I solved the problem by adding the ROOT certificate store to trusted
stores using *xmlSecMSCryptoX509StoreAdoptKeyStore* function.
Tomas
Tomas Stejskal wrote:
This sentence means "cannot find object or property", which is some
error from MS CryptoAPI.
Thanks for the hint, I'll try to discover what caused this error.
Tomas
Aleksey Sanin wrote:
What does "Objekt nebo vlastnost nebyly nalezeny." mean?
I believe this error comes from openssl and it describes
the problem with verifying the certificate.
Aleksey
Tomas Stejskal wrote:
Hello,
I'm trying to verify document with included X509 certificate using
mscrypto library, but without success.
When I call xmlSecDSigCtxVerify, I get these errors:
func=xmlSecKeysMngrGetKey:file=..\src\keys.c:line=1364:obj=unknown:subj=xmlSecKeysMngrFindKey:error=1:xmlsec
library function failed: ;last error=-2146885628 (0x80092004);last
error msg=Objekt nebo vlastnost nebyly nalezeny.
func=xmlSecDSigCtxProcessKeyInfoNode:file=..\src\xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key
is not found: ;last error=-2146885628 (0x80092004);last error
msg=Objekt nebo vlastnost nebyly nalezeny.
func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec
library function failed: ;last error=-2146885628 (0x80092004);last
error msg=Objekt nebo vlastnost nebylynalezeny.
func=xmlSecDSigCtxVerify:file=..\src\xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
library function failed: ;last error=-2146885628 (0x80092004);last
error msg=Objekt nebo vlastnost nebyly nalezeny.
I'd be very grateful for any example code or an advice how to
achieve it.
Here is the signature element:
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference>
<Transforms>
<Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>kT3vE5dshcYoBF1J8GbMjAKvW4s=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>IdSs9cYLCcpf+CpC0vHR1pK4isgQ6fEpaiHPN6x0f8kpcIijEbJH5kcoGcWmPT6B
HioeZAj3qiVKzZiNQ1WX6w==</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIID0jCCArqgAwIBAgIEAJjIuzANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJD
WjEvMC0GA1UEAwwmSS5DQSAtIFRlc3QgcXVhbGlmaWVkIHJvb3QgY2VydGlmaWNh
dGUxLTArBgNVBAoMJFBydm7DrSBjZXJ0aWZpa2HEjW7DrSBhdXRvcml0YSwgYS5z
LjAeFw0wOTAxMjcxNDU2NTBaFw0wOTAyMjYxNDU2NTBaMIGvMQswCQYDVQQGEwJD
WjEZMBcGA1UEAwwQVG9tw6HFoSBTdGVqc2thbDESMBAGA1UECAwJw5pzdGVja8O9
MSQwIgYDVQQHDBtMb20sIMWgcsOhbWtvdmEgODQ3LCA0MzUgMTExJTAjBgkqhkiG
9w0BCQEWFnRvbWFzLnN0ZWpza2FsQGFicmEuZXUxCzAJBgNVBCsMAlRTMRcwFQYD
VQQFEw5JQ0EgLSAxMDAwMjI1MDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDs59S9
JrKzxhrsI1P6jGWBuvmJFM9E1pKNdIVCH75gHRcQE2PRlCvs+RIQFpeIPaNEhgIm
lE7BQFa1BylsdnlLAgMBAAGjgf4wgfswDgYDVR0PAQH/BAQDAgTwMDAGA1UdHwQp
MCcwJaAjoCGGH2h0dHA6Ly90ZXN0cS5pY2EuY3ovdHFpY2EwNi5jcmwwHwYDVR0j
BBgwFoAUlrYHnGKx3omHNUXjlVFsOcbW7sowHQYDVR0OBBYEFBsUyCY3AHj3qea3
UdAHa3u1erzcMF0GA1UdIARWMFQwUgYLKwYBBAGBuEgBaAowQzBBBggrBgEFBQcC
AjA1GjNUZW50byBjZXJ0aWZpa2F0IChRQykgamUgdnlkYW4gcHJvIHRlc3RvdmFj
aSB1Y2VseS4wGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATANBgkqhkiG9w0BAQUF
AAOCAQEACbugMYumCOcBAUcmwiP/tjtPc8h836XLWmHzcYwyNtpOGold0AYmoQvR
KxWyeb1jYAi5JAKlUgMSx55h+9+FBzyrKayQVwT9gzeU5dVg3QmbpPNzd+e0BFuq
h3vE6WU547zvHiAnRfYDUvlB6uw1NhxjVolPi9gQ53WU4n6FGffdplxJ8cOnF6dB
x+jQvq08qkrA/WtYFYM+6o3q0cJEC4rCZSt1Tq0a3uNO0MxXM314yXhlyMDMBBtB
OKUQirBdVnafrrz+V49adzidng5RFLS5dp0l5G1MmHNxOvMQlHkxkIrl3GOt7cwu
P5Egz9c1Qza0WqeaSI3uo22C0bV9hA==</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
Thanks, Tomas
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
