[xmlsec] Problem with xmlSecSimpleKeysMngrLoadPemCert
Aleksey Sanin
aleksey at aleksey.com
Tue Sep 3 12:04:32 PDT 2002
I am not sure I clear understand what do you mean by "verify an XML file
given
a specific cert". From you XML file you should point to the given key known
to application or provide the key in the signature (may be in cert).
And on the application side you need to have this key available or know
how to get
key from the file. For example, in XML file you can include a full cert
and application
should be able to verify cert and extract key.
XMLSec library extracts the public key from provided cert automatically
but the key
is *not* included in the keys list. You can point to a cert using issuer
serial/name,
subject, SKI and if such cert was loaded with
xmlSecSimpleKeysMngrLoadPemKey()
it will be found and key extracted.
Aleksey
Devin Heitmueller wrote:
>So, if I wanted to verify an XML file given a specific cert, I should
>perform an xmlSecSimpleKeysMngrLoadPemKey() with the privateKey flag set
>to 'public', then perform an xmlSecSimpleKeysMngrAddKey ()?
>
>Thanks,
>
>Devin
>
>On Tue, 2002-09-03 at 14:42, Aleksey Sanin wrote:
>
>
>>The cert will be saved to the keys file if (and only if) it is
>>associated with a key.
>>xmlSecSimpleKeysMngrLoadPemCert() function has two purposes:
>> 1) load a "trusted" cert (i.e. root CA cert)
>> 2) load an "untrusted" cert which could be pointed from XML DSig
>><dsig:X509Data>
>> element by subject, issuer serial/issuer name or SKI
>>(http://www.w3.org/TR/xmldsig-core/#sec-X509Data)
>>
>>
>>Aleksey
>>
>>Devin Heitmueller wrote:
>>
>>
>>
>>>I am attempting to make use of the xmlSecSimpleKeysMngrLoadPemCert
>>>facility to load a certificate from a file into the key manager. The
>>>call returns with no errors, but it looks like the cert is never
>>>actually added to the key manager store.
>>>
>>>I wrote some sample code to demonstrate the problem (see attached). I
>>>am attempting to add the DSA certificate dsacert.pem that is included
>>>with the distribution in the "tests/keys" directory. The sample code
>>>creates the key manager instance, adds the certificate, then saves the
>>>key manager contents out to an XML file.
>>>
>>>I suspect I am using the function wrong, but any advice that could be
>>>offered would be greatly appreciated.
>>>
>>>Thanks,
>>>
>>>
>>>
>>>------------------------------------------------------------------------
>>>
>>>-----BEGIN CERTIFICATE-----
>>>MIIEvTCCBGegAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBojELMAkGA1UEBhMCVVMx
>>>EzARBgNVBAgTCkNhbGlmb3JuaWExJjAkBgNVBAoTHWh0dHA6Ly93d3cuYWxla3Nl
>>>eS5jb20veG1sc2VjMRowGAYDVQQLExFTZWNvbmQgTGV2ZWwgQ2VydDEWMBQGA1UE
>>>AxMNQWxla3NleSBTYW5pbjEiMCAGCSqGSIb3DQEJARYTYWxla3NleUBhbGVrc2V5
>>>LmNvbTAeFw0wMjAzMjkyMjI2NTNaFw0wMzAzMjkyMjI2NTNaMIGkMQswCQYDVQQG
>>>EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEmMCQGA1UEChMdaHR0cDovL3d3dy5h
>>>bGVrc2V5LmNvbS94bWxzZWMxHDAaBgNVBAsTE0RTQSBLZXkgQ2VydGlmaWNhdGUx
