[xmlsec] Nodes in X509Data
Aleksey Sanin
aleksey at aleksey.com
Sat Nov 20 08:07:31 PST 2010
1) pkcs12 file is a container. You can add/remove things freely
2) To get the serial number just add X509IssuerSerial node to
the template
Aleksey
On 11/20/10 2:14 AM, Pekka A wrote:
> Aleksey Sanin wrote:
> >
> > It's a feature :) You might want to simply create a new p12 file.
>
> Hello
>
> Thanks for your response. That crypted p12 certificate comes from Bank,
> so I am not sure if I am allowed to twiddle anything inside it, without
> breaking anything, I do have a key for it though.
>
> I understand if that is a current XmlSec feature, so it won't go away
> right away. But then the possible workarounds?
>
> It looks like a standard XML content anyway. Is there any XmlSec calls
> how I would be able to access those nodes and drop the first
> <X509Certificate> node away?
>
> Or if there aren't any, should I try to read the whole XML buffer out of
> XmlSec. Then maybe use XmlLib2 to do the changes, and write the buffer
> back to XmlSec? And after this, let XmlSec do the Singing part.
> Is there any chance this could work, and I would get a well signed XML
> as output?
>
> > I am not sure what are you trying to do. These nodes are used to
> > identify the certificate used for the signature. Not sure why do you
> > want to pick these values yourself.
>
> Again, there's nothing I can do for this. It is a strict requirement
> from the bank, they want that X509SerialNumber to be visible there.
> If it would be possible to use the workaround described above, then I
> could add these nodes to the XML in my XmlLib2 code manually. Before the
> actual Signing call.
> Then I would need a bit of a help how to use XmlSec to read and get the
> X509SerialNumber value out the certificate.
>
> cheers
> Pekka A.
>
More information about the xmlsec
mailing list