[xmlsec] core methods for write of <X509SubjectName/> and <X509IssuerSerial/>
Roumen Petrov
xmlsec@roumenpetrov.info
Thu, 24 Jul 2003 10:55:05 +0300
Aleksey Sanin wrote:
> Hi, Roumen!
>
> I have looked at your new patch and I have few comments:
> 0) It seems that xmlSecOpenSSLKeyDataX509XmlWrite() function
> now writes subject, serial or full certificate only for the first
> certificate
> in the xmlSecKey. All other certificates are written "in-full".
> This seems wrong to me. Yo don't know which certificate will be the
> "first" one. I am not sure I understand why you don't want to do the
> same for all certs.
> I thought that the plan was:
> - Read X509Data node and create a bits mask of its children
> (cert, subject, serial, ski, crl).
> - If mask is 0 (no children) then set cert and crl bits to
> simulate
> current behaiviour (write certs and crls in empty X509Data
> node).
> - Remove X509Data node content.
> - Walk thru the list of certificates and write cert and/or
> subject and/or
> serial and/or ski according to bits mask.
> - If crls bit is set walk thru the list of crls and write
> them out.
> This seems more natural to me than "special case" the first cert.
There is no special case the first cert :-[
=== INPUT:
<KeyInfo>
<X509Data>
<X509SubjectName/>
<X509IssuerSerial/>
<X509Certificate/>
<X509Certificate/>
<X509Certificate/>
<X509Certificate/>
<X509Certificate/>
<X509SubjectName/>
<X509IssuerSerial/>
<X509IssuerSerial><X509IssuerName/></X509IssuerSerial>
<X509IssuerSerial><X509IssuerName/><X509SerialNumber/></X509IssuerSerial>
</X509Data>
</KeyInfo>
=== OUTPUT:
<KeyInfo>
<X509Data>
<X509SubjectName>emailAddress=xmlsec@aleksey.com,CN=Aleksey
Sanin,OU=Third Level RSA Certificate,O=XML Security Library
(http://www.aleksey.com/xmlsec),ST=California,C=US</X509SubjectName>
<X509IssuerSerial>
<X509IssuerName>emailAddress=xmlsec@aleksey.com,CN=Aleksey Sanin,OU=Root
Certificate,O=XML Security Library
(http://www.aleksey.com/xmlsec),L=Sunnyvale,ST=California,C=US</X509IssuerName>
<X509SerialNumber>1</X509SerialNumber>
</X509IssuerSerial>
<X509Certificate>MII..........................</X509Certificate>
<X509Certificate/>
<X509Certificate/>
<X509Certificate/>
<X509Certificate/>
<X509SubjectName/>
<X509IssuerSerial/>
<X509IssuerSerial><X509IssuerName/></X509IssuerSerial>
<X509IssuerSerial><X509IssuerName/><X509SerialNumber/></X509IssuerSerial>
</X509Data>
</KeyInfo>