>>>FjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xIjAgBgkqhkiG9w0BCQEWE2FsZWtzZXlA
>>>YWxla3NleS5jb20wggG2MIIBKwYHKoZIzjgEATCCAR4CgYEAimW6KYBPYXAf6itS
>>>AuYs1aLPfs8/vBEiusv/pl1XMiuMvB7vyiJgSj8/NTkRci/UX/rVXv8rbCRjvYFX
>>>3x5/53f4hc6HKz7JQI4qqB7Fl5N86zp+BsQxNQ4tzous9S2HTd2/zdTwVsvO+H9l
>>>3FahmVp/m2IHE4W27JYoF49qP10CFQC//HNaqNG+J6STasxbfCliylP1SwKBgFCM
>>>s1A5S3urggoBeEYffH4imb4OuFCeBTOS/lmwkjJlbBTdOn08Mct52jzzgs86Ln7B
>>>7/wb3toL6w73dO/KF1iSX/QOOKSGZyZHYxIZtkbAxaVzatLTymRXI1bHZqoODF+m
>>>DbsKb2bk8EqAxubtUDDdJph/YJmyE94/ceDDvuxGA4GEAAKBgDp/igSRN6tU0YRv
>>>UbKTV9NVSOQtFc0suDf0MguGMxBDaKtxiZChyGKvoK6vWalfcYNhnqP95qoXXBDT
>>>rWEZlhHzmSY9fKLpA+kzXHmEWeB4x4yt1mN8CtjlekDpcvpN38YBEKT/+yJQpGuW
>>>CAi7h1626o5+W9F3CvS9hg7Vjso7o4IBJjCCASIwCQYDVR0TBAIwADAsBglghkgB
>>>hvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYE
>>>FEe1ThoXo+wDwzhsCfW0cuROuISWMIHHBgNVHSMEgb8wgbyAFHjXLZFhL5UiSrvh
>>>1T3GJq+rl9IEoYGgpIGdMIGaMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv
>>>cm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMSYwJAYDVQQKEx1odHRwOi8vd3d3LmFs
>>>ZWtzZXkuY29tL3htbHNlYzEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEiMCAGCSqG
>>>SIb3DQEJARYTYWxla3NleUBhbGVrc2V5LmNvbYIBATANBgkqhkiG9w0BAQQFAANB
>>>AL2thaC8jmlUvEGLHR1B3+7XJho4sXllkHgclSXJnD/NGssj5XzQHpbLVSfNEEUe
>>>JKG28F0vyT05hEsXAHAtg9o=
>>>-----END CERTIFICATE-----
>>>
>>>
>>>------------------------------------------------------------------------
>>>
>>>/*
>>>* Netilla License Display tool
>>>* Devin J. Heitmueller Aug 27 2002
>>>*/
>>>
>>>#include <stdio.h>
>>>#include <string.h>
>>>#include <stdlib.h>
>>>
>>>/*
>>>* COMPAT using xml-config --cflags to get the include path this will
>>>* work with both
>>>*/
>>>#include <libxml/xmlmemory.h>
>>>#include <libxml/parser.h>
>>>
>>>/* Required for xmlsec */
>>>#include <xmlsec/xmlsec.h>
>>>#include <xmlsec/xmldsig.h>
>>>#include <xmlsec/keysmngr.h>
>>>#include <xmlsec/xmltree.h>
>>>
>>>int
>>>main (int argc, char **argv)
>>>{
>>> xmlSecKeyPtr pubkey;
>>> xmlSecDSigCtxPtr dsigCtx = NULL;
>>> xmlSecKeysMngrPtr keysMngr = NULL;
>>> int load_pub_cert_result = 0;
>>> int rnd_seed = 0;
>>>
>>> /**
>>> * Init OpenSSL
>>> */
>>> while (RAND_status() != 1) {
>>> RAND_seed(&rnd_seed, sizeof(rnd_seed));
>>> }
>>>
>>> /*
>>> * Init libxml
>>> */
>>> xmlInitParser();
>>> LIBXML_TEST_VERSION
>>>
>>> /*
>>> * Init xmlsec
>>> */
>>> xmlSecInit();
>>>
>>> /**
>>> * Create Keys managers
>>> */
>>> keysMngr = xmlSecSimpleKeysMngrCreate();
>>> if(keysMngr == NULL) {
>>> fprintf(stderr, "Error: failed to create keys manager\n");
>>> return -1;
>>> }
>>>
>>> /**
>>> * Add the test cert to the public key list
>>> */
>>> load_pub_cert_result = xmlSecSimpleKeysMngrLoadPemCert (keysMngr,
>>> "dsacert.pem", 1);
>>> if (load_pub_cert_result != 0)
>>> {
>>> fprintf(stderr, "Error: failed load public key\n");
>>> return -1;
>>> }
>>>
>>> /* Write the keys back to a file */
>>> xmlSecSimpleKeysMngrSave(keysMngr, "test.xml", xmlSecKeyTypeAny);
>>>
>>> return 0;
>>>}
>>>
>>>
>>>
>>>
More information about the xmlsec
mailing list