[Libreoffice-commits] core.git: external/xmlsec xmlsecurity/source
Miklos Vajna
vmiklos at collabora.co.uk
Tue Jun 5 07:43:48 UTC 2018
external/xmlsec/UnpackedTarball_xmlsec.mk | 1
external/xmlsec/xmlsec1-customkeymanage.patch.1 | 4321 ----------
xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx | 36
3 files changed, 4358 deletions(-)
New commits:
commit f06004c03bbd076767a570180b7fc239064713e6
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date: Mon Jun 4 21:25:38 2018 +0200
libxmlsec: drop not needed xmlsec1-customkeymanage.patch.1
This was added in commit ebd1b95bb5f9235d1dba1b840fd746c9b53320d2
(INTEGRATION: CWS xmlsec08 (1.1.2); FILE ADDED; 2005-03-10) without any
real commit message to explain why this is necessary.
system-xmlsec (not containing this patch) works fine for our XML signing
purposes with software certificates, and just recently I learned that
even hardware-based certificates work fine without this patch, so it can
go away.
I assume this was a refactor to allow some new feature as a next step,
but that feature was never implemented.
Change-Id: I31639230483cd34b14b35fd41b4fcd8284476138
Reviewed-on: https://gerrit.libreoffice.org/55296
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>
diff --git a/external/xmlsec/UnpackedTarball_xmlsec.mk b/external/xmlsec/UnpackedTarball_xmlsec.mk
index 24be126f1d84..cd824e4cff9b 100644
--- a/external/xmlsec/UnpackedTarball_xmlsec.mk
+++ b/external/xmlsec/UnpackedTarball_xmlsec.mk
@@ -11,7 +11,6 @@ xmlsec_patches :=
xmlsec_patches += xmlsec1-configure.patch.1
xmlsec_patches += xmlsec1-vc.patch.1
xmlsec_patches += xmlsec1-1.2.14_fix_extern_c.patch.1
-xmlsec_patches += xmlsec1-customkeymanage.patch.1
# Backport of <https://github.com/lsh123/xmlsec/pull/172>.
xmlsec_patches += xmlsec1-ecdsa-assert.patch.1
diff --git a/external/xmlsec/xmlsec1-customkeymanage.patch.1 b/external/xmlsec/xmlsec1-customkeymanage.patch.1
deleted file mode 100644
index 14595da6df16..000000000000
--- a/external/xmlsec/xmlsec1-customkeymanage.patch.1
+++ /dev/null
@@ -1,4321 +0,0 @@
-From 57f9146c45b1819afdd79a96a77ea55fb84ddb50 Mon Sep 17 00:00:00 2001
-From: Miklos Vajna <vmiklos at collabora.co.uk>
-Date: Fri, 4 Mar 2016 16:19:12 +0100
-Subject: [PATCH] xmlsec1-customkeymanage.patch
-
-Conflicts:
- include/xmlsec/nss/app.h
- include/xmlsec/nss/keysstore.h
- src/nss/Makefile.in
- src/nss/hmac.c
- src/nss/keysstore.c
- src/nss/pkikeys.c
- src/nss/symkeys.c
- src/nss/x509.c
- src/nss/x509vfy.c
----
- include/xmlsec/nss/Makefile.am | 3 +
- include/xmlsec/nss/Makefile.in | 3 +
- include/xmlsec/nss/akmngr.h | 56 +++
- include/xmlsec/nss/app.h | 5 +
- include/xmlsec/nss/ciphers.h | 35 ++
- include/xmlsec/nss/keysstore.h | 4 +
- include/xmlsec/nss/tokens.h | 182 ++++++++++
- src/nss/Makefile.am | 2 +
- src/nss/Makefile.in | 20 ++
- src/nss/akmngr.c | 384 ++++++++++++++++++++
- src/nss/hmac.c | 6 +-
- src/nss/keysstore.c | 772 +++++++++++++++++++++++++++++------------
- src/nss/pkikeys.c | 81 ++---
- src/nss/symkeys.c | 705 +++++++++++++++++++++++++++++++++++--
- src/nss/tokens.c | 544 +++++++++++++++++++++++++++++
- src/nss/x509.c | 491 ++++++--------------------
- src/nss/x509vfy.c | 248 +++++--------
- 17 files changed, 2703 insertions(+), 838 deletions(-)
- create mode 100644 include/xmlsec/nss/akmngr.h
- create mode 100644 include/xmlsec/nss/ciphers.h
- create mode 100644 include/xmlsec/nss/tokens.h
- create mode 100644 src/nss/akmngr.c
- create mode 100644 src/nss/tokens.c
-
-diff --git a/include/xmlsec/nss/Makefile.am b/include/xmlsec/nss/Makefile.am
-index e3521622..997ca7fd 100644
---- a/include/xmlsec/nss/Makefile.am
-+++ b/include/xmlsec/nss/Makefile.am
-@@ -10,6 +10,9 @@ bignum.h \
- keysstore.h \
- pkikeys.h \
- x509.h \
-+akmngr.h \
-+tokens.h \
-+ciphers.h \
- $(NULL)
-
- install-exec-hook:
-diff --git a/include/xmlsec/nss/Makefile.in b/include/xmlsec/nss/Makefile.in
-index 6fecb4f5..672d10e7 100644
---- a/include/xmlsec/nss/Makefile.in
-+++ b/include/xmlsec/nss/Makefile.in
-@@ -407,6 +407,9 @@ bignum.h \
- keysstore.h \
- pkikeys.h \
- x509.h \
-+akmngr.h \
-+tokens.h \
-+ciphers.h \
- $(NULL)
-
- all: all-am
-diff --git a/include/xmlsec/nss/akmngr.h b/include/xmlsec/nss/akmngr.h
-new file mode 100644
-index 00000000..80535110
---- /dev/null
-+++ b/include/xmlsec/nss/akmngr.h
-@@ -0,0 +1,56 @@
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright ..........................
-+ */
-+#ifndef __XMLSEC_NSS_AKMNGR_H__
-+#define __XMLSEC_NSS_AKMNGR_H__
-+
-+#include <nss.h>
-+#include <nspr.h>
-+#include <pk11func.h>
-+#include <cert.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/transforms.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif /* __cplusplus */
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
-+xmlSecNssAppliedKeysMngrCreate(
-+ PK11SlotInfo** slots,
-+ int cSlots,
-+ CERTCertDBHandle* handler
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssAppliedKeysMngrSymKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ PK11SymKey* symKey
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssAppliedKeysMngrPubKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ SECKEYPublicKey* pubKey
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssAppliedKeysMngrPriKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ SECKEYPrivateKey* priKey
-+) ;
-+
-+#ifdef __cplusplus
-+}
-+#endif /* __cplusplus */
-+
-+#endif /* __XMLSEC_NSS_AKMNGR_H__ */
-+
-+
-diff --git a/include/xmlsec/nss/app.h b/include/xmlsec/nss/app.h
-index 93f6c637..03f6aa14 100644
---- a/include/xmlsec/nss/app.h
-+++ b/include/xmlsec/nss/app.h
-@@ -22,6 +22,9 @@ extern "C" {
- #include <xmlsec/keysmngr.h>
- #include <xmlsec/transforms.h>
-
-+#include <xmlsec/nss/tokens.h>
-+#include <xmlsec/nss/akmngr.h>
-+
- /********************************************************************
- *
- * Init/shutdown
-@@ -40,6 +43,8 @@ XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKey(xmlS
- xmlSecKeyPtr key);
- XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr,
- const char* uri);
-+XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKeySlot(xmlSecKeysMngrPtr mngr,
-+ xmlSecNssKeySlotPtr keySlot);
- XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr,
- const char* filename,
- xmlSecKeyDataType type);
-diff --git a/include/xmlsec/nss/ciphers.h b/include/xmlsec/nss/ciphers.h
-new file mode 100644
-index 00000000..607eb1e0
---- /dev/null
-+++ b/include/xmlsec/nss/ciphers.h
-@@ -0,0 +1,35 @@
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright ..........................
-+ */
-+#ifndef __XMLSEC_NSS_CIPHERS_H__
-+#define __XMLSEC_NSS_CIPHERS_H__
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif /* __cplusplus */
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/transforms.h>
-+
-+
-+XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data,
-+ PK11SymKey* symkey ) ;
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ;
-+
-+XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data);
-+
-+
-+#ifdef __cplusplus
-+}
-+#endif /* __cplusplus */
-+
-+#endif /* __XMLSEC_NSS_CIPHERS_H__ */
-+
-+
-diff --git a/include/xmlsec/nss/keysstore.h b/include/xmlsec/nss/keysstore.h
-index eb64d3c3..369a1453 100644
---- a/include/xmlsec/nss/keysstore.h
-+++ b/include/xmlsec/nss/keysstore.h
-@@ -16,6 +16,8 @@ extern "C" {
- #endif /* __cplusplus */
-
- #include <xmlsec/xmlsec.h>
-+#include <xmlsec/keysmngr.h>
-+#include <xmlsec/nss/tokens.h>
-
- /****************************************************************************
- *
-@@ -31,6 +33,8 @@ extern "C" {
- XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId xmlSecNssKeysStoreGetKlass (void);
- XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKey (xmlSecKeyStorePtr store,
- xmlSecKeyPtr key);
-+XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKeySlot(xmlSecKeyStorePtr store,
-+ xmlSecNssKeySlotPtr keySlot);
- XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store,
- const char *uri,
- xmlSecKeysMngrPtr keysMngr);
-diff --git a/include/xmlsec/nss/tokens.h b/include/xmlsec/nss/tokens.h
-new file mode 100644
-index 00000000..444c5614
---- /dev/null
-+++ b/include/xmlsec/nss/tokens.h
-@@ -0,0 +1,182 @@
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved.
