If you know the public key in advance then you can set it in xmlDsigCtx
Aleksey
On 5/21/13 9:02 PM, Jeffrey Jin (jefjin) wrote:
> Hi All,
>
> We are using XMLSec to handle XML signature and encryption in SAML 1.0 and
> 2.0 protocols. We are pre-configed the configuration data such as IDP
> certificate using metadata. So even the response include "KeyInfo/X509Data",
> we will ignore it then using local pre-config certificate to verify it and
> we assume SP totally trust this certificate. So also we won't use CA
> certificate to verify the pre-config certificate's legitimacy.
>
> I dig into code then find:
>
> /* ignore <dsig:KeyInfo /> if there is the key is already set */
> /* todo: throw an error if key is set and node != NULL? */
> if((dsigCtx->signKey == NULL) && (dsigCtx->keyInfoReadCtx.keysMngr !=
> NULL)
> && (dsigCtx->keyInfoReadCtx.keysMngr->getKey !=
> NULL)) {
> dsigCtx->signKey = (dsigCtx->keyInfoReadCtx.keysMngr->getKey)(node,
> &(dsigCtx->keyInfoReadCtx));
> }
>
> Does it means I need to set dsigCtx->signKey? And what's meaning of
> dsigCtx->signKey? Is it private key from IDP? (we never can get private key
> from IDP). How can I meet this requirement by xmlsec?
>
>
> Thanks,
>
> Jeffrey
>
>
>
> _______________________________________________
> xmlsec mailing list
> [email protected]
> http://www.aleksey.com/mailman/listinfo/xmlsec
>
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
