summaryrefslogtreecommitdiff
path: root/libxmlsec/xmlsec1-customkeymanage.patch
diff options
context:
space:
mode:
authorKurt Zenker <kz@openoffice.org>2009-10-14 16:21:13 +0000
committerKurt Zenker <kz@openoffice.org>2009-10-14 16:21:13 +0000
commit618a4653360de8d1584d9ece2288b475054eac78 (patch)
tree9b64d362c97ab7b1bc4da9c5f5c418729158a23b /libxmlsec/xmlsec1-customkeymanage.patch
parent94fb4f0e7a46d03e57da9156188201882d967aa6 (diff)
CWS-TOOLING: integrate CWS jl135_nss
2009-10-01 15:20:03 +0200 jl r276605 : #1004856# moved to xmlsec1-mingw32.patch 2009-10-01 10:51:24 +0200 jl r276580 : #1004856# build keymgr with mingw 2009-10-01 10:50:52 +0200 jl r276579 : #1004856# build keymgr with mingw 2009-10-01 10:37:28 +0200 jl r276578 : #1004856# do not build xmlsec1 app 2009-09-29 16:01:31 +0200 jl r276532 : #1004856# Using libxml2 from solver if available 2009-09-26 16:31:32 +0200 jl r276477 : #i104856# xmlsec1-mscrypto-1 is now xmlsec1-mscrypto 2009-09-25 17:05:26 +0200 jl r276470 : CWS-TOOLING: rebase CWS jl135_nss to trunk@276429 (milestone: DEV300:m60) 2009-09-24 12:57:10 +0200 jl r276419 : #i104856# libxmlsec update 2009-09-24 12:46:58 +0200 jl r276418 : #i104856# fixing mac configure problem in configure.in and regenerating configure 2009-09-23 16:49:54 +0200 jl r276405 : i#104856# configure failed on mac 2009-09-23 10:21:35 +0200 jl r276369 : #i104856# adapting patches to apply cleanly and readme change 2009-09-21 13:45:47 +0200 jl r276326 : #i104856 updating to 1.2.12, using changes patches from cmc made on xmlsec1_2_12 2009-09-21 11:27:46 +0200 jl r276319 : #i105183# forget to uncomment PATCH_FILES 2009-09-18 17:41:20 +0200 jl r276296 : #i105183# update of nss libs
Diffstat (limited to 'libxmlsec/xmlsec1-customkeymanage.patch')
-rw-r--r--libxmlsec/xmlsec1-customkeymanage.patch6086
1 files changed, 6086 insertions, 0 deletions
diff --git a/libxmlsec/xmlsec1-customkeymanage.patch b/libxmlsec/xmlsec1-customkeymanage.patch
new file mode 100644
index 000000000000..80cb7de93a70
--- /dev/null
+++ b/libxmlsec/xmlsec1-customkeymanage.patch
@@ -0,0 +1,6086 @@
+--- misc/xmlsec1-1.2.12/include/xmlsec/mscrypto/Makefile.am 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/include/xmlsec/mscrypto/Makefile.am 2009-09-21 14:02:48.563253008 +0200
+@@ -3,6 +3,7 @@
+ xmlsecmscryptoincdir = $(includedir)/xmlsec1/xmlsec/mscrypto
+
+ xmlsecmscryptoinc_HEADERS = \
++akmngr.h \
+ app.h \
+ certkeys.h \
+ crypto.h \
+--- misc/xmlsec1-1.2.12/include/xmlsec/mscrypto/Makefile.in 2009-06-25 22:53:30.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/include/xmlsec/mscrypto/Makefile.in 2009-09-21 14:02:48.571021349 +0200
+@@ -308,6 +308,7 @@
+ NULL =
+ xmlsecmscryptoincdir = $(includedir)/xmlsec1/xmlsec/mscrypto
+ xmlsecmscryptoinc_HEADERS = \
++akmngr.h \
+ app.h \
+ certkeys.h \
+ crypto.h \
+--- misc/xmlsec1-1.2.12/include/xmlsec/mscrypto/akmngr.h 2009-09-21 14:07:19.052318336 +0200
++++ misc/build/xmlsec1-1.2.12/include/xmlsec/mscrypto/akmngr.h 2009-09-21 14:02:48.504966762 +0200
+@@ -1 +1,71 @@
+-dummy
++/**
++ * XMLSec library
++ *
++ * This is free software; see Copyright file in the source
++ * distribution for preciese wording.
++ *
++ * Copyright ..........................
++ */
++#ifndef __XMLSEC_MSCRYPTO_AKMNGR_H__
++#define __XMLSEC_MSCRYPTO_AKMNGR_H__
++
++#include <windows.h>
++#include <wincrypt.h>
++
++#include <xmlsec/xmlsec.h>
++#include <xmlsec/keys.h>
++#include <xmlsec/transforms.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif /* __cplusplus */
++
++XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
++xmlSecMSCryptoAppliedKeysMngrCreate(
++ HCERTSTORE keyStore ,
++ HCERTSTORE certStore
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecMSCryptoAppliedKeysMngrSymKeyLoad(
++ xmlSecKeysMngrPtr mngr ,
++ HCRYPTKEY symKey
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecMSCryptoAppliedKeysMngrPubKeyLoad(
++ xmlSecKeysMngrPtr mngr ,
++ HCRYPTKEY pubKey
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecMSCryptoAppliedKeysMngrPriKeyLoad(
++ xmlSecKeysMngrPtr mngr ,
++ HCRYPTKEY priKey
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore (
++ xmlSecKeysMngrPtr mngr ,
++ HCERTSTORE keyStore
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore (
++ xmlSecKeysMngrPtr mngr ,
++ HCERTSTORE trustedStore
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore (
++ xmlSecKeysMngrPtr mngr ,
++ HCERTSTORE untrustedStore
++) ;
++
++#ifdef __cplusplus
++}
++#endif /* __cplusplus */
++
++#endif /* __XMLSEC_MSCRYPTO_AKMNGR_H__ */
++
++
+--- misc/xmlsec1-1.2.12/include/xmlsec/nss/Makefile.am 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/include/xmlsec/nss/Makefile.am 2009-09-21 14:02:48.577933031 +0200
+@@ -10,6 +10,9 @@
+ keysstore.h \
+ pkikeys.h \
+ x509.h \
++akmngr.h \
++tokens.h \
++ciphers.h \
+ $(NULL)
+
+ install-exec-hook:
+--- misc/xmlsec1-1.2.12/include/xmlsec/nss/Makefile.in 2009-06-25 22:53:31.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/include/xmlsec/nss/Makefile.in 2009-09-21 14:02:48.585376325 +0200
+@@ -315,6 +315,9 @@
+ keysstore.h \
+ pkikeys.h \
+ x509.h \
++akmngr.h \
++tokens.h \
++ciphers.h \
+ $(NULL)
+
+ all: all-am
+--- misc/xmlsec1-1.2.12/include/xmlsec/nss/akmngr.h 2009-09-21 14:07:19.105517659 +0200
++++ misc/build/xmlsec1-1.2.12/include/xmlsec/nss/akmngr.h 2009-09-21 14:02:48.510978278 +0200
+@@ -1 +1,56 @@
+-dummy
++/**
++ * XMLSec library
++ *
++ * This is free software; see Copyright file in the source
++ * distribution for preciese wording.
++ *
++ * Copyright ..........................
++ */
++#ifndef __XMLSEC_NSS_AKMNGR_H__
++#define __XMLSEC_NSS_AKMNGR_H__
++
++#include <nss.h>
++#include <nspr.h>
++#include <pk11func.h>
++#include <cert.h>
++
++#include <xmlsec/xmlsec.h>
++#include <xmlsec/keys.h>
++#include <xmlsec/transforms.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif /* __cplusplus */
++
++XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
++xmlSecNssAppliedKeysMngrCreate(
++ PK11SlotInfo** slots,
++ int cSlots,
++ CERTCertDBHandle* handler
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecNssAppliedKeysMngrSymKeyLoad(
++ xmlSecKeysMngrPtr mngr ,
++ PK11SymKey* symKey
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecNssAppliedKeysMngrPubKeyLoad(
++ xmlSecKeysMngrPtr mngr ,
++ SECKEYPublicKey* pubKey
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecNssAppliedKeysMngrPriKeyLoad(
++ xmlSecKeysMngrPtr mngr ,
++ SECKEYPrivateKey* priKey
++) ;
++
++#ifdef __cplusplus
++}
++#endif /* __cplusplus */
++
++#endif /* __XMLSEC_NSS_AKMNGR_H__ */
++
++
+--- misc/xmlsec1-1.2.12/include/xmlsec/nss/app.h 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/include/xmlsec/nss/app.h 2009-09-21 14:02:48.612847068 +0200
+@@ -22,6 +22,9 @@
+ #include <xmlsec/keysmngr.h>
+ #include <xmlsec/transforms.h>
+
++#include <xmlsec/nss/tokens.h>
++#include <xmlsec/nss/akmngr.h>
++
+ /**
+ * Init/shutdown
+ */
+@@ -36,6 +39,8 @@
+ xmlSecKeyPtr key);
+ XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr,
+ const char* uri);
++XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKeySlot(xmlSecKeysMngrPtr mngr,
++ xmlSecNssKeySlotPtr keySlot);
+ XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr,
+ const char* filename,
+ xmlSecKeyDataType type);
+--- misc/xmlsec1-1.2.12/include/xmlsec/nss/ciphers.h 2009-09-21 14:07:19.146496548 +0200
++++ misc/build/xmlsec1-1.2.12/include/xmlsec/nss/ciphers.h 2009-09-21 14:02:48.516689712 +0200
+@@ -1 +1,35 @@
+-dummy
++/**
++ * XMLSec library
++ *
++ * This is free software; see Copyright file in the source
++ * distribution for preciese wording.
++ *
++ * Copyright ..........................
++ */
++#ifndef __XMLSEC_NSS_CIPHERS_H__
++#define __XMLSEC_NSS_CIPHERS_H__
++
++#ifdef __cplusplus
++extern "C" {
++#endif /* __cplusplus */
++
++#include <xmlsec/xmlsec.h>
++#include <xmlsec/keys.h>
++#include <xmlsec/transforms.h>
++
++
++XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data,
++ PK11SymKey* symkey ) ;
++
++XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ;
++
++XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data);
++
++
++#ifdef __cplusplus
++}
++#endif /* __cplusplus */
++
++#endif /* __XMLSEC_NSS_CIPHERS_H__ */
++
++
+--- misc/xmlsec1-1.2.12/include/xmlsec/nss/keysstore.h 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/include/xmlsec/nss/keysstore.h 2009-09-21 14:02:48.626261748 +0200
+@@ -16,6 +16,8 @@
+ #endif /* __cplusplus */
+
+ #include <xmlsec/xmlsec.h>
++#include <xmlsec/keysmngr.h>
++#include <xmlsec/nss/tokens.h>
+
+ /****************************************************************************
+ *
+@@ -31,6 +33,8 @@
+ XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId xmlSecNssKeysStoreGetKlass (void);
+ XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKey (xmlSecKeyStorePtr store,
+ xmlSecKeyPtr key);
++XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKeySlot(xmlSecKeyStorePtr store,
++ xmlSecNssKeySlotPtr keySlot);
+ XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store,
+ const char *uri,
+ xmlSecKeysMngrPtr keysMngr);
+--- misc/xmlsec1-1.2.12/include/xmlsec/nss/tokens.h 2009-09-21 14:07:19.172421448 +0200
++++ misc/build/xmlsec1-1.2.12/include/xmlsec/nss/tokens.h 2009-09-21 14:02:48.522913605 +0200
+@@ -1 +1,182 @@
+-dummy
++/**
++ * XMLSec library
++ *
++ * This is free software; see Copyright file in the source
++ * distribution for preciese wording.
++ *
++ * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved.
++ *
++ * Contributor(s): _____________________________
++ *
++ */
++#ifndef __XMLSEC_NSS_TOKENS_H__
++#define __XMLSEC_NSS_TOKENS_H__
++
++#include <string.h>
++
++#include <nss.h>
++#include <pk11func.h>
++
++#include <xmlsec/xmlsec.h>
++#include <xmlsec/list.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif /* __cplusplus */
++
++/**
++ * xmlSecNssKeySlotListId
++ *
++ * The crypto mechanism list klass
++ */
++#define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass()
++XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ;
++
++/*******************************************
++ * KeySlot interfaces
++ *******************************************/
++/**
++ * Internal NSS key slot data
++ * @mechanismList: the mechanisms that the slot bound with.
++ * @slot: the pkcs slot
++ *
++ * This context is located after xmlSecPtrList
++ */
++typedef struct _xmlSecNssKeySlot xmlSecNssKeySlot ;
++typedef struct _xmlSecNssKeySlot* xmlSecNssKeySlotPtr ;
++
++struct _xmlSecNssKeySlot {
++ CK_MECHANISM_TYPE_PTR mechanismList ; /* mech. array, NULL ternimated */
++ PK11SlotInfo* slot ;
++} ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecNssKeySlotSetMechList(
++ xmlSecNssKeySlotPtr keySlot ,
++ CK_MECHANISM_TYPE_PTR mechanismList
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecNssKeySlotEnableMech(
++ xmlSecNssKeySlotPtr keySlot ,
++ CK_MECHANISM_TYPE mechanism
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecNssKeySlotDisableMech(
++ xmlSecNssKeySlotPtr keySlot ,
++ CK_MECHANISM_TYPE mechanism
++) ;
++
++XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR
++xmlSecNssKeySlotGetMechList(
++ xmlSecNssKeySlotPtr keySlot
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecNssKeySlotSetSlot(
++ xmlSecNssKeySlotPtr keySlot ,
++ PK11SlotInfo* slot
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecNssKeySlotInitialize(
++ xmlSecNssKeySlotPtr keySlot ,
++ PK11SlotInfo* slot
++) ;
++
++XMLSEC_CRYPTO_EXPORT void
++xmlSecNssKeySlotFinalize(
++ xmlSecNssKeySlotPtr keySlot
++) ;
++
++XMLSEC_CRYPTO_EXPORT PK11SlotInfo*
++xmlSecNssKeySlotGetSlot(
++ xmlSecNssKeySlotPtr keySlot
++) ;
++
++XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
++xmlSecNssKeySlotCreate() ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecNssKeySlotCopy(
++ xmlSecNssKeySlotPtr newKeySlot ,
++ xmlSecNssKeySlotPtr keySlot
++) ;
++
++XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
++xmlSecNssKeySlotDuplicate(
++ xmlSecNssKeySlotPtr keySlot
++) ;
++
++XMLSEC_CRYPTO_EXPORT void
++xmlSecNssKeySlotDestroy(
++ xmlSecNssKeySlotPtr keySlot
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecNssKeySlotBindMech(
++ xmlSecNssKeySlotPtr keySlot ,
++ CK_MECHANISM_TYPE type
++) ;
++
++XMLSEC_CRYPTO_EXPORT int
++xmlSecNssKeySlotSupportMech(
++ xmlSecNssKeySlotPtr keySlot ,
++ CK_MECHANISM_TYPE type
++) ;
++
++
++/************************************************************************
++ * PKCS#11 crypto token interfaces
++ *
++ * A PKCS#11 slot repository will be defined internally. From the
++ * repository, a user can specify a particular slot for a certain crypto
++ * mechanism.
++ *
++ * In some situation, some cryptographic operation should act in a user
++ * designated devices. The interfaces defined here provide the way. If
++ * the user do not initialize the repository distinctly, the interfaces
++ * use the default functions provided by NSS itself.
++ *
++ ************************************************************************/
++/**
++ * Initialize NSS pkcs#11 slot repository
++ *
++ * Returns 0 if success or -1 if an error occurs.
++ */
++XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ;
++
++/**
++ * Shutdown and destroy NSS pkcs#11 slot repository
++ */
++XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ;
++
++/**
++ * Get PKCS#11 slot handler
++ * @type the mechanism that the slot must support.
++ *
++ * Returns a pointer to PKCS#11 slot or NULL if an error occurs.
++ *
++ * Notes: The returned handler must be destroied distinctly.
++ */
++XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ;
++
++/**
++ * Adopt a pkcs#11 slot with a mechanism into the repository
++ * @slot: the pkcs#11 slot.
++ * @mech: the mechanism.
++ *
++ * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with
++ * this mechanism only can perform on the @slot.
++ *
++ * Returns 0 if success or -1 if an error occurs.
++ */
++XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ;
++
++#ifdef __cplusplus
++}
++#endif /* __cplusplus */
++
++#endif /* __XMLSEC_NSS_TOKENS_H__ */
++
+--- misc/xmlsec1-1.2.12/src/mscrypto/akmngr.c 2009-09-21 14:07:19.078910929 +0200
++++ misc/build/xmlsec1-1.2.12/src/mscrypto/akmngr.c 2009-09-21 14:02:48.531281225 +0200
+@@ -1 +1,235 @@
+-dummy
++/**
++ * XMLSec library
++ *
++ * This is free software; see Copyright file in the source
++ * distribution for preciese wording.
++ *
++ * Copyright.........................
++ */
++#include "globals.h"
++
++#include <xmlsec/xmlsec.h>
++#include <xmlsec/keys.h>
++#include <xmlsec/transforms.h>
++#include <xmlsec/errors.h>
++
++#include <xmlsec/mscrypto/crypto.h>
++#include <xmlsec/mscrypto/keysstore.h>
++#include <xmlsec/mscrypto/akmngr.h>
++#include <xmlsec/mscrypto/x509.h>
++
++/**
++ * xmlSecMSCryptoAppliedKeysMngrCreate:
++ * @hKeyStore: the pointer to key store.
++ * @hCertStore: the pointer to certificate database.
++ *
++ * Create and load key store and certificate database into keys manager
++ *
++ * Returns keys manager pointer on success or NULL otherwise.
++ */
++xmlSecKeysMngrPtr
++xmlSecMSCryptoAppliedKeysMngrCreate(
++ HCERTSTORE hKeyStore ,
++ HCERTSTORE hCertStore
++) {
++ xmlSecKeyDataStorePtr certStore = NULL ;
++ xmlSecKeysMngrPtr keyMngr = NULL ;
++ xmlSecKeyStorePtr keyStore = NULL ;
++
++ keyStore = xmlSecKeyStoreCreate( xmlSecMSCryptoKeysStoreId ) ;
++ if( keyStore == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeyStoreCreate" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return NULL ;
++ }
++
++ /*-
++ * At present, MS Crypto engine do not provide a way to setup a key store.
++ */
++ if( keyStore != NULL ) {
++ /*TODO: binding key store.*/
++ }
++
++ keyMngr = xmlSecKeysMngrCreate() ;
++ if( keyMngr == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeysMngrCreate" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecKeyStoreDestroy( keyStore ) ;
++ return NULL ;
++ }
++
++ /*-
++ * Add key store to manager, from now on keys manager destroys the store if
++ * needed
++ */
++ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
++ "xmlSecKeysMngrAdoptKeyStore" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecKeyStoreDestroy( keyStore ) ;
++ xmlSecKeysMngrDestroy( keyMngr ) ;
++ return NULL ;
++ }
++
++ /*-
++ * Initialize crypto library specific data in keys manager
++ */
++ if( xmlSecMSCryptoKeysMngrInit( keyMngr ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecMSCryptoKeysMngrInit" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecKeysMngrDestroy( keyMngr ) ;
++ return NULL ;
++ }
++
++ /*-
++ * Set certificate databse to X509 key data store
++ */
++ /*-
++ * At present, MS Crypto engine do not provide a way to setup a cert store.