-+ *
-+ * Contributor(s): _____________________________
-+ *
-+ */
-+#ifndef __XMLSEC_NSS_TOKENS_H__
-+#define __XMLSEC_NSS_TOKENS_H__
-+
-+#include <string.h>
-+
-+#include <nss.h>
-+#include <pk11func.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/list.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif /* __cplusplus */
-+
-+/**
-+ * xmlSecNssKeySlotListId
-+ *
-+ * The crypto mechanism list klass
-+ */
-+#define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass()
-+XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ;
-+
-+/*******************************************
-+ * KeySlot interfaces
-+ *******************************************/
-+/**
-+ * Internal NSS key slot data
-+ * @mechanismList: the mechanisms that the slot bound with.
-+ * @slot: the pkcs slot
-+ *
-+ * This context is located after xmlSecPtrList
-+ */
-+typedef struct _xmlSecNssKeySlot xmlSecNssKeySlot ;
-+typedef struct _xmlSecNssKeySlot* xmlSecNssKeySlotPtr ;
-+
-+struct _xmlSecNssKeySlot {
-+ CK_MECHANISM_TYPE_PTR mechanismList ; /* mech. array, NULL ternimated */
-+ PK11SlotInfo* slot ;
-+} ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotSetMechList(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE_PTR mechanismList
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotEnableMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE mechanism
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotDisableMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE mechanism
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR
-+xmlSecNssKeySlotGetMechList(
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotSetSlot(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ PK11SlotInfo* slot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotInitialize(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ PK11SlotInfo* slot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT void
-+xmlSecNssKeySlotFinalize(
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT PK11SlotInfo*
-+xmlSecNssKeySlotGetSlot(
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
-+xmlSecNssKeySlotCreate() ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotCopy(
-+ xmlSecNssKeySlotPtr newKeySlot ,
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
-+xmlSecNssKeySlotDuplicate(
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT void
-+xmlSecNssKeySlotDestroy(
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotBindMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE type
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotSupportMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE type
-+) ;
-+
-+
-+/************************************************************************
-+ * PKCS#11 crypto token interfaces
-+ *
-+ * A PKCS#11 slot repository will be defined internally. From the
-+ * repository, a user can specify a particular slot for a certain crypto
-+ * mechanism.
-+ *
-+ * In some situation, some cryptographic operation should act in a user
-+ * designated devices. The interfaces defined here provide the way. If
-+ * the user do not initialize the repository distinctly, the interfaces
-+ * use the default functions provided by NSS itself.
-+ *
-+ ************************************************************************/
-+/**
-+ * Initialize NSS pkcs#11 slot repository
-+ *
-+ * Returns 0 if success or -1 if an error occurs.
-+ */
-+XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ;
-+
-+/**
-+ * Shutdown and destroy NSS pkcs#11 slot repository
-+ */
-+XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ;
-+
-+/**
-+ * Get PKCS#11 slot handler
-+ * @type the mechanism that the slot must support.
-+ *
-+ * Returns a pointer to PKCS#11 slot or NULL if an error occurs.
-+ *
-+ * Notes: The returned handler must be destroied distinctly.
-+ */
-+XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ;
-+
-+/**
-+ * Adopt a pkcs#11 slot with a mechanism into the repository
-+ * @slot: the pkcs#11 slot.
-+ * @mech: the mechanism.
-+ *
-+ * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with
-+ * this mechanism only can perform on the @slot.
-+ *
-+ * Returns 0 if success or -1 if an error occurs.
-+ */
-+XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ;
-+
-+#ifdef __cplusplus
-+}
-+#endif /* __cplusplus */
-+
-+#endif /* __XMLSEC_NSS_TOKENS_H__ */
-+
-diff --git a/src/nss/Makefile.am b/src/nss/Makefile.am
-index e666f33c..ec9e7896 100644
---- a/src/nss/Makefile.am
-+++ b/src/nss/Makefile.am
-@@ -35,6 +35,8 @@ libxmlsec1_nss_la_SOURCES =\
- kw_des.c \
- kw_aes.c \
- globals.h \
-+ akmngr.c \
-+ tokens.c \
- $(NULL)
-
- libxmlsec1_nss_la_LIBADD = \
-diff --git a/src/nss/Makefile.in b/src/nss/Makefile.in
-index 2861e3ce..7532d90e 100644
---- a/src/nss/Makefile.in
-+++ b/src/nss/Makefile.in
-@@ -140,6 +140,8 @@ am_libxmlsec1_nss_la_OBJECTS = libxmlsec1_nss_la-app.lo \
- libxmlsec1_nss_la-x509.lo libxmlsec1_nss_la-x509vfy.lo \
- libxmlsec1_nss_la-keysstore.lo libxmlsec1_nss_la-keytrans.lo \
- libxmlsec1_nss_la-kw_des.lo libxmlsec1_nss_la-kw_aes.lo \
-+ libxmlsec1_nss_la-akmngr.lo \
-+ libxmlsec1_nss_la-tokens.lo \
- $(am__objects_1)
- libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS)
- AM_V_lt = $(am__v_lt_ at AM_V@)
-@@ -474,6 +476,8 @@ libxmlsec1_nss_la_SOURCES = \
- kw_des.c \
- kw_aes.c \
- globals.h \
-+ akmngr.c \
-+ tokens.c \
- $(NULL)
-
- libxmlsec1_nss_la_LIBADD = \
-@@ -584,6 +588,8 @@ distclean-compile:
- @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libxmlsec1_nss_la-symkeys.Plo at am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libxmlsec1_nss_la-x509.Plo at am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libxmlsec1_nss_la-x509vfy.Plo at am__quote@
-+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo at am__quote@
-+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libxmlsec1_nss_la-tokens.Plo at am__quote@
-
- .c.o:
- @am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
-@@ -616,6 +622,20 @@ libxmlsec1_nss_la-app.lo: app.c
- @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- @am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
-
-+libxmlsec1_nss_la-akmngr.lo: akmngr.c
-+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-akmngr.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c
-+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo $(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo
-+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='akmngr.c' object='libxmlsec1_nss_la-akmngr.lo' libtool=yes @AMDEPBACKSLASH@
-+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c
-+
-+libxmlsec1_nss_la-tokens.lo: tokens.c
-+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-tokens.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c
-+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo $(DEPDIR)/libxmlsec1_nss_la-tokens.Plo
-+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tokens.c' object='libxmlsec1_nss_la-tokens.lo' libtool=yes @AMDEPBACKSLASH@
-+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c
-+
- libxmlsec1_nss_la-bignum.lo: bignum.c
- @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-bignum.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo -c -o libxmlsec1_nss_la-bignum.lo `test -f 'bignum.c' || echo '$(srcdir)/'`bignum.c
- @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo $(DEPDIR)/libxmlsec1_nss_la-bignum.Plo
-diff --git a/src/nss/akmngr.c b/src/nss/akmngr.c
-new file mode 100644
-index 00000000..65b94ac5
---- /dev/null
-+++ b/src/nss/akmngr.c
-@@ -0,0 +1,384 @@
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright.........................
-+ */
-+#include "globals.h"
-+
-+#include <nspr.h>
-+#include <nss.h>
-+#include <pk11func.h>
-+#include <cert.h>
-+#include <keyhi.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/transforms.h>
-+#include <xmlsec/errors.h>
-+
-+#include <xmlsec/nss/crypto.h>
-+#include <xmlsec/nss/tokens.h>
-+#include <xmlsec/nss/akmngr.h>
-+#include <xmlsec/nss/pkikeys.h>
-+#include <xmlsec/nss/ciphers.h>
-+#include <xmlsec/nss/keysstore.h>
-+
-+/**
-+ * xmlSecNssAppliedKeysMngrCreate:
-+ * @slot: array of pointers to NSS PKCS#11 slot information.
-+ * @cSlots: number of slots in the array
-+ * @handler: the pointer to NSS certificate database.
-+ *
-+ * Create and load NSS crypto slot and certificate database into keys manager
-+ *
-+ * Returns keys manager pointer on success or NULL otherwise.
-+ */
-+xmlSecKeysMngrPtr
-+xmlSecNssAppliedKeysMngrCreate(
-+ PK11SlotInfo** slots,
-+ int cSlots,
-+ CERTCertDBHandle* handler
-+) {
-+ xmlSecKeyDataStorePtr certStore = NULL ;
-+ xmlSecKeysMngrPtr keyMngr = NULL ;
-+ xmlSecKeyStorePtr keyStore = NULL ;
-+ int islot = 0;
-+ keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ;
-+ if( keyStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeyStoreCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return NULL ;
-+ }
-+
-+ for (islot = 0; islot < cSlots; islot++)
-+ {
-+ xmlSecNssKeySlotPtr keySlot ;
-+
-+ /* Create a key slot */
-+ keySlot = xmlSecNssKeySlotCreate() ;
-+ if( keySlot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecNssKeySlotCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ return NULL ;
-+ }
-+
-+ /* Set slot */
-+ if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecNssKeySlotSetSlot" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ xmlSecNssKeySlotDestroy( keySlot ) ;
-+ return NULL ;
-+ }
-+
-+ /* Adopt keySlot */
-+ if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecNssKeysStoreAdoptKeySlot" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ xmlSecNssKeySlotDestroy( keySlot ) ;
-+ return NULL ;
-+ }
-+ }
-+
-+ keyMngr = xmlSecKeysMngrCreate() ;
-+ if( keyMngr == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * Add key store to manager, from now on keys manager destroys the store if
-+ * needed
-+ */
-+ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecKeysMngrAdoptKeyStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ xmlSecKeysMngrDestroy( keyMngr ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * Initialize crypto library specific data in keys manager
-+ */
-+ if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeysMngrDestroy( keyMngr ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * Set certificate databse to X509 key data store
-+ */
-+ /**
-+ * Because Tej's implementation of certDB use the default DB, so I ignore
-+ * the certDB handler at present. I'll modify the cert store sources to
-+ * accept particular certDB instead of default ones.
