I am not sure I clear understand what do you mean by "verify an XML file given a specific cert". From you XML file you should point to the given key known to application or provide the key in the signature (may be in cert). And on the application side you need to have this key available or know how to get key from the file. For example, in XML file you can include a full cert and application should be able to verify cert and extract key. XMLSec library extracts the public key from provided cert automatically but the key is *not* included in the keys list. You can point to a cert using issuer serial/name, subject, SKI and if such cert was loaded with xmlSecSimpleKeysMngrLoadPemKey() it will be found and key extracted.
Aleksey Devin Heitmueller wrote: >So, if I wanted to verify an XML file given a specific cert, I should >perform an xmlSecSimpleKeysMngrLoadPemKey() with the privateKey flag set >to 'public', then perform an xmlSecSimpleKeysMngrAddKey ()? > >Thanks, > >Devin > >On Tue, 2002-09-03 at 14:42, Aleksey Sanin wrote: > > >>The cert will be saved to the keys file if (and only if) it is >>associated with a key. >>xmlSecSimpleKeysMngrLoadPemCert() function has two purposes: >> 1) load a "trusted" cert (i.e. root CA cert) >> 2) load an "untrusted" cert which could be pointed from XML DSig >><dsig:X509Data> >> element by subject, issuer serial/issuer name or SKI >>(http://www.w3.org/TR/xmldsig-core/#sec-X509Data) >> >> >>Aleksey >> >>Devin Heitmueller wrote: >> >> >> >>>I am attempting to make use of the xmlSecSimpleKeysMngrLoadPemCert >>>facility to load a certificate from a file into the key manager. The >>>call returns with no errors, but it looks like the cert is never >>>actually added to the key manager store. >>> >>>I wrote some sample code to demonstrate the problem (see attached). I >>>am attempting to add the DSA certificate dsacert.pem that is included >>>with the distribution in the "tests/keys" directory. The sample code >>>creates the key manager instance, adds the certificate, then saves the >>>key manager contents out to an XML file. >>> >>>I suspect I am using the function wrong, but any advice that could be >>>offered would be greatly appreciated. >>> >>>Thanks, >>> >>> >>> >>>------------------------------------------------------------------------ >>> >>>-----BEGIN CERTIFICATE----- >>>MIIEvTCCBGegAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBojELMAkGA1UEBhMCVVMx >>>EzARBgNVBAgTCkNhbGlmb3JuaWExJjAkBgNVBAoTHWh0dHA6Ly93d3cuYWxla3Nl >>>eS5jb20veG1sc2VjMRowGAYDVQQLExFTZWNvbmQgTGV2ZWwgQ2VydDEWMBQGA1UE >>>AxMNQWxla3NleSBTYW5pbjEiMCAGCSqGSIb3DQEJARYTYWxla3NleUBhbGVrc2V5 >>>LmNvbTAeFw0wMjAzMjkyMjI2NTNaFw0wMzAzMjkyMjI2NTNaMIGkMQswCQYDVQQG >>>EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEmMCQGA1UEChMdaHR0cDovL3d3dy5h >>>bGVrc2V5LmNvbS94bWxzZWMxHDAaBgNVBAsTE0RTQSBLZXkgQ2VydGlmaWNhdGUx >>>FjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xIjAgBgkqhkiG9w0BCQEWE2FsZWtzZXlA >>>YWxla3NleS5jb20wggG2MIIBKwYHKoZIzjgEATCCAR4CgYEAimW6KYBPYXAf6itS >>>AuYs1aLPfs8/vBEiusv/pl1XMiuMvB7vyiJgSj8/NTkRci/UX/rVXv8rbCRjvYFX >>>3x5/53f4hc6HKz7JQI4qqB7Fl5N86zp+BsQxNQ4tzous9S2HTd2/zdTwVsvO+H9l >>>3FahmVp/m2IHE4W27JYoF49qP10CFQC//HNaqNG+J6STasxbfCliylP1SwKBgFCM >>>s1A5S3urggoBeEYffH4imb4OuFCeBTOS/lmwkjJlbBTdOn08Mct52jzzgs86Ln7B >>>7/wb3toL6w73dO/KF1iSX/QOOKSGZyZHYxIZtkbAxaVzatLTymRXI1bHZqoODF+m >>>DbsKb2bk8EqAxubtUDDdJph/YJmyE94/ceDDvuxGA4GEAAKBgDp/igSRN6tU0YRv >>>UbKTV9NVSOQtFc0suDf0MguGMxBDaKtxiZChyGKvoK6vWalfcYNhnqP95qoXXBDT >>>rWEZlhHzmSY9fKLpA+kzXHmEWeB4x4yt1mN8CtjlekDpcvpN38YBEKT/+yJQpGuW >>>CAi7h1626o5+W9F3CvS9hg7Vjso7o4IBJjCCASIwCQYDVR0TBAIwADAsBglghkgB >>>hvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYE >>>FEe1ThoXo+wDwzhsCfW0cuROuISWMIHHBgNVHSMEgb8wgbyAFHjXLZFhL5UiSrvh >>>1T3GJq+rl9IEoYGgpIGdMIGaMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv >>>cm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMSYwJAYDVQQKEx1odHRwOi8vd3d3LmFs >>>ZWtzZXkuY29tL3htbHNlYzEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEiMCAGCSqG >>>SIb3DQEJARYTYWxla3NleUBhbGVrc2V5LmNvbYIBATANBgkqhkiG9w0BAQQFAANB >>>AL2thaC8jmlUvEGLHR1B3+7XJho4sXllkHgclSXJnD/NGssj5XzQHpbLVSfNEEUe >>>JKG28F0vyT05hEsXAHAtg9o= >>>-----END CERTIFICATE----- >>> >>> >>>------------------------------------------------------------------------ >>> >>>/* >>>* Netilla License Display tool >>>* Devin J. Heitmueller Aug 27 2002 >>>*/ >>> >>>#include <stdio.h> >>>#include <string.h> >>>#include <stdlib.h> >>> >>>/* >>>* COMPAT using xml-config --cflags to get the include path this will >>>* work with both >>>*/ >>>#include <libxml/xmlmemory.h> >>>#include <libxml/parser.h> >>> >>>/* Required for xmlsec */ >>>#include <xmlsec/xmlsec.h> >>>#include <xmlsec/xmldsig.h> >>>#include <xmlsec/keysmngr.h> >>>#include <xmlsec/xmltree.h> >>> >>>int >>>main (int argc, char **argv) >>>{ >>> xmlSecKeyPtr pubkey; >>> xmlSecDSigCtxPtr dsigCtx = NULL; >>> xmlSecKeysMngrPtr keysMngr = NULL; >>> int load_pub_cert_result = 0; >>> int rnd_seed = 0; >>> >>> /** >>> * Init OpenSSL >>> */ >>> while (RAND_status() != 1) { >>> RAND_seed(&rnd_seed, sizeof(rnd_seed)); >>> } >>> >>> /* >>> * Init libxml >>> */ >>> xmlInitParser(); >>> LIBXML_TEST_VERSION >>> >>> /* >>> * Init xmlsec >>> */ >>> xmlSecInit(); >>> >>> /** >>> * Create Keys managers >>> */ >>> keysMngr = xmlSecSimpleKeysMngrCreate(); >>> if(keysMngr == NULL) { >>> fprintf(stderr, "Error: failed to create keys manager\n"); >>> return -1; >>> } >>> >>> /** >>> * Add the test cert to the public key list >>> */ >>> load_pub_cert_result = xmlSecSimpleKeysMngrLoadPemCert (keysMngr, >>> "dsacert.pem", 1); >>> if (load_pub_cert_result != 0) >>> { >>> fprintf(stderr, "Error: failed load public key\n"); >>> return -1; >>> } >>> >>> /* Write the keys back to a file */ >>> xmlSecSimpleKeysMngrSave(keysMngr, "test.xml", xmlSecKeyTypeAny); >>> >>> return 0; >>>} >>> >>> >>> >>> _______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
