hello Aleksey, It seems a little bit complicated if use your method, because it seems I need to implement the whole certificate chain checking as well. So for now I just put this method into my TODO list, and alternatively use some hack method by inserting <X509Data/> into <KeyInfo/> and delete the node after verification, it works :)
Thanks a lot, Weizhong On 7/18/08, Aleksey Sanin <[EMAIL PROTECTED]> wrote: > > Correct. But I would use DataRetrieval as an example. > > Aleksey > > wz qiang wrote: > >> hello Aleksey, >> Thank you for your kind reply. >> Just to make sure that I understand you correctly. You meant that I need >> to implement some special key data just like the >> xmlSecOpenSSLKeyDataX509Klass in src/openssl/x509.c, and the >> xmlSecKeyDataRetrieval method, finally I need to register it when by using >> "xmlSecKeyDataIdsRegister"? >> Thanks a lot, >> Weizhong >> >> On 7/17/08, *Aleksey Sanin* <[EMAIL PROTECTED] <mailto: >> [EMAIL PROTECTED]>> wrote: >> >> The "right" way to do it is to create "key data" object for >> reading/writing wsse:SecurityTokenReference node. Look at >> xmlsec/src/keyinfo.c file and search for xmlSecKeyDataRetrieval >> for an example. Note that you don't need to modify xmlsec >> source code. You can create your custom "key data" object >> and then register in xmlsec from your application. >> >> Aleksey >> >> wz qiang wrote: >> >> hi, >> I am using the following node for <KeyInfo/> under <Signature/> >> <KeyInfo><wsse:SecurityTokenReference><wsse:Reference >> URI="#binarytoken"/></wsse:SecurityTokenReference></KeyInfo> >> When I verify it, of cause not like <X509Data/>, the above >> <KeyInfo/> can not be loaded by xmlsec library automatically. So >> how can I load it? >> I try to parser the pubkey out from the binarytoken by using: >> xmlSecOpenSSLAppKeyFromCertLoadBIO(bio, certformat); >> and then load the key into keymanager: >> xmlSecCryptoAppDefaultKeysMngrAdoptKey(keysmanager, key); >> I also loaded the trusted ca certificate by using: >> xmlSecCryptoAppKeysMngrCertLoad(...); >> But it seem is the loaded trusted certificate does not effect >> at all. Becase even if I comment the line >> "xmlSecCryptoAppKeysMngrCertLoad", the verification also works. >> SO I think the trust chain has not been checked. >> Could you tell me how can I load the non-standard <KeyInfo/>, >> and make the trusted chain checkin work as well. >> Thanks in advance. >> Weizhong Qiang >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> xmlsec mailing list >> [email protected] <mailto:[email protected]> >> http://www.aleksey.com/mailman/listinfo/xmlsec >> >> >>
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
