xmlsec will not try to validate dSigCtx->signKey because it is supplied
by the user. If you have the key/cert in memory then you can perform
certificate validation yourself using standard crypto library functions.
This is outside xmlsec.
Aleksey
Arnoud Zwemmer wrote:
Hi Aleksey,
I have a question regarding validation of a certificate chain when I got both
certificates in the chain in memory. For XML verification, I have the server certificate
in memory (it's not in the signed XML file's <KeyInfo>, but I know I need to use
this cert/key). Using xmlSecCryptoAppKeyLoadMemory() to load the key from this server
cert in dSigCtx->signKey works fine, verification succeeds.
Now I want to validate this cert with the CA cert before I use it. I have the CA cert in
memory as well. From the samples it seemed to me that I had to create a keys manager for
this 'certificate chain' purpose. So I load the CA cert as trusted cert into the keys
manager. I can load the server cert into the keys manager as well (as untrusted, or type
Any), but then, since the signed XML file is lacking any <KeyInfo>, I cannot
verify the XML file because xmlSecDSigCtxVerify() does not have a key... because I (and
the samples) don't use xmlSecCryptoAppKeyLoadMemory() to populate dSigCtx->signKey in
this case.
I guess normally xmlSecDSigCtxVerify() expects a <KeyInfo> element in the signed XML with either an X509 certificate or at least a name for matching it to a cert in the keys manager, correct? So I'm assuming that's why this does not work.
How would I use the API to either obtain this server cert/key from the keys
manager (with FindKey() maybe, but then again I don't give the keys an ID when
I load them into the keys manager, and is the certificate validated in the
process?) or is there another way to just validate a certificate before I use
the cert to extract a key and verify an XML signature.
Thanks!
Arnoud.
____________________________________________________________________________________
Now that's room service! Choose from over 150,000 hotels
in 45,000 destinations on Yahoo! Travel to find your fit.
http://farechase.yahoo.com/promo-generic-14795097
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