-+ certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ;
-+ if( certStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecKeysMngrGetDataStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeysMngrDestroy( keyMngr ) ;
-+ return NULL ;
-+ }
-+
-+ if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecNssKeyDataStoreX509SetCertDb" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeysMngrDestroy( keyMngr ) ;
-+ return NULL ;
-+ }
-+ */
-+
-+ /*-
-+ * Set the getKey callback
-+ */
-+ keyMngr->getKey = xmlSecKeysMngrGetKey ;
-+
-+ return keyMngr ;
-+}
-+
-+int
-+xmlSecNssAppliedKeysMngrSymKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ PK11SymKey* symKey
-+) {
-+ xmlSecKeyPtr key ;
-+ xmlSecKeyDataPtr data ;
-+ xmlSecKeyStorePtr keyStore ;
-+
-+ xmlSecAssert2( mngr != NULL , -1 ) ;
-+ xmlSecAssert2( symKey != NULL , -1 ) ;
-+
-+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
-+ if( keyStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrGetKeysStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
-+
-+ data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ;
-+ if( data == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+
-+ key = xmlSecKeyCreate() ;
-+ if( key == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecKeySetValue( key , data ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDestroy( key ) ;
-+ return(-1) ;
-+ }
-+
-+ return(0) ;
-+}
-+
-+int
-+xmlSecNssAppliedKeysMngrPubKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ SECKEYPublicKey* pubKey
-+) {
-+ xmlSecKeyPtr key ;
-+ xmlSecKeyDataPtr data ;
-+ xmlSecKeyStorePtr keyStore ;
-+
-+ xmlSecAssert2( mngr != NULL , -1 ) ;
-+ xmlSecAssert2( pubKey != NULL , -1 ) ;
-+
-+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
-+ if( keyStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrGetKeysStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
-+
-+ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
-+ if( data == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssPKIAdoptKey" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+
-+ key = xmlSecKeyCreate() ;
-+ if( key == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecKeySetValue( key , data ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDestroy( key ) ;
-+ return(-1) ;
-+ }
-+
-+ return(0) ;
-+}
-+
-+int
-+xmlSecNssAppliedKeysMngrPriKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ SECKEYPrivateKey* priKey
-+) {
-+ xmlSecKeyPtr key ;
-+ xmlSecKeyDataPtr data ;
-+ xmlSecKeyStorePtr keyStore ;
-+
-+ xmlSecAssert2( mngr != NULL , -1 ) ;
-+ xmlSecAssert2( priKey != NULL , -1 ) ;
-+
-+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
-+ if( keyStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrGetKeysStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
-+
-+ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
-+ if( data == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssPKIAdoptKey" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+
-+ key = xmlSecKeyCreate() ;
-+ if( key == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecKeySetValue( key , data ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDestroy( key ) ;
-+ return(-1) ;
-+ }
-+
-+ return(0) ;
-+}
-+
-diff --git a/src/nss/hmac.c b/src/nss/hmac.c
-index 558d4b93..2ef668c1 100644
---- a/src/nss/hmac.c
-+++ b/src/nss/hmac.c
-@@ -23,8 +23,8 @@
- #include <xmlsec/transforms.h>
- #include <xmlsec/errors.h>
-
--#include <xmlsec/nss/app.h>
- #include <xmlsec/nss/crypto.h>
-+#include <xmlsec/nss/tokens.h>
-
- /* sizes in bits */
- #define XMLSEC_NSS_MIN_HMAC_SIZE 80
-@@ -355,9 +355,9 @@ xmlSecNssHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
- keyItem.data = xmlSecBufferGetData(buffer);
- keyItem.len = xmlSecBufferGetSize(buffer);
-
-- slot = PK11_GetBestSlot(ctx->digestType, NULL);
-+ slot = xmlSecNssSlotGet(ctx->digestType);
- if(slot == NULL) {
-- xmlSecNssError("PK11_GetBestSlot", xmlSecTransformGetName(transform));
-+ xmlSecNssError("xmlSecNssSlotGet", xmlSecTransformGetName(transform));
- return(-1);
- }
-
-diff --git a/src/nss/keysstore.c b/src/nss/keysstore.c
-index 0976e4a9..03baa887 100644
---- a/src/nss/keysstore.c
-+++ b/src/nss/keysstore.c
-@@ -1,36 +1,56 @@
- /*
- * XML Security Library (http://www.aleksey.com/xmlsec).
- *
-- * Nss keys store that uses Simple Keys Store under the hood. Uses the
-- * Nss DB as a backing store for the finding keys, but the NSS DB is
-- * not written to by the keys store.
-- * So, if store->findkey is done and the key is not found in the simple
-- * keys store, the NSS DB is looked up.
-- * If store is called to adopt a key, that key is not written to the NSS
-- * DB.
-- * Thus, the NSS DB can be used to pre-load keys and becomes an alternate
-- * source of keys for xmlsec
-- *
- * This is free software; see Copyright file in the source
- * distribution for precise wording.
- *
- * Copyright (c) 2003 America Online, Inc. All rights reserved.
- */
-+
-+/**
-+ * NSS key store uses a key list and a slot list as the key repository. NSS slot
-+ * list is a backup repository for the finding keys. If a key is not found from
-+ * the key list, the NSS slot list is looked up.
-+ *
-+ * Any key in the key list will not save to pkcs11 slot. When a store to called
-+ * to adopt a key, the key is resident in the key list; While a store to called
-+ * to set a is resident in the key list; While a store to called to set a slot
-+ * list, which means that the keys in the listed slot can be used for xml sign-
-+ * nature or encryption.
-+ *
-+ * Then, a user can adjust slot list to effect the crypto behaviors of xmlSec.
-+ *
-+ * The framework will decrease the user interfaces to administrate xmlSec crypto
-+ * engine. He can only focus on NSS layer functions. For examples, after the
-+ * user set up a slot list handler to the keys store, he do not need to do any
-+ * other work atop xmlSec interfaces, his action on the slot list handler, such
-+ * as add a token to, delete a token from the list, will directly effect the key
-+ * store behaviors.
-+ *
-+ * For example, a scenariio:
-+ * 0. Create a slot list;( NSS interfaces )
-+ * 1. Create a keys store;( xmlSec interfaces )
-+ * 2. Set slot list with the keys store;( xmlSec Interfaces )
-+ * 3. Add a slot to the slot list;( NSS interfaces )
-+ * 4. Perform xml signature; ( xmlSec Interfaces )
-+ * 5. Deleter a slot from the slot list;( NSS interfaces )
-+ * 6. Perform xml encryption; ( xmlSec Interfaces )
-+ * 7. Perform xml signature;( xmlSec Interfaces )
-+ * 8. Destroy the keys store;( xmlSec Interfaces )
-+ * 8. Destroy the slot list.( NSS Interfaces )
-+ */
- #include "globals.h"
-
- #include <stdlib.h>
- #include <string.h>
-
- #include <nss.h>
--#include <cert.h>
- #include <pk11func.h>
-+#include <prinit.h>
- #include <keyhi.h>
-
--#include <libxml/tree.h>
--
- #include <xmlsec/xmlsec.h>
--#include <xmlsec/buffer.h>
--#include <xmlsec/base64.h>
-+#include <xmlsec/keys.h>
- #include <xmlsec/errors.h>
- #include <xmlsec/xmltree.h>
-
-@@ -38,82 +58,461 @@
-
- #include <xmlsec/nss/crypto.h>
- #include <xmlsec/nss/keysstore.h>
--#include <xmlsec/nss/x509.h>
-+#include <xmlsec/nss/tokens.h>
-+#include <xmlsec/nss/ciphers.h>
- #include <xmlsec/nss/pkikeys.h>
-
- /****************************************************************************
- *
-- * Nss Keys Store. Uses Simple Keys Store under the hood
-+ * Internal NSS key store context
- *
-- * Simple Keys Store ptr is located after xmlSecKeyStore
-+ * This context is located after xmlSecKeyStore
- *
- ***************************************************************************/
--#define xmlSecNssKeysStoreSize \
-- (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr))
-+typedef struct _xmlSecNssKeysStoreCtx xmlSecNssKeysStoreCtx ;
-+typedef struct _xmlSecNssKeysStoreCtx* xmlSecNssKeysStoreCtxPtr ;
-
--#define xmlSecNssKeysStoreGetSS(store) \
-- ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \
-- (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \
-- (xmlSecKeyStorePtr*)NULL)
-+struct _xmlSecNssKeysStoreCtx {
-+ xmlSecPtrListPtr keyList ;
-+ xmlSecPtrListPtr slotList ;
-+} ;
-
--static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store);
--static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store);
--static xmlSecKeyPtr xmlSecNssKeysStoreFindKey (xmlSecKeyStorePtr store,
-- const xmlChar* name,
-- xmlSecKeyInfoCtxPtr keyInfoCtx);
--
--static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
-- sizeof(xmlSecKeyStoreKlass),
-- xmlSecNssKeysStoreSize,
--
-- /* data */
-- BAD_CAST "NSS-keys-store", /* const xmlChar* name; */
-+#define xmlSecNssKeysStoreSize \
-+ ( sizeof( xmlSecKeyStore ) + sizeof( xmlSecNssKeysStoreCtx ) )
-+
-+#define xmlSecNssKeysStoreGetCtx( data ) \
-+ ( ( xmlSecNssKeysStoreCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyStore ) ) )
-+
-+int xmlSecNssKeysStoreAdoptKeySlot(
-+ xmlSecKeyStorePtr store ,
-+ xmlSecNssKeySlotPtr keySlot
-+) {
-+ xmlSecNssKeysStoreCtxPtr context = NULL ;
-+
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
-+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
-+ context = xmlSecNssKeysStoreGetCtx( store ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecNssKeysStoreGetCtx" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ if( context->slotList == NULL ) {
-+ if( ( context->slotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecPtrListCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+ }
-+
-+ if( !xmlSecPtrListCheckId( context->slotList , xmlSecNssKeySlotListId ) ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecPtrListCheckId" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ if( xmlSecPtrListAdd( context->slotList , keySlot ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecPtrListAdd" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+ return 0 ;
-+}
-
-- /* constructors/destructor */
-- xmlSecNssKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */
-- xmlSecNssKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */
-- xmlSecNssKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */
-+int xmlSecNssKeysStoreAdoptKey(
-+ xmlSecKeyStorePtr store ,
-+ xmlSecKeyPtr key
-+) {
-+ xmlSecNssKeysStoreCtxPtr context = NULL ;
-+
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
-+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
-+
-+ context = xmlSecNssKeysStoreGetCtx( store ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecNssKeysStoreGetCtx" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ if( context->keyList == NULL ) {
-+ if( ( context->keyList = xmlSecPtrListCreate( xmlSecKeyPtrListId ) ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecPtrListCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+ }
-+
-+ if( !xmlSecPtrListCheckId( context->keyList , xmlSecKeyPtrListId ) ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecPtrListCheckId" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ if( xmlSecPtrListAdd( context->keyList , key ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecPtrListAdd" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ return 0 ;
-+}
-
-- /* reserved for the future */
-- NULL, /* void* reserved0; */
-- NULL, /* void* reserved1; */
--};
-+/*
-+ * xmlSecKeyStoreInitializeMethod:
-+ * @store: the store.