++ */
++
++ /*-
++ * Set the getKey callback
++ */
++ keyMngr->getKey = xmlSecKeysMngrGetKey ;
++
++ return keyMngr ;
++}
++
++int
++xmlSecMSCryptoAppliedKeysMngrSymKeyLoad(
++ xmlSecKeysMngrPtr mngr ,
++ HCRYPTKEY symKey
++) {
++ /*TODO: import the key into keys manager.*/
++ return(0) ;
++}
++
++int
++xmlSecMSCryptoAppliedKeysMngrPubKeyLoad(
++ xmlSecKeysMngrPtr mngr ,
++ HCRYPTKEY pubKey
++) {
++ /*TODO: import the key into keys manager.*/
++ return(0) ;
++}
++
++int
++xmlSecMSCryptoAppliedKeysMngrPriKeyLoad(
++ xmlSecKeysMngrPtr mngr ,
++ HCRYPTKEY priKey
++) {
++ /*TODO: import the key into keys manager.*/
++ return(0) ;
++}
++
++int
++xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore (
++ xmlSecKeysMngrPtr mngr ,
++ HCERTSTORE keyStore
++) {
++ xmlSecKeyDataStorePtr x509Store ;
++
++ xmlSecAssert2( mngr != NULL, -1 ) ;
++ xmlSecAssert2( keyStore != NULL, -1 ) ;
++
++ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
++ if( x509Store == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeysMngrGetDataStore" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return( -1 ) ;
++ }
++
++ if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
++ "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return( -1 ) ;
++ }
++
++ return( 0 ) ;
++}
++
++int
++xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore (
++ xmlSecKeysMngrPtr mngr ,
++ HCERTSTORE trustedStore
++) {
++ xmlSecKeyDataStorePtr x509Store ;
++
++ xmlSecAssert2( mngr != NULL, -1 ) ;
++ xmlSecAssert2( trustedStore != NULL, -1 ) ;
++
++ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
++ if( x509Store == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeysMngrGetDataStore" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return( -1 ) ;
++ }
++
++ if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
++ "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return( -1 ) ;
++ }
++
++ return( 0 ) ;
++}
++
++int
++xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore (
++ xmlSecKeysMngrPtr mngr ,
++ HCERTSTORE untrustedStore
++) {
++ xmlSecKeyDataStorePtr x509Store ;
++
++ xmlSecAssert2( mngr != NULL, -1 ) ;
++ xmlSecAssert2( untrustedStore != NULL, -1 ) ;
++
++ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
++ if( x509Store == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeysMngrGetDataStore" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return( -1 ) ;
++ }
++
++ if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
++ "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return( -1 ) ;
++ }
++
++ return( 0 ) ;
++}
++
+--- misc/xmlsec1-1.2.12/src/nss/Makefile.am 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/Makefile.am 2009-09-21 14:02:48.591560472 +0200
+@@ -35,6 +35,9 @@
+ kw_des.c \
+ kw_aes.c \
+ globals.h \
++ akmngr.c \
++ keywrapers.c \
++ tokens.c \
+ $(NULL)
+
+ if SHAREDLIB_HACK
+--- misc/xmlsec1-1.2.12/src/nss/Makefile.in 2009-06-25 22:53:33.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/Makefile.in 2009-09-21 14:02:48.599339718 +0200
+@@ -61,7 +61,8 @@
+ am__libxmlsec1_nss_la_SOURCES_DIST = app.c bignum.c ciphers.c crypto.c \
+ digests.c hmac.c pkikeys.c signatures.c symkeys.c x509.c \
+ x509vfy.c keysstore.c keytrans.c kw_des.c kw_aes.c globals.h \
+- ../strings.c
++ ../strings.c \
++ akmngr.c keywrapers.c tokens.c
+ am__objects_1 =
+ @SHAREDLIB_HACK_TRUE@am__objects_2 = libxmlsec1_nss_la-strings.lo
+ am_libxmlsec1_nss_la_OBJECTS = libxmlsec1_nss_la-app.lo \
+@@ -72,6 +73,8 @@
+ libxmlsec1_nss_la-x509.lo libxmlsec1_nss_la-x509vfy.lo \
+ libxmlsec1_nss_la-keysstore.lo libxmlsec1_nss_la-keytrans.lo \
+ libxmlsec1_nss_la-kw_des.lo libxmlsec1_nss_la-kw_aes.lo \
++ libxmlsec1_nss_la-akmngr.lo libxmlsec1_nss_la-keywrapers.lo \
++ libxmlsec1_nss_la-tokens.lo \
+ $(am__objects_1) $(am__objects_2)
+ libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS)
+ DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)
+@@ -357,6 +360,7 @@
+ libxmlsec1_nss_la_SOURCES = app.c bignum.c ciphers.c crypto.c \
+ digests.c hmac.c pkikeys.c signatures.c symkeys.c x509.c \
+ x509vfy.c keysstore.c keytrans.c kw_des.c kw_aes.c globals.h \
++ akmngr.c keywrapers.c tokens.c \
+ $(NULL) $(am__append_1)
+ libxmlsec1_nss_la_LIBADD = \
+ ../libxmlsec1.la \
+@@ -458,6 +462,9 @@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-symkeys.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509.Plo@am__quote@
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509vfy.Plo@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Plo@am__quote@
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-tokens.Plo@am__quote@
+
+ .c.o:
+ @am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
+@@ -487,6 +494,27 @@
+ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ @am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
+
++libxmlsec1_nss_la-akmngr.lo: akmngr.c
++@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-akmngr.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo" -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c; \
++@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo"; exit 1; fi
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='akmngr.c' object='libxmlsec1_nss_la-akmngr.lo' libtool=yes @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c
++
++libxmlsec1_nss_la-keywrapers.lo: keywrapers.c
++@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-keywrapers.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo" -c -o libxmlsec1_nss_la-keywrapers.lo `test -f 'keywrapers.c' || echo '$(srcdir)/'`keywrapers.c; \
++@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo"; exit 1; fi
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='keywrapers.c' object='libxmlsec1_nss_la-keywrapers.lo' libtool=yes @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-keywrapers.lo `test -f 'keywrapers.c' || echo '$(srcdir)/'`keywrapers.c
++
++libxmlsec1_nss_la-tokens.lo: tokens.c
++@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-tokens.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo" -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c; \
++@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-tokens.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo"; exit 1; fi
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tokens.c' object='libxmlsec1_nss_la-tokens.lo' libtool=yes @AMDEPBACKSLASH@
++@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
++@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c
++
+ libxmlsec1_nss_la-bignum.lo: bignum.c
+ @am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-bignum.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo" -c -o libxmlsec1_nss_la-bignum.lo `test -f 'bignum.c' || echo '$(srcdir)/'`bignum.c; \
+ @am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-bignum.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo"; exit 1; fi
+--- misc/xmlsec1-1.2.12/src/nss/akmngr.c 2009-09-21 14:07:19.197249962 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/akmngr.c 2009-09-21 14:02:48.539616129 +0200
+@@ -1 +1,384 @@
+-dummy
++/**
++ * XMLSec library
++ *
++ * This is free software; see Copyright file in the source
++ * distribution for preciese wording.
++ *
++ * Copyright.........................
++ */
++#include "globals.h"
++
++#include <nspr.h>
++#include <nss.h>
++#include <pk11func.h>
++#include <cert.h>
++#include <keyhi.h>
++
++#include <xmlsec/xmlsec.h>
++#include <xmlsec/keys.h>
++#include <xmlsec/transforms.h>
++#include <xmlsec/errors.h>
++
++#include <xmlsec/nss/crypto.h>
++#include <xmlsec/nss/tokens.h>
++#include <xmlsec/nss/akmngr.h>
++#include <xmlsec/nss/pkikeys.h>
++#include <xmlsec/nss/ciphers.h>
++#include <xmlsec/nss/keysstore.h>
++
++/**
++ * xmlSecNssAppliedKeysMngrCreate:
++ * @slot: array of pointers to NSS PKCS#11 slot infomation.
++ * @cSlots: number of slots in the array
++ * @handler: the pointer to NSS certificate database.
++ *
++ * Create and load NSS crypto slot and certificate database into keys manager
++ *
++ * Returns keys manager pointer on success or NULL otherwise.
++ */
++xmlSecKeysMngrPtr
++xmlSecNssAppliedKeysMngrCreate(
++ PK11SlotInfo** slots,
++ int cSlots,
++ CERTCertDBHandle* handler
++) {
++ xmlSecKeyDataStorePtr certStore = NULL ;
++ xmlSecKeysMngrPtr keyMngr = NULL ;
++ xmlSecKeyStorePtr keyStore = NULL ;
++ int islot = 0;
++ keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ;
++ if( keyStore == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeyStoreCreate" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return NULL ;
++ }
++
++ for (islot = 0; islot < cSlots; islot++)
++ {
++ xmlSecNssKeySlotPtr keySlot ;
++
++ /* Create a key slot */
++ keySlot = xmlSecNssKeySlotCreate() ;
++ if( keySlot == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
++ "xmlSecNssKeySlotCreate" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecKeyStoreDestroy( keyStore ) ;
++ return NULL ;
++ }
++
++ /* Set slot */
++ if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
++ "xmlSecNssKeySlotSetSlot" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecKeyStoreDestroy( keyStore ) ;
++ xmlSecNssKeySlotDestroy( keySlot ) ;
++ return NULL ;
++ }
++
++ /* Adopt keySlot */
++ if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
++ "xmlSecNssKeysStoreAdoptKeySlot" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecKeyStoreDestroy( keyStore ) ;
++ xmlSecNssKeySlotDestroy( keySlot ) ;
++ return NULL ;
++ }
++ }
++
++ keyMngr = xmlSecKeysMngrCreate() ;
++ if( keyMngr == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeysMngrCreate" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecKeyStoreDestroy( keyStore ) ;
++ return NULL ;
++ }
++
++ /*-
++ * Add key store to manager, from now on keys manager destroys the store if
++ * needed
++ */
++ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
++ "xmlSecKeysMngrAdoptKeyStore" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecKeyStoreDestroy( keyStore ) ;
++ xmlSecKeysMngrDestroy( keyMngr ) ;
++ return NULL ;
++ }
++
++ /*-
++ * Initialize crypto library specific data in keys manager
++ */
++ if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeysMngrCreate" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecKeysMngrDestroy( keyMngr ) ;
++ return NULL ;
++ }
++
++ /*-
++ * Set certificate databse to X509 key data store
++ */
++ /**
++ * Because Tej's implementation of certDB use the default DB, so I ignore
++ * the certDB handler at present. I'll modify the cert store sources to
++ * accept particular certDB instead of default ones.
++ certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ;
++ if( certStore == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
++ "xmlSecKeysMngrGetDataStore" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecKeysMngrDestroy( keyMngr ) ;
++ return NULL ;
++ }
++
++ if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
++ "xmlSecNssKeyDataStoreX509SetCertDb" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecKeysMngrDestroy( keyMngr ) ;
++ return NULL ;
++ }
++ */
++
++ /*-
++ * Set the getKey callback
++ */
++ keyMngr->getKey = xmlSecKeysMngrGetKey ;
++
++ return keyMngr ;
++}
++
++int
++xmlSecNssAppliedKeysMngrSymKeyLoad(
++ xmlSecKeysMngrPtr mngr ,
++ PK11SymKey* symKey
++) {
++ xmlSecKeyPtr key ;
++ xmlSecKeyDataPtr data ;
++ xmlSecKeyStorePtr keyStore ;
++
++ xmlSecAssert2( mngr != NULL , -1 ) ;
++ xmlSecAssert2( symKey != NULL , -1 ) ;
++
++ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
++ if( keyStore == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeysMngrGetKeysStore" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1) ;
++ }
++ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
++
++ data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ;
++ if( data == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssSymKeyDataKeyAdopt" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1) ;
++ }
++
++ key = xmlSecKeyCreate() ;
++ if( key == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssSymKeyDataKeyAdopt" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1) ;
++ }
++
++ if( xmlSecKeySetValue( key , data ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssSymKeyDataKeyAdopt" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1) ;
++ }
++
++ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssSymKeyDataKeyAdopt" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecKeyDestroy( key ) ;
++ return(-1) ;
++ }
++
++ return(0) ;
++}
++
++int
++xmlSecNssAppliedKeysMngrPubKeyLoad(
++ xmlSecKeysMngrPtr mngr ,
++ SECKEYPublicKey* pubKey
++) {
++ xmlSecKeyPtr key ;
++ xmlSecKeyDataPtr data ;
++ xmlSecKeyStorePtr keyStore ;
++
++ xmlSecAssert2( mngr != NULL , -1 ) ;
++ xmlSecAssert2( pubKey != NULL , -1 ) ;
++
++ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
++ if( keyStore == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeysMngrGetKeysStore" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1) ;
++ }
++ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
++
++ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
++ if( data == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssPKIAdoptKey" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1) ;
++ }
++
++ key = xmlSecKeyCreate() ;
++ if( key == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssSymKeyDataKeyAdopt" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1) ;
++ }
++
++ if( xmlSecKeySetValue( key , data ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssSymKeyDataKeyAdopt" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1) ;
++ }
++
++ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssSymKeyDataKeyAdopt" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecKeyDestroy( key ) ;
++ return(-1) ;
++ }
++
++ return(0) ;
++}
++
++int
++xmlSecNssAppliedKeysMngrPriKeyLoad(
++ xmlSecKeysMngrPtr mngr ,
++ SECKEYPrivateKey* priKey
++) {
++ xmlSecKeyPtr key ;
++ xmlSecKeyDataPtr data ;
++ xmlSecKeyStorePtr keyStore ;
++
++ xmlSecAssert2( mngr != NULL , -1 ) ;
++ xmlSecAssert2( priKey != NULL , -1 ) ;
++
++ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
++ if( keyStore == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeysMngrGetKeysStore" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1) ;
++ }
++ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
++
++ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
++ if( data == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssPKIAdoptKey" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1) ;
++ }
++
++ key = xmlSecKeyCreate() ;
++ if( key == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssSymKeyDataKeyAdopt" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1) ;
++ }
++
++ if( xmlSecKeySetValue( key , data ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssSymKeyDataKeyAdopt" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1) ;
++ }
++
++ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssSymKeyDataKeyAdopt" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecKeyDestroy( key ) ;
++ return(-1) ;
++ }
++
++ return(0) ;
++}
++
+--- misc/xmlsec1-1.2.12/src/nss/hmac.c 2009-06-26 06:18:13.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/hmac.c 2009-09-21 14:02:48.649065288 +0200
+@@ -23,8 +23,8 @@
+ #include <xmlsec/transforms.h>
+ #include <xmlsec/errors.h>
+
+-#include <xmlsec/nss/app.h>
+ #include <xmlsec/nss/crypto.h>
++#include <xmlsec/nss/tokens.h>
+
+ #define XMLSEC_NSS_MIN_HMAC_SIZE 40
+ #define XMLSEC_NSS_MAX_HMAC_SIZE 128
+@@ -284,13 +284,13 @@
+ keyItem.data = xmlSecBufferGetData(buffer);
+ keyItem.len = xmlSecBufferGetSize(buffer);
+
+- slot = PK11_GetBestSlot(ctx->digestType, NULL);
++ slot = xmlSecNssSlotGet(ctx->digestType);
+ if(slot == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+- "PK11_GetBestSlot",
++ "xmlSecNssSlotGet",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
++ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+
+--- misc/xmlsec1-1.2.12/src/nss/keysstore.c 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/keysstore.c 2009-09-21 14:02:48.633533885 +0200
+@@ -1,36 +1,56 @@
+ /**
+ * XMLSec library
+ *
+- * Nss keys store that uses Simple Keys Store under the hood. Uses the
+- * Nss DB as a backing store for the finding keys, but the NSS DB is
+- * not written to by the keys store.
+- * So, if store->findkey is done and the key is not found in the simple
+- * keys store, the NSS DB is looked up.
+- * If store is called to adopt a key, that key is not written to the NSS
+- * DB.
+- * Thus, the NSS DB can be used to pre-load keys and becomes an alternate
+- * source of keys for xmlsec
+- *
+ * This is free software; see Copyright file in the source
+ * distribution for precise wording.
+ *
+ * Copyright (c) 2003 America Online, Inc. All rights reserved.
+ */
++
++/**
++ * NSS key store uses a key list and a slot list as the key repository. NSS slot
++ * list is a backup repository for the finding keys. If a key is not found from
++ * the key list, the NSS slot list is looked up.
++ *
++ * Any key in the key list will not save to pkcs11 slot. When a store to called
++ * to adopt a key, the key is resident in the key list; While a store to called
++ * to set a is resident in the key list; While a store to called to set a slot
++ * list, which means that the keys in the listed slot can be used for xml sign-
++ * nature or encryption.
++ *
++ * Then, a user can adjust slot list to effect the crypto behaviors of xmlSec.
++ *
++ * The framework will decrease the user interfaces to administrate xmlSec crypto
++ * engine. He can only focus on NSS layer functions. For examples, after the
++ * user set up a slot list handler to the keys store, he do not need to do any
++ * other work atop xmlSec interfaces, his action on the slot list handler, such
++ * as add a token to, delete a token from the list, will directly effect the key
++ * store behaviors.
++ *
++ * For example, a scenariio:
++ * 0. Create a slot list;( NSS interfaces )
++ * 1. Create a keys store;( xmlSec interfaces )
++ * 2. Set slot list with the keys store;( xmlSec Interfaces )
++ * 3. Add a slot to the slot list;( NSS interfaces )
++ * 4. Perform xml signature; ( xmlSec Interfaces )
++ * 5. Deleter a slot from the slot list;( NSS interfaces )
++ * 6. Perform xml encryption; ( xmlSec Interfaces )
++ * 7. Perform xml signature;( xmlSec Interfaces )
++ * 8. Destroy the keys store;( xmlSec Interfaces )
++ * 8. Destroy the slot list.( NSS Interfaces )
++ */
+ #include "globals.h"
+
+ #include <stdlib.h>
+ #include <string.h>
+
+ #include <nss.h>
+-#include <cert.h>
+ #include <pk11func.h>
++#include <prinit.h>
+ #include <keyhi.h>
+
+-#include <libxml/tree.h>
+-
+ #include <xmlsec/xmlsec.h>
+-#include <xmlsec/buffer.h>
+-#include <xmlsec/base64.h>
++#include <xmlsec/keys.h>
+ #include <xmlsec/errors.h>
+ #include <xmlsec/xmltree.h>
+
+@@ -38,82 +58,464 @@
+
+ #include <xmlsec/nss/crypto.h>
+ #include <xmlsec/nss/keysstore.h>
+-#include <xmlsec/nss/x509.h>
++#include <xmlsec/nss/tokens.h>
++#include <xmlsec/nss/ciphers.h>
+ #include <xmlsec/nss/pkikeys.h>
+
+ /****************************************************************************
+ *
+- * Nss Keys Store. Uses Simple Keys Store under the hood
++ * Internal NSS key store context
+ *
+- * Simple Keys Store ptr is located after xmlSecKeyStore
++ * This context is located after xmlSecKeyStore
+ *
+ ***************************************************************************/
++typedef struct _xmlSecNssKeysStoreCtx xmlSecNssKeysStoreCtx ;
++typedef struct _xmlSecNssKeysStoreCtx* xmlSecNssKeysStoreCtxPtr ;
++
++struct _xmlSecNssKeysStoreCtx {
++ xmlSecPtrListPtr keyList ;
++ xmlSecPtrListPtr slotList ;
++} ;
++
+ #define xmlSecNssKeysStoreSize \
+- (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr))
++ ( sizeof( xmlSecKeyStore ) + sizeof( xmlSecNssKeysStoreCtx ) )
+
+-#define xmlSecNssKeysStoreGetSS(store) \
+- ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \
+- (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \
+- (xmlSecKeyStorePtr*)NULL)
+-
+-static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store);
+-static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store);
+-static xmlSecKeyPtr xmlSecNssKeysStoreFindKey (xmlSecKeyStorePtr store,
+- const xmlChar* name,
+- xmlSecKeyInfoCtxPtr keyInfoCtx);
++#define xmlSecNssKeysStoreGetCtx( data ) \
++ ( ( xmlSecNssKeysStoreCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyStore ) ) )
+
+-static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
+- sizeof(xmlSecKeyStoreKlass),
+- xmlSecNssKeysStoreSize,
++int xmlSecNssKeysStoreAdoptKeySlot(
++ xmlSecKeyStorePtr store ,
++ xmlSecNssKeySlotPtr keySlot
++) {
++ xmlSecNssKeysStoreCtxPtr context = NULL ;
++
++ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
++ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
++ context = xmlSecNssKeysStoreGetCtx( store ) ;
++ if( context == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
++ "xmlSecNssKeysStoreGetCtx" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
++
++ if( context->slotList == NULL ) {
++ if( ( context->slotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ) == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
++ "xmlSecPtrListCreate" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
++ }
++
++ if( !xmlSecPtrListCheckId( context->slotList , xmlSecNssKeySlotListId ) ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
++ "xmlSecPtrListCheckId" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
++
++ if( xmlSecPtrListAdd( context->slotList , keySlot ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
++ "xmlSecPtrListAdd" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
+
+- /* data */
+- BAD_CAST "NSS-keys-store", /* const xmlChar* name; */
+-
+- /* constructors/destructor */
+- xmlSecNssKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */
+- xmlSecNssKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */
+- xmlSecNssKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */
+-
+- /* reserved for the future */
+- NULL, /* void* reserved0; */
+- NULL, /* void* reserved1; */
+-};
++ return 0 ;
++}
+
+-/**
+- * xmlSecNssKeysStoreGetKlass:
+- *
+- * The Nss list based keys store klass.
