Discussion:
[xmlsec] How to get Certificate from signed xml file
Jürgen Heiss
2006-05-02 12:36:10 UTC
Permalink
Hi,

How I can get the certificate from a signed xml file and save this vertificate
as a file on my local machine?

Thanks for any help
Aleksey Sanin
2006-05-02 12:45:06 UTC
Permalink
If you are writing a program in C then you have access to
the signature certificates through xmlSecDsigCtx data
structure. Check the documentation for more details.

Aleksey
Aleksey Sanin
2006-05-02 12:50:26 UTC
Permalink
You can get to signature key, from key you can get access
to "KeyData" objects. Then you need to iterate through
the list and find one for certificate (note, this part
is crypto specific!). Then you can get a handle no native
"crypto" certificate (e.g. for OpenSSL it will be X509*).


Aleksey
Hi Aleksey,
Well I have access to the xmlsecDsigCtx, but I didn't find any possiblity to get access to the certificate itself or to save the certificate ;o(
-----Original Message-----
Sent: Dienstag, 02. Mai 2006 16:45
To: J?rgen Heiss
Subject: Re: [xmlsec] How to get Certificate from signed xml file
If you are writing a program in C then you have access to the signature certificates through xmlSecDsigCtx data structure. Check the documentation for more details.
Aleksey
Jürgen Heiss
2006-05-02 13:12:30 UTC
Permalink
Skipped content of type multipart/alternative-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 101912 bytes
Desc: Outlook.jpg
Url : Loading Image...
Aleksey Sanin
2006-05-02 13:45:24 UTC
Permalink
Well i find my certificate, but how to export now?
I believe you found the key, not certificate. Look at
KeyData objects in this key.


Aleksey
Aleksey Sanin
2008-10-29 20:07:09 UTC
Permalink
Well i find my certificate, but how to export now?
I believe you found the key, not certificate. Look at
KeyData objects in this key.


Aleksey
Jürgen Heiss
2006-05-03 04:49:33 UTC
Permalink
Hi Aleksey,

Well now I got my Certificate from signed xml ;o)
Using the following code.

key = dsigCtx.signKey;
size = xmlSecPtrListGetSize(key->dataList);
sdata = (*((dsigCtx).signKey)).dataList;
for(pos = 0; pos < size; ++pos)
{
tmp = (xmlSecKeyDataPtr)xmlSecPtrListGetItem(key->dataList, pos);
if((tmp != NULL) && (tmp->id == sdata->id))
return(xmlSecPtrListSet(key->dataList, data, pos));
}

But I still don't find a way the export this certificate to my local machine for example c:\mycert.cer.

Thanks for any help


-----Original Message-----
From: Aleksey Sanin [mailto:***@aleksey.com]
Sent: Dienstag, 02. Mai 2006 17:45
To: J?rgen Heiss
Cc: ***@aleksey.com
Subject: Re: [xmlsec] How to get Certificate from signed xml file
Well i find my certificate, but how to export now?
I believe you found the key, not certificate. Look at KeyData objects in this key.


Aleksey
Aleksey Sanin
2006-05-03 04:51:08 UTC
Permalink
Post by Jürgen Heiss
But I still don't find a way the export this certificate to my local machine for example c:\mycert.cer.
http://www.aleksey.com/xmlsec/api/xmlsec-openssl-x509.html#XMLSECOPENSSLKEYDATAX509GETCERT


Aleksey
Aleksey Sanin
2008-10-29 20:07:09 UTC
Permalink
Post by Jürgen Heiss
But I still don't find a way the export this certificate to my local machine for example c:\mycert.cer.
http://www.aleksey.com/xmlsec/api/xmlsec-openssl-x509.html#XMLSECOPENSSLKEYDATAX509GETCERT


Aleksey
Jürgen Heiss
2006-05-03 05:25:19 UTC
Permalink
Thank Aleksey.

This is my code.


key = dsigCtx.signKey;
size = xmlSecPtrListGetSize(key->dataList);
sdata = (*((dsigCtx).signKey)).dataList;
for(pos = 0; pos < size; ++pos)
{
tmp = (xmlSecKeyDataPtr)xmlSecPtrListGetItem(key->dataList, pos);
if(tmp != NULL)
xmlSecPtrListSet(key->dataList, data, pos);
}

x509 = xmlSecOpenSSLKeyDataX509GetCert(tmp, pos);

But x509 is alwys 0x000000. Any ideas why this can be?

Thanks
J?rgen

-----Original Message-----
From: Aleksey Sanin [mailto:***@aleksey.com]
Sent: Mittwoch, 03. Mai 2006 08:51
To: J?rgen Heiss
Cc: ***@aleksey.com
Subject: Re: [xmlsec] How to get Certificate from signed xml file
Post by Jürgen Heiss
But I still don't find a way the export this certificate to my local machine for example c:\mycert.cer.
http://www.aleksey.com/xmlsec/api/xmlsec-openssl-x509.html#XMLSECOPENSSLKEYDATAX509GETCERT


Aleksey
Jürgen Heiss
2006-05-03 07:35:08 UTC
Permalink
Skipped content of type multipart/alternative-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 55082 bytes
Desc: Outlook.jpg
Url : Loading Image...
Aleksey Sanin
2006-05-03 12:33:37 UTC
Permalink
So, Now I got my certificate. I was using the
xmlSecMSCryptoKeyDataX509GetCert Function.
The X509 Struct is filled, but how can I write this info now to my local
disk into one cert file?
http://www.openssl.org/docs/

Aleksey
Aleksey Sanin
2008-10-29 20:07:10 UTC
Permalink
So, Now I got my certificate. I was using the
xmlSecMSCryptoKeyDataX509GetCert Function.
The X509 Struct is filled, but how can I write this info now to my local
disk into one cert file?
http://www.openssl.org/docs/

Aleksey

Aleksey Sanin
2008-10-29 20:07:09 UTC
Permalink
If you are writing a program in C then you have access to
the signature certificates through xmlSecDsigCtx data
structure. Check the documentation for more details.

Aleksey
Aleksey Sanin
2008-10-29 20:07:09 UTC
Permalink
You can get to signature key, from key you can get access
to "KeyData" objects. Then you need to iterate through
the list and find one for certificate (note, this part
is crypto specific!). Then you can get a handle no native
"crypto" certificate (e.g. for OpenSSL it will be X509*).


Aleksey
Hi Aleksey,
Well I have access to the xmlsecDsigCtx, but I didn't find any possiblity to get access to the certificate itself or to save the certificate ;o(
-----Original Message-----
Sent: Dienstag, 02. Mai 2006 16:45
To: J?rgen Heiss
Subject: Re: [xmlsec] How to get Certificate from signed xml file
If you are writing a program in C then you have access to the signature certificates through xmlSecDsigCtx data structure. Check the documentation for more details.
Aleksey
Loading...