-+ *
-+ * Keys store specific initialization method.
-+ *
-+ * Returns 0 on success or a negative value if an error occurs.
-+ */
-+static int
-+xmlSecNssKeysStoreInitialize(
-+ xmlSecKeyStorePtr store
-+) {
-+ xmlSecNssKeysStoreCtxPtr context = NULL ;
-+
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
-+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
-+
-+ context = xmlSecNssKeysStoreGetCtx( store ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecNssKeysStoreGetCtx" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ context->keyList = NULL ;
-+ context->slotList = NULL ;
-+
-+ return 0 ;
-+}
-
- /**
-- * xmlSecNssKeysStoreGetKlass:
- *
-- * The Nss list based keys store klass.
-+ * xmlSecKeyStoreFinalizeMethod:
-+ * @store: the store.
- *
-- * Returns: Nss list based keys store klass.
-+ * Keys store specific finalization (destroy) method.
- */
--xmlSecKeyStoreId
--xmlSecNssKeysStoreGetKlass(void) {
-- return(&xmlSecNssKeysStoreKlass);
-+void
-+xmlSecNssKeysStoreFinalize(
-+ xmlSecKeyStorePtr store
-+) {
-+ xmlSecNssKeysStoreCtxPtr context = NULL ;
-+
-+ xmlSecAssert( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) ) ;
-+ xmlSecAssert( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) ) ;
-+
-+ context = xmlSecNssKeysStoreGetCtx( store ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecNssKeysStoreGetCtx" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return ;
-+ }
-+
-+ if( context->keyList != NULL ) {
-+ xmlSecPtrListDestroy( context->keyList ) ;
-+ context->keyList = NULL ;
-+ }
-+
-+ if( context->slotList != NULL ) {
-+ xmlSecPtrListDestroy( context->slotList ) ;
-+ context->slotList = NULL ;
-+ }
- }
-
--/**
-- * xmlSecNssKeysStoreAdoptKey:
-- * @store: the pointer to Nss keys store.
-- * @key: the pointer to key.
-+xmlSecKeyPtr
-+xmlSecNssKeysStoreFindKeyFromSlot(
-+ PK11SlotInfo* slot,
-+ const xmlChar* name,
-+ xmlSecKeyInfoCtxPtr keyInfoCtx
-+) {
-+ xmlSecKeyPtr key = NULL ;
-+ xmlSecKeyDataPtr data = NULL ;
-+ int length ;
-+
-+ xmlSecAssert2( slot != NULL , NULL ) ;
-+ xmlSecAssert2( name != NULL , NULL ) ;
-+ xmlSecAssert2( keyInfoCtx != NULL , NULL ) ;
-+
-+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSymmetric ) == xmlSecKeyDataTypeSymmetric ) {
-+ PK11SymKey* symKey ;
-+ PK11SymKey* curKey ;
-+
-+ /* Find symmetric key from the slot by name */
-+ symKey = PK11_ListFixedKeysInSlot( slot , ( char* )name , NULL ) ;
-+ for( curKey = symKey ; curKey != NULL ; curKey = PK11_GetNextSymKey( curKey ) ) {
-+ /* Check the key request */
-+ length = PK11_GetKeyLength( curKey ) ;
-+ length *= 8 ;
-+ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
-+ ( length > 0 ) &&
-+ ( length < keyInfoCtx->keyReq.keyBitsSize ) )
-+ continue ;
-+
-+ /* We find a eligible key */
-+ data = xmlSecNssSymKeyDataKeyAdopt( curKey ) ;
-+ if( data == NULL ) {
-+ /* Do nothing */
-+ }
-+ break ;
-+ }
-+
-+ /* Destroy the sym key list */
-+ for( curKey = symKey ; curKey != NULL ; ) {
-+ symKey = curKey ;
-+ curKey = PK11_GetNextSymKey( symKey ) ;
-+ PK11_FreeSymKey( symKey ) ;
-+ }
-+ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
-+ SECKEYPublicKeyList* pubKeyList ;
-+ SECKEYPublicKey* pubKey ;
-+ SECKEYPublicKeyListNode* curPub ;
-+
-+ /* Find asymmetric key from the slot by name */
-+ pubKeyList = PK11_ListPublicKeysInSlot( slot , ( char* )name ) ;
-+ pubKey = NULL ;
-+ curPub = PUBKEY_LIST_HEAD(pubKeyList);
-+ for( ; !PUBKEY_LIST_END(curPub, pubKeyList) ; curPub = PUBKEY_LIST_NEXT( curPub ) ) {
-+ /* Check the key request */
-+ length = SECKEY_PublicKeyStrength( curPub->key ) ;
-+ length *= 8 ;
-+ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
-+ ( length > 0 ) &&
-+ ( length < keyInfoCtx->keyReq.keyBitsSize ) )
-+ continue ;
-+
-+ /* We find a eligible key */
-+ pubKey = curPub->key ;
-+ break ;
-+ }
-+
-+ if( pubKey != NULL ) {
-+ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
-+ if( data == NULL ) {
-+ /* Do nothing */
-+ }
-+ }
-+
-+ /* Destroy the public key list */
-+ SECKEY_DestroyPublicKeyList( pubKeyList ) ;
-+ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
-+ SECKEYPrivateKeyList* priKeyList = NULL ;
-+ SECKEYPrivateKey* priKey = NULL ;
-+ SECKEYPrivateKeyListNode* curPri ;
-+
-+ /* Find asymmetric key from the slot by name */
-+ priKeyList = PK11_ListPrivKeysInSlot( slot , ( char* )name , NULL ) ;
-+ priKey = NULL ;
-+ curPri = PRIVKEY_LIST_HEAD(priKeyList);
-+ for( ; !PRIVKEY_LIST_END(curPri, priKeyList) ; curPri = PRIVKEY_LIST_NEXT( curPri ) ) {
-+ /* Check the key request */
-+ length = PK11_SignatureLen( curPri->key ) ;
-+ length *= 8 ;
-+ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
-+ ( length > 0 ) &&
-+ ( length < keyInfoCtx->keyReq.keyBitsSize ) )
-+ continue ;
-+
-+ /* We find a eligible key */
-+ priKey = curPri->key ;
-+ break ;
-+ }
-+
-+ if( priKey != NULL ) {
-+ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
-+ if( data == NULL ) {
-+ /* Do nothing */
-+ }
-+ }
-+
-+ /* Destroy the private key list */
-+ SECKEY_DestroyPrivateKeyList( priKeyList ) ;
-+ }
-+
-+ /* If we have gotten the key value */
-+ if( data != NULL ) {
-+ if( ( key = xmlSecKeyCreate() ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeyCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyDataDestroy( data ) ;
-+ return NULL ;
-+ }
-+
-+ if( xmlSecKeySetValue( key , data ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeySetValue" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyDestroy( key ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return NULL ;
-+ }
-+ }
-+
-+ return(key);
-+}
-+
-+/**
-+ * xmlSecKeyStoreFindKeyMethod:
-+ * @store: the store.
-+ * @name: the desired key name.
-+ * @keyInfoCtx: the pointer to key info context.
- *
-- * Adds @key to the @store.
-+ * Keys store specific find method. The caller is responsible for destroying
-+ * the returned key using #xmlSecKeyDestroy method.
- *
-- * Returns: 0 on success or a negative value if an error occurs.
-+ * Returns the pointer to a key or NULL if key is not found or an error occurs.
- */
--int
--xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) {
-- xmlSecKeyStorePtr *ss;
-+static xmlSecKeyPtr
-+xmlSecNssKeysStoreFindKey(
-+ xmlSecKeyStorePtr store ,
-+ const xmlChar* name ,
-+ xmlSecKeyInfoCtxPtr keyInfoCtx
-+) {
-+ xmlSecNssKeysStoreCtxPtr context = NULL ;
-+ xmlSecKeyPtr key = NULL ;
-+ xmlSecNssKeySlotPtr keySlot = NULL ;
-+ xmlSecSize pos ;
-+ xmlSecSize size ;
-+
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , NULL ) ;
-+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , NULL ) ;
-+ xmlSecAssert2( keyInfoCtx != NULL , NULL ) ;
-+
-+ context = xmlSecNssKeysStoreGetCtx( store ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecNssKeysStoreGetCtx" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return NULL ;
-+ }
-
-- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
-- xmlSecAssert2((key != NULL), -1);
-+ /*-
-+ * Look for key at keyList at first.