++int xmlSecNssKeysStoreAdoptKey(
++ xmlSecKeyStorePtr store ,
++ xmlSecKeyPtr key
++) {
++ xmlSecNssKeysStoreCtxPtr context = NULL ;
++
++ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
++ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
++
++ context = xmlSecNssKeysStoreGetCtx( store ) ;
++ if( context == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
++ "xmlSecNssKeysStoreGetCtx" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
++
++ if( context->keyList == NULL ) {
++ if( ( context->keyList = xmlSecPtrListCreate( xmlSecKeyPtrListId ) ) == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
++ "xmlSecPtrListCreate" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
++ }
++
++ if( !xmlSecPtrListCheckId( context->keyList , xmlSecKeyPtrListId ) ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
++ "xmlSecPtrListCheckId" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
++
++ if( xmlSecPtrListAdd( context->keyList , key ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
++ "xmlSecPtrListAdd" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
++
++ return 0 ;
++}
++
++/*
++ * xmlSecKeyStoreInitializeMethod:
++ * @store: the store.
++ *
++ * Keys store specific initialization method.
+ *
+- * Returns Nss list based keys store klass.
++ * Returns 0 on success or a negative value if an error occurs.
+ */
+-xmlSecKeyStoreId
+-xmlSecNssKeysStoreGetKlass(void) {
+- return(&xmlSecNssKeysStoreKlass);
++static int
++xmlSecNssKeysStoreInitialize(
++ xmlSecKeyStorePtr store
++) {
++ xmlSecNssKeysStoreCtxPtr context = NULL ;
++
++ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
++ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
++
++ context = xmlSecNssKeysStoreGetCtx( store ) ;
++ if( context == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
++ "xmlSecNssKeysStoreGetCtx" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
++
++ context->keyList = NULL ;
++ context->slotList = NULL ;
++
++ return 0 ;
+ }
+
+ /**
+- * xmlSecNssKeysStoreAdoptKey:
+- * @store: the pointer to Nss keys store.
+- * @key: the pointer to key.
+- *
+- * Adds @key to the @store.
+ *
+- * Returns 0 on success or a negative value if an error occurs.
++ * xmlSecKeyStoreFinalizeMethod:
++ * @store: the store.
++ *
++ * Keys store specific finalization (destroy) method.
+ */
+-int
+-xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) {
+- xmlSecKeyStorePtr *ss;
+-
+- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
+- xmlSecAssert2((key != NULL), -1);
++void
++xmlSecNssKeysStoreFinalize(
++ xmlSecKeyStorePtr store
++) {
++ xmlSecNssKeysStoreCtxPtr context = NULL ;
++
++ xmlSecAssert( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) ) ;
++ xmlSecAssert( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) ) ;
++
++ context = xmlSecNssKeysStoreGetCtx( store ) ;
++ if( context == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
++ "xmlSecNssKeysStoreGetCtx" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return ;
++ }
++
++ if( context->keyList != NULL ) {
++ xmlSecPtrListDestroy( context->keyList ) ;
++ context->keyList = NULL ;
++ }
++
++ if( context->slotList != NULL ) {
++ xmlSecPtrListDestroy( context->slotList ) ;
++ context->slotList = NULL ;
++ }
++}
+
+- ss = xmlSecNssKeysStoreGetSS(store);
+- xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
+- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
++xmlSecKeyPtr
++xmlSecNssKeysStoreFindKeyFromSlot(
++ PK11SlotInfo* slot,
++ const xmlChar* name,
++ xmlSecKeyInfoCtxPtr keyInfoCtx
++) {
++ xmlSecKeyPtr key = NULL ;
++ xmlSecKeyDataPtr data = NULL ;
++ int length ;
++
++ xmlSecAssert2( slot != NULL , NULL ) ;
++ xmlSecAssert2( name != NULL , NULL ) ;
++ xmlSecAssert2( keyInfoCtx != NULL , NULL ) ;
++
++ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSymmetric ) == xmlSecKeyDataTypeSymmetric ) {
++ PK11SymKey* symKey ;
++ PK11SymKey* curKey ;
++
++ /* Find symmetric key from the slot by name */
++ symKey = PK11_ListFixedKeysInSlot( slot , ( char* )name , NULL ) ;
++ for( curKey = symKey ; curKey != NULL ; curKey = PK11_GetNextSymKey( curKey ) ) {
++ /* Check the key request */
++ length = PK11_GetKeyLength( curKey ) ;
++ length *= 8 ;
++ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
++ ( length > 0 ) &&
++ ( length < keyInfoCtx->keyReq.keyBitsSize ) )
++ continue ;
++
++ /* We find a eligible key */
++ data = xmlSecNssSymKeyDataKeyAdopt( curKey ) ;
++ if( data == NULL ) {
++ /* Do nothing */
++ }
++ break ;
++ }
++
++ /* Destroy the sym key list */
++ for( curKey = symKey ; curKey != NULL ; ) {
++ symKey = curKey ;
++ curKey = PK11_GetNextSymKey( symKey ) ;
++ PK11_FreeSymKey( symKey ) ;
++ }
++ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
++ SECKEYPublicKeyList* pubKeyList ;
++ SECKEYPublicKey* pubKey ;
++ SECKEYPublicKeyListNode* curPub ;
++
++ /* Find asymmetric key from the slot by name */
++ pubKeyList = PK11_ListPublicKeysInSlot( slot , ( char* )name ) ;
++ pubKey = NULL ;
++ curPub = PUBKEY_LIST_HEAD(pubKeyList);
++ for( ; !PUBKEY_LIST_END(curPub, pubKeyList) ; curPub = PUBKEY_LIST_NEXT( curPub ) ) {
++ /* Check the key request */
++ length = SECKEY_PublicKeyStrength( curPub->key ) ;
++ length *= 8 ;
++ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
++ ( length > 0 ) &&
++ ( length < keyInfoCtx->keyReq.keyBitsSize ) )
++ continue ;
++
++ /* We find a eligible key */
++ pubKey = curPub->key ;
++ break ;
++ }
++
++ if( pubKey != NULL ) {
++ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
++ if( data == NULL ) {
++ /* Do nothing */
++ }
++ }
++
++ /* Destroy the public key list */
++ SECKEY_DestroyPublicKeyList( pubKeyList ) ;
++ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
++ SECKEYPrivateKeyList* priKeyList = NULL ;
++ SECKEYPrivateKey* priKey = NULL ;
++ SECKEYPrivateKeyListNode* curPri ;
++
++ /* Find asymmetric key from the slot by name */
++ priKeyList = PK11_ListPrivKeysInSlot( slot , ( char* )name , NULL ) ;
++ priKey = NULL ;
++ curPri = PRIVKEY_LIST_HEAD(priKeyList);
++ for( ; !PRIVKEY_LIST_END(curPri, priKeyList) ; curPri = PRIVKEY_LIST_NEXT( curPri ) ) {
++ /* Check the key request */
++ length = PK11_SignatureLen( curPri->key ) ;
++ length *= 8 ;
++ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
++ ( length > 0 ) &&
++ ( length < keyInfoCtx->keyReq.keyBitsSize ) )
++ continue ;
++
++ /* We find a eligible key */
++ priKey = curPri->key ;
++ break ;
++ }
++
++ if( priKey != NULL ) {
++ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
++ if( data == NULL ) {
++ /* Do nothing */
++ }
++ }
++
++ /* Destroy the private key list */
++ SECKEY_DestroyPrivateKeyList( priKeyList ) ;
++ }
++
++ /* If we have gotten the key value */
++ if( data != NULL ) {
++ if( ( key = xmlSecKeyCreate() ) == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeyCreate" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecKeyDataDestroy( data ) ;
++ return NULL ;
++ }
++
++ if( xmlSecKeySetValue( key , data ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeySetValue" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecKeyDestroy( key ) ;
++ xmlSecKeyDataDestroy( data ) ;
++ return NULL ;
++ }
++ }
+
+- return (xmlSecSimpleKeysStoreAdoptKey(*ss, key));
++ return(key);
+ }
+
++
++/**
++ * xmlSecKeyStoreFindKeyMethod:
++ * @store: the store.
++ * @name: the desired key name.
++ * @keyInfoCtx: the pointer to key info context.
++ *
++ * Keys store specific find method. The caller is responsible for destroying
++ * the returned key using #xmlSecKeyDestroy method.
++ *
++ * Returns the pointer to a key or NULL if key is not found or an error occurs.
++ */
++static xmlSecKeyPtr
++xmlSecNssKeysStoreFindKey(
++ xmlSecKeyStorePtr store ,
++ const xmlChar* name ,
++ xmlSecKeyInfoCtxPtr keyInfoCtx
++) {
++ xmlSecNssKeysStoreCtxPtr context = NULL ;
++ xmlSecKeyPtr key = NULL ;
++ xmlSecNssKeySlotPtr keySlot = NULL ;
++ xmlSecSize pos ;
++ xmlSecSize size ;
++
++ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , NULL ) ;
++ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , NULL ) ;
++ xmlSecAssert2( keyInfoCtx != NULL , NULL ) ;
++
++ context = xmlSecNssKeysStoreGetCtx( store ) ;
++ if( context == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
++ "xmlSecNssKeysStoreGetCtx" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return NULL ;
++ }
++
++ /*-
++ * Look for key at keyList at first.
++ */
++ if( context->keyList != NULL ) {
++ size = xmlSecPtrListGetSize( context->keyList ) ;
++ for( pos = 0 ; pos < size ; pos ++ ) {
++ key = ( xmlSecKeyPtr )xmlSecPtrListGetItem( context->keyList , pos ) ;
++ if( key != NULL && xmlSecKeyMatch( key , name , &( keyInfoCtx->keyReq ) ) ) {
++ return xmlSecKeyDuplicate( key ) ;
++ }
++ }
++ }
++
++ /*-
++ * Find the key from slotList
++ */
++ if( context->slotList != NULL ) {
++ PK11SlotInfo* slot = NULL ;
++
++ size = xmlSecPtrListGetSize( context->slotList ) ;
++ for( pos = 0 ; pos < size ; pos ++ ) {
++ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( context->slotList , pos ) ;
++ slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
++ if( slot == NULL ) {
++ continue ;
++ } else {
++ key = xmlSecNssKeysStoreFindKeyFromSlot( slot, name, keyInfoCtx ) ;
++ if( key == NULL ) {
++ continue ;
++ } else {
++ return( key ) ;
++ }
++ }
++ }
++ }
++
++ /*-
++ * Create a session key if we can not find the key from keyList and slotList
++ */
++ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSession ) == xmlSecKeyDataTypeSession ) {
++ key = xmlSecKeyGenerate( keyInfoCtx->keyReq.keyId , keyInfoCtx->keyReq.keyBitsSize , xmlSecKeyDataTypeSession ) ;
++ if( key == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
++ "xmlSecKeySetValue" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return NULL ;
++ }
++
++ return key ;
++ }
++
++ /**
++ * We have no way to find the key any more.
++ */
++ return NULL ;
++}
++
++static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
++ sizeof( xmlSecKeyStoreKlass ) ,
++ xmlSecNssKeysStoreSize ,
++ BAD_CAST "implicit_nss_keys_store" ,
++ xmlSecNssKeysStoreInitialize ,
++ xmlSecNssKeysStoreFinalize ,
++ xmlSecNssKeysStoreFindKey ,
++ NULL ,
++ NULL
++} ;
++
++/**
++ * xmlSecNssKeysStoreGetKlass:
++ *
++ * The simple list based keys store klass.
++ *
++ * Returns simple list based keys store klass.
++ */
++xmlSecKeyStoreId
++xmlSecNssKeysStoreGetKlass( void ) {
++ return &xmlSecNssKeysStoreKlass ;
++}
++
++/**************************
++ * Application routines
++ */
++
+ /**
+ * xmlSecNssKeysStoreLoad:
+ * @store: the pointer to Nss keys store.
+@@ -252,234 +654,147 @@
+ */
+ int
+ xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) {
+- xmlSecKeyStorePtr *ss;
++ xmlSecKeyInfoCtx keyInfoCtx;
++ xmlSecNssKeysStoreCtxPtr context ;
++ xmlSecPtrListPtr list;
++ xmlSecKeyPtr key;
++ xmlSecSize i, keysSize;
++ xmlDocPtr doc;
++ xmlNodePtr cur;
++ xmlSecKeyDataPtr data;
++ xmlSecPtrListPtr idsList;
++ xmlSecKeyDataId dataId;
++ xmlSecSize idsSize, j;
++ int ret;
+
+ xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
+- xmlSecAssert2((filename != NULL), -1);
+-
+- ss = xmlSecNssKeysStoreGetSS(store);
+- xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
+- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
++ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ), -1 ) ;
++ xmlSecAssert2(filename != NULL, -1);
+
+- return (xmlSecSimpleKeysStoreSave(*ss, filename, type));
+-}
++ context = xmlSecNssKeysStoreGetCtx( store ) ;
++ xmlSecAssert2( context != NULL, -1 );
+
+-static int
+-xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) {
+- xmlSecKeyStorePtr *ss;
++ list = context->keyList ;
++ xmlSecAssert2( list != NULL, -1 );
++ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1);
+
+- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
+-
+- ss = xmlSecNssKeysStoreGetSS(store);
+- xmlSecAssert2((*ss == NULL), -1);
+-
+- *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
+- if(*ss == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
++ /* create doc */
++ doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs);
++ if(doc == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+- "xmlSecKeyStoreCreate",
++ "xmlSecCreateTree",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "xmlSecSimpleKeysStoreId");
++ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+- return(0);
+-}
++ idsList = xmlSecKeyDataIdsGet();
++ xmlSecAssert2(idsList != NULL, -1);
+
+-static void
+-xmlSecNssKeysStoreFinalize(xmlSecKeyStorePtr store) {
+- xmlSecKeyStorePtr *ss;
+-
+- xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId));
+-
+- ss = xmlSecNssKeysStoreGetSS(store);
+- xmlSecAssert((ss != NULL) && (*ss != NULL));
+-
+- xmlSecKeyStoreDestroy(*ss);
+-}
++ keysSize = xmlSecPtrListGetSize(list);
++ idsSize = xmlSecPtrListGetSize(idsList);
++ for(i = 0; i < keysSize; ++i) {
++ key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i);
++ xmlSecAssert2(key != NULL, -1);
+
+-static xmlSecKeyPtr
+-xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
+- xmlSecKeyInfoCtxPtr keyInfoCtx) {
+- xmlSecKeyStorePtr* ss;
+- xmlSecKeyPtr key = NULL;
+- xmlSecKeyPtr retval = NULL;
+- xmlSecKeyReqPtr keyReq = NULL;
+- CERTCertificate *cert = NULL;
+- SECKEYPublicKey *pubkey = NULL;
+- SECKEYPrivateKey *privkey = NULL;
+- xmlSecKeyDataPtr data = NULL;
+- xmlSecKeyDataPtr x509Data = NULL;
+- int ret;
+-
+- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL);
+- xmlSecAssert2(keyInfoCtx != NULL, NULL);
+-
+- ss = xmlSecNssKeysStoreGetSS(store);
+- xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL);
+-
+- key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx);
+- if (key != NULL) {
+- return (key);
+- }
+-
+- /* Try to find the key in the NSS DB, and construct an xmlSecKey.
+- * we must have a name to lookup keys in NSS DB.
+- */
+- if (name == NULL) {
+- goto done;
+- }
+-
+- /* what type of key are we looking for?
+- * TBD: For now, we'll look only for public/private keys using the
+- * name as a cert nickname. Later on, we can attempt to find
+- * symmetric keys using PK11_FindFixedKey
+- */
+- keyReq = &(keyInfoCtx->keyReq);
+- if (keyReq->keyType &
+- (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) {
+- cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name);
+- if (cert == NULL) {
+- goto done;
+- }
+-
+- if (keyReq->keyType & xmlSecKeyDataTypePublic) {
+- pubkey = CERT_ExtractPublicKey(cert);
+- if (pubkey == NULL) {
++ cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs);
++ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "CERT_ExtractPublicKey",
+- XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- goto done;
+- }
++ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
++ "xmlSecAddChild",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ "node=%s",
++ xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
++ xmlFreeDoc(doc);
++ return(-1);
+ }
+
+- if (keyReq->keyType & xmlSecKeyDataTypePrivate) {
+- privkey = PK11_FindKeyByAnyCert(cert, NULL);
+- if (privkey == NULL) {
++ /* special data key name */
++ if(xmlSecKeyGetName(key) != NULL) {
++ if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "PK11_FindKeyByAnyCert",
+- XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- goto done;
++ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
++ "xmlSecAddChild",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ "node=%s",
++ xmlSecErrorsSafeString(xmlSecNodeKeyName));
++ xmlFreeDoc(doc);
++ return(-1);
+ }
+ }
+
+- data = xmlSecNssPKIAdoptKey(privkey, pubkey);
+- if(data == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecNssPKIAdoptKey",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- goto done;
+- }
+- privkey = NULL;
+- pubkey = NULL;
+-
+- key = xmlSecKeyCreate();
+- if (key == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecKeyCreate",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- return (NULL);
+- }
+-
+- x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id);
+- if(x509Data == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecKeyDataCreate",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "transform=%s",
+- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id)));
+- goto done;
+- }
++ /* create nodes for other keys data */
++ for(j = 0; j < idsSize; ++j) {
++ dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j);
++ xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1);
++
++ if(dataId->dataNodeName == NULL) {
++ continue;
++ }
++
++ data = xmlSecKeyGetData(key, dataId);
++ if(data == NULL) {
++ continue;
++ }
+
+- ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert);
+- if (ret < 0) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecNssKeyDataX509AdoptKeyCert",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "data=%s",
+- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+- goto done;
+- }
+- cert = CERT_DupCertificate(cert);
+- if (cert == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "CERT_DupCertificate",
+- XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- "data=%s",
+- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+- goto done;
++ if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
++ "xmlSecAddChild",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ "node=%s",
++ xmlSecErrorsSafeString(dataId->dataNodeName));
++ xmlFreeDoc(doc);
++ return(-1);
++ }
+ }
+
+- ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert);
++ ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
+ if (ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecNssKeyDataX509AdoptCert",
++ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
++ "xmlSecKeyInfoCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "data=%s",
+- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+- goto done;
++ XMLSEC_ERRORS_NO_MESSAGE);
++ xmlFreeDoc(doc);
++ return(-1);
+ }
+- cert = NULL;
+
+- ret = xmlSecKeySetValue(key, data);
+- if (ret < 0) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecKeySetValue",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "data=%s",
+- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
+- goto done;
+- }
+- data = NULL;
++ keyInfoCtx.mode = xmlSecKeyInfoModeWrite;
++ keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
++ keyInfoCtx.keyReq.keyType = type;
++ keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny;
+
+- ret = xmlSecKeyAdoptData(key, x509Data);
++ /* finally write key in the node */
++ ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx);
+ if (ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecKeyAdoptData",
++ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
++ "xmlSecKeyInfoNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "data=%s",
+- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+- goto done;
+- }
+- x509Data = NULL;
++ XMLSEC_ERRORS_NO_MESSAGE);
++ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
++ xmlFreeDoc(doc);
++ return(-1);
++ }
+
+- retval = key;
+- key = NULL;
++ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
+ }
+
+-done:
+- if (cert != NULL) {
+- CERT_DestroyCertificate(cert);
+- }
+- if (pubkey != NULL) {
+- SECKEY_DestroyPublicKey(pubkey);
+- }
+- if (privkey != NULL) {
+- SECKEY_DestroyPrivateKey(privkey);
+- }
+- if (data != NULL) {
+- xmlSecKeyDataDestroy(data);
+- }
+- if (x509Data != NULL) {
+- xmlSecKeyDataDestroy(x509Data);
+- }
+- if (key != NULL) {
+- xmlSecKeyDestroy(key);
++ /* now write result */
++ ret = xmlSaveFormatFile(filename, doc, 1);
++ if (ret < 0) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
++ "xmlSaveFormatFile",
++ XMLSEC_ERRORS_R_XML_FAILED,
++ "filename=%s",
++ xmlSecErrorsSafeString(filename));
++ xmlFreeDoc(doc);
++ return(-1);
+ }
+
+- return (retval);
++ xmlFreeDoc(doc);
++ return(0);
+ }
+--- misc/xmlsec1-1.2.12/src/nss/keywrapers.c 2009-09-21 14:07:19.223802688 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/keywrapers.c 2009-09-21 14:02:48.548869372 +0200
+@@ -1 +1,1213 @@
+-dummy
++/**
++ *
++ * XMLSec library
++ *
++ * AES Algorithm support
++ *
++ * This is free software; see Copyright file in the source
++ * distribution for preciese wording.
