[xmlsec] how to load non-standard <KeyInfo/>
Aleksey Sanin
aleksey at aleksey.com
Thu Jul 17 08:22:42 PDT 2008
The "right" way to do it is to create "key data" object for
reading/writing wsse:SecurityTokenReference node. Look at
xmlsec/src/keyinfo.c file and search for xmlSecKeyDataRetrieval
for an example. Note that you don't need to modify xmlsec
source code. You can create your custom "key data" object
and then register in xmlsec from your application.
Aleksey
wz qiang wrote:
> hi,
> I am using the following node for <KeyInfo/> under <Signature/>
> <KeyInfo><wsse:SecurityTokenReference><wsse:Reference
> URI="#binarytoken"/></wsse:SecurityTokenReference></KeyInfo>
>
> When I verify it, of cause not like <X509Data/>, the above <KeyInfo/>
> can not be loaded by xmlsec library automatically. So how can I load it?
> I try to parser the pubkey out from the binarytoken by using:
> xmlSecOpenSSLAppKeyFromCertLoadBIO(bio, certformat);
> and then load the key into keymanager:
> xmlSecCryptoAppDefaultKeysMngrAdoptKey(keysmanager, key);
>
> I also loaded the trusted ca certificate by using:
> xmlSecCryptoAppKeysMngrCertLoad(...);
>
> But it seem is the loaded trusted certificate does not effect at all.
> Becase even if I comment the line "xmlSecCryptoAppKeysMngrCertLoad", the
> verification also works.
>
> SO I think the trust chain has not been checked.
>
> Could you tell me how can I load the non-standard <KeyInfo/>, and make
> the trusted chain checkin work as well.
>
> Thanks in advance.
>
> Weizhong Qiang
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list