[xmlsec] question: signing xml with pfx
Leonardo Lazcano
leolazcano at yahoo.com
Thu Aug 12 08:17:32 PDT 2004
Hi, does any one know how to load a private key and
certificate(pfx format) in a signing context when
certificate is password protected?
I'm using C# and making calls to methods in dll, but
method that loads certificate data:
xmlSecCryptoAppKeyCertLoad(Key, FileName,
xmlsecInterface.xmlSecKeyDataFormatPkcs12)
doesn't allow a password, so there is another way to
load private key and certificate data from a pfx file?
or another xmlSecCryptoAppKeyCertLoad function that
allows passwords?
xmlsecInterface.xmlInitParser();
//i =
xmlsecInterface.xmlSubstituteEntitiesDefault(1);
i = xmlsecInterface.xmlSecInit();
//i = xmlsecInterface.xmlSecCheckVersion();
i =
xmlsecInterface.xmlSecCryptoDLLoadLibrary(cryptolib);
i = xmlsecInterface.xmlSecCryptoAppInit(null);
i = xmlsecInterface.xmlSecCryptoInit();
p =
System.Runtime.InteropServices.Marshal.StringToHGlobalAnsi(sXmlData);
xmlData = (char *)p.ToPointer();
document =
xmlsecInterface.xmlParseMemory(xmlData,sXmlData.Length);
if (document == IntPtr.Zero.ToPointer() ||
xmlsecInterface.xmlDocGetRootElement(document) ==
IntPtr.Zero.ToPointer())
{
MessageBox.Show("No se pudo cargar el xml");
return;
}
signNode =
xmlsecInterface.xmlSecTmplSignatureCreate(document,
xmlsecInterface.xmlSecTransformExclC14NWithCommentsGetKlass(),
xmlsecInterface.xmlSecTransformDsaSha1GetKlass(),(char
*)IntPtr.Zero.ToPointer());
if (signNode == IntPtr.Zero.ToPointer())
{
MessageBox.Show("No se pudo crear el nodo de
firma");
return;
}
xmlsecInterface.xmlAddChild(xmlsecInterface.xmlDocGetRootElement(document),
signNode);
refNode =
xmlsecInterface.xmlSecTmplSignatureAddReference(signNode,
xmlsecInterface.xmlSecTransformSha1GetKlass(),
(char *)IntPtr.Zero.ToPointer(), (char
*)IntPtr.Zero.ToPointer(), (char
*)IntPtr.Zero.ToPointer());
if (refNode == IntPtr.Zero.ToPointer())
{
MessageBox.Show("No se pudo crear la
transformacion del SHA");
return;
}
if
(xmlsecInterface.xmlSecTmplReferenceAddTransform(refNode,
xmlsecInterface.xmlSecTransformEnvelopedGetKlass()) ==
IntPtr.Zero.ToPointer())
{
MessageBox.Show("No se pudo crear la
transformacion de firma");
return;
}
keyInfoNode =
xmlsecInterface.xmlSecTmplSignatureEnsureKeyInfo(signNode,
(char *)IntPtr.Zero.ToPointer());
if (keyInfoNode == IntPtr.Zero.ToPointer())
{
MessageBox.Show("No se pudo crear el nodo
keyinfo");
return;
}
if
(xmlsecInterface.xmlSecTmplKeyInfoAddX509Data(keyInfoNode)
== IntPtr.Zero.ToPointer())
{
MessageBox.Show("No se pudo crear el nodo X509");
return;
}
dsigCtx = (xmlSecDSigCtx
*)xmlsecInterface.xmlSecDSigCtxCreate(IntPtr.Zero.ToPointer());
if (dsigCtx == IntPtr.Zero.ToPointer())
{
MessageBox.Show("No se pudo crear el contexto de
firma");
return;
}
Key =
xmlsecInterface.xmlSecOpenSSLAppPkcs12Load(FileName,
pfxPass,
xmlsecInterface.xmlSecCryptoAppGetDefaultPwdCallback(),
dsigCtx);
if (Key == IntPtr.Zero.ToPointer())
{
MessageBox.Show("No se pudo cargar la clave");
return;
}
dsigCtx->signKey = Key;
//always fail because the pfx file has password
//if
(xmlsecInterface.xmlSecCryptoAppKeyCertLoad(Key,
FileName,
xmlsecInterface.xmlSecKeyDataFormatPkcs12)<0)
//{
// MessageBox.Show("No se pudo cargar el
certificado");
//return;
//}
if ((i = xmlsecInterface.xmlSecDSigCtxSign(dsigCtx,
signNode))<0)
{
MessageBox.Show("No se pudo firmar el xml");
//return;
}
xmlsecInterface.xmlDocDumpMemory(document,
&signedXml, &signedXmlSize);
p = (IntPtr)signedXml;
resultXml =
System.Runtime.InteropServices.Marshal.PtrToStringAnsi(p);
textBox2.Text = resultXml;
Leonardo Lazcano.
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail
More information about the xmlsec
mailing list