++ *
++ * Copyright .................................
++ */
++#include "globals.h"
++
++#include <stdlib.h>
++#include <stdio.h>
++#include <string.h>
++
++#include <nss.h>
++#include <pk11func.h>
++#include <hasht.h>
++
++#include <xmlsec/xmlsec.h>
++#include <xmlsec/xmltree.h>
++#include <xmlsec/keys.h>
++#include <xmlsec/transforms.h>
++#include <xmlsec/errors.h>
++
++#include <xmlsec/nss/crypto.h>
++#include <xmlsec/nss/ciphers.h>
++
++#define XMLSEC_NSS_AES128_KEY_SIZE 16
++#define XMLSEC_NSS_AES192_KEY_SIZE 24
++#define XMLSEC_NSS_AES256_KEY_SIZE 32
++#define XMLSEC_NSS_DES3_KEY_SIZE 24
++#define XMLSEC_NSS_DES3_KEY_LENGTH 24
++#define XMLSEC_NSS_DES3_IV_LENGTH 8
++#define XMLSEC_NSS_DES3_BLOCK_LENGTH 8
++
++static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = {
++ 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05
++};
++
++/*********************************************************************
++ *
++ * key wrap transforms
++ *
++ ********************************************************************/
++typedef struct _xmlSecNssKeyWrapCtx xmlSecNssKeyWrapCtx ;
++typedef struct _xmlSecNssKeyWrapCtx* xmlSecNssKeyWrapCtxPtr ;
++
++#define xmlSecNssKeyWrapSize \
++ ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyWrapCtx ) )
++
++#define xmlSecNssKeyWrapGetCtx( transform ) \
++ ( ( xmlSecNssKeyWrapCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
++
++struct _xmlSecNssKeyWrapCtx {
++ CK_MECHANISM_TYPE cipher ;
++ PK11SymKey* symkey ;
++ xmlSecKeyDataId keyId ;
++ xmlSecBufferPtr material ; /* to be encrypted/decrypted key material */
++} ;
++
++static int xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform);
++static void xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform);
++static int xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform,
++ xmlSecKeyReqPtr keyReq);
++static int xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform,
++ xmlSecKeyPtr key);
++static int xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform,
++ int last,
++ xmlSecTransformCtxPtr transformCtx);
++static xmlSecSize xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform);
++
++static int
++xmlSecNssKeyWrapCheckId(
++ xmlSecTransformPtr transform
++) {
++ #ifndef XMLSEC_NO_DES
++ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) {
++ return(1);
++ }
++ #endif /* XMLSEC_NO_DES */
++
++ #ifndef XMLSEC_NO_AES
++ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes128Id ) ||
++ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes192Id ) ||
++ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes256Id ) ) {
++
++ return(1);
++ }
++ #endif /* XMLSEC_NO_AES */
++
++ return(0);
++}
++
++static xmlSecSize
++xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform) {
++#ifndef XMLSEC_NO_DES
++ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) {
++ return(XMLSEC_NSS_DES3_KEY_SIZE);
++ } else
++#endif /* XMLSEC_NO_DES */
++
++#ifndef XMLSEC_NO_AES
++ if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) {
++ return(XMLSEC_NSS_AES128_KEY_SIZE);
++ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) {
++ return(XMLSEC_NSS_AES192_KEY_SIZE);
++ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
++ return(XMLSEC_NSS_AES256_KEY_SIZE);
++ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
++ return(XMLSEC_NSS_AES256_KEY_SIZE);
++ } else
++#endif /* XMLSEC_NO_AES */
++
++ if(1)
++ return(0);
++}
++
++
++static int
++xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform) {
++ xmlSecNssKeyWrapCtxPtr context ;
++ int ret;
++
++ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
++ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
++
++ context = xmlSecNssKeyWrapGetCtx( transform ) ;
++ xmlSecAssert2( context != NULL , -1 ) ;
++
++ #ifndef XMLSEC_NO_DES
++ if( transform->id == xmlSecNssTransformKWDes3Id ) {
++ context->cipher = CKM_DES3_CBC ;
++ context->keyId = xmlSecNssKeyDataDesId ;
++ } else
++ #endif /* XMLSEC_NO_DES */
++
++ #ifndef XMLSEC_NO_AES
++ if( transform->id == xmlSecNssTransformKWAes128Id ) {
++ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
++ context->cipher = CKM_AES_CBC ;
++ context->keyId = xmlSecNssKeyDataAesId ;
++ } else
++ if( transform->id == xmlSecNssTransformKWAes192Id ) {
++ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
++ context->cipher = CKM_AES_CBC ;
++ context->keyId = xmlSecNssKeyDataAesId ;
++ } else
++ if( transform->id == xmlSecNssTransformKWAes256Id ) {
++ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
++ context->cipher = CKM_AES_CBC ;
++ context->keyId = xmlSecNssKeyDataAesId ;
++ } else
++ #endif /* XMLSEC_NO_AES */
++
++
++ if( 1 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
++ NULL ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ context->symkey = NULL ;
++ context->material = NULL ;
++
++ return(0);
++}
++
++static void
++xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform) {
++ xmlSecNssKeyWrapCtxPtr context ;
++
++ xmlSecAssert(xmlSecNssKeyWrapCheckId(transform));
++ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize));
++
++ context = xmlSecNssKeyWrapGetCtx( transform ) ;
++ xmlSecAssert( context != NULL ) ;
++
++ if( context->symkey != NULL ) {
++ PK11_FreeSymKey( context->symkey ) ;
++ context->symkey = NULL ;
++ }
++
++ if( context->material != NULL ) {
++ xmlSecBufferDestroy(context->material);
++ context->material = NULL ;
++ }
++}
++
++static int
++xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
++ xmlSecNssKeyWrapCtxPtr context ;
++ xmlSecSize cipherSize = 0 ;
++
++
++ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
++ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
++ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
++ xmlSecAssert2(keyReq != NULL, -1);
++
++ context = xmlSecNssKeyWrapGetCtx( transform ) ;
++ xmlSecAssert2( context != NULL , -1 ) ;
++
++ keyReq->keyId = context->keyId;
++ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
++ if(transform->operation == xmlSecTransformOperationEncrypt) {
++ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
++ } else {
++ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
++ }
++
++ keyReq->keyBitsSize = xmlSecNssKeyWrapGetKeySize( transform ) ;
++
++ return(0);
++}
++
++static int
++xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
++ xmlSecNssKeyWrapCtxPtr context = NULL ;
++ xmlSecKeyDataPtr keyData = NULL ;
++ PK11SymKey* symkey = NULL ;
++
++ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
++ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
++ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
++ xmlSecAssert2(key != NULL, -1);
++
++ context = xmlSecNssKeyWrapGetCtx( transform ) ;
++ if( context == NULL || context->keyId == NULL || context->symkey != NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
++ "xmlSecNssKeyWrapGetCtx" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++ xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
++
++ keyData = xmlSecKeyGetValue( key ) ;
++ if( keyData == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
++ "xmlSecKeyGetValue" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
++ "xmlSecNssSymKeyDataGetKey" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ context->symkey = symkey ;
++
++ return(0) ;
++}
++
++/**
++ * key wrap transform
++ */
++static int
++xmlSecNssKeyWrapCtxInit(
++ xmlSecNssKeyWrapCtxPtr ctx ,
++ xmlSecBufferPtr in ,
++ xmlSecBufferPtr out ,
++ int encrypt ,
++ xmlSecTransformCtxPtr transformCtx
++) {
++ xmlSecSize blockSize ;
++
++ xmlSecAssert2( ctx != NULL , -1 ) ;
++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
++ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
++ xmlSecAssert2( in != NULL , -1 ) ;
++ xmlSecAssert2( out != NULL , -1 ) ;
++ xmlSecAssert2( transformCtx != NULL , -1 ) ;
++
++ if( ctx->material != NULL ) {
++ xmlSecBufferDestroy( ctx->material ) ;
++ ctx->material = NULL ;
++ }
++
++ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "PK11_GetBlockSize" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ ctx->material = xmlSecBufferCreate( blockSize ) ;
++ if( ctx->material == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecBufferCreate" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ /* read raw key material into context */
++ if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecBufferSetData" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecBufferRemoveHead" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ return(0);
++}
++
++/**
++ * key wrap transform update
++ */
++static int
++xmlSecNssKeyWrapCtxUpdate(
++ xmlSecNssKeyWrapCtxPtr ctx ,
++ xmlSecBufferPtr in ,
++ xmlSecBufferPtr out ,
++ int encrypt ,
++ xmlSecTransformCtxPtr transformCtx
++) {
++ xmlSecAssert2( ctx != NULL , -1 ) ;
++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
++ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
++ xmlSecAssert2( ctx->material != NULL , -1 ) ;
++ xmlSecAssert2( in != NULL , -1 ) ;
++ xmlSecAssert2( out != NULL , -1 ) ;
++ xmlSecAssert2( transformCtx != NULL , -1 ) ;
++
++ /* read raw key material and append into context */
++ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecBufferAppend" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecBufferRemoveHead" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ return(0);
++}
++
++static int
++xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) {
++ xmlSecSize s;
++ xmlSecSize i;
++ xmlSecByte c;
++
++ xmlSecAssert2(buf != NULL, -1);
++
++ s = size / 2;
++ --size;
++ for(i = 0; i < s; ++i) {
++ c = buf[i];
++ buf[i] = buf[size - i];
++ buf[size - i] = c;
++ }
++ return(0);
++}
++
++static xmlSecByte *
++xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize,
++ xmlSecByte *out, xmlSecSize outSize)
++{
++ PK11Context *context = NULL;
++ SECStatus s;
++ xmlSecByte *digest = NULL;
++ unsigned int len;
++
++ xmlSecAssert2(in != NULL, NULL);
++ xmlSecAssert2(out != NULL, NULL);
++ xmlSecAssert2(outSize >= SHA1_LENGTH, NULL);
++
++ /* Create a context for hashing (digesting) */
++ context = PK11_CreateDigestContext(SEC_OID_SHA1);
++ if (context == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "PK11_CreateDigestContext",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ "error code = %d", PORT_GetError());
++ goto done;
++ }
++
++ s = PK11_DigestBegin(context);
++ if (s != SECSuccess) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "PK11_DigestBegin",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ "error code = %d", PORT_GetError());
++ goto done;
++ }
++
++ s = PK11_DigestOp(context, in, inSize);
++ if (s != SECSuccess) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "PK11_DigestOp",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ "error code = %d", PORT_GetError());
++ goto done;
++ }
++
++ s = PK11_DigestFinal(context, out, &len, outSize);
++ if (s != SECSuccess) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "PK11_DigestFinal",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ "error code = %d", PORT_GetError());
++ goto done;
++ }
++ xmlSecAssert2(len == SHA1_LENGTH, NULL);
++
++ digest = out;
++
++done:
++ if (context != NULL) {
++ PK11_DestroyContext(context, PR_TRUE);
++ }
++ return (digest);
++}
++
++static int
++xmlSecNssKWDes3Encrypt(
++ PK11SymKey* symKey ,
++ CK_MECHANISM_TYPE cipherMech ,
++ const xmlSecByte* iv ,
++ xmlSecSize ivSize ,
++ const xmlSecByte* in ,
++ xmlSecSize inSize ,
++ xmlSecByte* out ,
++ xmlSecSize outSize ,
++ int enc
++) {
++ PK11Context* EncContext = NULL;
++ SECItem ivItem ;
++ SECItem* secParam = NULL ;
++ int tmp1_outlen;
++ unsigned int tmp2_outlen;
++ int result_len = -1;
++ SECStatus rv;
++
++ xmlSecAssert2( cipherMech != CKM_INVALID_MECHANISM , -1 ) ;
++ xmlSecAssert2( symKey != NULL , -1 ) ;
++ xmlSecAssert2(iv != NULL, -1);
++ xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1);
++ xmlSecAssert2(in != NULL, -1);
++ xmlSecAssert2(inSize > 0, -1);
++ xmlSecAssert2(out != NULL, -1);
++ xmlSecAssert2(outSize >= inSize, -1);
++
++ /* Prepare IV */
++ ivItem.data = ( unsigned char* )iv ;
++ ivItem.len = ivSize ;
++
++ secParam = PK11_ParamFromIV(cipherMech, &ivItem);
++ if (secParam == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "PK11_ParamFromIV",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ "Error code = %d", PORT_GetError());
++ goto done;
++ }
++
++ EncContext = PK11_CreateContextBySymKey(cipherMech,
++ enc ? CKA_ENCRYPT : CKA_DECRYPT,
++ symKey, secParam);
++ if (EncContext == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "PK11_CreateContextBySymKey",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ "Error code = %d", PORT_GetError());
++ goto done;
++ }
++
++ tmp1_outlen = tmp2_outlen = 0;
++ rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize,
++ (unsigned char *)in, inSize);
++ if (rv != SECSuccess) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "PK11_CipherOp",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ "Error code = %d", PORT_GetError());
++ goto done;
++ }
++
++ rv = PK11_DigestFinal(EncContext, out+tmp1_outlen,
++ &tmp2_outlen, outSize-tmp1_outlen);
++ if (rv != SECSuccess) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "PK11_DigestFinal",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ "Error code = %d", PORT_GetError());
++ goto done;
++ }
++
++ result_len = tmp1_outlen + tmp2_outlen;
++
++done:
++ if (secParam) {
++ SECITEM_FreeItem(secParam, PR_TRUE);
++ }
++ if (EncContext) {
++ PK11_DestroyContext(EncContext, PR_TRUE);
++ }
++
++ return(result_len);
++}
++
++static int
++xmlSecNssKeyWrapDesOp(
++ xmlSecNssKeyWrapCtxPtr ctx ,
++ int encrypt ,
++ xmlSecBufferPtr result
++) {
++ xmlSecByte sha1[SHA1_LENGTH];
++ xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH];
++ xmlSecByte* in;
++ xmlSecSize inSize;
++ xmlSecByte* out;
++ xmlSecSize outSize;
++ xmlSecSize s;
++ int ret;
++ SECStatus status;
++
++ xmlSecAssert2( ctx != NULL , -1 ) ;
++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
++ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
++ xmlSecAssert2( ctx->material != NULL , -1 ) ;
++ xmlSecAssert2( result != NULL , -1 ) ;
++
++ in = xmlSecBufferGetData(ctx->material);
++ inSize = xmlSecBufferGetSize(ctx->material) ;
++ out = xmlSecBufferGetData(result);
++ outSize = xmlSecBufferGetMaxSize(result) ;
++ if( encrypt ) {
++ /* step 2: calculate sha1 and CMS */
++ if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "xmlSecNssComputeSHA1",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
++ }
++
++ /* step 3: construct WKCKS */
++ memcpy(out, in, inSize);
++ memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH);
++
++ /* step 4: generate random iv */
++ status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH);
++ if(status != SECSuccess) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "PK11_GenerateRandom",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ "error code = %d", PORT_GetError());
++ return(-1);
++ }
++
++ /* step 5: first encryption, result is TEMP1 */
++ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
++ iv, XMLSEC_NSS_DES3_IV_LENGTH,
++ out, inSize + XMLSEC_NSS_DES3_IV_LENGTH,
++ out, outSize, 1);
++ if(ret < 0) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "xmlSecNssKWDes3Encrypt",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
++ }
++
++ /* step 6: construct TEMP2=IV || TEMP1 */
++ memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out,
++ inSize + XMLSEC_NSS_DES3_IV_LENGTH);
++ memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH);
++ s = ret + XMLSEC_NSS_DES3_IV_LENGTH;
++
++ /* step 7: reverse octets order, result is TEMP3 */
++ ret = xmlSecNssKWDes3BufferReverse(out, s);
++ if(ret < 0) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "xmlSecNssKWDes3BufferReverse",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
++ }
++
++ /* step 8: second encryption with static IV */
++ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
++ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
++ out, s,
++ out, outSize, 1);
++ if(ret < 0) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "xmlSecNssKWDes3Encrypt",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
++ }
++ s = ret;
++
++ if( xmlSecBufferSetSize( result , s ) < 0 ) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "xmlSecBufferSetSize",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
++ }
++ } else {
++ /* step 2: first decryption with static IV, result is TEMP3 */
++ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
++ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
++ in, inSize,
++ out, outSize, 0);
++ if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "xmlSecNssKWDes3Encrypt",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
++ }
++ s = ret;
++
++ /* step 3: reverse octets order in TEMP3, result is TEMP2 */
++ ret = xmlSecNssKWDes3BufferReverse(out, s);
++ if(ret < 0) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "xmlSecNssKWDes3BufferReverse",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
++ }
++
++ /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */
++ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
++ out, XMLSEC_NSS_DES3_IV_LENGTH,
++ out+XMLSEC_NSS_DES3_IV_LENGTH, s-XMLSEC_NSS_DES3_IV_LENGTH,
++ out, outSize, 0);
++ if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "xmlSecNssKWDes3Encrypt",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
++ }
++ s = ret - XMLSEC_NSS_DES3_IV_LENGTH;
++
++ /* steps 6 and 7: calculate SHA1 and validate it */
++ if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "xmlSecNssComputeSHA1",
++ XMLSEC_ERRORS_R_CRYPTO_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
++ }
++
++ if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ NULL,
++ XMLSEC_ERRORS_R_INVALID_DATA,
++ "SHA1 does not match");
++ return(-1);
++ }
++
++ if( xmlSecBufferSetSize( result , s ) < 0 ) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "xmlSecBufferSetSize",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
++ }
++ }
++
++ return(0);
++}
++
++static int
++xmlSecNssKeyWrapAesOp(
++ xmlSecNssKeyWrapCtxPtr ctx ,
++ int encrypt ,
++ xmlSecBufferPtr result
++) {
++ PK11Context* cipherCtx = NULL;
++ SECItem ivItem ;
++ SECItem* secParam = NULL ;
++ xmlSecSize inSize ;
++ xmlSecSize inBlocks ;
++ int blockSize ;
++ int midSize ;
++ int finSize ;
++ xmlSecByte* out ;
++ xmlSecSize outSize;
++
++ xmlSecAssert2( ctx != NULL , -1 ) ;
++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
++ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
++ xmlSecAssert2( ctx->material != NULL , -1 ) ;
++ xmlSecAssert2( result != NULL , -1 ) ;
++
++ /* Do not set any IV */
++ memset(&ivItem, 0, sizeof(ivItem));
++
++ /* Get block size */
++ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "PK11_GetBlockSize" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ inSize = xmlSecBufferGetSize( ctx->material ) ;
++ if( xmlSecBufferSetMaxSize( result , inSize + blockSize ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecBufferSetMaxSize" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ /* Get Param for context initialization */
