkey;
> >  xmlSecDSigCtxPtr dsigCtx = NULL;
> >  xmlSecKeysMngrPtr keysMngr = NULL; 
> >  int load_pub_cert_result = 0;
> >  int rnd_seed = 0;
> >
> >  /** 
> >   * Init OpenSSL
> >   */    
> >  while (RAND_status() != 1) {
> >    RAND_seed(&rnd_seed, sizeof(rnd_seed));
> >  }
> >  
> >  /*
> >   * Init libxml
> >   */     
> >  xmlInitParser();
> >  LIBXML_TEST_VERSION
> >  
> >  /*
> >   * Init xmlsec
> >   */
> >  xmlSecInit();    
> >
> >  /** 
> >   * Create Keys managers
> >   */
> >  keysMngr = xmlSecSimpleKeysMngrCreate();    
> >  if(keysMngr == NULL) {
> >    fprintf(stderr, "Error: failed to create keys manager\n");
> >    return -1;
> >  }
> >
> >  /** 
> >   * Add the test cert to the public key list
> >   */
> >  load_pub_cert_result = xmlSecSimpleKeysMngrLoadPemCert (keysMngr,
> >							  "dsacert.pem", 1);
> >  if (load_pub_cert_result != 0)
> >    {
> >      fprintf(stderr, "Error: failed load public key\n");
> >      return -1;
> >    }
> >
> >  /* Write the keys back to a file */
> >  xmlSecSimpleKeysMngrSave(keysMngr, "test.xml", xmlSecKeyTypeAny);
> >
> >  return 0;
> >}
> >  
> >
> 
-- 
Devin Heitmueller
Senior Software Engineer
Netilla Networks Inc

More information about the xmlsec mailing list