The "right" way to do it is to create "key data" object for
reading/writing wsse:SecurityTokenReference node. Look at
xmlsec/src/keyinfo.c file and search for xmlSecKeyDataRetrieval
for an example. Note that you don't need to modify xmlsec
source code. You can create your custom "key data" object
and then register in xmlsec from your application.
Aleksey
wz qiang wrote:
hi,
I am using the following node for <KeyInfo/> under <Signature/>
<KeyInfo><wsse:SecurityTokenReference><wsse:Reference
URI="#binarytoken"/></wsse:SecurityTokenReference></KeyInfo>
When I verify it, of cause not like <X509Data/>, the above <KeyInfo/>
can not be loaded by xmlsec library automatically. So how can I load it?
I try to parser the pubkey out from the binarytoken by using:
xmlSecOpenSSLAppKeyFromCertLoadBIO(bio, certformat);
and then load the key into keymanager:
xmlSecCryptoAppDefaultKeysMngrAdoptKey(keysmanager, key);
I also loaded the trusted ca certificate by using:
xmlSecCryptoAppKeysMngrCertLoad(...);
But it seem is the loaded trusted certificate does not effect at all.
Becase even if I comment the line "xmlSecCryptoAppKeysMngrCertLoad", the
verification also works.
SO I think the trust chain has not been checked.
Could you tell me how can I load the non-standard <KeyInfo/>, and make
the trusted chain checkin work as well.
Thanks in advance.
Weizhong Qiang
------------------------------------------------------------------------
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