++ if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "PK11_ParamFromIV" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ;
++ if( cipherCtx == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "PK11_CreateContextBySymKey" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ SECITEM_FreeItem( secParam , PR_TRUE ) ;
++ return(-1);
++ }
++
++ out = xmlSecBufferGetData(result) ;
++ outSize = xmlSecBufferGetMaxSize(result) ;
++ if( PK11_CipherOp( cipherCtx , out, &midSize , outSize , xmlSecBufferGetData( ctx->material ) , inSize ) != SECSuccess ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "PK11_CipherOp" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ if( PK11_DigestFinal( cipherCtx , out + midSize , &finSize , outSize - midSize ) != SECSuccess ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "PK11_DigestFinal" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ if( xmlSecBufferSetSize( result , midSize + finSize ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecBufferSetSize" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ return 0 ;
++}
++
++/**
++ * Block cipher transform final
++ */
++static int
++xmlSecNssKeyWrapCtxFinal(
++ xmlSecNssKeyWrapCtxPtr ctx ,
++ xmlSecBufferPtr in ,
++ xmlSecBufferPtr out ,
++ int encrypt ,
++ xmlSecTransformCtxPtr transformCtx
++) {
++ PK11SymKey* targetKey ;
++ xmlSecSize blockSize ;
++ xmlSecBufferPtr result ;
++
++ xmlSecAssert2( ctx != NULL , -1 ) ;
++ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
++ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
++ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
++ xmlSecAssert2( ctx->material != NULL , -1 ) ;
++ xmlSecAssert2( in != NULL , -1 ) ;
++ xmlSecAssert2( out != NULL , -1 ) ;
++ xmlSecAssert2( transformCtx != NULL , -1 ) ;
++
++ /* read raw key material and append into context */
++ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecBufferAppend" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecBufferRemoveHead" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ /* Now we get all of the key materail */
++ /* from now on we will wrap or unwrap the key */
++ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "PK11_GetBlockSize" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ result = xmlSecBufferCreate( blockSize ) ;
++ if( result == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecBufferCreate" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ switch( ctx->cipher ) {
++ case CKM_DES3_CBC :
++ if( xmlSecNssKeyWrapDesOp(ctx, encrypt, result) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssKeyWrapDesOp" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecBufferDestroy(result);
++ return(-1);
++ }
++ break ;
++ /* case CKM_NETSCAPE_AES_KEY_WRAP :*/
++ case CKM_AES_CBC :
++ if( xmlSecNssKeyWrapAesOp(ctx, encrypt, result) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssKeyWrapAesOp" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecBufferDestroy(result);
++ return(-1);
++ }
++ break ;
++ }
++
++ /* Write output */
++ if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecBufferAppend" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecBufferDestroy(result);
++ return(-1);
++ }
++ xmlSecBufferDestroy(result);
++
++ return(0);
++}
++
++static int
++xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
++ xmlSecNssKeyWrapCtxPtr context = NULL ;
++ xmlSecBufferPtr inBuf, outBuf ;
++ int operation ;
++ int rtv ;
++
++ xmlSecAssert2( xmlSecNssKeyWrapCheckId( transform ), -1 ) ;
++ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyWrapSize ), -1 ) ;
++ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
++ xmlSecAssert2( transformCtx != NULL , -1 ) ;
++
++ context = xmlSecNssKeyWrapGetCtx( transform ) ;
++ if( context == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
++ "xmlSecNssKeyWrapGetCtx" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ inBuf = &( transform->inBuf ) ;
++ outBuf = &( transform->outBuf ) ;
++
++ if( transform->status == xmlSecTransformStatusNone ) {
++ transform->status = xmlSecTransformStatusWorking ;
++ }
++
++ operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
++ if( transform->status == xmlSecTransformStatusWorking ) {
++ if( context->material == NULL ) {
++ rtv = xmlSecNssKeyWrapCtxInit( context, inBuf , outBuf , operation , transformCtx ) ;
++ if( rtv < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
++ "xmlSecNssKeyWrapCtxInit" ,
++ XMLSEC_ERRORS_R_INVALID_STATUS ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++ }
++
++ if( context->material == NULL && last != 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
++ NULL ,
++ XMLSEC_ERRORS_R_INVALID_STATUS ,
++ "No enough data to intialize transform" ) ;
++ return(-1);
++ }
++
++ if( context->material != NULL ) {
++ rtv = xmlSecNssKeyWrapCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ;
++ if( rtv < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
++ "xmlSecNssKeyWrapCtxUpdate" ,
++ XMLSEC_ERRORS_R_INVALID_STATUS ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++ }
++
++ if( last ) {
++ rtv = xmlSecNssKeyWrapCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ;
++ if( rtv < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
++ "xmlSecNssKeyWrapCtxFinal" ,
++ XMLSEC_ERRORS_R_INVALID_STATUS ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++ transform->status = xmlSecTransformStatusFinished ;
++ }
++ } else if( transform->status == xmlSecTransformStatusFinished ) {
++ if( xmlSecBufferGetSize( inBuf ) != 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
++ NULL ,
++ XMLSEC_ERRORS_R_INVALID_STATUS ,
++ "status=%d", transform->status ) ;
++ return(-1);
++ }
++ } else {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
++ NULL ,
++ XMLSEC_ERRORS_R_INVALID_STATUS ,
++ "status=%d", transform->status ) ;
++ return(-1);
++ }
++
++ return(0);
++}
++
++#ifndef XMLSEC_NO_AES
++
++
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecTransformKlass xmlSecNssKWAes128Klass = {
++#else
++static xmlSecTransformKlass xmlSecNssKWAes128Klass = {
++#endif
++ /* klass/object sizes */
++ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
++ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
++
++ xmlSecNameKWAes128, /* const xmlChar* name; */
++ xmlSecHrefKWAes128, /* const xmlChar* href; */
++ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
++
++ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
++ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
++ NULL, /* xmlSecTransformNodeReadMethod readNode; */
++ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
++ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
++ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
++ NULL, /* xmlSecTransformValidateMethod validate; */
++ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
++ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
++ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
++ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
++ NULL, /* xmlSecTransformPopXmlMethod popXml; */
++ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
++
++ NULL, /* void* reserved0; */
++ NULL, /* void* reserved1; */
++};
++
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecTransformKlass xmlSecNssKWAes192Klass = {
++#else
++static xmlSecTransformKlass xmlSecNssKWAes192Klass = {
++#endif
++ /* klass/object sizes */
++ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
++ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
++
++ xmlSecNameKWAes192, /* const xmlChar* name; */
++ xmlSecHrefKWAes192, /* const xmlChar* href; */
++ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
++
++ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
++ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
++ NULL, /* xmlSecTransformNodeReadMethod readNode; */
++ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
++ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
++ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
++ NULL, /* xmlSecTransformValidateMethod validate; */
++ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
++ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
++ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
++ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
++ NULL, /* xmlSecTransformPopXmlMethod popXml; */
++ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
++
++ NULL, /* void* reserved0; */
++ NULL, /* void* reserved1; */
++};
++
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecTransformKlass xmlSecNssKWAes256Klass = {
++#else
++static xmlSecTransformKlass xmlSecNssKWAes256Klass = {
++#endif
++ /* klass/object sizes */
++ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
++ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
++
++ xmlSecNameKWAes256, /* const xmlChar* name; */
++ xmlSecHrefKWAes256, /* const xmlChar* href; */
++ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
++
++ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
++ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
++ NULL, /* xmlSecTransformNodeReadMethod readNode; */
++ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
++ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
++ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
++ NULL, /* xmlSecTransformValidateMethod validate; */
++ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
++ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
++ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
++ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
++ NULL, /* xmlSecTransformPopXmlMethod popXml; */
++ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
++
++ NULL, /* void* reserved0; */
++ NULL, /* void* reserved1; */
++};
++
++/**
++ * xmlSecNssTransformKWAes128GetKlass:
++ *
++ * The AES-128 key wrapper transform klass.
++ *
++ * Returns AES-128 key wrapper transform klass.
++ */
++xmlSecTransformId
++xmlSecNssTransformKWAes128GetKlass(void) {
++ return(&xmlSecNssKWAes128Klass);
++}
++
++/**
++ * xmlSecNssTransformKWAes192GetKlass:
++ *
++ * The AES-192 key wrapper transform klass.
++ *
++ * Returns AES-192 key wrapper transform klass.
++ */
++xmlSecTransformId
++xmlSecNssTransformKWAes192GetKlass(void) {
++ return(&xmlSecNssKWAes192Klass);
++}
++
++/**
++ *
++ * The AES-256 key wrapper transform klass.
++ *
++ * Returns AES-256 key wrapper transform klass.
++ */
++xmlSecTransformId
++xmlSecNssTransformKWAes256GetKlass(void) {
++ return(&xmlSecNssKWAes256Klass);
++}
++
++#endif /* XMLSEC_NO_AES */
++
++
++#ifndef XMLSEC_NO_DES
++
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecTransformKlass xmlSecNssKWDes3Klass = {
++#else
++static xmlSecTransformKlass xmlSecNssKWDes3Klass = {
++#endif
++ /* klass/object sizes */
++ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
++ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
++
++ xmlSecNameKWDes3, /* const xmlChar* name; */
++ xmlSecHrefKWDes3, /* const xmlChar* href; */
++ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
++
++ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
++ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
++ NULL, /* xmlSecTransformNodeReadMethod readNode; */
++ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
++ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
++ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
++ NULL, /* xmlSecTransformValidateMethod validate; */
++ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
++ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
++ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
++ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
++ NULL, /* xmlSecTransformPopXmlMethod popXml; */
++ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
++
++ NULL, /* void* reserved0; */
++ NULL, /* void* reserved1; */
++};
++
++/**
++ * xmlSecNssTransformKWDes3GetKlass:
++ *
++ * The Triple DES key wrapper transform klass.
++ *
++ * Returns Triple DES key wrapper transform klass.
++ */
++xmlSecTransformId
++xmlSecNssTransformKWDes3GetKlass(void) {
++ return(&xmlSecNssKWDes3Klass);
++}
++
++#endif /* XMLSEC_NO_DES */
++
+--- misc/xmlsec1-1.2.12/src/nss/pkikeys.c 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/pkikeys.c 2009-09-21 14:02:48.657352624 +0200
+@@ -24,6 +24,7 @@
+ #include <xmlsec/nss/crypto.h>
+ #include <xmlsec/nss/bignum.h>
+ #include <xmlsec/nss/pkikeys.h>
++#include <xmlsec/nss/tokens.h>
+
+ /**************************************************************************
+ *
+@@ -115,6 +116,8 @@
+ xmlSecNssPKIKeyDataCtxPtr ctxSrc)
+ {
+ xmlSecNSSPKIKeyDataCtxFree(ctxDst);
++ ctxDst->privkey = NULL ;
++ ctxDst->pubkey = NULL ;
+ if (ctxSrc->privkey != NULL) {
+ ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey);
+ if(ctxDst->privkey == NULL) {
+@@ -588,13 +591,13 @@
+ goto done;
+ }
+
+- slot = PK11_GetBestSlot(CKM_DSA, NULL);
++ slot = xmlSecNssSlotGet(CKM_DSA);
+ if(slot == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+- "PK11_GetBestSlot",
++ "xmlSecNssSlotGet",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
++ "error code=%d", PORT_GetError());
+ ret = -1;
+ goto done;
+ }
+@@ -792,14 +795,14 @@
+ if (slot != NULL) {
+ PK11_FreeSlot(slot);
+ }
+- if (ret != 0) {
++
+ if (pubkey != NULL) {
+ SECKEY_DestroyPublicKey(pubkey);
+ }
+ if (data != NULL) {
+ xmlSecKeyDataDestroy(data);
+ }
+- }
++
+ return(ret);
+ }
+
+@@ -818,7 +821,7 @@
+
+ ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
+ xmlSecAssert2(ctx != NULL, -1);
+- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
++/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
+
+ if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
+ /* we can have only private key or public key */
+@@ -940,7 +943,8 @@
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "PK11_PQG_ParamGen",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- "size=%d", sizeBits);
++ "size=%d, error code=%d", sizeBits, PORT_GetError());
++ ret = -1;
+ goto done;
+ }
+
+@@ -950,11 +954,12 @@
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "PK11_PQG_VerifyParams",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- "size=%d", sizeBits);
++ "size=%d, error code=%d", sizeBits, PORT_GetError());
++ ret = -1;
+ goto done;
+ }
+
+- slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL);
++ slot = xmlSecNssSlotGet(CKM_DSA_KEY_PAIR_GEN);
+ PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
+ privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams,
+ &pubkey, PR_FALSE, PR_TRUE, NULL);
+@@ -964,8 +969,9 @@
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "PK11_GenerateKeyPair",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
++ "error code=%d", PORT_GetError());
+
++ ret = -1;
+ goto done;
+ }
+
+@@ -979,6 +985,8 @@
+ goto done;
+ }
+
++ privkey = NULL ;
++ pubkey = NULL ;
+ ret = 0;
+
+ done:
+@@ -991,16 +999,13 @@
+ if (pqgVerify != NULL) {
+ PK11_PQG_DestroyVerify(pqgVerify);
+ }
+- if (ret == 0) {
+- return (0);
+- }
+ if (pubkey != NULL) {
+ SECKEY_DestroyPublicKey(pubkey);
+ }
+ if (privkey != NULL) {
+ SECKEY_DestroyPrivateKey(privkey);
+ }
+- return(-1);
++ return(ret);
+ }
+
+ static xmlSecKeyDataType
+@@ -1010,10 +1015,10 @@
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown);
+ ctx = xmlSecNssPKIKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
++/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
+ if (ctx->privkey != NULL) {
+ return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
+- } else {
++ } else if( ctx->pubkey != NULL ) {
+ return(xmlSecKeyDataTypePublic);
+ }
+
+@@ -1027,7 +1032,7 @@
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0);
+ ctx = xmlSecNssPKIKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
++/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
+
+ return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
+ }
+@@ -1216,13 +1221,13 @@
+ goto done;
+ }
+
+- slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL);
++ slot = xmlSecNssSlotGet(CKM_RSA_PKCS);
+ if(slot == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+- "PK11_GetBestSlot",
++ "xmlSecNssSlotGet",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
++ "error code=%d", PORT_GetError());
+ ret = -1;
+ goto done;
+ }
+@@ -1384,7 +1389,7 @@
+
+ ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
+ xmlSecAssert2(ctx != NULL, -1);
+- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
++/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/
+
+
+ if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
+@@ -1455,7 +1460,7 @@
+ params.keySizeInBits = sizeBits;
+ params.pe = 65537;
+
+- slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL);
++ slot = xmlSecNssSlotGet(CKM_RSA_PKCS_KEY_PAIR_GEN);
+ PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
+ privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &params,
+ &pubkey, PR_FALSE, PR_TRUE, NULL);
+@@ -1525,7 +1530,7 @@
+
+ ctx = xmlSecNssPKIKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
++/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/
+
+ return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
+ }
+--- misc/xmlsec1-1.2.12/src/nss/symkeys.c 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/symkeys.c 2009-09-21 14:02:48.620574832 +0200
+@@ -15,20 +15,41 @@
+ #include <stdio.h>
+ #include <string.h>
+
++#include <pk11func.h>
++#include <nss.h>
++
+ #include <xmlsec/xmlsec.h>
+ #include <xmlsec/xmltree.h>
++#include <xmlsec/base64.h>
+ #include <xmlsec/keys.h>
+ #include <xmlsec/keyinfo.h>
+ #include <xmlsec/transforms.h>
+ #include <xmlsec/errors.h>
+
+ #include <xmlsec/nss/crypto.h>
++#include <xmlsec/nss/ciphers.h>
++#include <xmlsec/nss/tokens.h>
+
+ /*****************************************************************************
+ *
+- * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary
++ * Symmetic (binary) keys - a wrapper over slot information and PK11SymKey
+ *
+ ****************************************************************************/
++typedef struct _xmlSecNssSymKeyDataCtx xmlSecNssSymKeyDataCtx ;
++typedef struct _xmlSecNssSymKeyDataCtx* xmlSecNssSymKeyDataCtxPtr ;
++
++struct _xmlSecNssSymKeyDataCtx {
++ CK_MECHANISM_TYPE cipher ; /* the symmetic key mechanism */
++ PK11SlotInfo* slot ; /* the key resident slot */
++ PK11SymKey* symkey ; /* the symmetic key */
++} ;
++
++#define xmlSecNssSymKeyDataSize \
++ ( sizeof( xmlSecKeyData ) + sizeof( xmlSecNssSymKeyDataCtx ) )
++
++#define xmlSecNssSymKeyDataGetCtx( data ) \
++ ( ( xmlSecNssSymKeyDataCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyData ) ) )
++
+ static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data);
+ static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+@@ -67,107 +88,743 @@
+ (xmlSecKeyDataIsValid((data)) && \
+ xmlSecNssSymKeyDataKlassCheck((data)->id))
+
++/**
++ * xmlSecNssSymKeyDataAdoptKey:
++ * @data: the pointer to symmetric key data.
++ * @symkey: the symmetric key
++ *
++ * Set the value of symmetric key data.
++ *
++ * Returns 0 on success or a negative value if an error occurs.
