Adding key from X509 certificate using xmlSecOpenSSLAppKeyLoad and xmlSecOpenSSLAppKeyLoadMemory does not add the certificate to the key's "keyCert" member

[fnyberg-vcc]

Hi
I have a X509 certificate containing a key I want to be used to verify an XML. So after looking at the documentation it seems like I should add the key from the certificate to the key store using the code:

xmlSecKeyPtr key = xmlSecCryptoAppKeyLoad(cert_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
xmlSecCryptoAppDefaultKeysMngrAdoptKey(keys_mngr, key);

This adds the key from the cert fine as the XML signature gets verified using the added key, but when I try to retrieve the certificate using:

X509* key_cert = xmlSecOpenSSLKeyDataX509GetKeyCert(xmlSecKeyGetData(key, xmlSecOpenSSLKeyDataX509Id));

I get NULL back. Upon a small investigation, I found that xmlSecCryptoAppKeyLoad and xmlSecOpenSSLAppKeyLoadMemory adds the cert to the stack ctx->certsList but not as ctx->keyCert. From my understanding, a key retrieved from a cert should always have that cert added as ctx->keyCert. Am I missing something or misunderstanding the process? Although I found a workaround using xmlSecOpenSSLKeyDataX509AdoptKeyCert, I would like to know if this behavior is intended.

[lsh123]

You also need to call xmlSecCryptoAppKeyCertLoad() to add the cert to the key.

[fnyberg-vcc]

I've tested with xmlSecCryptoAppKeyCertLoad but this did not solve my question, as it seems to add the same the same data to the key as xmlSecCryptoAppKeyLoad.
I.e. when I look at the call stack I see xmlSecCryptoAppKeyCertLoad ->xmlSecOpenSSLAppKeyCertLoad -> xmlSecOpenSSLAppKeyCertLoadBIO->xmlSecOpenSSLKeyDataX509AdoptCert and this is adding the cert to ctx->certsList.

So from what I can see in the code, and when inspecting it in GDB, this call also adds the cert to ctx->certsList but not ctx->keyCert.

So if I do both of the calls, e.g:

xmlSecKeyPtr key = xmlSecCryptoAppKeyLoad(cert_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
xmlSecCryptoAppKeyCertLoad(key, cert_file, xmlSecKeyDataFormatPem);

I can see that the cert from cert_file is added twice to the stack ctx->certsList but ctx->keyCert remains NULL.

[lsh123]

Hm, ok sorry about that, let me take a look. What version of xmlsec are you using?

[fnyberg-vcc]

No worries, appreciate you looking into it. I'm using xmlsec 1.2.34 release.

[lsh123]

I see the issue: this is inconsistent: reading pkcs12 or X509Data from XML sets keyCert while reading a key from a cert file does not. I created issue #545 and PR #546. It should be in the master shortly and then included in the next release (targeting April 2023).

[fnyberg-vcc]

Thanks for fixing it. Glad I could help identify the issue.

[fnyberg-vcc]

Another inconsistency I've noticed when loading the key from a separate certificate file is regarding the verification of XML signatures.

When the key is fetched by reading X509Data from XML, the call to verify the XML (i.e. xmlSecDSigCtxVerify(dsig_ctx, xml_start_node)) checks if the keyCert certificate can build a certificate chain that reaches a trusted root certificate (loaded with xmlSecCryptoAppKeysMngrCertLoad(key_mngr, trusted_cert, xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted)). However, when reading the key from a certificate file and then attempting to verify an XML signed by that key, there is no check to ensure that the KeyCert reaches a trusted root.

Currently I have a work around in my own code where I manually build and verify the certificate chain. Again I'm unsure if this behavior is intended or if that is also something that you would want to fix, to me it seems like a bug.

[lsh123]

First, thanks for bug report. I also merged the fix to the xmlsec 1.2.x branch in case you don't want to migrate to the latest 1.3.0 (master) that has a lot of other changes.

Re cert verification from the files, this is done intentionally: the XML document is untrusted and this is why certs verification is required. On the other hand, the local files (or in-memory certs) are provided by a trusted party that can perform verification independently (as you did). Said that, if you don't mind -- could you please file a feature request to add a command line flag to the xmlsec utility to verify certs? I will see if it is easy to do (and of course I accept patches! :) ).

[fnyberg-vcc]

Great work, thanks for the quick fix. I appreciate the answer and now better understand the reasoning for handling external key certificates in that way. I made a feature request for certificate verification in the xmlsec utility here: #558
Will definitely consider contributing to XMLsec in the future if I think I have a patch that could add some value to the utility.

[lsh123]

Thanks, I added a few implementation notes there.