[xmlsec] Using Root Certificate from MS certificate store

Aleksey Sanin aleksey@aleksey.com
Fri, 11 Apr 2003 08:31:02 -0700 

This is a multi-part message in MIME format.
--------------050005030101060900020903
Content-Type: text/plain; charset=ISO-8859-9; format=flowed
Content-Transfer-Encoding: 7bit



Arda Tekin wrote:

> Hi Aleksey,
> When I verify xml document, I use xmlSecSimpleKeysMngrLoadPemCert() 
> function to load cert. from a file. But this function reads cert 
> information from a file. I need to get cert. information from 
> database. So is there a way to use a cert. inf. which is a string in 
> memory?

You need to copy/paste the code from this function and replace reading 
cert from a file
to reading it from memory. Unfortunately, there is no other way to do it 
on 0.0.x version.

> Aleksey I have a second question, all certificates are stored in ms 
> certificate store in windows. I can obtain a certificate handle from 
> this store:
>  
> HCERTSTORE m_hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A,
>                                         0,
>                                         NULL,
>                                         CERT_SYSTEM_STORE_SERVICES,
>                                         strStoreName.c_str());
>  
> ...
> ..
>  
> PCCERT_CONTEXT pCertContext = CertFindCertificateInStore(m_hStore,
>                                                               
> X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 
>                                                                  0, 
> CERT_FIND_ISSUER_ATTR, &certRDN, NULL);
>  
>  
> Can I use this handle or any other information which is obtain from a 
> win32 system in xmlsec library?
>  

The 0.0.x version knows nothing about Microsoft. You probably need to 
dump cert to
a der file (or memory buffer in der format) and read/parse it later with 
OpenSSL functions.
Someone is working on adding MSCrypto API support to 1.0.0 and it should 
be much simpler
there.

Aleksey


--------------050005030101060900020903
Content-Type: text/html; charset=ISO-8859-9
Content-Transfer-Encoding: 8bit

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-9">
  <title></title>
</head>
<body>
<br>
<br>
Arda Tekin wrote:<br>
<blockquote type="cite"
 cite="mid00c501c3000e$117cf590$8f14640a@atlantik.innova">
  <meta http-equiv="Content-Type" content="text/html; ">
  <meta content="MSHTML 6.00.2800.1106" name="GENERATOR">
  <style></style>
  <div><font face="Arial" size="2">Hi Aleksey,</font></div>
  <div><font face="Arial" size="2">When I verify xml document, I use
xmlSecSimpleKeysMngrLoadPemCert() function to load cert. from a file.
But this function reads cert information from a file. I need to get
cert. information from database. So is there a way to use a cert. inf.
which is a string in memory?</font></div>
</blockquote>
You need to copy/paste the code from this function and replace reading
cert from a file<br>
to reading it from memory. Unfortunately, there is no other way to do
it on 0.0.x version.<br>
<br>
<blockquote type="cite"
 cite="mid00c501c3000e$117cf590$8f14640a@atlantik.innova">
  <div><font face="Arial" size="2"> </font></div>
  <div><font face="Arial" size="2">Aleksey I have a second question,
all certificates are stored in ms certificate store in windows. I can
obtain a certificate handle from this store:</font></div>
  <div> </div>
  <div><font face="Arial" size="2">HCERTSTORE m_hStore =
CertOpenStore(CERT_STORE_PROV_SYSTEM_A,<br>
                                        0,<br>
                                        NULL, <br>
                                        CERT_SYSTEM_STORE_SERVICES,<br>
                                        strStoreName.c_str());</font></div>
  <div> </div>
  <div><font face="Arial" size="2">...</font></div>
  <div><font face="Arial" size="2">..</font></div>
  <div> </div>
  <div><font face="Arial" size="2">PCCERT_CONTEXT pCertContext =
CertFindCertificateInStore(m_hStore, <br>
                                                             
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, <br>
                                                                 0,
CERT_FIND_ISSUER_ATTR, &amp;certRDN, NULL);</font></div>
  <div><font face="Arial" size="2"> </font></div>
  <div><font face="Arial" size="2"> </font></div>
  <div><font face="Arial" size="2">Can I use this handle or any other
information which is obtain from a win32 system in xmlsec library?</font></div>
  <div><font face="Arial" size="2"> </font></div>
</blockquote>
The 0.0.x version knows nothing about Microsoft. You probably need to
dump cert to <br>
a der file (or memory buffer in der format) and read/parse it later
with OpenSSL functions.<br>
Someone is working on adding MSCrypto API support to 1.0.0 and it
should be much simpler<br>
there.<br>
<br>
Aleksey<br>
<br>
</body>
</html>

--------------050005030101060900020903--