++ */
++int
++xmlSecNssSymKeyDataAdoptKey(
++ xmlSecKeyDataPtr data ,
++ PK11SymKey* symkey
++) {
++ xmlSecNssSymKeyDataCtxPtr context = NULL ;
++
++ xmlSecAssert2( xmlSecNssSymKeyDataCheckId( data ), -1 ) ;
++ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), -1 ) ;
++ xmlSecAssert2( symkey != NULL, -1 ) ;
++
++ context = xmlSecNssSymKeyDataGetCtx( data ) ;
++ xmlSecAssert2(context != NULL, -1);
++
++ context->cipher = PK11_GetMechanism( symkey ) ;
++
++ if( context->slot != NULL ) {
++ PK11_FreeSlot( context->slot ) ;
++ context->slot = NULL ;
++ }
++ context->slot = PK11_GetSlotFromKey( symkey ) ;
++
++ if( context->symkey != NULL ) {
++ PK11_FreeSymKey( context->symkey ) ;
++ context->symkey = NULL ;
++ }
++ context->symkey = PK11_ReferenceSymKey( symkey ) ;
++
++ return 0 ;
++}
++
++xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt(
++ PK11SymKey* symKey
++) {
++ xmlSecKeyDataPtr data = NULL ;
++ CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM ;
++
++ xmlSecAssert2( symKey != NULL , NULL ) ;
++
++ mechanism = PK11_GetMechanism( symKey ) ;
++ switch( mechanism ) {
++ case CKM_DES3_KEY_GEN :
++ case CKM_DES3_CBC :
++ case CKM_DES3_MAC :
++ data = xmlSecKeyDataCreate( xmlSecNssKeyDataDesId ) ;
++ if( data == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeyDataCreate" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ "xmlSecNssKeyDataDesId" ) ;
++ return NULL ;
++ }
++ break ;
++ case CKM_AES_KEY_GEN :
++ case CKM_AES_CBC :
++ case CKM_AES_MAC :
++ data = xmlSecKeyDataCreate( xmlSecNssKeyDataAesId ) ;
++ if( data == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecKeyDataCreate" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ "xmlSecNssKeyDataDesId" ) ;
++ return NULL ;
++ }
++ break ;
++ default :
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ "Unsupported mechanism" ) ;
++ return NULL ;
++ }
++
++ if( xmlSecNssSymKeyDataAdoptKey( data , symKey ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ "xmlSecNssSymKeyDataAdoptKey" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecKeyDataDestroy( data ) ;
++ return NULL ;
++ }
++
++ return data ;
++}
++
++
++PK11SymKey*
++xmlSecNssSymKeyDataGetKey(
++ xmlSecKeyDataPtr data
++) {
++ xmlSecNssSymKeyDataCtxPtr ctx;
++ PK11SymKey* symkey ;
++
++ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), NULL);
++ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), NULL);
++
++ ctx = xmlSecNssSymKeyDataGetCtx(data);
++ xmlSecAssert2(ctx != NULL, NULL);
++
++ if( ctx->symkey != NULL ) {
++ symkey = PK11_ReferenceSymKey( ctx->symkey ) ;
++ } else {
++ symkey = NULL ;
++ }
++
++ return(symkey);
++}
++
+ static int
+ xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) {
++ xmlSecNssSymKeyDataCtxPtr ctx;
++
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
+-
+- return(xmlSecKeyDataBinaryValueInitialize(data));
++ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), -1);
++
++ ctx = xmlSecNssSymKeyDataGetCtx(data);
++ xmlSecAssert2(ctx != NULL, -1);
++
++ memset( ctx, 0, sizeof(xmlSecNssSymKeyDataCtx));
++
++ /* Set the block cipher mechanism */
++#ifndef XMLSEC_NO_DES
++ if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) {
++ ctx->cipher = CKM_DES3_KEY_GEN;
++ } else
++#endif /* XMLSEC_NO_DES */
++
++#ifndef XMLSEC_NO_AES
++ if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) {
++ ctx->cipher = CKM_AES_KEY_GEN;
++ } else
++#endif /* XMLSEC_NO_AES */
++
++ if(1) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
++ NULL ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ "Unsupported block cipher" ) ;
++ return(-1) ;
++ }
++
++ return(0);
+ }
+
+ static int
+ xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
++ xmlSecNssSymKeyDataCtxPtr ctxDst;
++ xmlSecNssSymKeyDataCtxPtr ctxSrc;
++
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1);
++ xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecNssSymKeyDataSize), -1);
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1);
++ xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecNssSymKeyDataSize), -1);
+ xmlSecAssert2(dst->id == src->id, -1);
+-
+- return(xmlSecKeyDataBinaryValueDuplicate(dst, src));
++
++ ctxDst = xmlSecNssSymKeyDataGetCtx(dst);
++ xmlSecAssert2(ctxDst != NULL, -1);
++
++ ctxSrc = xmlSecNssSymKeyDataGetCtx(src);
++ xmlSecAssert2(ctxSrc != NULL, -1);
++
++ ctxDst->cipher = ctxSrc->cipher ;
++
++ if( ctxSrc->slot != NULL ) {
++ if( ctxDst->slot != NULL && ctxDst->slot != ctxSrc->slot ) {
++ PK11_FreeSlot( ctxDst->slot ) ;
++ ctxDst->slot = NULL ;
++ }
++
++ if( ctxDst->slot == NULL && ctxSrc->slot != NULL )
++ ctxDst->slot = PK11_ReferenceSlot( ctxSrc->slot ) ;
++ } else {
++ if( ctxDst->slot != NULL ) {
++ PK11_FreeSlot( ctxDst->slot ) ;
++ ctxDst->slot = NULL ;
++ }
++ }
++
++ if( ctxSrc->symkey != NULL ) {
++ if( ctxDst->symkey != NULL && ctxDst->symkey != ctxSrc->symkey ) {
++ PK11_FreeSymKey( ctxDst->symkey ) ;
++ ctxDst->symkey = NULL ;
++ }
++
++ if( ctxDst->symkey == NULL && ctxSrc->symkey != NULL )
++ ctxDst->symkey = PK11_ReferenceSymKey( ctxSrc->symkey ) ;
++ } else {
++ if( ctxDst->symkey != NULL ) {
++ PK11_FreeSymKey( ctxDst->symkey ) ;
++ ctxDst->symkey = NULL ;
++ }
++ }
++
++ return(0);
+ }
+
+ static void
+ xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) {
++ xmlSecNssSymKeyDataCtxPtr ctx;
++
+ xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
+-
+- xmlSecKeyDataBinaryValueFinalize(data);
++ xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize));
++
++ ctx = xmlSecNssSymKeyDataGetCtx(data);
++ xmlSecAssert(ctx != NULL);
++
++ if( ctx->slot != NULL ) {
++ PK11_FreeSlot( ctx->slot ) ;
++ ctx->slot = NULL ;
++ }
++
++ if( ctx->symkey != NULL ) {
++ PK11_FreeSymKey( ctx->symkey ) ;
++ ctx->symkey = NULL ;
++ }
++
++ ctx->cipher = CKM_INVALID_MECHANISM ;
+ }
+
+ static int
+ xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
++ PK11SymKey* symKey ;
++ PK11SlotInfo* slot ;
++ xmlSecBufferPtr keyBuf;
++ xmlSecSize len;
++ xmlSecKeyDataPtr data;
++ xmlSecNssSymKeyDataCtxPtr ctx;
++ SECItem keyItem ;
++ int ret;
++
++ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
++ xmlSecAssert2(key != NULL, -1);
++ xmlSecAssert2(node != NULL, -1);
++ xmlSecAssert2(keyInfoCtx != NULL, -1);
++
++ /* Create a new KeyData from a id */
++ data = xmlSecKeyDataCreate(id);
++ if(data == NULL ) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecKeyDataCreate",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
++ }
++
++ ctx = xmlSecNssSymKeyDataGetCtx(data);
++ xmlSecAssert2(ctx != NULL, -1);
++
++ /* Create a buffer for raw symmetric key value */
++ if( ( keyBuf = xmlSecBufferCreate( 128 ) ) == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecBufferCreate" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1) ;
++ }
++
++ /* Read the raw key value */
++ if( xmlSecBufferBase64NodeContentRead( keyBuf , node ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecBufferDestroy( keyBuf ) ;
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1) ;
++ }
++
++ /* Get slot */
++ slot = xmlSecNssSlotGet(ctx->cipher);
++ if( slot == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecNssSlotGet" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ xmlSecBufferDestroy( keyBuf ) ;
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1) ;
++ }
++
++ /* Wrap the raw key value SECItem */
++ keyItem.type = siBuffer ;
++ keyItem.data = xmlSecBufferGetData( keyBuf ) ;
++ keyItem.len = xmlSecBufferGetSize( keyBuf ) ;
++
++ /* Import the raw key into slot temporalily and get the key handler*/
++ symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ;
++ if( symKey == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "PK11_ImportSymKey" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ PK11_FreeSlot( slot ) ;
++ xmlSecBufferDestroy( keyBuf ) ;
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1) ;
++ }
++ PK11_FreeSlot( slot ) ;
++
++ /* raw key material has been copied into symKey, it isn't used any more */
++ xmlSecBufferDestroy( keyBuf ) ;
++
++ /* Adopt the symmetric key into key data */
++ ret = xmlSecNssSymKeyDataAdoptKey(data, symKey);
++ if(ret < 0) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecKeyDataBinaryValueSetBuffer",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ PK11_FreeSymKey( symKey ) ;
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1);
++ }
++ /* symKey has been duplicated into data, it isn't used any more */
++ PK11_FreeSymKey( symKey ) ;
++
++ /* Check value */
++ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecKeyReqMatchKeyValue",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ xmlSecKeyDataDestroy( data ) ;
++ return(0);
++ }
+
+- return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx));
++ ret = xmlSecKeySetValue(key, data);
++ if(ret < 0) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecKeySetValue",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1);
++ }
++
++ return(0);
+ }
+
+ static int
+ xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
++ PK11SymKey* symKey ;
++
+ xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
+-
+- return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx));
++ xmlSecAssert2(key != NULL, -1);
++ xmlSecAssert2(node != NULL, -1);
++ xmlSecAssert2(keyInfoCtx != NULL, -1);
++
++ /* Get symmetric key from "key" */
++ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key));
++ if( symKey != NULL ) {
++ SECItem* keyItem ;
++ xmlSecBufferPtr keyBuf ;
++
++ /* Extract raw key data from symmetric key */
++ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "PK11_ExtractKeyValue",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ PK11_FreeSymKey( symKey ) ;
++ return(-1);
++ }
++
++ /* Get raw key data from "symKey" */
++ keyItem = PK11_GetKeyData( symKey ) ;
++ if(keyItem == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "PK11_GetKeyData",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ PK11_FreeSymKey( symKey ) ;
++ return(-1);
++ }
++
++ /* Create key data buffer with raw kwy material */
++ keyBuf = xmlSecBufferCreate(keyItem->len) ;
++ if(keyBuf == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecBufferCreate",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ PK11_FreeSymKey( symKey ) ;
++ return(-1);
++ }
++
++ xmlSecBufferSetData( keyBuf , keyItem->data , keyItem->len ) ;
++
++ /* Write raw key material into current xml node */
++ if( xmlSecBufferBase64NodeContentWrite( keyBuf, node, XMLSEC_BASE64_LINESIZE ) < 0 ) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecBufferBase64NodeContentWrite",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ xmlSecBufferDestroy(keyBuf);
++ PK11_FreeSymKey( symKey ) ;
++ return(-1);
++ }
++ xmlSecBufferDestroy(keyBuf);
++ PK11_FreeSymKey( symKey ) ;
++ }
++
++ return 0 ;
+ }
+
+ static int
+ xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ const xmlSecByte* buf, xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
++ PK11SymKey* symKey ;
++ PK11SlotInfo* slot ;
++ xmlSecKeyDataPtr data;
++ xmlSecNssSymKeyDataCtxPtr ctx;
++ SECItem keyItem ;
++ int ret;
++
++ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
++ xmlSecAssert2(key != NULL, -1);
++ xmlSecAssert2(buf != NULL, -1);
++ xmlSecAssert2(bufSize != 0, -1);
++ xmlSecAssert2(keyInfoCtx != NULL, -1);
++
++ /* Create a new KeyData from a id */
++ data = xmlSecKeyDataCreate(id);
++ if(data == NULL ) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecKeyDataCreate",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
++ }
++
++ ctx = xmlSecNssSymKeyDataGetCtx(data);
++ xmlSecAssert2(ctx != NULL, -1);
++
++ /* Get slot */
++ slot = xmlSecNssSlotGet(ctx->cipher);
++ if( slot == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecNssSlotGet" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1) ;
++ }
++
++ /* Wrap the raw key value SECItem */
++ keyItem.type = siBuffer ;
++ keyItem.data = buf ;
++ keyItem.len = bufSize ;
++
++ /* Import the raw key into slot temporalily and get the key handler*/
++ symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ;
++ if( symKey == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "PK11_ImportSymKey" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ PK11_FreeSlot( slot ) ;
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1) ;
++ }
++
++ /* Adopt the symmetric key into key data */
++ ret = xmlSecNssSymKeyDataAdoptKey(data, symKey);
++ if(ret < 0) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecKeyDataBinaryValueSetBuffer",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ PK11_FreeSymKey( symKey ) ;
++ PK11_FreeSlot( slot ) ;
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1);
++ }
++ /* symKey has been duplicated into data, it isn't used any more */
++ PK11_FreeSymKey( symKey ) ;
++ PK11_FreeSlot( slot ) ;
++
++ /* Check value */
++ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecKeyReqMatchKeyValue",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ xmlSecKeyDataDestroy( data ) ;
++ return(0);
++ }
+
+- return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx));
++ ret = xmlSecKeySetValue(key, data);
++ if(ret < 0) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecKeySetValue",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ xmlSecKeyDataDestroy( data ) ;
++ return(-1);
++ }
++
++ return(0);
+ }
+
+ static int
+ xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlSecByte** buf, xmlSecSize* bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
++ PK11SymKey* symKey ;
++
+ xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
++ xmlSecAssert2(key != NULL, -1);
++ xmlSecAssert2(buf != NULL, -1);
++ xmlSecAssert2(bufSize != 0, -1);
++ xmlSecAssert2(keyInfoCtx != NULL, -1);
++
++ /* Get symmetric key from "key" */
++ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key));
++ if( symKey != NULL ) {
++ SECItem* keyItem ;
++
++ /* Extract raw key data from symmetric key */
++ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "PK11_ExtractKeyValue",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ PK11_FreeSymKey( symKey ) ;
++ return(-1);
++ }
++
++ /* Get raw key data from "symKey" */
++ keyItem = PK11_GetKeyData( symKey ) ;
++ if(keyItem == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "PK11_GetKeyData",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ PK11_FreeSymKey( symKey ) ;
++ return(-1);
++ }
++
++ *bufSize = keyItem->len;
++ *buf = ( xmlSecByte* )xmlMalloc( *bufSize );
++ if( *buf == NULL ) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ NULL,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ PK11_FreeSymKey( symKey ) ;
++ return(-1);
++ }
++
++ memcpy((*buf), keyItem->data, (*bufSize));
++ PK11_FreeSymKey( symKey ) ;
++ }
+
+- return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx));
++ return 0 ;
+ }
+
+ static int
+ xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+- xmlSecBufferPtr buffer;
++ PK11SymKey* symkey ;
++ PK11SlotInfo* slot ;
++ xmlSecNssSymKeyDataCtxPtr ctx;
++ int ret;
+
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
+ xmlSecAssert2(sizeBits > 0, -1);
+
+- buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+- xmlSecAssert2(buffer != NULL, -1);
+-
+- return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8));
++ ctx = xmlSecNssSymKeyDataGetCtx(data);
++ xmlSecAssert2(ctx != NULL, -1);
++
++ if( sizeBits % 8 != 0 ) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
++ NULL,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ "Symmetric key size must be octuple");
++ return(-1);
++ }
++
++ /* Get slot */
++ slot = xmlSecNssSlotGet(ctx->cipher);
++ if( slot == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
++ "xmlSecNssSlotGet" ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1) ;
++ }
++
++ if( PK11_Authenticate( slot, PR_FALSE , NULL ) != SECSuccess ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
++ "PK11_Authenticate" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ PK11_FreeSlot( slot ) ;
++ return -1 ;
++ }
++
++ symkey = PK11_KeyGen( slot , ctx->cipher , NULL , sizeBits/8 , NULL ) ;
++ if( symkey == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
++ "PK11_KeyGen" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ PK11_FreeSlot( slot ) ;
++ return -1 ;
++ }
++
++ if( ctx->slot != NULL ) {
++ PK11_FreeSlot( ctx->slot ) ;
++ ctx->slot = NULL ;
++ }
++ ctx->slot = slot ;
++
++ if( ctx->symkey != NULL ) {
++ PK11_FreeSymKey( ctx->symkey ) ;
++ ctx->symkey = NULL ;
++ }
++ ctx->symkey = symkey ;
++
++ return 0;
+ }
+
+ static xmlSecKeyDataType
+ xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) {
+- xmlSecBufferPtr buffer;
++ xmlSecNssSymKeyDataCtxPtr context = NULL ;
++ xmlSecKeyDataType type = xmlSecKeyDataTypeUnknown ;
+
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown);
++ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), xmlSecKeyDataTypeUnknown ) ;
+
+- buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+- xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown);
++ context = xmlSecNssSymKeyDataGetCtx( data ) ;
++ if( context == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
++ "xmlSecNssSymKeyDataGetCtx" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return xmlSecKeyDataTypeUnknown ;
++ }
+
+- return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown);
++ if( context->symkey != NULL ) {
++ type |= xmlSecKeyDataTypeSymmetric ;
++ } else {
++ type |= xmlSecKeyDataTypeUnknown ;
++ }
++
++ return type ;
+ }
+
+ static xmlSecSize
+ xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) {
++ xmlSecNssSymKeyDataCtxPtr context ;
++ unsigned int length = 0 ;
++
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0);
++ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), 0 ) ;
++ context = xmlSecNssSymKeyDataGetCtx( data ) ;
++ if( context == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
++ "xmlSecNssSymKeyDataGetCtx" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return 0 ;
++ }
++
++ if( context->symkey != NULL ) {
++ length = PK11_GetKeyLength( context->symkey ) ;
++ length *= 8 ;
++ }
+
+- return(xmlSecKeyDataBinaryValueGetSize(data));
++ return length ;
+ }
+
+ static void
+ xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
+
+- xmlSecKeyDataBinaryValueDebugDump(data, output);
++ /* print only size, everything else is sensitive */
++ fprintf( output , "=== %s: size=%d\n" , data->id->dataNodeName ,
++ xmlSecKeyDataGetSize(data)) ;
+ }
+
+ static void
+ xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
+-
+- xmlSecKeyDataBinaryValueDebugXmlDump(data, output);
++
++ /* print only size, everything else is sensitive */
++ fprintf( output , "<%s size=\"%d\" />\n" , data->id->dataNodeName ,
++ xmlSecKeyDataGetSize(data)) ;
+ }
+
+ static int
+@@ -201,7 +858,7 @@
+ *************************************************************************/
+ static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = {
+ sizeof(xmlSecKeyDataKlass),
+- xmlSecKeyDataBinarySize,
++ xmlSecNssSymKeyDataSize,
+
+ /* data */
+ xmlSecNameAESKeyValue,
+@@ -282,7 +939,7 @@
+ *************************************************************************/
+ static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = {
+ sizeof(xmlSecKeyDataKlass),
+- xmlSecKeyDataBinarySize,
++ xmlSecNssSymKeyDataSize,
+
+ /* data */
+ xmlSecNameDESKeyValue,
+@@ -364,7 +1021,7 @@
+ *************************************************************************/
+ static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = {
+ sizeof(xmlSecKeyDataKlass),
+- xmlSecKeyDataBinarySize,
++ xmlSecNssSymKeyDataSize,
+
+ /* data */
+ xmlSecNameHMACKeyValue,
+--- misc/xmlsec1-1.2.12/src/nss/tokens.c 2009-09-21 14:07:19.249145861 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/tokens.c 2009-09-21 14:02:48.556772442 +0200
+@@ -1 +1,548 @@
+-dummy
++/**
++ * XMLSec library
++ *
++ * This is free software; see Copyright file in the source
++ * distribution for preciese wording.
++ *
++ * Copyright..................................
++ *
++ * Contributor(s): _____________________________
++ *
++ */
++
++/**
++ * In order to ensure that particular crypto operation is performed on
++ * particular crypto device, a subclass of xmlSecList is used to store slot and
++ * mechanism information.
++ *
++ * In the list, a slot is bound with a mechanism. If the mechanism is available,
++ * this mechanism only can perform on the slot; otherwise, it can perform on
++ * every eligibl slot in the list.
++ *
++ * When try to find a slot for a particular mechanism, the slot bound with
++ * avaliable mechanism will be looked up firstly.
