Re: [xmlsec] core methods for write of and

[Roumen Petrov]

Aleksey Sanin wrote:

Hi, Roumen!

I have looked at your new patch and I have few comments:
    0) It seems that xmlSecOpenSSLKeyDataX509XmlWrite() function
    now writes subject, serial or full certificate only for the first 
certificate
    in the xmlSecKey. All other certificates are written "in-full".
    This seems wrong to me. Yo don't know which certificate will be the
    "first" one. I am not sure I understand why you don't want to do the
    same for all certs.
    I thought that the plan was:  
          - Read X509Data node and create a bits mask of its children
          (cert, subject, serial, ski, crl).
          - If mask is 0 (no children) then set cert and crl bits to 
simulate
          current behaiviour (write certs and crls in empty X509Data 
node).
          - Remove X509Data node content.
          - Walk thru the list of certificates and write cert and/or 
subject and/or
          serial and/or ski according to bits mask.
          - If crls bit is set walk thru the list of crls and write 
them out.
    This seems more natural to me than "special case" the first cert.
There is no special case the first cert  :-[
=== INPUT:
<KeyInfo>
 <X509Data>
   <X509SubjectName/>
   <X509IssuerSerial/>
   <X509Certificate/>
   <X509Certificate/>
   <X509Certificate/>
   <X509Certificate/>
   <X509Certificate/>
   <X509SubjectName/>
   <X509IssuerSerial/>
   <X509IssuerSerial><X509IssuerName/></X509IssuerSerial>
   
<X509IssuerSerial><X509IssuerName/><X509SerialNumber/></X509IssuerSerial>
 </X509Data>
</KeyInfo>
=== OUTPUT:
<KeyInfo>
 <X509Data>
   <X509SubjectName>[EMAIL PROTECTED],CN=Aleksey 
Sanin,OU=Third Level RSA Certificate,O=XML Security Library 
(http://www.aleksey.com/xmlsec),ST=California,C=US</X509SubjectName>
   <X509IssuerSerial>
<X509IssuerName>[EMAIL PROTECTED],CN=Aleksey Sanin,OU=Root 
Certificate,O=XML Security Library 
(http://www.aleksey.com/xmlsec),L=Sunnyvale,ST=California,C=US</X509IssuerName>
<X509SerialNumber>1</X509SerialNumber>
</X509IssuerSerial>
   <X509Certificate>MII..........................</X509Certificate>
   <X509Certificate/>
   <X509Certificate/>
   <X509Certificate/>
   <X509Certificate/>
   <X509SubjectName/>
   <X509IssuerSerial/>
   <X509IssuerSerial><X509IssuerName/></X509IssuerSerial>
   
<X509IssuerSerial><X509IssuerName/><X509SerialNumber/></X509IssuerSerial>
 </X509Data>
</KeyInfo>

_______________________________________________
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec