All we are humans and all we make errors :) Have fun :) Aleksey
Devin Heitmueller wrote: >Never mind. I figured out the problem. I used the wrong private key >when I signed the XML file, and spent an hour trying to figure out why >it wouldn't validate. > >Ok, I'm stupid. > >-Devin > >On Tue, 2002-09-03 at 15:56, Devin Heitmueller wrote: > > >>Ok, let me give some more detail. >> >>The goal is to run an application, providing it with an XML file that is >>signed with a DSA private key. The application should validate the >>signature using the DSA public key stored in a separate file on the >>local workstation. >> >>The creation and signing of the XML file appears to work fine. I do not >>embed the key in the XML file itself. >> >>The verification application should load the DSA public key into the key >>list, then validate the XML document signature with the DSA public key. >> >>I used xmlSecSimpleKeysMngrLoadPemKey to load the public key, providing >>NULL for the keyPwd and keyPwdCallback arguments. It's not returning >>any errors, but I am still not sure if the public key is actually being >>loaded into the keylist. >> >>The basic problem seems to be getting the DSA public key from the PEM >>encoded file into an xmlSecKeyPtr structure, which I can provide as a >>argument to xmlSecDSigValidate(). >> >>Thanks, >> >>-Devin >> >>On Tue, 2002-09-03 at 15:04, Aleksey Sanin wrote: >> >> >>>I am not sure I clear understand what do you mean by "verify an XML file >>>given >>>a specific cert". From you XML file you should point to the given key known >>>to application or provide the key in the signature (may be in cert). >>>And on the application side you need to have this key available or know >>>how to get >>>key from the file. For example, in XML file you can include a full cert >>>and application >>>should be able to verify cert and extract key. >>>XMLSec library extracts the public key from provided cert automatically >>>but the key >>>is *not* included in the keys list. You can point to a cert using issuer >>>serial/name, >>>subject, SKI and if such cert was loaded with >>>xmlSecSimpleKeysMngrLoadPemKey() >>>it will be found and key extracted. >>> >>>Aleksey >>> >>> >>>Devin Heitmueller wrote: >>> >>> >>> >>>>So, if I wanted to verify an XML file given a specific cert, I should >>>>perform an xmlSecSimpleKeysMngrLoadPemKey() with the privateKey flag set >>>>to 'public', then perform an xmlSecSimpleKeysMngrAddKey ()? >>>> >>>>Thanks, >>>> >>>>Devin >>>> >>>>On Tue, 2002-09-03 at 14:42, Aleksey Sanin wrote: >>>> >>>> >>>> >>>> >>>>>The cert will be saved to the keys file if (and only if) it is >>>>>associated with a key. >>>>>xmlSecSimpleKeysMngrLoadPemCert() function has two purposes: >>>>> 1) load a "trusted" cert (i.e. root CA cert) >>>>> 2) load an "untrusted" cert which could be pointed from XML DSig >>>>><dsig:X509Data> >>>>> element by subject, issuer serial/issuer name or SKI >>>>>(http://www.w3.org/TR/xmldsig-core/#sec-X509Data) >>>>> >>>>> >>>>>Aleksey >>>>> >>>>>Devin Heitmueller wrote: >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>>I am attempting to make use of the xmlSecSimpleKeysMngrLoadPemCert >>>>>>facility to load a certificate from a file into the key manager. The >>>>>>call returns with no errors, but it looks like the cert is never >>>>>>actually added to the key manager store. >>>>>> >>>>>>I wrote some sample code to demonstrate the problem (see attached). I >>>>>>am attempting to add the DSA certificate dsacert.pem that is included >>>>>>with the distribution in the "tests/keys" directory. The sample code >>>>>>creates the key manager instance, adds the certificate, then saves the >>>>>>key manager contents out to an XML file. >>>>>> >>>>>>I suspect I am using the function wrong, but any advice that could be >>>>>>offered would be greatly appreciated. >>>>>> >>>>>>Thanks, >>>>>> >>>>>> >>>>>> >>>>>>------------------------------------------------------------------------ >>>>>> >>>>>>-----BEGIN CERTIFICATE----- >>>>>>MIIEvTCCBGegAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBojELMAkGA1UEBhMCVVMx >>>>>>EzARBgNVBAgTCkNhbGlmb3JuaWExJjAkBgNVBAoTHWh0dHA6Ly93d3cuYWxla3Nl >>>>>>eS5jb20veG1sc2VjMRowGAYDVQQLExFTZWNvbmQgTGV2ZWwgQ2VydDEWMBQGA1UE >>>>>>AxMNQWxla3NleSBTYW5pbjEiMCAGCSqGSIb3DQEJARYTYWxla3NleUBhbGVrc2V5 >>>>>>LmNvbTAeFw0wMjAzMjkyMjI2NTNaFw0wMzAzMjkyMjI2NTNaMIGkMQswCQYDVQQG >>>>>>EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEmMCQGA1UEChMdaHR0cDovL3d3dy5h >>>>>>bGVrc2V5LmNvbS94bWxzZWMxHDAaBgNVBAsTE0RTQSBLZXkgQ2VydGlmaWNhdGUx >>>>>>FjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xIjAgBgkqhkiG9w0BCQEWE2FsZWtzZXlA >>>>>>YWxla3NleS5jb20wggG2MIIBKwYHKoZIzjgEATCCAR4CgYEAimW6KYBPYXAf6itS >>>>>>AuYs1aLPfs8/vBEiusv/pl1XMiuMvB7vyiJgSj8/NTkRci/UX/rVXv8rbCRjvYFX >>>>>>3x5/53f4hc6HKz7JQI4qqB7Fl5N86zp+BsQxNQ4tzous9S2HTd2/zdTwVsvO+H9l >>>>>>3FahmVp/m2IHE4W27JYoF49qP10CFQC//HNaqNG+J6STasxbfCliylP1SwKBgFCM >>>>>>s1A5S3urggoBeEYffH4imb4OuFCeBTOS/lmwkjJlbBTdOn08Mct52jzzgs86Ln7B >>>>>>7/wb3toL6w73dO/KF1iSX/QOOKSGZyZHYxIZtkbAxaVzatLTymRXI1bHZqoODF+m >>>>>>DbsKb2bk8EqAxubtUDDdJph/YJmyE94/ceDDvuxGA4GEAAKBgDp/igSRN6tU0YRv >>>>>>UbKTV9NVSOQtFc0suDf0MguGMxBDaKtxiZChyGKvoK6vWalfcYNhnqP95qoXXBDT >>>>>>rWEZlhHzmSY9fKLpA+kzXHmEWeB4x4yt1mN8CtjlekDpcvpN38YBEKT/+yJQpGuW >>>>>>CAi7h1626o5+W9F3CvS9hg7Vjso7o4IBJjCCASIwCQYDVR0TBAIwADAsBglghkgB >>>>>>hvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYE >>>>>>FEe1ThoXo+wDwzhsCfW0cuROuISWMIHHBgNVHSMEgb8wgbyAFHjXLZFhL5UiSrvh >>>>>>1T3GJq+rl9IEoYGgpIGdMIGaMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv >>>>>>cm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMSYwJAYDVQQKEx1odHRwOi8vd3d3LmFs >>>>>>ZWtzZXkuY29tL3htbHNlYzEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEiMCAGCSqG >>>>>>SIb3DQEJARYTYWxla3NleUBhbGVrc2V5LmNvbYIBATANBgkqhkiG9w0BAQQFAANB >>>>>>AL2thaC8jmlUvEGLHR1B3+7XJho4sXllkHgclSXJnD/NGssj5XzQHpbLVSfNEEUe >>>>>>JKG28F0vyT05hEsXAHAtg9o= >>>>>>-----END CERTIFICATE----- >>>>>> >>>>>> >>>>>>------------------------------------------------------------------------ >>>>>> >>>>>>/* >>>>>>* Netilla License Display tool >>>>>>* Devin J. Heitmueller Aug 27 2002 >>>>>>*/ >>>>>> >>>>>>#include <stdio.h> >>>>>>#include <string.h> >>>>>>#include <stdlib.h> >>>>>> >>>>>>/* >>>>>>* COMPAT using xml-config --cflags to get the include path this will >>>>>>* work with both >>>>>>*/ >>>>>>#include <libxml/xmlmemory.h> >>>>>>#include <libxml/parser.h> >>>>>> >>>>>>/* Required for xmlsec */ >>>>>>#include <xmlsec/xmlsec.h> >>>>>>#include <xmlsec/xmldsig.h> >>>>>>#include <xmlsec/keysmngr.h> >>>>>>#include <xmlsec/xmltree.h> >>>>>> >>>>>>int >>>>>>main (int argc, char **argv) >>>>>>{ >>>>>>xmlSecKeyPtr pubkey; >>>>>>xmlSecDSigCtxPtr dsigCtx = NULL; >>>>>>xmlSecKeysMngrPtr keysMngr = NULL; >>>>>>int load_pub_cert_result = 0; >>>>>>int rnd_seed = 0; >>>>>> >>>>>>/** >>>>>> * Init OpenSSL >>>>>> */ >>>>>>while (RAND_status() != 1) { >>>>>> RAND_seed(&rnd_seed, sizeof(rnd_seed)); >>>>>>} >>>>>> >>>>>>/* >>>>>> * Init libxml >>>>>> */ >>>>>>xmlInitParser(); >>>>>>LIBXML_TEST_VERSION >>>>>> >>>>>>/* >>>>>> * Init xmlsec >>>>>> */ >>>>>>xmlSecInit(); >>>>>> >>>>>>/** >>>>>> * Create Keys managers >>>>>> */ >>>>>>keysMngr = xmlSecSimpleKeysMngrCreate(); >>>>>>if(keysMngr == NULL) { >>>>>> fprintf(stderr, "Error: failed to create keys manager\n"); >>>>>> return -1; >>>>>>} >>>>>> >>>>>>/** >>>>>> * Add the test cert to the public key list >>>>>> */ >>>>>>load_pub_cert_result = xmlSecSimpleKeysMngrLoadPemCert (keysMngr, >>>>>> "dsacert.pem", 1); >>>>>>if (load_pub_cert_result != 0) >>>>>> { >>>>>> fprintf(stderr, "Error: failed load public key\n"); >>>>>> return -1; >>>>>> } >>>>>> >>>>>>/* Write the keys back to a file */ >>>>>>xmlSecSimpleKeysMngrSave(keysMngr, "test.xml", xmlSecKeyTypeAny); >>>>>> >>>>>>return 0; >>>>>>} >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>> >>> >>-- >>Devin Heitmueller >>Senior Software Engineer >>Netilla Networks Inc >> >>_______________________________________________ >>xmlsec mailing list >>[EMAIL PROTECTED] >>http://www.aleksey.com/mailman/listinfo/xmlsec >> >> _______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