-+ */
-+ if( context->keyList != NULL ) {
-+ size = xmlSecPtrListGetSize( context->keyList ) ;
-+ for( pos = 0 ; pos < size ; pos ++ ) {
-+ key = ( xmlSecKeyPtr )xmlSecPtrListGetItem( context->keyList , pos ) ;
-+ if( key != NULL && xmlSecKeyMatch( key , name , &( keyInfoCtx->keyReq ) ) ) {
-+ return xmlSecKeyDuplicate( key ) ;
-+ }
-+ }
-+ }
-+
-+ /*-
-+ * Find the key from slotList
-+ */
-+ if( context->slotList != NULL ) {
-+ PK11SlotInfo* slot = NULL ;
-+
-+ size = xmlSecPtrListGetSize( context->slotList ) ;
-+ for( pos = 0 ; pos < size ; pos ++ ) {
-+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( context->slotList , pos ) ;
-+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
-+ if( slot == NULL ) {
-+ continue ;
-+ } else {
-+ key = xmlSecNssKeysStoreFindKeyFromSlot( slot, name, keyInfoCtx ) ;
-+ if( key == NULL ) {
-+ continue ;
-+ } else {
-+ return( key ) ;
-+ }
-+ }
-+ }
-+ }
-+
-+ /*-
-+ * Create a session key if we can not find the key from keyList and slotList
-+ */
-+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSession ) == xmlSecKeyDataTypeSession ) {
-+ key = xmlSecKeyGenerate( keyInfoCtx->keyReq.keyId , keyInfoCtx->keyReq.keyBitsSize , xmlSecKeyDataTypeSession ) ;
-+ if( key == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecKeySetValue" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return NULL ;
-+ }
-+
-+ return key ;
-+ }
-+
-+ /**
-+ * We have no way to find the key any more.
-+ */
-+ return NULL ;
-+}
-
-- ss = xmlSecNssKeysStoreGetSS(store);
-- xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
-- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
-+static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
-+ sizeof( xmlSecKeyStoreKlass ) ,
-+ xmlSecNssKeysStoreSize ,
-+ BAD_CAST "implicit_nss_keys_store" ,
-+ xmlSecNssKeysStoreInitialize ,
-+ xmlSecNssKeysStoreFinalize ,
-+ xmlSecNssKeysStoreFindKey ,
-+ NULL ,
-+ NULL
-+} ;
-
-- return (xmlSecSimpleKeysStoreAdoptKey(*ss, key));
-+/**
-+ * xmlSecNssKeysStoreGetKlass:
-+ *
-+ * The simple list based keys store klass.
-+ *
-+ */
-+xmlSecKeyStoreId
-+xmlSecNssKeysStoreGetKlass( void ) {
-+ return &xmlSecNssKeysStoreKlass ;
- }
-
-+/**************************
-+ * Application routines
-+ */
-+
- /**
- * xmlSecNssKeysStoreLoad:
- * @store: the pointer to Nss keys store.
-@@ -227,191 +626,126 @@ xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
- */
- int
- xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) {
-- xmlSecKeyStorePtr *ss;
-+ xmlSecKeyInfoCtx keyInfoCtx;
-+ xmlSecNssKeysStoreCtxPtr context ;
-+ xmlSecPtrListPtr list;
-+ xmlSecKeyPtr key;
-+ xmlSecSize i, keysSize;
-+ xmlDocPtr doc;
-+ xmlNodePtr cur;
-+ xmlSecKeyDataPtr data;
-+ xmlSecPtrListPtr idsList;
-+ xmlSecKeyDataId dataId;
-+ xmlSecSize idsSize, j;
-+ int ret;
-
- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
-- xmlSecAssert2((filename != NULL), -1);
-+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ), -1 ) ;
-+ xmlSecAssert2(filename != NULL, -1);
-
-- ss = xmlSecNssKeysStoreGetSS(store);
-- xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
-- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
-+ context = xmlSecNssKeysStoreGetCtx( store ) ;
-+ xmlSecAssert2( context != NULL, -1 );
-
-- return (xmlSecSimpleKeysStoreSave(*ss, filename, type));
--}
--
--static int
--xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) {
-- xmlSecKeyStorePtr *ss;
--
-- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
--
-- ss = xmlSecNssKeysStoreGetSS(store);
-- xmlSecAssert2(((ss == NULL) || (*ss == NULL)), -1);
-+ list = context->keyList ;
-+ xmlSecAssert2( list != NULL, -1 );
-+ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1);
-
-- *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
-- if(*ss == NULL) {
-+ /* create doc */
-+ doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs);
-+ if(doc == NULL) {
- xmlSecInternalError("xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId)",
- xmlSecKeyStoreGetName(store));
- return(-1);
- }
-
-- return(0);
--}
--
--static void
--xmlSecNssKeysStoreFinalize(xmlSecKeyStorePtr store) {
-- xmlSecKeyStorePtr *ss;
--
-- xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId));
--
-- ss = xmlSecNssKeysStoreGetSS(store);
-- xmlSecAssert((ss != NULL) && (*ss != NULL));
--
-- xmlSecKeyStoreDestroy(*ss);
--}
--
--static xmlSecKeyPtr
--xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
-- xmlSecKeyInfoCtxPtr keyInfoCtx) {
-- xmlSecKeyStorePtr* ss;
-- xmlSecKeyPtr key = NULL;
-- xmlSecKeyPtr retval = NULL;
-- xmlSecKeyReqPtr keyReq = NULL;
-- CERTCertificate *cert = NULL;
-- SECKEYPublicKey *pubkey = NULL;
-- SECKEYPrivateKey *privkey = NULL;
-- xmlSecKeyDataPtr data = NULL;
-- xmlSecKeyDataPtr x509Data = NULL;
-- int ret;
--
-- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL);
-- xmlSecAssert2(keyInfoCtx != NULL, NULL);
--
-- ss = xmlSecNssKeysStoreGetSS(store);
-- xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL);
--
-- key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx);
-- if (key != NULL) {
-- return (key);
-- }
--
-- /* Try to find the key in the NSS DB, and construct an xmlSecKey.
-- * we must have a name to lookup keys in NSS DB.
-- */
-- if (name == NULL) {
-- goto done;
-- }
-+ idsList = xmlSecKeyDataIdsGet();
-+ xmlSecAssert2(idsList != NULL, -1);
-
-- /* what type of key are we looking for?
-- * TBD: For now, we'll look only for public/private keys using the
-- * name as a cert nickname. Later on, we can attempt to find
-- * symmetric keys using PK11_FindFixedKey
-- */
-- keyReq = &(keyInfoCtx->keyReq);
-- if (keyReq->keyType &
-- (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) {
-- cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name);
-- if (cert == NULL) {
-- goto done;
-- }
-+ keysSize = xmlSecPtrListGetSize(list);
-+ idsSize = xmlSecPtrListGetSize(idsList);
-+ for(i = 0; i < keysSize; ++i) {
-+ key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i);
-+ xmlSecAssert2(key != NULL, -1);
-
-- if (keyReq->keyType & xmlSecKeyDataTypePublic) {
-- pubkey = CERT_ExtractPublicKey(cert);
-- if (pubkey == NULL) {
-- xmlSecNssError("CERT_ExtractPublicKey", NULL);
-- goto done;
-- }
-+ cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs);
-+ if(cur == NULL) {
-+ xmlSecInternalError("xmlSecAddChild",
-+ xmlSecKeyStoreGetName(store));
-+ xmlFreeDoc(doc);
-+ return(-1);
- }
-
-- if (keyReq->keyType & xmlSecKeyDataTypePrivate) {
-- privkey = PK11_FindKeyByAnyCert(cert, NULL);
-- if (privkey == NULL) {
-- xmlSecNssError("PK11_FindKeyByAnyCert", NULL);
-- goto done;
-+ /* special data key name */
-+ if(xmlSecKeyGetName(key) != NULL) {
-+ if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) {
-+ xmlSecInternalError("xmlSecAddChild",
-+ xmlSecKeyStoreGetName(store));
-+ xmlFreeDoc(doc);
-+ return(-1);
- }
- }
-
-- data = xmlSecNssPKIAdoptKey(privkey, pubkey);
-- if(data == NULL) {
-- xmlSecInternalError("xmlSecNssPKIAdoptKey", NULL);
-- goto done;
-- }
-- privkey = NULL;
-- pubkey = NULL;
-+ /* create nodes for other keys data */
-+ for(j = 0; j < idsSize; ++j) {
-+ dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j);
-+ xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1);
-
-- key = xmlSecKeyCreate();
-- if (key == NULL) {
-- xmlSecInternalError("xmlSecKeyCreate", NULL);
-- return (NULL);
-- }
-+ if(dataId->dataNodeName == NULL) {
-+ continue;
-+ }
-
-- x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id);
-- if(x509Data == NULL) {
-- xmlSecInternalError("xmlSecKeyDataCreate",
-- xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id));
-- goto done;
-- }
-+ data = xmlSecKeyGetData(key, dataId);
-+ if(data == NULL) {
-+ continue;
-+ }
-
-- ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert);
-- if (ret < 0) {
-- xmlSecInternalError("xmlSecNssKeyDataX509AdoptKeyCert",
-- xmlSecKeyDataGetName(x509Data));
-- goto done;
-- }
-- cert = CERT_DupCertificate(cert);
-- if (cert == NULL) {
-- xmlSecNssError("CERT_DupCertificate",
-- xmlSecKeyDataGetName(x509Data));
-- goto done;
-+ if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) {
-+ xmlSecInternalError("xmlSecAddChild",
-+ xmlSecKeyStoreGetName(store));
-+ xmlFreeDoc(doc);
-+ return(-1);
-+ }
- }
-
-- ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert);
-+ ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
- if (ret < 0) {
-- xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert",
-- xmlSecKeyDataGetName(x509Data));
-- goto done;
-+ xmlSecInternalError("xmlSecKeyInfoCtxInitialize",
-+ xmlSecKeyStoreGetName(store));
-+ xmlFreeDoc(doc);
-+ return(-1);
- }
-- cert = NULL;
-
-- ret = xmlSecKeySetValue(key, data);
-- if (ret < 0) {
-- xmlSecInternalError("xmlSecKeySetValue",
-- xmlSecKeyDataGetName(data));
-- goto done;
-- }
-- data = NULL;
-+ keyInfoCtx.mode = xmlSecKeyInfoModeWrite;
-+ keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
-+ keyInfoCtx.keyReq.keyType = type;
-+ keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny;
-
-- ret = xmlSecKeyAdoptData(key, x509Data);
-+ /* finally write key in the node */
-+ ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx);
- if (ret < 0) {
-- xmlSecInternalError("xmlSecKeyAdoptData",
-- xmlSecKeyDataGetName(x509Data));
-- goto done;
-+ xmlSecInternalError("xmlSecKeyInfoNodeWrite",
