[xmlsec] Issues using xmlsec for SAML
Aleksey Sanin
aleksey at aleksey.com
Mon May 26 13:56:57 PDT 2008
You have to use OpenSSL, NSS, or any other crypto provider functions
to access this information.
Aleksey
Dave Chapman wrote:
> Hi,
>
> The application I'm working on receives XML documents from a third
> party, and I need to verify the signature to both test message integrity
> and to ensure that it has come from this specific third party.
>
> The entire certificate chain, excluding the root certificate (belonging
> to a commercial CA), is embedded in the X509Data element in the signature.
>
> I can verify the signature successfully, but the only result I can seem
> to get from xmlsec is "success". I haven't managed to find a way to
> extract the Subject/Issuer information from the certificate chain used
> to verify the signature.
>
> If I call the function xmlSecKeyDebugDump after the signature has been
> verified, then I can see the required information displayed, but after
> following that function in the xmlsec source, I see it goes down to the
> level of using openssl functions, and there doesn't appear to be any way
> to access that information via the xmlsec API (apart from the various
> DebugDump functions).
>
> Am I missing something? Is there a way I can limit my program to only
> accept files signed by a particular entity? Or is the only way to use
> openssl's functions to access this information?
>
> My workaround for the moment is to parse the output of the
> xmlSecKeyDebugDump function in Perl, but I'm assuming that's not the
> intended way to do things...
>
> Regards,
>
> Dave.
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list