hello Aleksey, Thank you for your kind reply. Just to make sure that I understand you correctly. You meant that I need to implement some special key data just like the xmlSecOpenSSLKeyDataX509Klass in src/openssl/x509.c, and the xmlSecKeyDataRetrieval method, finally I need to register it when by using "xmlSecKeyDataIdsRegister"?
Thanks a lot, Weizhong On 7/17/08, Aleksey Sanin <[EMAIL PROTECTED]> wrote: > > The "right" way to do it is to create "key data" object for > reading/writing wsse:SecurityTokenReference node. Look at > xmlsec/src/keyinfo.c file and search for xmlSecKeyDataRetrieval > for an example. Note that you don't need to modify xmlsec > source code. You can create your custom "key data" object > and then register in xmlsec from your application. > > Aleksey > > wz qiang wrote: > >> hi, >> I am using the following node for <KeyInfo/> under <Signature/> >> <KeyInfo><wsse:SecurityTokenReference><wsse:Reference >> URI="#binarytoken"/></wsse:SecurityTokenReference></KeyInfo> >> When I verify it, of cause not like <X509Data/>, the above <KeyInfo/> can >> not be loaded by xmlsec library automatically. So how can I load it? >> I try to parser the pubkey out from the binarytoken by using: >> xmlSecOpenSSLAppKeyFromCertLoadBIO(bio, certformat); >> and then load the key into keymanager: >> xmlSecCryptoAppDefaultKeysMngrAdoptKey(keysmanager, key); >> I also loaded the trusted ca certificate by using: >> xmlSecCryptoAppKeysMngrCertLoad(...); >> But it seem is the loaded trusted certificate does not effect at all. >> Becase even if I comment the line "xmlSecCryptoAppKeysMngrCertLoad", the >> verification also works. >> SO I think the trust chain has not been checked. >> Could you tell me how can I load the non-standard <KeyInfo/>, and make >> the trusted chain checkin work as well. >> Thanks in advance. >> Weizhong Qiang >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> xmlsec mailing list >> [email protected] >> http://www.aleksey.com/mailman/listinfo/xmlsec >> >
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