-+ xmlSecKeyStoreGetName(store));
-+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
-+ xmlFreeDoc(doc);
-+ return(-1);
- }
-- x509Data = NULL;
-
-- retval = key;
-- key = NULL;
-+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
- }
-
--done:
-- if (cert != NULL) {
-- CERT_DestroyCertificate(cert);
-- }
-- if (pubkey != NULL) {
-- SECKEY_DestroyPublicKey(pubkey);
-- }
-- if (privkey != NULL) {
-- SECKEY_DestroyPrivateKey(privkey);
-- }
-- if (data != NULL) {
-- xmlSecKeyDataDestroy(data);
-- }
-- if (x509Data != NULL) {
-- xmlSecKeyDataDestroy(x509Data);
-- }
-- if (key != NULL) {
-- xmlSecKeyDestroy(key);
-+ /* now write result */
-+ ret = xmlSaveFormatFile(filename, doc, 1);
-+ if (ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
-+ "xmlSaveFormatFile",
-+ XMLSEC_ERRORS_R_XML_FAILED,
-+ "filename=%s",
-+ xmlSecErrorsSafeString(filename));
-+ xmlFreeDoc(doc);
-+ return(-1);
- }
-
-- return (retval);
-+ xmlFreeDoc(doc);
-+ return(0);
- }
-diff --git a/src/nss/pkikeys.c b/src/nss/pkikeys.c
-index 25828aec..0a15dae5 100644
---- a/src/nss/pkikeys.c
-+++ b/src/nss/pkikeys.c
-@@ -24,6 +24,7 @@
- #include <xmlsec/nss/crypto.h>
- #include <xmlsec/nss/bignum.h>
- #include <xmlsec/nss/pkikeys.h>
-+#include <xmlsec/nss/tokens.h>
-
- /**************************************************************************
- *
-@@ -115,6 +116,8 @@ xmlSecNSSPKIKeyDataCtxDup(xmlSecNssPKIKeyDataCtxPtr ctxDst,
- xmlSecNssPKIKeyDataCtxPtr ctxSrc)
- {
- xmlSecNSSPKIKeyDataCtxFree(ctxDst);
-+ ctxDst->privkey = NULL ;
-+ ctxDst->pubkey = NULL ;
- if (ctxSrc->privkey != NULL) {
- ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey);
- if(ctxDst->privkey == NULL) {
-@@ -563,9 +566,10 @@ xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- goto done;
- }
-
-- slot = PK11_GetBestSlot(CKM_DSA, NULL);
-+ slot = xmlSecNssSlotGet(CKM_DSA);
- if(slot == NULL) {
-- xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataKlassGetName(id));
-+ xmlSecNssError("xmlSecNssSlotGet",
-+ xmlSecKeyDataKlassGetName(id));
- ret = -1;
- goto done;
- }
-@@ -713,14 +717,14 @@ done:
- if (slot != NULL) {
- PK11_FreeSlot(slot);
- }
-- if (ret != 0) {
-+
- if (pubkey != NULL) {
- SECKEY_DestroyPublicKey(pubkey);
- }
- if (data != NULL) {
- xmlSecKeyDataDestroy(data);
- }
-- }
-+
- return(ret);
- }
-
-@@ -739,7 +743,7 @@ xmlSecNssKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
-
- ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
-+ /*xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
-
- if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
- /* we can have only private key or public key */
-@@ -826,36 +830,32 @@ xmlSecNssKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe
- j = PQG_PBITS_TO_INDEX(sizeBits);
- rv = PK11_PQG_ParamGen(j, &pqgParams, &pqgVerify);
- if (rv != SECSuccess) {
-- xmlSecNssError2("PK11_PQG_ParamGen", xmlSecKeyDataGetName(data),
-+ xmlSecNssError2("PK11_PQG_ParamGen",
-+ xmlSecKeyDataGetName(data),
- "size=%lu", (unsigned long)sizeBits);
-+ ret = -1;
- goto done;
- }
-
- rv = PK11_PQG_VerifyParams(pqgParams, pqgVerify, &res);
- if (rv != SECSuccess || res != SECSuccess) {
-- xmlSecNssError2("PK11_PQG_VerifyParams", xmlSecKeyDataGetName(data),
-- "size=%lu", (unsigned long)sizeBits);
-- goto done;
-- }
--
-- slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL);
-- if(slot == NULL) {
-- xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataGetName(data));
-- goto done;
-- }
--
-- rv = PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
-- if (rv != SECSuccess) {
-- xmlSecNssError2("PK11_Authenticate", xmlSecKeyDataGetName(data),
-- "token=%s", xmlSecErrorsSafeString(PK11_GetTokenName(slot)));
-+ xmlSecNssError2("PK11_PQG_VerifyParams",
-+ xmlSecKeyDataGetName(data),
-+ "size=%lu", (unsigned long)sizeBits);
-+ ret = -1;
- goto done;
- }
-
-+ slot = xmlSecNssSlotGet(CKM_DSA_KEY_PAIR_GEN);
-+ PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
- privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams,
- &pubkey, PR_FALSE, PR_TRUE, NULL);
-
- if((privkey == NULL) || (pubkey == NULL)) {
-- xmlSecNssError("PK11_GenerateKeyPair", xmlSecKeyDataGetName(data));
-+ xmlSecNssError("PK11_GenerateKeyPair",
-+ xmlSecKeyDataGetName(data));
-+
-+ ret = -1;
- goto done;
- }
-
-@@ -866,6 +866,8 @@ xmlSecNssKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe
- goto done;
- }
-
-+ privkey = NULL ;
-+ pubkey = NULL ;
- ret = 0;
-
- done:
-@@ -878,16 +880,13 @@ done:
- if (pqgVerify != NULL) {
- PK11_PQG_DestroyVerify(pqgVerify);
- }
-- if (ret == 0) {
-- return (0);
-- }
- if (pubkey != NULL) {
- SECKEY_DestroyPublicKey(pubkey);
- }
- if (privkey != NULL) {
- SECKEY_DestroyPrivateKey(privkey);
- }
-- return(-1);
-+ return(ret);
- }
-
- static xmlSecKeyDataType
-@@ -897,10 +896,10 @@ xmlSecNssKeyDataDsaGetType(xmlSecKeyDataPtr data) {
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown);
- ctx = xmlSecNssPKIKeyDataGetCtx(data);
- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
-+ /*xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
- if (ctx->privkey != NULL) {
- return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
-- } else {
-+ } else if( ctx->pubkey != NULL ) {
- return(xmlSecKeyDataTypePublic);
- }
-
-@@ -914,7 +913,7 @@ xmlSecNssKeyDataDsaGetSize(xmlSecKeyDataPtr data) {
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0);
- ctx = xmlSecNssPKIKeyDataGetCtx(data);
- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
-+ /*xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
-
- return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
- }
-@@ -1101,9 +1100,10 @@ xmlSecNssKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- goto done;
- }
-
-- slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL);
-+ slot = xmlSecNssSlotGet(CKM_RSA_PKCS);
- if(slot == NULL) {
-- xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataKlassGetName(id));
-+ xmlSecNssError("PK11_GetBestSlot",
-+ xmlSecKeyDataKlassGetName(id));
- ret = -1;
- goto done;
- }
-@@ -1226,7 +1226,7 @@ xmlSecNssKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
-
- ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
-+ /*xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/
-
-
- if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
-@@ -1282,19 +1282,8 @@ xmlSecNssKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe
- params.keySizeInBits = sizeBits;
- params.pe = 65537;
-
-- slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL);
-- if(slot == NULL) {
-- xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataGetName(data));
-- goto done;
-- }
--
-- rv = PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
-- if (rv != SECSuccess) {
-- xmlSecNssError2("PK11_Authenticate", xmlSecKeyDataGetName(data),
-- "token=%s", xmlSecErrorsSafeString(PK11_GetTokenName(slot)));
-- goto done;
-- }
--
-+ slot = xmlSecNssSlotGet(CKM_RSA_PKCS_KEY_PAIR_GEN);
-+ PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
- privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, ¶ms,
- &pubkey, PR_FALSE, PR_TRUE, NULL);
- if(privkey == NULL || pubkey == NULL) {
-@@ -1354,7 +1343,7 @@ xmlSecNssKeyDataRsaGetSize(xmlSecKeyDataPtr data) {
-
- ctx = xmlSecNssPKIKeyDataGetCtx(data);
- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
-+ /*xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/
-
- return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
- }
-diff --git a/src/nss/symkeys.c b/src/nss/symkeys.c
-index c88be8b2..2807f934 100644
---- a/src/nss/symkeys.c
-+++ b/src/nss/symkeys.c
-@@ -14,20 +14,41 @@
- #include <stdio.h>
- #include <string.h>
-
-+#include <pk11func.h>
-+#include <nss.h>
-+
- #include <xmlsec/xmlsec.h>
- #include <xmlsec/xmltree.h>
-+#include <xmlsec/base64.h>
- #include <xmlsec/keys.h>
- #include <xmlsec/keyinfo.h>
- #include <xmlsec/transforms.h>
- #include <xmlsec/errors.h>
-
- #include <xmlsec/nss/crypto.h>
-+#include <xmlsec/nss/ciphers.h>
-+#include <xmlsec/nss/tokens.h>
-
- /*****************************************************************************
- *
-- * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary
-+ * Symmetic (binary) keys - a wrapper over slot information and PK11SymKey
- *
- ****************************************************************************/
-+typedef struct _xmlSecNssSymKeyDataCtx xmlSecNssSymKeyDataCtx ;
-+typedef struct _xmlSecNssSymKeyDataCtx* xmlSecNssSymKeyDataCtxPtr ;
-+
-+struct _xmlSecNssSymKeyDataCtx {
-+ CK_MECHANISM_TYPE cipher ; /* the symmetic key mechanism */
-+ PK11SlotInfo* slot ; /* the key resident slot */
-+ PK11SymKey* symkey ; /* the symmetic key */
-+} ;
-+
-+#define xmlSecNssSymKeyDataSize \
-+ ( sizeof( xmlSecKeyData ) + sizeof( xmlSecNssSymKeyDataCtx ) )
-+
-+#define xmlSecNssSymKeyDataGetCtx( data ) \
-+ ( ( xmlSecNssSymKeyDataCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyData ) ) )
-+
- static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data);
- static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
- xmlSecKeyDataPtr src);
-@@ -66,107 +87,743 @@ static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
- (xmlSecKeyDataIsValid((data)) && \
- xmlSecNssSymKeyDataKlassCheck((data)->id))
-
-+/**
-+ * xmlSecNssSymKeyDataAdoptKey:
-+ * @data: the pointer to symmetric key data.
-+ * @symkey: the symmetric key
-+ *
-+ * Set the value of symmetric key data.
-+ *
-+ * Returns 0 on success or a negative value if an error occurs.
-+ */
-+int
-+xmlSecNssSymKeyDataAdoptKey(
-+ xmlSecKeyDataPtr data ,
-+ PK11SymKey* symkey
-+) {
-+ xmlSecNssSymKeyDataCtxPtr context = NULL ;
-+
-+ xmlSecAssert2( xmlSecNssSymKeyDataCheckId( data ), -1 ) ;
-+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), -1 ) ;
-+ xmlSecAssert2( symkey != NULL, -1 ) ;
-+
-+ context = xmlSecNssSymKeyDataGetCtx( data ) ;
-+ xmlSecAssert2(context != NULL, -1);
-+
-+ context->cipher = PK11_GetMechanism( symkey ) ;
-+
-+ if( context->slot != NULL ) {
-+ PK11_FreeSlot( context->slot ) ;
-+ context->slot = NULL ;
-+ }
-+ context->slot = PK11_GetSlotFromKey( symkey ) ;
-+
-+ if( context->symkey != NULL ) {
-+ PK11_FreeSymKey( context->symkey ) ;
-+ context->symkey = NULL ;
-+ }
-+ context->symkey = PK11_ReferenceSymKey( symkey ) ;
-+
-+ return 0 ;
-+}
-+
-+xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt(
-+ PK11SymKey* symKey
-+) {
-+ xmlSecKeyDataPtr data = NULL ;
-+ CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM ;
-+
-+ xmlSecAssert2( symKey != NULL , NULL ) ;
-+
-+ mechanism = PK11_GetMechanism( symKey ) ;
-+ switch( mechanism ) {
-+ case CKM_DES3_KEY_GEN :
-+ case CKM_DES3_CBC :
-+ case CKM_DES3_MAC :
-+ data = xmlSecKeyDataCreate( xmlSecNssKeyDataDesId ) ;
-+ if( data == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeyDataCreate" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ "xmlSecNssKeyDataDesId" ) ;
-+ return NULL ;
-+ }
-+ break ;
-+ case CKM_AES_KEY_GEN :
-+ case CKM_AES_CBC :
-+ case CKM_AES_MAC :
-+ data = xmlSecKeyDataCreate( xmlSecNssKeyDataAesId ) ;
-+ if( data == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeyDataCreate" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ "xmlSecNssKeyDataDesId" ) ;
-+ return NULL ;
-+ }
-+ break ;
-+ default :
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ "Unsupported mechanism" ) ;
-+ return NULL ;
-+ }
-+
-+ if( xmlSecNssSymKeyDataAdoptKey( data , symKey ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataAdoptKey" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyDataDestroy( data ) ;
-+ return NULL ;
-+ }
-+
-+ return data ;
-+}
-+
-+
-+PK11SymKey*
-+xmlSecNssSymKeyDataGetKey(
-+ xmlSecKeyDataPtr data
-+) {
-+ xmlSecNssSymKeyDataCtxPtr ctx;
-+ PK11SymKey* symkey ;
-+
-+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), NULL);
-+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), NULL);
-+
-+ ctx = xmlSecNssSymKeyDataGetCtx(data);
-+ xmlSecAssert2(ctx != NULL, NULL);
-+
-+ if( ctx->symkey != NULL ) {
-+ symkey = PK11_ReferenceSymKey( ctx->symkey ) ;
-+ } else {
-+ symkey = NULL ;
-+ }
-+
-+ return(symkey);
-+}
-+
- static int
- xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) {
-+ xmlSecNssSymKeyDataCtxPtr ctx;
-+
- xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
-+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), -1);
-+
-+ ctx = xmlSecNssSymKeyDataGetCtx(data);
-+ xmlSecAssert2(ctx != NULL, -1);
-+
-+ memset( ctx, 0, sizeof(xmlSecNssSymKeyDataCtx));
-+
-+ /* Set the block cipher mechanism */
-+#ifndef XMLSEC_NO_DES
-+ if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) {
-+ ctx->cipher = CKM_DES3_KEY_GEN;
-+ } else
-+#endif /* XMLSEC_NO_DES */
-+
-+#ifndef XMLSEC_NO_AES
-+ if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) {
-+ ctx->cipher = CKM_AES_KEY_GEN;
-+ } else
-+#endif /* XMLSEC_NO_AES */
-+
-+ if(1) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ "Unsupported block cipher" ) ;
-+ return(-1) ;
-+ }
-
-- return(xmlSecKeyDataBinaryValueInitialize(data));
-+ return(0);
- }
-
- static int
- xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
-+ xmlSecNssSymKeyDataCtxPtr ctxDst;
-+ xmlSecNssSymKeyDataCtxPtr ctxSrc;
-+
- xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1);
-+ xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecNssSymKeyDataSize), -1);
- xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1);
-+ xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecNssSymKeyDataSize), -1);
- xmlSecAssert2(dst->id == src->id, -1);
-
-- return(xmlSecKeyDataBinaryValueDuplicate(dst, src));
-+ ctxDst = xmlSecNssSymKeyDataGetCtx(dst);
-+ xmlSecAssert2(ctxDst != NULL, -1);
-+
-+ ctxSrc = xmlSecNssSymKeyDataGetCtx(src);
-+ xmlSecAssert2(ctxSrc != NULL, -1);
-+
-+ ctxDst->cipher = ctxSrc->cipher ;
-+
-+ if( ctxSrc->slot != NULL ) {
-+ if( ctxDst->slot != NULL && ctxDst->slot != ctxSrc->slot ) {
-+ PK11_FreeSlot( ctxDst->slot ) ;
-+ ctxDst->slot = NULL ;
-+ }
-+
-+ if( ctxDst->slot == NULL && ctxSrc->slot != NULL )
-+ ctxDst->slot = PK11_ReferenceSlot( ctxSrc->slot ) ;
-+ } else {
-+ if( ctxDst->slot != NULL ) {
-+ PK11_FreeSlot( ctxDst->slot ) ;
-+ ctxDst->slot = NULL ;
-+ }
-+ }
-+
-+ if( ctxSrc->symkey != NULL ) {
-+ if( ctxDst->symkey != NULL && ctxDst->symkey != ctxSrc->symkey ) {
-+ PK11_FreeSymKey( ctxDst->symkey ) ;
-+ ctxDst->symkey = NULL ;
-+ }
-+
-+ if( ctxDst->symkey == NULL && ctxSrc->symkey != NULL )
-+ ctxDst->symkey = PK11_ReferenceSymKey( ctxSrc->symkey ) ;
-+ } else {
-+ if( ctxDst->symkey != NULL ) {
-+ PK11_FreeSymKey( ctxDst->symkey ) ;
-+ ctxDst->symkey = NULL ;
-+ }
-+ }
-+
-+ return(0);
- }
-
- static void
- xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) {
-+ xmlSecNssSymKeyDataCtxPtr ctx;
-+
- xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
-+ xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize));
-+
-+ ctx = xmlSecNssSymKeyDataGetCtx(data);
-+ xmlSecAssert(ctx != NULL);
-
-- xmlSecKeyDataBinaryValueFinalize(data);
-+ if( ctx->slot != NULL ) {
-+ PK11_FreeSlot( ctx->slot ) ;
-+ ctx->slot = NULL ;
-+ }
-+
-+ if( ctx->symkey != NULL ) {
-+ PK11_FreeSymKey( ctx->symkey ) ;
-+ ctx->symkey = NULL ;
-+ }
-+
-+ ctx->cipher = CKM_INVALID_MECHANISM ;
- }
-
- static int
- xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
-- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
-+ PK11SymKey* symKey ;
-+ PK11SlotInfo* slot ;
-+ xmlSecBufferPtr keyBuf;
-+ xmlSecSize len;
-+ xmlSecKeyDataPtr data;
-+ xmlSecNssSymKeyDataCtxPtr ctx;
-+ SECItem keyItem ;
-+ int ret;
-+
-+ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
-+ xmlSecAssert2(key != NULL, -1);
-+ xmlSecAssert2(node != NULL, -1);
-+ xmlSecAssert2(keyInfoCtx != NULL, -1);
-+
-+ /* Create a new KeyData from a id */
-+ data = xmlSecKeyDataCreate(id);
-+ if(data == NULL ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeyDataCreate",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-
-- return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx));
-+ ctx = xmlSecNssSymKeyDataGetCtx(data);
-+ xmlSecAssert2(ctx != NULL, -1);
-+
-+ /* Create a buffer for raw symmetric key value */
-+ if( ( keyBuf = xmlSecBufferCreate( 128 ) ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecBufferCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ /* Read the raw key value */
-+ if( xmlSecBufferBase64NodeContentRead( keyBuf , node ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecBufferDestroy( keyBuf ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ /* Get slot */
-+ slot = xmlSecNssSlotGet(ctx->cipher);
-+ if( slot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecNssSlotGet" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecBufferDestroy( keyBuf ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ /* Wrap the raw key value SECItem */
-+ keyItem.type = siBuffer ;
-+ keyItem.data = xmlSecBufferGetData( keyBuf ) ;
-+ keyItem.len = xmlSecBufferGetSize( keyBuf ) ;
-+
-+ /* Import the raw key into slot temporalily and get the key handler*/
-+ symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ;
-+ if( symKey == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "PK11_ImportSymKey" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ PK11_FreeSlot( slot ) ;
-+ xmlSecBufferDestroy( keyBuf ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+ PK11_FreeSlot( slot ) ;
-+
-+ /* raw key material has been copied into symKey, it isn't used any more */
-+ xmlSecBufferDestroy( keyBuf ) ;
-+
-+ /* Adopt the symmetric key into key data */
-+ ret = xmlSecNssSymKeyDataAdoptKey(data, symKey);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeyDataBinaryValueSetBuffer",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ PK11_FreeSymKey( symKey ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1);
-+ }
-+ /* symKey has been duplicated into data, it isn't used any more */
-+ PK11_FreeSymKey( symKey ) ;
-+
-+ /* Check value */
-+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeyReqMatchKeyValue",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(0);
-+ }
-+
-+ ret = xmlSecKeySetValue(key, data);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeySetValue",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1);
-+ }
