Hi!
I seem to have found a solution to my problem.
 
I wanted to use a X509 pem certificate to validate a signature but I did not
find a straightforward solution to load a public key from a certificate.
I have struggled a bit to work this out but it turned out wasn't so bad afterall.
Since I could not load a PEM certificate directly I have to get the (in my case)
RSA public key from the certificate and turn it into a xmlSecKeyPtr.
 
Here is my function which does that and returns an xmlSecKeyPtr:
 
 
static xmlSecKeyPtr ReadPublicKeyFromPemCert(const char* certFile){
 xmlSecKeyPtr retval = NULL;
 
 // Load certificate from file
 FILE* fid = fopen(certFile, "r");
 X509* pCert = PEM_read_X509(fid, NULL, NULL, NULL);
 fclose(fid);
 
 // Get the public key from the certificate
 EVP_PKEY *pPublicKey = X509_get_pubkey(pCert);
 
 if(!pPublicKey){
  printf("Failed to get public key from cert\n");
 
  return NULL;
 }
 
 // I only handle RSA keys
 if(pPublicKey->type == EVP_PKEY_RSA){
  retval = xmlSecKeyCreate(xmlSecRsaKey, xmlSecKeyOriginX509);
  if(xmlSecRsaKeyGenerate(retval, pPublicKey->pkey.rsa) < 0){
   printf("Failed to generate public key from RSA key\n");
   xmlSecKeyDestroy(retval);
   EVP_PKEY_free(pPublicKey);
     
   return NULL;
  }
  EVP_PKEY_free(pPublicKey);
 
  return retval;
 }
 
 EVP_PKEY_free(pPublicKey);
 
 printf("Unknown public key type in cert");
 
 return NULL;
}
 
 
I then use this public key together with xmlSecDSigValidate and it seems to work Ok.
 
Please comment if you see something bad about this.
 
Thanks for all help!

Reply via email to