[xmlsec] Verification using mscrypto library
Tomas Stejskal
tomas.stejskal at abra.eu
Thu Jan 29 00:15:57 PST 2009
I solved the problem by adding the ROOT certificate store to trusted
stores using *xmlSecMSCryptoX509StoreAdoptKeyStore* function.
Tomas
Tomas Stejskal wrote:
> This sentence means "cannot find object or property", which is some
> error from MS CryptoAPI.
> Thanks for the hint, I'll try to discover what caused this error.
>
> Tomas
>
> Aleksey Sanin wrote:
>> What does "Objekt nebo vlastnost nebyly nalezeny." mean?
>> I believe this error comes from openssl and it describes
>> the problem with verifying the certificate.
>>
>> Aleksey
>>
>> Tomas Stejskal wrote:
>>> Hello,
>>>
>>> I'm trying to verify document with included X509 certificate using
>>> mscrypto library, but without success.
>>> When I call xmlSecDSigCtxVerify, I get these errors:
>>>
>>> func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec
>>> library function failed: ;last error=-2146885628 (0x80092004);last
>>> error msg=Objekt nebo vlastnost nebyly nalezeny.
>>> func=xmlSecDSigCtxProcessKeyInfoNode:file=..\src\xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key
>>> is not found: ;last error=-2146885628 (0x80092004);last error
>>> msg=Objekt nebo vlastnost nebyly nalezeny.
>>> func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
>>> library function failed: ;last error=-2146885628 (0x80092004);last
>>> error msg=Objekt nebo vlastnost nebylynalezeny.
>>> func=xmlSecDSigCtxVerify:file=..\src\xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
>>> library function failed: ;last error=-2146885628 (0x80092004);last
>>> error msg=Objekt nebo vlastnost nebyly nalezeny.
>>>
>>> I'd be very grateful for any example code or an advice how to
>>> achieve it.
>>>
>>> Here is the signature element:
>>> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>>> <SignedInfo>
>>> <CanonicalizationMethod
>>> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
>>> <SignatureMethod
>>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>>> <Reference>
>>> <Transforms>
>>> <Transform
>>> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>>> </Transforms>
>>> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>>> <DigestValue>kT3vE5dshcYoBF1J8GbMjAKvW4s=</DigestValue>
>>> </Reference>
>>> </SignedInfo>
>>> <SignatureValue>IdSs9cYLCcpf+CpC0vHR1pK4isgQ6fEpaiHPN6x0f8kpcIijEbJH5kcoGcWmPT6B
>>>
>>> HioeZAj3qiVKzZiNQ1WX6w==</SignatureValue>
>>> <KeyInfo>
>>> <X509Data>
>>> <X509Certificate>MIID0jCCArqgAwIBAgIEAJjIuzANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJD
>>>
>>> WjEvMC0GA1UEAwwmSS5DQSAtIFRlc3QgcXVhbGlmaWVkIHJvb3QgY2VydGlmaWNh
>>> dGUxLTArBgNVBAoMJFBydm7DrSBjZXJ0aWZpa2HEjW7DrSBhdXRvcml0YSwgYS5z
>>> LjAeFw0wOTAxMjcxNDU2NTBaFw0wOTAyMjYxNDU2NTBaMIGvMQswCQYDVQQGEwJD
>>> WjEZMBcGA1UEAwwQVG9tw6HFoSBTdGVqc2thbDESMBAGA1UECAwJw5pzdGVja8O9
>>> MSQwIgYDVQQHDBtMb20sIMWgcsOhbWtvdmEgODQ3LCA0MzUgMTExJTAjBgkqhkiG
>>> 9w0BCQEWFnRvbWFzLnN0ZWpza2FsQGFicmEuZXUxCzAJBgNVBCsMAlRTMRcwFQYD
>>> VQQFEw5JQ0EgLSAxMDAwMjI1MDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDs59S9
>>> JrKzxhrsI1P6jGWBuvmJFM9E1pKNdIVCH75gHRcQE2PRlCvs+RIQFpeIPaNEhgIm
>>> lE7BQFa1BylsdnlLAgMBAAGjgf4wgfswDgYDVR0PAQH/BAQDAgTwMDAGA1UdHwQp
>>> MCcwJaAjoCGGH2h0dHA6Ly90ZXN0cS5pY2EuY3ovdHFpY2EwNi5jcmwwHwYDVR0j
>>> BBgwFoAUlrYHnGKx3omHNUXjlVFsOcbW7sowHQYDVR0OBBYEFBsUyCY3AHj3qea3
>>> UdAHa3u1erzcMF0GA1UdIARWMFQwUgYLKwYBBAGBuEgBaAowQzBBBggrBgEFBQcC
>>> AjA1GjNUZW50byBjZXJ0aWZpa2F0IChRQykgamUgdnlkYW4gcHJvIHRlc3RvdmFj
>>> aSB1Y2VseS4wGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATANBgkqhkiG9w0BAQUF
>>> AAOCAQEACbugMYumCOcBAUcmwiP/tjtPc8h836XLWmHzcYwyNtpOGold0AYmoQvR
>>> KxWyeb1jYAi5JAKlUgMSx55h+9+FBzyrKayQVwT9gzeU5dVg3QmbpPNzd+e0BFuq
>>> h3vE6WU547zvHiAnRfYDUvlB6uw1NhxjVolPi9gQ53WU4n6FGffdplxJ8cOnF6dB
>>> x+jQvq08qkrA/WtYFYM+6o3q0cJEC4rCZSt1Tq0a3uNO0MxXM314yXhlyMDMBBtB
>>> OKUQirBdVnafrrz+V49adzidng5RFLS5dp0l5G1MmHNxOvMQlHkxkIrl3GOt7cwu
>>> P5Egz9c1Qza0WqeaSI3uo22C0bV9hA==</X509Certificate>
>>> </X509Data>
>>> </KeyInfo>
>>> </Signature>
>>>
>>> Thanks, Tomas
>>> _______________________________________________
>>> xmlsec mailing list
>>> xmlsec at aleksey.com
>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list