-+
-+ return(0);
- }
-
- static int
- xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
-+ PK11SymKey* symKey ;
-+
- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
-+ xmlSecAssert2(key != NULL, -1);
-+ xmlSecAssert2(node != NULL, -1);
-+ xmlSecAssert2(keyInfoCtx != NULL, -1);
-+
-+ /* Get symmetric key from "key" */
-+ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key));
-+ if( symKey != NULL ) {
-+ SECItem* keyItem ;
-+ xmlSecBufferPtr keyBuf ;
-+
-+ /* Extract raw key data from symmetric key */
-+ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "PK11_ExtractKeyValue",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ PK11_FreeSymKey( symKey ) ;
-+ return(-1);
-+ }
-+
-+ /* Get raw key data from "symKey" */
-+ keyItem = PK11_GetKeyData( symKey ) ;
-+ if(keyItem == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "PK11_GetKeyData",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ PK11_FreeSymKey( symKey ) ;
-+ return(-1);
-+ }
-+
-+ /* Create key data buffer with raw kwy material */
-+ keyBuf = xmlSecBufferCreate(keyItem->len) ;
-+ if(keyBuf == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecBufferCreate",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ PK11_FreeSymKey( symKey ) ;
-+ return(-1);
-+ }
-+
-+ xmlSecBufferSetData( keyBuf , keyItem->data , keyItem->len ) ;
-+
-+ /* Write raw key material into current xml node */
-+ if( xmlSecBufferBase64NodeContentWrite( keyBuf, node, XMLSEC_BASE64_LINESIZE ) < 0 ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecBufferBase64NodeContentWrite",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ xmlSecBufferDestroy(keyBuf);
-+ PK11_FreeSymKey( symKey ) ;
-+ return(-1);
-+ }
-+ xmlSecBufferDestroy(keyBuf);
-+ PK11_FreeSymKey( symKey ) ;
-+ }
-
-- return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx));
-+ return 0 ;
- }
-
- static int
- xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- const xmlSecByte* buf, xmlSecSize bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
-- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
-+ PK11SymKey* symKey ;
-+ PK11SlotInfo* slot ;
-+ xmlSecKeyDataPtr data;
-+ xmlSecNssSymKeyDataCtxPtr ctx;
-+ SECItem keyItem ;
-+ int ret;
-+
-+ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
-+ xmlSecAssert2(key != NULL, -1);
-+ xmlSecAssert2(buf != NULL, -1);
-+ xmlSecAssert2(bufSize != 0, -1);
-+ xmlSecAssert2(keyInfoCtx != NULL, -1);
-+
-+ /* Create a new KeyData from a id */
-+ data = xmlSecKeyDataCreate(id);
-+ if(data == NULL ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeyDataCreate",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+
-+ ctx = xmlSecNssSymKeyDataGetCtx(data);
-+ xmlSecAssert2(ctx != NULL, -1);
-+
-+ /* Get slot */
-+ slot = xmlSecNssSlotGet(ctx->cipher);
-+ if( slot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecNssSlotGet" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-
-- return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx));
-+ /* Wrap the raw key value SECItem */
-+ keyItem.type = siBuffer ;
-+ keyItem.data = buf ;
-+ keyItem.len = bufSize ;
-+
-+ /* Import the raw key into slot temporalily and get the key handler*/
-+ symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ;
-+ if( symKey == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "PK11_ImportSymKey" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ PK11_FreeSlot( slot ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ /* Adopt the symmetric key into key data */
-+ ret = xmlSecNssSymKeyDataAdoptKey(data, symKey);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeyDataBinaryValueSetBuffer",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ PK11_FreeSymKey( symKey ) ;
-+ PK11_FreeSlot( slot ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1);
-+ }
-+ /* symKey has been duplicated into data, it isn't used any more */
-+ PK11_FreeSymKey( symKey ) ;
-+ PK11_FreeSlot( slot ) ;
-+
-+ /* Check value */
-+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeyReqMatchKeyValue",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(0);
-+ }
-+
-+ ret = xmlSecKeySetValue(key, data);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeySetValue",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1);
-+ }
-+
-+ return(0);
- }
-
- static int
- xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlSecByte** buf, xmlSecSize* bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
-+ PK11SymKey* symKey ;
-+
- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
-+ xmlSecAssert2(key != NULL, -1);
-+ xmlSecAssert2(buf != NULL, -1);
-+ xmlSecAssert2(bufSize != 0, -1);
-+ xmlSecAssert2(keyInfoCtx != NULL, -1);
-+
-+ /* Get symmetric key from "key" */
-+ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key));
-+ if( symKey != NULL ) {
-+ SECItem* keyItem ;
-+
-+ /* Extract raw key data from symmetric key */
-+ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "PK11_ExtractKeyValue",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ PK11_FreeSymKey( symKey ) ;
-+ return(-1);
-+ }
-+
-+ /* Get raw key data from "symKey" */
-+ keyItem = PK11_GetKeyData( symKey ) ;
-+ if(keyItem == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "PK11_GetKeyData",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ PK11_FreeSymKey( symKey ) ;
-+ return(-1);
-+ }
-+
-+ *bufSize = keyItem->len;
-+ *buf = ( xmlSecByte* )xmlMalloc( *bufSize );
-+ if( *buf == NULL ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ NULL,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ PK11_FreeSymKey( symKey ) ;
-+ return(-1);
-+ }
-+
-+ memcpy((*buf), keyItem->data, (*bufSize));
-+ PK11_FreeSymKey( symKey ) ;
-+ }
-
-- return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx));
-+ return 0 ;
- }
-
- static int
- xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
-- xmlSecBufferPtr buffer;
-+ PK11SymKey* symkey ;
-+ PK11SlotInfo* slot ;
-+ xmlSecNssSymKeyDataCtxPtr ctx;
-+ int ret;
-
- xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
- xmlSecAssert2(sizeBits > 0, -1);
-
-- buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
-- xmlSecAssert2(buffer != NULL, -1);
-+ ctx = xmlSecNssSymKeyDataGetCtx(data);
-+ xmlSecAssert2(ctx != NULL, -1);
-+
-+ if( sizeBits % 8 != 0 ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-+ NULL,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ "Symmetric key size must be octuple");
-+ return(-1);
-+ }
-+
-+ /* Get slot */
-+ slot = xmlSecNssSlotGet(ctx->cipher);
-+ if( slot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-+ "xmlSecNssSlotGet" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+
-+ if( PK11_Authenticate( slot, PR_FALSE , NULL ) != SECSuccess ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
-+ "PK11_Authenticate" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ PK11_FreeSlot( slot ) ;
-+ return -1 ;
-+ }
-+
-+ symkey = PK11_KeyGen( slot , ctx->cipher , NULL , sizeBits/8 , NULL ) ;
-+ if( symkey == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
-+ "PK11_KeyGen" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ PK11_FreeSlot( slot ) ;
-+ return -1 ;
-+ }
-
-- return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8));
-+ if( ctx->slot != NULL ) {
-+ PK11_FreeSlot( ctx->slot ) ;
-+ ctx->slot = NULL ;
-+ }
-+ ctx->slot = slot ;
-+
-+ if( ctx->symkey != NULL ) {
-+ PK11_FreeSymKey( ctx->symkey ) ;
-+ ctx->symkey = NULL ;
-+ }
-+ ctx->symkey = symkey ;
-+
-+ return 0;
- }
-
- static xmlSecKeyDataType
- xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) {
-- xmlSecBufferPtr buffer;
-+ xmlSecNssSymKeyDataCtxPtr context = NULL ;
-+ xmlSecKeyDataType type = xmlSecKeyDataTypeUnknown ;
-
- xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown);
-+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), xmlSecKeyDataTypeUnknown ) ;
-+
-+ context = xmlSecNssSymKeyDataGetCtx( data ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
-+ "xmlSecNssSymKeyDataGetCtx" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return xmlSecKeyDataTypeUnknown ;
-+ }
-
-- buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
-- xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown);
-+ if( context->symkey != NULL ) {
-+ type |= xmlSecKeyDataTypeSymmetric ;
-+ } else {
-+ type |= xmlSecKeyDataTypeUnknown ;
-+ }
-
-- return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown);
-+ return type ;
- }
-
- static xmlSecSize
- xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) {
-+ xmlSecNssSymKeyDataCtxPtr context ;
-+ unsigned int length = 0 ;
-+
- xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0);
-+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), 0 ) ;
-+ context = xmlSecNssSymKeyDataGetCtx( data ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
... etc. - the rest is truncated
More information about the Libreoffice-commits
mailing list