++ */
++#include "globals.h"
++#include <string.h>
++
++#include <xmlsec/xmlsec.h>
++#include <xmlsec/errors.h>
++#include <xmlsec/list.h>
++
++#include <xmlsec/nss/tokens.h>
++
++int
++xmlSecNssKeySlotSetMechList(
++ xmlSecNssKeySlotPtr keySlot ,
++ CK_MECHANISM_TYPE_PTR mechanismList
++) {
++ int counter ;
++
++ xmlSecAssert2( keySlot != NULL , -1 ) ;
++
++ if( keySlot->mechanismList != CK_NULL_PTR ) {
++ xmlFree( keySlot->mechanismList ) ;
++
++ for( counter = 0 ; *( mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
++ keySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
++ if( keySlot->mechanismList == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return( -1 );
++ }
++ for( ; counter >= 0 ; counter -- )
++ *( keySlot->mechanismList + counter ) = *( mechanismList + counter ) ;
++ }
++
++ return( 0 );
++}
++
++int
++xmlSecNssKeySlotEnableMech(
++ xmlSecNssKeySlotPtr keySlot ,
++ CK_MECHANISM_TYPE mechanism
++) {
++ int counter ;
++ CK_MECHANISM_TYPE_PTR newList ;
++
++ xmlSecAssert2( keySlot != NULL , -1 ) ;
++
++ if( mechanism != CKM_INVALID_MECHANISM ) {
++ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
++ newList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
++ if( newList == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return( -1 );
++ }
++ *( newList + counter + 1 ) = CKM_INVALID_MECHANISM ;
++ *( newList + counter ) = mechanism ;
++ for( counter -= 1 ; counter >= 0 ; counter -- )
++ *( newList + counter ) = *( keySlot->mechanismList + counter ) ;
++
++ xmlFree( keySlot->mechanismList ) ;
++ keySlot->mechanismList = newList ;
++ }
++
++ return(0);
++}
++
++int
++xmlSecNssKeySlotDisableMech(
++ xmlSecNssKeySlotPtr keySlot ,
++ CK_MECHANISM_TYPE mechanism
++) {
++ int counter ;
++
++ xmlSecAssert2( keySlot != NULL , -1 ) ;
++
++ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
++ if( *( keySlot->mechanismList + counter ) == mechanism ) {
++ for( ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
++ *( keySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter + 1 ) ;
++ }
++
++ break ;
++ }
++ }
++
++ return(0);
++}
++
++CK_MECHANISM_TYPE_PTR
++xmlSecNssKeySlotGetMechList(
++ xmlSecNssKeySlotPtr keySlot
++) {
++ if( keySlot != NULL )
++ return keySlot->mechanismList ;
++ else
++ return NULL ;
++}
++
++int
++xmlSecNssKeySlotSetSlot(
++ xmlSecNssKeySlotPtr keySlot ,
++ PK11SlotInfo* slot
++) {
++ xmlSecAssert2( keySlot != NULL , -1 ) ;
++
++ if( slot != NULL && keySlot->slot != slot ) {
++ if( keySlot->slot != NULL )
++ PK11_FreeSlot( keySlot->slot ) ;
++
++ if( keySlot->mechanismList != NULL ) {
++ xmlFree( keySlot->mechanismList ) ;
++ keySlot->mechanismList = NULL ;
++ }
++
++ keySlot->slot = PK11_ReferenceSlot( slot ) ;
++ }
++
++ return(0);
++}
++
++int
++xmlSecNssKeySlotInitialize(
++ xmlSecNssKeySlotPtr keySlot ,
++ PK11SlotInfo* slot
++) {
++ xmlSecAssert2( keySlot != NULL , -1 ) ;
++ xmlSecAssert2( keySlot->slot == NULL , -1 ) ;
++ xmlSecAssert2( keySlot->mechanismList == NULL , -1 ) ;
++
++ if( slot != NULL ) {
++ keySlot->slot = PK11_ReferenceSlot( slot ) ;
++ }
++
++ return(0);
++}
++
++void
++xmlSecNssKeySlotFinalize(
++ xmlSecNssKeySlotPtr keySlot
++) {
++ xmlSecAssert( keySlot != NULL ) ;
++
++ if( keySlot->mechanismList != NULL ) {
++ xmlFree( keySlot->mechanismList ) ;
++ keySlot->mechanismList = NULL ;
++ }
++
++ if( keySlot->slot != NULL ) {
++ PK11_FreeSlot( keySlot->slot ) ;
++ keySlot->slot = NULL ;
++ }
++
++}
++
++PK11SlotInfo*
++xmlSecNssKeySlotGetSlot(
++ xmlSecNssKeySlotPtr keySlot
++) {
++ if( keySlot != NULL )
++ return keySlot->slot ;
++ else
++ return NULL ;
++}
++
++xmlSecNssKeySlotPtr
++xmlSecNssKeySlotCreate() {
++ xmlSecNssKeySlotPtr keySlot ;
++
++ /* Allocates a new xmlSecNssKeySlot and fill the fields */
++ keySlot = ( xmlSecNssKeySlotPtr )xmlMalloc( sizeof( xmlSecNssKeySlot ) ) ;
++ if( keySlot == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return( NULL );
++ }
++ memset( keySlot, 0, sizeof( xmlSecNssKeySlot ) ) ;
++
++ return( keySlot ) ;
++}
++
++int
++xmlSecNssKeySlotCopy(
++ xmlSecNssKeySlotPtr newKeySlot ,
++ xmlSecNssKeySlotPtr keySlot
++) {
++ CK_MECHANISM_TYPE_PTR mech ;
++ int counter ;
++
++ xmlSecAssert2( newKeySlot != NULL , -1 ) ;
++ xmlSecAssert2( keySlot != NULL , -1 ) ;
++
++ if( keySlot->slot != NULL && newKeySlot->slot != keySlot->slot ) {
++ if( newKeySlot->slot != NULL )
++ PK11_FreeSlot( newKeySlot->slot ) ;
++
++ newKeySlot->slot = PK11_ReferenceSlot( keySlot->slot ) ;
++ }
++
++ if( keySlot->mechanismList != CK_NULL_PTR ) {
++ xmlFree( newKeySlot->mechanismList ) ;
++
++ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
++ newKeySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
++ if( newKeySlot->mechanismList == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return( -1 );
++ }
++ for( ; counter >= 0 ; counter -- )
++ *( newKeySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter ) ;
++ }
++
++ return( 0 );
++}
++
++xmlSecNssKeySlotPtr
++xmlSecNssKeySlotDuplicate(
++ xmlSecNssKeySlotPtr keySlot
++) {
++ xmlSecNssKeySlotPtr newKeySlot ;
++ int ret ;
++
++ xmlSecAssert2( keySlot != NULL , NULL ) ;
++
++ newKeySlot = xmlSecNssKeySlotCreate() ;
++ if( newKeySlot == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return( NULL );
++ }
++
++ if( xmlSecNssKeySlotCopy( newKeySlot, keySlot ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return( NULL );
++ }
++
++ return( newKeySlot );
++}
++
++void
++xmlSecNssKeySlotDestroy(
++ xmlSecNssKeySlotPtr keySlot
++) {
++ xmlSecAssert( keySlot != NULL ) ;
++
++ if( keySlot->mechanismList != NULL )
++ xmlFree( keySlot->mechanismList ) ;
++
++ if( keySlot->slot != NULL )
++ PK11_FreeSlot( keySlot->slot ) ;
++
++ xmlFree( keySlot ) ;
++}
++
++int
++xmlSecNssKeySlotBindMech(
++ xmlSecNssKeySlotPtr keySlot ,
++ CK_MECHANISM_TYPE type
++) {
++ int counter ;
++
++ xmlSecAssert2( keySlot != NULL , 0 ) ;
++ xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
++ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
++
++ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
++ if( *( keySlot->mechanismList + counter ) == type )
++ return(1) ;
++ }
++
++ return( 0 ) ;
++}
++
++int
++xmlSecNssKeySlotSupportMech(
++ xmlSecNssKeySlotPtr keySlot ,
++ CK_MECHANISM_TYPE type
++) {
++ xmlSecAssert2( keySlot != NULL , 0 ) ;
++ xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
++ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
++
++ if( PK11_DoesMechanism( keySlot->slot , type ) == PR_TRUE ) {
++ return(1);
++ } else
++ return(0);
++}
++
++void
++xmlSecNssKeySlotDebugDump(
++ xmlSecNssKeySlotPtr keySlot ,
++ FILE* output
++) {
++ xmlSecAssert( keySlot != NULL ) ;
++ xmlSecAssert( output != NULL ) ;
++
++ fprintf( output, "== KEY SLOT\n" );
++}
++
++void
++xmlSecNssKeySlotDebugXmlDump(
++ xmlSecNssKeySlotPtr keySlot ,
++ FILE* output
++) {
++}
++
++/**
++ * Key Slot List
++ */
++#ifdef __MINGW32__ // for runtime-pseudo-reloc
++static struct _xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = {
++#else
++static xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = {
++#endif
++ BAD_CAST "mechanism-list",
++ (xmlSecPtrDuplicateItemMethod)xmlSecNssKeySlotDuplicate,
++ (xmlSecPtrDestroyItemMethod)xmlSecNssKeySlotDestroy,
++ (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugDump,
++ (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugXmlDump,
++};
++
++xmlSecPtrListId
++xmlSecNssKeySlotListGetKlass(void) {
++ return(&xmlSecNssKeySlotPtrListKlass);
++}
++
++
++/*-
++ * Global PKCS#11 crypto token repository -- Key slot list
++ */
++static xmlSecPtrListPtr _xmlSecNssKeySlotList = NULL ;
++
++PK11SlotInfo*
++xmlSecNssSlotGet(
++ CK_MECHANISM_TYPE type
++) {
++ PK11SlotInfo* slot = NULL ;
++ xmlSecNssKeySlotPtr keySlot ;
++ xmlSecSize ksSize ;
++ xmlSecSize ksPos ;
++ char flag ;
++
++ if( _xmlSecNssKeySlotList == NULL ) {
++ slot = PK11_GetBestSlot( type , NULL ) ;
++ } else {
++ ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ;
++
++ /*-
++ * Firstly, checking whether the mechanism is bound with a special slot.
++ * If no bound slot, we try to find the first eligible slot in the list.
++ */
++ for( flag = 0, ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) {
++ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ;
++ if( keySlot != NULL && xmlSecNssKeySlotBindMech( keySlot, type ) ) {
++ slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
++ flag = 2 ;
++ } else if( flag == 0 && xmlSecNssKeySlotSupportMech( keySlot, type ) ) {
++ slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
++ flag = 1 ;
++ }
++
++ if( flag == 2 )
++ break ;
++ }
++ if( slot != NULL )
++ slot = PK11_ReferenceSlot( slot ) ;
++ }
++
++ if( slot != NULL && PK11_NeedLogin( slot ) ) {
++ if( PK11_Authenticate( slot , PR_TRUE , NULL ) != SECSuccess ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ PK11_FreeSlot( slot ) ;
++ return( NULL );
++ }
++ }
++
++ return slot ;
++}
++
++int
++xmlSecNssSlotInitialize(
++ void
++) {
++ if( _xmlSecNssKeySlotList != NULL ) {
++ xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ;
++ _xmlSecNssKeySlotList = NULL ;
++ }
++
++ _xmlSecNssKeySlotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ;
++ if( _xmlSecNssKeySlotList == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return( -1 );
++ }
++
++ return(0);
++}
++
++void
++xmlSecNssSlotShutdown(
++ void
++) {
++ if( _xmlSecNssKeySlotList != NULL ) {
++ xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ;
++ _xmlSecNssKeySlotList = NULL ;
++ }
++}
++
++int
++xmlSecNssSlotAdopt(
++ PK11SlotInfo* slot,
++ CK_MECHANISM_TYPE type
++) {
++ xmlSecNssKeySlotPtr keySlot ;
++ xmlSecSize ksSize ;
++ xmlSecSize ksPos ;
++ char flag ;
++
++ xmlSecAssert2( _xmlSecNssKeySlotList != NULL, -1 ) ;
++ xmlSecAssert2( slot != NULL, -1 ) ;
++
++ ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ;
++
++ /*-
++ * Firstly, checking whether the slot is in the repository already.
++ */
++ flag = 0 ;
++ for( ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) {
++ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ;
++ /* If find the slot in the list */
++ if( keySlot != NULL && xmlSecNssKeySlotGetSlot( keySlot ) == slot ) {
++ /* If mechnism type is valid, bind the slot with the mechanism */
++ if( type != CKM_INVALID_MECHANISM ) {
++ if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++ }
++
++ flag = 1 ;
++ }
++ }
++
++ /* If the slot do not in the list, add a new item to the list */
++ if( flag == 0 ) {
++ /* Create a new KeySlot */
++ keySlot = xmlSecNssKeySlotCreate() ;
++ if( keySlot == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return(-1);
++ }
++
++ /* Initialize the keySlot with a slot */
++ if( xmlSecNssKeySlotInitialize( keySlot, slot ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecNssKeySlotDestroy( keySlot ) ;
++ return(-1);
++ }
++
++ /* If mechnism type is valid, bind the slot with the mechanism */
++ if( type != CKM_INVALID_MECHANISM ) {
++ if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecNssKeySlotDestroy( keySlot ) ;
++ return(-1);
++ }
++ }
++
++ /* Add keySlot into the list */
++ if( xmlSecPtrListAdd( _xmlSecNssKeySlotList, keySlot ) < 0 ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ NULL ,
++ NULL ,
++ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecNssKeySlotDestroy( keySlot ) ;
++ return(-1);
++ }
++ }
++
++ return(0);
++}
++
+--- misc/xmlsec1-1.2.12/src/nss/x509.c 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/x509.c 2009-09-21 14:02:48.642312431 +0200
+@@ -34,7 +34,6 @@
+ #include <xmlsec/keys.h>
+ #include <xmlsec/keyinfo.h>
+ #include <xmlsec/keysmngr.h>
+-#include <xmlsec/x509.h>
+ #include <xmlsec/base64.h>
+ #include <xmlsec/errors.h>
+
+@@ -61,33 +60,18 @@
+ static int xmlSecNssX509CertificateNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+-static int xmlSecNssX509CertificateNodeWrite (CERTCertificate* cert,
+- xmlNodePtr node,
+- xmlSecKeyInfoCtxPtr keyInfoCtx);
+ static int xmlSecNssX509SubjectNameNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+-static int xmlSecNssX509SubjectNameNodeWrite (CERTCertificate* cert,
+- xmlNodePtr node,
+- xmlSecKeyInfoCtxPtr keyInfoCtx);
+ static int xmlSecNssX509IssuerSerialNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+-static int xmlSecNssX509IssuerSerialNodeWrite (CERTCertificate* cert,
+- xmlNodePtr node,
+- xmlSecKeyInfoCtxPtr keyInfoCtx);
+ static int xmlSecNssX509SKINodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+-static int xmlSecNssX509SKINodeWrite (CERTCertificate* cert,
+- xmlNodePtr node,
+- xmlSecKeyInfoCtxPtr keyInfoCtx);
+ static int xmlSecNssX509CRLNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+-static int xmlSecNssX509CRLNodeWrite (CERTSignedCrl* crl,
+- xmlNodePtr node,
+- xmlSecKeyInfoCtxPtr keyInfoCtx);
+ static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data,
+ xmlSecKeyPtr key,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+@@ -104,9 +88,6 @@
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+ static xmlChar* xmlSecNssX509CrlBase64DerWrite (CERTSignedCrl* crl,
+ int base64LineWrap);
+-static xmlChar* xmlSecNssX509NameWrite (CERTName* nm);
+-static xmlChar* xmlSecNssASN1IntegerWrite (SECItem *num);
+-static xmlChar* xmlSecNssX509SKIWrite (CERTCertificate* cert);
+ static void xmlSecNssX509CertDebugDump (CERTCertificate* cert,
+ FILE* output);
+ static void xmlSecNssX509CertDebugXmlDump (CERTCertificate* cert,
+@@ -752,31 +733,22 @@
+ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataPtr data;
++ xmlNodePtr cur;
++ xmlChar* buf;
+ CERTCertificate* cert;
+ CERTSignedCrl* crl;
+ xmlSecSize size, pos;
+- int content = 0;
+- int ret;
+
+ xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+- content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx);
+- if (content < 0) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+- "xmlSecX509DataGetNodeContent",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "content=%d", content);
+- return(-1);
+- } else if(content == 0) {
+- /* by default we are writing certificates and crls */
+- content = XMLSEC_X509DATA_DEFAULT;
++ /* todo: flag in ctx remove all existing content */
++ if(0) {
++ xmlNodeSetContent(node, NULL);
+ }
+
+- /* get x509 data */
+ data = xmlSecKeyGetData(key, id);
+ if(data == NULL) {
+ /* no x509 data in the key */
+@@ -796,79 +768,74 @@
+ return(-1);
+ }
+
+- if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) {
+- ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx);
+- if(ret < 0) {
++ /* set base64 lines size from context */
++ buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
++ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+- "xmlSecNssX509CertificateNodeWrite",
++ "xmlSecNssX509CertBase64DerWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "pos=%d", pos);
++ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+- }
+ }
+
+- if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) {
+- ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx);
+- if(ret < 0) {
++ cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
++ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+- "xmlSecNssX509SubjectNameNodeWrite",
++ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "pos=%d", pos);
++ "node=%s",
++ xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
++ xmlFree(buf);
+ return(-1);
+- }
+ }
++ /* todo: add \n around base64 data - from context */
++ /* todo: add errors check */
++ xmlNodeSetContent(cur, xmlSecStringCR);
++ xmlNodeSetContent(cur, buf);
++ xmlFree(buf);
++ }
+
+- if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) {
+- ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx);
+- if(ret < 0) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+- "xmlSecNssX509IssuerSerialNodeWrite",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "pos=%d", pos);
+- return(-1);
+- }
++ /* write crls */
++ size = xmlSecNssKeyDataX509GetCrlsSize(data);
++ for(pos = 0; pos < size; ++pos) {
++ crl = xmlSecNssKeyDataX509GetCrl(data, pos);
++ if(crl == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecNssKeyDataX509GetCrl",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ "pos=%d", pos);
++ return(-1);
+ }
+
+- if((content & XMLSEC_X509DATA_SKI_NODE) != 0) {
+- ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx);
+- if(ret < 0) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+- "xmlSecNssX509SKINodeWrite",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "pos=%d", pos);
+- return(-1);
+- }
++ /* set base64 lines size from context */
++ buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
++ if(buf == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecNssX509CrlBase64DerWrite",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ XMLSEC_ERRORS_NO_MESSAGE);
++ return(-1);
+ }
+- }
+
+- /* write crls if needed */
+- if((content & XMLSEC_X509DATA_CRL_NODE) != 0) {
+- size = xmlSecNssKeyDataX509GetCrlsSize(data);
+- for(pos = 0; pos < size; ++pos) {
+- crl = xmlSecNssKeyDataX509GetCrl(data, pos);
+- if(crl == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+- "xmlSecNssKeyDataX509GetCrl",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "pos=%d", pos);
+- return(-1);
+- }
+-
+- ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx);
+- if(ret < 0) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+- "xmlSecNssX509CRLNodeWrite",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "pos=%d", pos);
+- return(-1);
+- }
+- }
++ cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
++ if(cur == NULL) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
++ "xmlSecAddChild",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ "new_node=%s",
++ xmlSecErrorsSafeString(xmlSecNodeX509CRL));
++ xmlFree(buf);
++ return(-1);
++ }
++ /* todo: add \n around base64 data - from context */
++ /* todo: add errors check */
++ xmlNodeSetContent(cur, xmlSecStringCR);
++ xmlNodeSetContent(cur, buf);
+ }
+
+ return(0);
+@@ -1057,46 +1024,6 @@
+ return(0);
+ }
+
+-static int
+-xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+- xmlChar* buf;
+- xmlNodePtr cur;
+-
+- xmlSecAssert2(cert != NULL, -1);
+- xmlSecAssert2(node != NULL, -1);
+- xmlSecAssert2(keyInfoCtx != NULL, -1);
+-
+- /* set base64 lines size from context */
+- buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
+- if(buf == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecNssX509CertBase64DerWrite",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- return(-1);
+- }
+-
+- cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
+- if(cur == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecAddChild",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "node=%s",
+- xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
+- xmlFree(buf);
+- return(-1);
+- }
+-
+- /* todo: add \n around base64 data - from context */
+- /* todo: add errors check */
+- xmlNodeSetContent(cur, xmlSecStringCR);
+- xmlNodeSetContent(cur, buf);
+- xmlFree(buf);
+- return(0);
+-}
+-
+ static int
+ xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataStorePtr x509Store;
+@@ -1120,19 +1047,13 @@
+ }
+
+ subject = xmlNodeGetContent(node);
+- if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) {
+- if(subject != NULL) {
+- xmlFree(subject);
+- }
+- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
++ if(subject == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+- }
+- return(0);
+ }
+
+ cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx);
+@@ -1169,40 +1090,6 @@
+ return(0);
+ }
+
+-static int
+-xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
+- xmlChar* buf = NULL;
+- xmlNodePtr cur = NULL;
+-
+- xmlSecAssert2(cert != NULL, -1);
+- xmlSecAssert2(node != NULL, -1);
+-
+- buf = xmlSecNssX509NameWrite(&(cert->subject));
+- if(buf == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecNssX509NameWrite(&(cert->subject))",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- return(-1);
+- }
+-
+- cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs);
+- if(cur == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecAddChild",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "node=%s",
+- xmlSecErrorsSafeString(xmlSecNodeX509SubjectName));
+- xmlFree(buf);
+- return(-1);
+- }
+- xmlSecNodeEncodeAndSetContent(cur, buf);
+- xmlFree(buf);
+- return(0);
+-}
+-
+ static int
+ xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataStorePtr x509Store;
+@@ -1228,21 +1115,9 @@
+ }
+
+ cur = xmlSecGetNextElementNode(node->children);
+- if(cur == NULL) {
+- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
+- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+- "node=%s",
+- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+- return(-1);
+- }
+- return(0);
+- }
+
+ /* the first is required node X509IssuerName */
+- if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
++ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
+@@ -1336,78 +1211,6 @@
+ return(0);
+ }
+
+-static int
+-xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
+- xmlNodePtr cur;
+- xmlNodePtr issuerNameNode;
+- xmlNodePtr issuerNumberNode;
+- xmlChar* buf;
+-
+- xmlSecAssert2(cert != NULL, -1);
+- xmlSecAssert2(node != NULL, -1);
+-
+- /* create xml nodes */
+- cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs);
+- if(cur == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecAddChild",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "node=%s",
+- xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial));
+- return(-1);
+- }
+-
+- issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs);
+- if(issuerNameNode == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecAddChild",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "node=%s",
+- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
+- return(-1);
+- }
+-
+- issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs);
+- if(issuerNumberNode == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecAddChild",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "node=%s",
+- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
+- return(-1);
+- }
+-
+- /* write data */
+- buf = xmlSecNssX509NameWrite(&(cert->issuer));
+- if(buf == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecNssX509NameWrite(&(cert->issuer))",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- return(-1);
+- }
+- xmlSecNodeEncodeAndSetContent(issuerNameNode, buf);
+- xmlFree(buf);
+-
+- buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber));
+- if(buf == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- return(-1);
+- }
+- xmlNodeSetContent(issuerNumberNode, buf);
+- xmlFree(buf);
+-
+- return(0);
+-}
+-
+ static int
+ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataStorePtr x509Store;
+@@ -1431,11 +1234,7 @@
+ }
+
+ ski = xmlNodeGetContent(node);
+- if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) {
+- if(ski != NULL) {
+- xmlFree(ski);
+- }
+- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
++ if(ski == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+@@ -1443,8 +1242,6 @@
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SKI));
+ return(-1);
+- }
+- return(0);
+ }
+
+ cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx);
+@@ -1479,41 +1276,6 @@
+ return(0);
+ }
+
+-static int
+-xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
+- xmlChar *buf = NULL;
+- xmlNodePtr cur = NULL;
+-
+- xmlSecAssert2(cert != NULL, -1);
+- xmlSecAssert2(node != NULL, -1);
+-
+- buf = xmlSecNssX509SKIWrite(cert);
+- if(buf == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecNssX509SKIWrite",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- return(-1);
+- }
+-
+- cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs);
+- if(cur == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecAddChild",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "new_node=%s",
+- xmlSecErrorsSafeString(xmlSecNodeX509SKI));
+- xmlFree(buf);
+- return(-1);
+- }
+- xmlSecNodeEncodeAndSetContent(cur, buf);
+- xmlFree(buf);
+-
+- return(0);
+-}
+-
+ static int
+ xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlChar *content;
+@@ -1524,19 +1286,13 @@
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ content = xmlNodeGetContent(node);
+- if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
+- if(content != NULL) {
+- xmlFree(content);
+- }
+- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
++ if(content == NULL){
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+- }
+- return(0);
+ }
+
+ crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx);
+@@ -1556,47 +1312,6 @@
+ }
+
+ static int
+-xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+- xmlChar* buf = NULL;
+- xmlNodePtr cur = NULL;
+-
+- xmlSecAssert2(crl != NULL, -1);
+- xmlSecAssert2(node != NULL, -1);
+- xmlSecAssert2(keyInfoCtx != NULL, -1);
+-
+- /* set base64 lines size from context */
+- buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
+- if(buf == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecNssX509CrlBase64DerWrite",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- return(-1);
+- }
+-
+- cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
+- if(cur == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecAddChild",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "new_node=%s",
+- xmlSecErrorsSafeString(xmlSecNodeX509CRL));
+- xmlFree(buf);
+- return(-1);
+- }
+- /* todo: add \n around base64 data - from context */
+- /* todo: add errors check */
+- xmlNodeSetContent(cur, xmlSecStringCR);
+- xmlNodeSetContent(cur, buf);
+- xmlFree(buf);
+-
+- return(0);
+-}
+-
+-
+-static int
+ xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecNssX509DataCtxPtr ctx;
+@@ -1604,6 +1319,10 @@
+ int ret;
+ SECStatus status;
+ PRTime notBefore, notAfter;
++
++ PK11SlotInfo* slot ;
++ SECKEYPublicKey *pubKey = NULL;
++ SECKEYPrivateKey *priKey = NULL;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1);
+ xmlSecAssert2(key != NULL, -1);
+@@ -1636,10 +1355,14 @@
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CERT_DupCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
++ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+-
++
++ /*-
++ * Get Public key from cert, which does not always work for sign
++ * action.
