Re: [xmlsec] how to load non-standard

Thu, 17 Jul 2008 15:11:07 -0700 

Correct. But I would use DataRetrieval as an example.

Aleksey

wz qiang wrote:

hello Aleksey,
Thank you for your kind reply.
Just to make sure that I understand you correctly. You meant that I need to implement some special key data just like the xmlSecOpenSSLKeyDataX509Klass in src/openssl/x509.c, and the xmlSecKeyDataRetrieval method, finally I need to register it when by using "xmlSecKeyDataIdsRegister"? Thanks a lot, 
Weizhong
On 7/17/08, *Aleksey Sanin* <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote: 

    The "right" way to do it is to create "key data" object for
    reading/writing wsse:SecurityTokenReference node. Look at
    xmlsec/src/keyinfo.c file and search for xmlSecKeyDataRetrieval
    for an example. Note that you don't need to modify xmlsec
    source code. You can create your custom "key data" object
    and then register in xmlsec from your application.

    Aleksey

    wz qiang wrote:

        hi,
        I am using the following node for <KeyInfo/> under <Signature/>
        <KeyInfo><wsse:SecurityTokenReference><wsse:Reference
        URI="#binarytoken"/></wsse:SecurityTokenReference></KeyInfo>
         When I verify it, of cause not like <X509Data/>, the above
        <KeyInfo/> can not be loaded by xmlsec library automatically. So
        how can I load it?
        I try to parser the pubkey out from the binarytoken by using:
        xmlSecOpenSSLAppKeyFromCertLoadBIO(bio, certformat);
        and then load the key into keymanager:
        xmlSecCryptoAppDefaultKeysMngrAdoptKey(keysmanager, key);
         I also loaded the trusted ca certificate by using:
        xmlSecCryptoAppKeysMngrCertLoad(...);
         But it seem is the loaded trusted certificate does not effect
        at all. Becase even if I comment the line
        "xmlSecCryptoAppKeysMngrCertLoad", the verification also works.
         SO I think the trust chain has not been checked.
         Could you tell me how can I load the non-standard <KeyInfo/>,
        and make the trusted chain checkin work as well.
         Thanks in advance.
         Weizhong Qiang

        ------------------------------------------------------------------------

        _______________________________________________
        xmlsec mailing list
        [email protected] <mailto:[email protected]>
        http://www.aleksey.com/mailman/listinfo/xmlsec



_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to