[xmlsec] Verifying a signature against a PEM certificate, SOLUTION!

[Asbjørn Oskal]

Hi!

I seem to have found a solution to my problem.

I wanted to use a X509 pem certificate to validate a signature but I did not
find a straightforward solution to load a public key from a certificate.
I have struggled a bit to work this out but it turned out wasn't so bad afterall. 
Since I could not load a PEM certificate directly I have to get the (in my case) 
RSA public key from the certificate and turn it into a xmlSecKeyPtr.

Here is my function which does that and returns an xmlSecKeyPtr:


static xmlSecKeyPtr ReadPublicKeyFromPemCert(const char* certFile){
 xmlSecKeyPtr retval = NULL; 

 // Load certificate from file
 FILE* fid = fopen(certFile, "r");
 X509* pCert = PEM_read_X509(fid, NULL, NULL, NULL);
 fclose(fid);

 // Get the public key from the certificate
 EVP_PKEY *pPublicKey = X509_get_pubkey(pCert);

 if(!pPublicKey){
  printf("Failed to get public key from cert\n");
 
  return NULL;
 }

 // I only handle RSA keys
 if(pPublicKey->type == EVP_PKEY_RSA){
  retval = xmlSecKeyCreate(xmlSecRsaKey, xmlSecKeyOriginX509);
  if(xmlSecRsaKeyGenerate(retval, pPublicKey->pkey.rsa) < 0){
   printf("Failed to generate public key from RSA key\n");
   xmlSecKeyDestroy(retval);
   EVP_PKEY_free(pPublicKey);
     
   return NULL;
  }
  EVP_PKEY_free(pPublicKey);

  return retval;
 }

 EVP_PKEY_free(pPublicKey);

 printf("Unknown public key type in cert");
 
 return NULL;
}



I then use this public key together with xmlSecDSigValidate and it seems to work Ok.

Please comment if you see something bad about this.

Thanks for all help!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20021126/36f6e460/attachment.htm