++ *
+ keyValue = xmlSecNssX509CertGetKey(ctx->keyCert);
+ if(keyValue == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+@@ -1649,6 +1372,54 @@
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
++ */
++ /*-
++ * I'll search key according to KeyReq.
++ */
++ slot = cert->slot ;
++ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
++ if( ( priKey = PK11_FindPrivateKeyFromCert( slot , cert , NULL ) ) == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
++ "PK11_FindPrivateKeyFromCert" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ return -1 ;
++ }
++ }
++
++ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
++ if( ( pubKey = CERT_ExtractPublicKey( cert ) ) == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
++ "CERT_ExtractPublicKey" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++
++ if( priKey != NULL )
++ SECKEY_DestroyPrivateKey( priKey ) ;
++ return -1 ;
++ }
++ }
++
++ keyValue = xmlSecNssPKIAdoptKey(priKey, pubKey);
++ if( keyValue == NULL ) {
++ xmlSecError( XMLSEC_ERRORS_HERE ,
++ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
++ "xmlSecNssPKIAdoptKey" ,
++ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++
++ if( priKey != NULL )
++ SECKEY_DestroyPrivateKey( priKey ) ;
++
++ if( pubKey != NULL )
++ SECKEY_DestroyPublicKey( pubKey ) ;
++
++ return -1 ;
++ }
++ /* Modify keyValue get Done */
+
+ /* verify that the key matches our expectations */
+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
+@@ -1950,86 +1721,6 @@
+ return(res);
+ }
+
+-static xmlChar*
+-xmlSecNssX509NameWrite(CERTName* nm) {
+- xmlChar *res = NULL;
+- char *str;
+-
+- xmlSecAssert2(nm != NULL, NULL);
+-
+- str = CERT_NameToAscii(nm);
+- if (str == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "CERT_NameToAscii",
+- XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- return(NULL);
+- }
+-
+- res = xmlStrdup(BAD_CAST str);
+- if(res == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlStrdup",
+- XMLSEC_ERRORS_R_MALLOC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- PORT_Free(str);
+- return(NULL);
+- }
+- PORT_Free(str);
+- return(res);
+-}
+-
+-static xmlChar*
+-xmlSecNssASN1IntegerWrite(SECItem *num) {
+- xmlChar *res = NULL;
+-
+- xmlSecAssert2(num != NULL, NULL);
+-
+- /* TODO : to be implemented after
+- * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed
+- */
+- return(res);
+-}
+-
+-static xmlChar*
+-xmlSecNssX509SKIWrite(CERTCertificate* cert) {
+- xmlChar *res = NULL;
+- SECItem ski;
+- SECStatus rv;
+-
+- xmlSecAssert2(cert != NULL, NULL);
+-
+- memset(&ski, 0, sizeof(ski));
+-
+- rv = CERT_FindSubjectKeyIDExtension(cert, &ski);
+- if (rv != SECSuccess) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "CERT_FindSubjectKeyIDExtension",
+- XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- SECITEM_FreeItem(&ski, PR_FALSE);
+- return(NULL);
+- }
+-
+- res = xmlSecBase64Encode(ski.data, ski.len, 0);
+- if(res == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecBase64Encode",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- SECITEM_FreeItem(&ski, PR_FALSE);
+- return(NULL);
+- }
+- SECITEM_FreeItem(&ski, PR_FALSE);
+-
+- return(res);
+-}
+-
+-
+ static void
+ xmlSecNssX509CertDebugDump(CERTCertificate* cert, FILE* output) {
+ SECItem *sn;
+--- misc/xmlsec1-1.2.12/src/nss/x509vfy.c 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/src/nss/x509vfy.c 2009-09-21 14:02:48.669245207 +0200
+@@ -30,6 +30,7 @@
+ #include <xmlsec/keyinfo.h>
+ #include <xmlsec/keysmngr.h>
+ #include <xmlsec/base64.h>
++#include <xmlsec/bn.h>
+ #include <xmlsec/errors.h>
+
+ #include <xmlsec/nss/crypto.h>
+@@ -61,17 +62,7 @@
+
+ static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store);
+ static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store);
+-static int xmlSecNssX509NameStringRead (xmlSecByte **str,
+- int *strLen,
+- xmlSecByte *res,
+- int resLen,
+- xmlSecByte delim,
+- int ingoreTrailingSpaces);
+-static xmlSecByte * xmlSecNssX509NameRead (xmlSecByte *str,
+- int len);
+-
+-static void xmlSecNssNumToItem(SECItem *it, unsigned long num);
+-
++static int xmlSecNssIntegerToItem( const xmlChar* integer , SECItem *it ) ;
+
+ static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = {
+ sizeof(xmlSecKeyDataStoreKlass),
+@@ -343,40 +334,28 @@
+ xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName,
+ xmlChar *issuerSerial, xmlChar *ski) {
+ CERTCertificate *cert = NULL;
+- xmlChar *p = NULL;
+ CERTName *name = NULL;
+ SECItem *nameitem = NULL;
+ PRArenaPool *arena = NULL;
+
+ if (subjectName != NULL) {
+- p = xmlSecNssX509NameRead(subjectName, xmlStrlen(subjectName));
+- if (p == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecNssX509NameRead",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "subject=%s",
+- xmlSecErrorsSafeString(subjectName));
+- goto done;
+- }
+-
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if (arena == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PORT_NewArena",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
++ "error code=%d", PORT_GetError());
+ goto done;
+ }
+
+- name = CERT_AsciiToName((char*)p);
++ name = CERT_AsciiToName((char*)subjectName);
+ if (name == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CERT_AsciiToName",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
++ "error code=%d", PORT_GetError());
+ goto done;
+ }
+
+@@ -398,34 +377,23 @@
+ if((issuerName != NULL) && (issuerSerial != NULL)) {
+ CERTIssuerAndSN issuerAndSN;
+
+- p = xmlSecNssX509NameRead(issuerName, xmlStrlen(issuerName));
+- if (p == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecNssX509NameRead",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- "issuer=%s",
+- xmlSecErrorsSafeString(issuerName));
+- goto done;
+- }
+-
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if (arena == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PORT_NewArena",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
++ "error code=%d", PORT_GetError());
+ goto done;
+ }
+
+- name = CERT_AsciiToName((char*)p);
++ name = CERT_AsciiToName((char*)issuerName);
+ if (name == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CERT_AsciiToName",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
++ "error code=%d", PORT_GetError());
+ goto done;
+ }
+
+@@ -445,8 +413,15 @@
+ issuerAndSN.derIssuer.data = nameitem->data;
+ issuerAndSN.derIssuer.len = nameitem->len;
+
+- /* TBD: serial num can be arbitrarily long */
+- xmlSecNssNumToItem(&issuerAndSN.serialNumber, PORT_Atoi((char *)issuerSerial));
++ if( xmlSecNssIntegerToItem( issuerSerial, &issuerAndSN.serialNumber ) < 0 ) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
++ NULL,
++ "xmlSecNssIntegerToItem",
++ XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ "serial number=%s",
++ xmlSecErrorsSafeString(issuerSerial));
++ goto done;
++ }
+
+ cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(),
+ &issuerAndSN);
+@@ -477,9 +452,6 @@
+ }
+
+ done:
+- if (p != NULL) {
+- PORT_Free(p);
+- }
+ if (arena != NULL) {
+ PORT_FreeArena(arena, PR_FALSE);
+ }
+@@ -490,226 +462,76 @@
+ return(cert);
+ }
+
+-/**
+- * xmlSecNssX509NameRead:
+- */
+-static xmlSecByte *
+-xmlSecNssX509NameRead(xmlSecByte *str, int len) {
+- xmlSecByte name[256];
+- xmlSecByte value[256];
+- xmlSecByte *retval = NULL;
+- xmlSecByte *p = NULL;
+- int nameLen, valueLen;
++static int
++xmlSecNssIntegerToItem(
++ const xmlChar* integer ,
++ SECItem *item
++) {
++ xmlSecBn bn ;
++ xmlSecSize i, length ;
++ const xmlSecByte* bnInteger ;
+
+- xmlSecAssert2(str != NULL, NULL);
+-
+- /* return string should be no longer than input string */
+- retval = (xmlSecByte *)PORT_Alloc(len+1);
+- if(retval == NULL) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "PORT_Alloc",
+- XMLSEC_ERRORS_R_MALLOC_FAILED,
+- XMLSEC_ERRORS_NO_MESSAGE);
+- return(NULL);
+- }
+- p = retval;
+-
+- while(len > 0) {
+- /* skip spaces after comma or semicolon */
+- while((len > 0) && isspace(*str)) {
+- ++str; --len;
+- }
++ xmlSecAssert2( integer != NULL, -1 ) ;
++ xmlSecAssert2( item != NULL, -1 ) ;
+
+- nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0);
+- if(nameLen < 0) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
++ if( xmlSecBnInitialize( &bn, 0 ) < 0 ) {
++ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+- "xmlSecNssX509NameStringRead",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ "xmlSecBnInitialize",
++ XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+- goto done;
+- }
+- memcpy(p, name, nameLen);
+- p+=nameLen;
+- *p++='=';
+- if(len > 0) {
+- ++str; --len;
+- if((*str) == '\"') {
+- valueLen = xmlSecNssX509NameStringRead(&str, &len,
+- value, sizeof(value), '"', 1);
+- if(valueLen < 0) {
++ return -1 ;
++ }
++
++ if( xmlSecBnFromDecString( &bn, integer ) < 0 ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+- "xmlSecNssX509NameStringRead",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
++ "xmlSecBnFromDecString",
++ XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+- goto done;
+- }
+- /* skip spaces before comma or semicolon */
+- while((len > 0) && isspace(*str)) {
+- ++str; --len;
+- }
+- if((len > 0) && ((*str) != ',')) {
++ xmlSecBnFinalize( &bn ) ;
++ return -1 ;
++ }
++
++ length = xmlSecBnGetSize( &bn ) ;
++ if( length <= 0 ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+- NULL,
++ "xmlSecBnGetSize",
+ XMLSEC_ERRORS_R_INVALID_DATA,
+- "comma is expected");
+- goto done;
+- }
+- if(len > 0) {
+- ++str; --len;
+- }
+- *p++='\"';
+- memcpy(p, value, valueLen);
+- p+=valueLen;
+- *p++='\"';
+- } else if((*str) == '#') {
+- /* TODO: read octect values */
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- NULL,
+- XMLSEC_ERRORS_R_INVALID_DATA,
+- "reading octect values is not implemented yet");
+- goto done;
+- } else {
+- valueLen = xmlSecNssX509NameStringRead(&str, &len,
+- value, sizeof(value), ',', 1);
+- if(valueLen < 0) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- "xmlSecNssX509NameStringRead",
+- XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+- goto done;
+- }
+- memcpy(p, value, valueLen);
+- p+=valueLen;
+- if (len > 0)
+- *p++=',';
+- }
+- } else {
+- valueLen = 0;
+- }
+- if(len > 0) {
+- ++str; --len;
+- }
+ }
+
+- *p = 0;
+- return(retval);
+-
+-done:
+- PORT_Free(retval);
+- return (NULL);
+-}
+-
+-
+-
+-/**
+- * xmlSecNssX509NameStringRead:
+- */
+-static int
+-xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen,
+- xmlSecByte *res, int resLen,
+- xmlSecByte delim, int ingoreTrailingSpaces) {
+- xmlSecByte *p, *q, *nonSpace;
+-
+- xmlSecAssert2(str != NULL, -1);
+- xmlSecAssert2(strLen != NULL, -1);
+- xmlSecAssert2(res != NULL, -1);
+-
+- p = (*str);
+- nonSpace = q = res;
+- while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) {
+- if((*p) != '\\') {
+- if(ingoreTrailingSpaces && !isspace(*p)) {
+- nonSpace = q;
+- }
+- *(q++) = *(p++);
+- } else {
+- ++p;
+- nonSpace = q;
+- if(xmlSecIsHex((*p))) {
+- if((p - (*str) + 1) >= (*strLen)) {
++ bnInteger = xmlSecBnGetData( &bn ) ;
++ if( bnInteger == NULL ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+- NULL,
++ "xmlSecBnGetData",
+ XMLSEC_ERRORS_R_INVALID_DATA,
+- "two hex digits expected");
+- return(-1);
+- }
+- *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]);
+- p += 2;
+- } else {
+- if(((++p) - (*str)) >= (*strLen)) {
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecBnFinalize( &bn ) ;
++ return -1 ;
++ }
++
++ item->data = ( unsigned char * )PORT_Alloc( length );
++ if( item->data == NULL ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+- NULL,
++ "PORT_Alloc",
+ XMLSEC_ERRORS_R_INVALID_DATA,
+- "escaped symbol missed");
+- return(-1);
+- }
+- *(q++) = *(p++);
+- }
+- }
++ XMLSEC_ERRORS_NO_MESSAGE ) ;
++ xmlSecBnFinalize( &bn ) ;
++ return -1 ;
+ }
+- if(((p - (*str)) < (*strLen)) && ((*p) != delim)) {
+- xmlSecError(XMLSEC_ERRORS_HERE,
+- NULL,
+- NULL,
+- XMLSEC_ERRORS_R_INVALID_SIZE,
+- "buffer is too small");
+- return(-1);
+- }
+- (*strLen) -= (p - (*str));
+- (*str) = p;
+- return((ingoreTrailingSpaces) ? nonSpace - res + 1 : q - res);
+-}
+
+-/* code lifted from NSS */
+-static void
+-xmlSecNssNumToItem(SECItem *it, unsigned long ui)
+-{
+- unsigned char bb[5];
+- int len;
+-
+- bb[0] = 0;
+- bb[1] = (unsigned char) (ui >> 24);
+- bb[2] = (unsigned char) (ui >> 16);
+- bb[3] = (unsigned char) (ui >> 8);
+- bb[4] = (unsigned char) (ui);
+-
+- /*
+- ** Small integers are encoded in a single byte. Larger integers
+- ** require progressively more space.
+- */
+- if (ui > 0x7f) {
+- if (ui > 0x7fff) {
+- if (ui > 0x7fffffL) {
+- if (ui >= 0x80000000L) {
+- len = 5;
+- } else {
+- len = 4;
+- }
+- } else {
+- len = 3;
+- }
+- } else {
+- len = 2;
+- }
+- } else {
+- len = 1;
+- }
++ item->len = length;
+
+- it->data = (unsigned char *)PORT_Alloc(len);
+- if (it->data == NULL) {
+- return;
+- }
++ for( i = 0 ; i < length ; i ++ )
++ item->data[i] = *( bnInteger + i ) ;
++
++ xmlSecBnFinalize( &bn ) ;
+
+- it->len = len;
+- PORT_Memcpy(it->data, bb + (sizeof(bb) - len), len);
++ return 0 ;
+ }
+ #endif /* XMLSEC_NO_X509 */
+
+--- misc/xmlsec1-1.2.12/win32/Makefile.msvc 2009-06-25 22:53:18.000000000 +0200
++++ misc/build/xmlsec1-1.2.12/win32/Makefile.msvc 2009-09-21 14:02:48.607277908 +0200
+@@ -223,6 +223,9 @@
+ $(XMLSEC_OPENSSL_INTDIR_A)\x509vfy.obj
+
+ XMLSEC_NSS_OBJS = \
++ $(XMLSEC_NSS_INTDIR)\akmngr.obj\
++ $(XMLSEC_NSS_INTDIR)\keywrapers.obj\
++ $(XMLSEC_NSS_INTDIR)\tokens.obj\
+ $(XMLSEC_NSS_INTDIR)\app.obj\
+ $(XMLSEC_NSS_INTDIR)\bignum.obj\
+ $(XMLSEC_NSS_INTDIR)\ciphers.obj \
+@@ -258,6 +261,7 @@
+ $(XMLSEC_NSS_INTDIR_A)\strings.obj
+
+ XMLSEC_MSCRYPTO_OBJS = \
++ $(XMLSEC_MSCRYPTO_INTDIR)\akmngr.obj\
+ $(XMLSEC_MSCRYPTO_INTDIR)\app.obj\
+ $(XMLSEC_MSCRYPTO_INTDIR)\crypto.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR)\ciphers.obj \
generated by cgit (git 2.34.1) at 2025-01-06 21:16:57 +0000