[xmlsec] core methods for write of <X509SubjectName/> and <X509IssuerSerial/>

Roumen Petrov xmlsec at roumenpetrov.info
Tue Jul 22 06:37:50 PDT 2003 

Aleksey Sanin wrote:

> IMHO, the better approach would be:
> 0) At the very beggining of the xmlSecOpenSSLKeyDataX509XmlWrite()
> function you read the <X509Data/> node content and determine what do 
> you want
> to write (certs, subject names, ...) based on the content of 
> <X509Data/> node
> and the xmlSecKeyInfoCtx flags.

O.K.
but when <X509Data/> in template contain child nodes some XXXXRead 
methods fails.
This happen beffore call of xmlSecOpenSSLKeyDataX509XmlWrite(...).
At momment I can put only <X509SubjectName/> in  <X509Data/> without 
XXXXRead to fail.

How to suppress read errors:
sample:
================================================
func=xmlSecBase64CtxFinal:file=XXXX/src/base64.c:line=272:obj=unknown:subj=outSize 
 > 0:error=100:assertion:
func=xmlSecBase64Decode:file=XXXX/src/base64.c:line=738:obj=unknown:subj=xmlSecBase64CtxFinal:error=1:xmlsec 
library function failed:
func=xmlSecOpenSSLX509CertBase64DerRead:file=XXXX/src/openssl/x509.c:line=1752:obj=unknown:subj=xmlSecBase64Decode:error=1:xmlsec 
library function failed:
func=xmlSecOpenSSLX509CertificateNodeRead:file=XXXX/src/openssl/x509.c:line=982:obj=x509:subj=xmlSecOpenSSLX509CertBase64DerRead:error=1:xmlsec 
library function failed:
func=xmlSecOpenSSLX509DataNodeRead:file=XXXX/src/openssl/x509.c:line=949:obj=x509:subj=X509Certificate:error=1:xmlsec 
library function failed:read node failed
func=xmlSecOpenSSLKeyDataX509XmlRead:file=XXXX/src/openssl/x509.c:line=680:obj=x509:subj=xmlSecOpenSSLX509DataNodeRead:error=1:xmlsec 
library function failed:
func=xmlSecKeyInfoNodeRead:file=XXXX/src/keyinfo.c:line=114:obj=x509:subj=xmlSecKeyDataXmlRead:error=1:xmlsec 
library function failed:node=X509Data
func=xmlSecKeysMngrGetKey:file=XXXX/src/keys.c:line=905:obj=unknown:subj=xmlSecKeyInfoNodeRead:error=1:xmlsec 
library function failed:node=KeyInfo
func=xmlSecDSigCtxProcessKeyInfoNode:file=XXXX/src/xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key 
is not found:
func=xmlSecDSigCtxProcessSignatureNode:file=XXXX/src/xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec 
library function failed:
func=xmlSecDSigCtxSign:file=XXXX/src/xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec 
library function failed:
Error: signature failed
Error: failed to sign file "rumen-data.tmpl"
================================================
Note: x509.c is modified and line numbers are different from CVS current.

where "rumen-data.tmpl" is:
================================================
<?xml version="1.0" encoding="UTF-8"?>
<Envelope xmlns="urn:envelope">
  <Data>
    Hello, World!
    чт юли 3 14:42:07 EEST 2003
  <X509IssuerSerial><X509IssuerName/><X509SerialNumber/></X509IssuerSerial>
  <X509SubjectName/>
  </Data>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
  <CanonicalizationMethod 
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
  <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
  <Reference>
    <Transforms>
      <Transform 
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
    </Transforms>
    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    <DigestValue/>
  </Reference>
</SignedInfo>
<SignatureValue/>
<KeyInfo>
  <X509Data>
  <X509Certificate/>
  </X509Data>
</KeyInfo>
</Signature>
</Envelope>
================================================

and command is:
xmlsec1 sign  \
--privkey-pem "user1_key.pem,user1_crt.pem,ca_crt.pem" \
--trusted-pem "ca_crt.pem" \
--pwd XXXX  \
rumen-data.tmpl

More information about the xmlsec mailing list