IMHO, the better approach would be:
0) At the very beggining of the xmlSecOpenSSLKeyDataX509XmlWrite()
function you read the <X509Data/> node content and determine what do you want
to write (certs, subject names, ...) based on the content of <X509Data/> node
and the xmlSecKeyInfoCtx flags.
O.K.
but when <X509Data/> in template contain child nodes some XXXXRead methods fails.
This happen beffore call of xmlSecOpenSSLKeyDataX509XmlWrite(...).
At momment I can put only <X509SubjectName/> in <X509Data/> without XXXXRead to fail.
How to suppress read errors:
sample:
================================================
func=xmlSecBase64CtxFinal:file=XXXX/src/base64.c:line=272:obj=unknown:subj=outSize > 0:error=100:assertion:
func=xmlSecBase64Decode:file=XXXX/src/base64.c:line=738:obj=unknown:subj=xmlSecBase64CtxFinal:error=1:xmlsec library function failed:
func=xmlSecOpenSSLX509CertBase64DerRead:file=XXXX/src/openssl/x509.c:line=1752:obj=unknown:subj=xmlSecBase64Decode:error=1:xmlsec library function failed:
func=xmlSecOpenSSLX509CertificateNodeRead:file=XXXX/src/openssl/x509.c:line=982:obj=x509:subj=xmlSecOpenSSLX509CertBase64DerRead:error=1:xmlsec library function failed:
func=xmlSecOpenSSLX509DataNodeRead:file=XXXX/src/openssl/x509.c:line=949:obj=x509:subj=X509Certificate:error=1:xmlsec library function failed:read node failed
func=xmlSecOpenSSLKeyDataX509XmlRead:file=XXXX/src/openssl/x509.c:line=680:obj=x509:subj=xmlSecOpenSSLX509DataNodeRead:error=1:xmlsec library function failed:
func=xmlSecKeyInfoNodeRead:file=XXXX/src/keyinfo.c:line=114:obj=x509:subj=xmlSecKeyDataXmlRead:error=1:xmlsec library function failed:node=X509Data
func=xmlSecKeysMngrGetKey:file=XXXX/src/keys.c:line=905:obj=unknown:subj=xmlSecKeyInfoNodeRead:error=1:xmlsec library function failed:node=KeyInfo
func=xmlSecDSigCtxProcessKeyInfoNode:file=XXXX/src/xmldsig.c:line=871:obj=unknown:subj=unknown:error=45:key is not found:
func=xmlSecDSigCtxProcessSignatureNode:file=XXXX/src/xmldsig.c:line=565:obj=unknown:subj=xmlSecDSigCtxProcessKeyInfoNode:error=1:xmlsec library function failed:
func=xmlSecDSigCtxSign:file=XXXX/src/xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed:
Error: signature failed
Error: failed to sign file "rumen-data.tmpl"
================================================
Note: x509.c is modified and line numbers are different from CVS current.
where "rumen-data.tmpl" is:
================================================
<?xml version="1.0" encoding="UTF-8"?>
<Envelope xmlns="urn:envelope">
<Data>
Hello, World!
чт юли 3 14:42:07 EEST 2003
<X509IssuerSerial><X509IssuerName/><X509SerialNumber/></X509IssuerSerial>
<X509SubjectName/>
</Data>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference>
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue/>
</Reference>
</SignedInfo>
<SignatureValue/>
<KeyInfo>
<X509Data>
<X509Certificate/>
</X509Data>
</KeyInfo>
</Signature>
</Envelope>
================================================
and command is: xmlsec1 sign \ --privkey-pem "user1_key.pem,user1_crt.pem,ca_crt.pem" \ --trusted-pem "ca_crt.pem" \ --pwd XXXX \ rumen-data.tmpl
_______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
