xmlSecSimpleKeysMngrLoadPemCert() function has two purposes:
1) load a "trusted" cert (i.e. root CA cert)
2) load an "untrusted" cert which could be pointed from XML DSig <dsig:X509Data>
element by subject, issuer serial/issuer name or SKI (http://www.w3.org/TR/xmldsig-core/#sec-X509Data)
Aleksey
Devin Heitmueller wrote:
I am attempting to make use of the xmlSecSimpleKeysMngrLoadPemCert facility to load a certificate from a file into the key manager. The call returns with no errors, but it looks like the cert is never actually added to the key manager store.I wrote some sample code to demonstrate the problem (see attached). I am attempting to add the DSA certificate dsacert.pem that is included with the distribution in the "tests/keys" directory. The sample code creates the key manager instance, adds the certificate, then saves the key manager contents out to an XML file. I suspect I am using the function wrong, but any advice that could be offered would be greatly appreciated. Thanks,
-----BEGIN CERTIFICATE----- MIIEvTCCBGegAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBojELMAkGA1UEBhMCVVMx EzARBgNVBAgTCkNhbGlmb3JuaWExJjAkBgNVBAoTHWh0dHA6Ly93d3cuYWxla3Nl eS5jb20veG1sc2VjMRowGAYDVQQLExFTZWNvbmQgTGV2ZWwgQ2VydDEWMBQGA1UE AxMNQWxla3NleSBTYW5pbjEiMCAGCSqGSIb3DQEJARYTYWxla3NleUBhbGVrc2V5 LmNvbTAeFw0wMjAzMjkyMjI2NTNaFw0wMzAzMjkyMjI2NTNaMIGkMQswCQYDVQQG EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEmMCQGA1UEChMdaHR0cDovL3d3dy5h bGVrc2V5LmNvbS94bWxzZWMxHDAaBgNVBAsTE0RTQSBLZXkgQ2VydGlmaWNhdGUx FjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xIjAgBgkqhkiG9w0BCQEWE2FsZWtzZXlA YWxla3NleS5jb20wggG2MIIBKwYHKoZIzjgEATCCAR4CgYEAimW6KYBPYXAf6itS AuYs1aLPfs8/vBEiusv/pl1XMiuMvB7vyiJgSj8/NTkRci/UX/rVXv8rbCRjvYFX 3x5/53f4hc6HKz7JQI4qqB7Fl5N86zp+BsQxNQ4tzous9S2HTd2/zdTwVsvO+H9l 3FahmVp/m2IHE4W27JYoF49qP10CFQC//HNaqNG+J6STasxbfCliylP1SwKBgFCM s1A5S3urggoBeEYffH4imb4OuFCeBTOS/lmwkjJlbBTdOn08Mct52jzzgs86Ln7B 7/wb3toL6w73dO/KF1iSX/QOOKSGZyZHYxIZtkbAxaVzatLTymRXI1bHZqoODF+m DbsKb2bk8EqAxubtUDDdJph/YJmyE94/ceDDvuxGA4GEAAKBgDp/igSRN6tU0YRv UbKTV9NVSOQtFc0suDf0MguGMxBDaKtxiZChyGKvoK6vWalfcYNhnqP95qoXXBDT rWEZlhHzmSY9fKLpA+kzXHmEWeB4x4yt1mN8CtjlekDpcvpN38YBEKT/+yJQpGuW CAi7h1626o5+W9F3CvS9hg7Vjso7o4IBJjCCASIwCQYDVR0TBAIwADAsBglghkgB hvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYE FEe1ThoXo+wDwzhsCfW0cuROuISWMIHHBgNVHSMEgb8wgbyAFHjXLZFhL5UiSrvh 1T3GJq+rl9IEoYGgpIGdMIGaMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv cm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMSYwJAYDVQQKEx1odHRwOi8vd3d3LmFs ZWtzZXkuY29tL3htbHNlYzEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEiMCAGCSqG SIb3DQEJARYTYWxla3NleUBhbGVrc2V5LmNvbYIBATANBgkqhkiG9w0BAQQFAANB AL2thaC8jmlUvEGLHR1B3+7XJho4sXllkHgclSXJnD/NGssj5XzQHpbLVSfNEEUe JKG28F0vyT05hEsXAHAtg9o= -----END CERTIFICATE-----
/* * Netilla License Display tool * Devin J. Heitmueller Aug 27 2002 */ #include <stdio.h> #include <string.h> #include <stdlib.h> /* * COMPAT using xml-config --cflags to get the include path this will * work with both */ #include <libxml/xmlmemory.h> #include <libxml/parser.h> /* Required for xmlsec */ #include <xmlsec/xmlsec.h> #include <xmlsec/xmldsig.h> #include <xmlsec/keysmngr.h> #include <xmlsec/xmltree.h> int main (int argc, char **argv) { xmlSecKeyPtr pubkey; xmlSecDSigCtxPtr dsigCtx = NULL; xmlSecKeysMngrPtr keysMngr = NULL; int load_pub_cert_result = 0; int rnd_seed = 0; /** * Init OpenSSL */ while (RAND_status() != 1) { RAND_seed(&rnd_seed, sizeof(rnd_seed)); } /* * Init libxml */ xmlInitParser(); LIBXML_TEST_VERSION /* * Init xmlsec */ xmlSecInit(); /** * Create Keys managers */ keysMngr = xmlSecSimpleKeysMngrCreate(); if(keysMngr == NULL) { fprintf(stderr, "Error: failed to create keys manager\n"); return -1; } /** * Add the test cert to the public key list */ load_pub_cert_result = xmlSecSimpleKeysMngrLoadPemCert (keysMngr, "dsacert.pem", 1); if (load_pub_cert_result != 0) { fprintf(stderr, "Error: failed load public key\n"); return -1; } /* Write the keys back to a file */ xmlSecSimpleKeysMngrSave(keysMngr, "test.xml", xmlSecKeyTypeAny); return 0; }
