[Libreoffice-commits] core.git: external/xmlsec xmlsecurity/source

Miklos Vajna vmiklos at collabora.co.uk
Tue Jun 5 07:43:48 UTC 2018


 external/xmlsec/UnpackedTarball_xmlsec.mk                     |    1 
 external/xmlsec/xmlsec1-customkeymanage.patch.1               | 4321 ----------
 xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx |   36 
 3 files changed, 4358 deletions(-)

New commits:
commit f06004c03bbd076767a570180b7fc239064713e6
Author: Miklos Vajna <vmiklos at collabora.co.uk>
Date:   Mon Jun 4 21:25:38 2018 +0200

    libxmlsec: drop not needed xmlsec1-customkeymanage.patch.1
    
    This was added in commit ebd1b95bb5f9235d1dba1b840fd746c9b53320d2
    (INTEGRATION: CWS xmlsec08 (1.1.2); FILE ADDED; 2005-03-10) without any
    real commit message to explain why this is necessary.
    
    system-xmlsec (not containing this patch) works fine for our XML signing
    purposes with software certificates, and just recently I learned that
    even hardware-based certificates work fine without this patch, so it can
    go away.
    
    I assume this was a refactor to allow some new feature as a next step,
    but that feature was never implemented.
    
    Change-Id: I31639230483cd34b14b35fd41b4fcd8284476138
    Reviewed-on: https://gerrit.libreoffice.org/55296
    Tested-by: Jenkins <ci at libreoffice.org>
    Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>

diff --git a/external/xmlsec/UnpackedTarball_xmlsec.mk b/external/xmlsec/UnpackedTarball_xmlsec.mk
index 24be126f1d84..cd824e4cff9b 100644
--- a/external/xmlsec/UnpackedTarball_xmlsec.mk
+++ b/external/xmlsec/UnpackedTarball_xmlsec.mk
@@ -11,7 +11,6 @@ xmlsec_patches :=
 xmlsec_patches += xmlsec1-configure.patch.1
 xmlsec_patches += xmlsec1-vc.patch.1
 xmlsec_patches += xmlsec1-1.2.14_fix_extern_c.patch.1
-xmlsec_patches += xmlsec1-customkeymanage.patch.1
 # Backport of <https://github.com/lsh123/xmlsec/pull/172>.
 xmlsec_patches += xmlsec1-ecdsa-assert.patch.1
 
diff --git a/external/xmlsec/xmlsec1-customkeymanage.patch.1 b/external/xmlsec/xmlsec1-customkeymanage.patch.1
deleted file mode 100644
index 14595da6df16..000000000000
--- a/external/xmlsec/xmlsec1-customkeymanage.patch.1
+++ /dev/null
@@ -1,4321 +0,0 @@
-From 57f9146c45b1819afdd79a96a77ea55fb84ddb50 Mon Sep 17 00:00:00 2001
-From: Miklos Vajna <vmiklos at collabora.co.uk>
-Date: Fri, 4 Mar 2016 16:19:12 +0100
-Subject: [PATCH] xmlsec1-customkeymanage.patch
-
-Conflicts:
-	include/xmlsec/nss/app.h
-	include/xmlsec/nss/keysstore.h
-	src/nss/Makefile.in
-	src/nss/hmac.c
-	src/nss/keysstore.c
-	src/nss/pkikeys.c
-	src/nss/symkeys.c
-	src/nss/x509.c
-	src/nss/x509vfy.c
----
- include/xmlsec/nss/Makefile.am |   3 +
- include/xmlsec/nss/Makefile.in |   3 +
- include/xmlsec/nss/akmngr.h    |  56 +++
- include/xmlsec/nss/app.h       |   5 +
- include/xmlsec/nss/ciphers.h   |  35 ++
- include/xmlsec/nss/keysstore.h |   4 +
- include/xmlsec/nss/tokens.h    | 182 ++++++++++
- src/nss/Makefile.am            |   2 +
- src/nss/Makefile.in            |  20 ++
- src/nss/akmngr.c               | 384 ++++++++++++++++++++
- src/nss/hmac.c                 |   6 +-
- src/nss/keysstore.c            | 772 +++++++++++++++++++++++++++++------------
- src/nss/pkikeys.c              |  81 ++---
- src/nss/symkeys.c              | 705 +++++++++++++++++++++++++++++++++++--
- src/nss/tokens.c               | 544 +++++++++++++++++++++++++++++
- src/nss/x509.c                 | 491 ++++++--------------------
- src/nss/x509vfy.c              | 248 +++++--------
- 17 files changed, 2703 insertions(+), 838 deletions(-)
- create mode 100644 include/xmlsec/nss/akmngr.h
- create mode 100644 include/xmlsec/nss/ciphers.h
- create mode 100644 include/xmlsec/nss/tokens.h
- create mode 100644 src/nss/akmngr.c
- create mode 100644 src/nss/tokens.c
-
-diff --git a/include/xmlsec/nss/Makefile.am b/include/xmlsec/nss/Makefile.am
-index e3521622..997ca7fd 100644
---- a/include/xmlsec/nss/Makefile.am
-+++ b/include/xmlsec/nss/Makefile.am
-@@ -10,6 +10,9 @@ bignum.h \
- keysstore.h \
- pkikeys.h \
- x509.h \
-+akmngr.h \
-+tokens.h \
-+ciphers.h \
- $(NULL)
- 
- install-exec-hook:
-diff --git a/include/xmlsec/nss/Makefile.in b/include/xmlsec/nss/Makefile.in
-index 6fecb4f5..672d10e7 100644
---- a/include/xmlsec/nss/Makefile.in
-+++ b/include/xmlsec/nss/Makefile.in
-@@ -407,6 +407,9 @@ bignum.h \
- keysstore.h \
- pkikeys.h \
- x509.h \
-+akmngr.h \
-+tokens.h \
-+ciphers.h \
- $(NULL)
- 
- all: all-am
-diff --git a/include/xmlsec/nss/akmngr.h b/include/xmlsec/nss/akmngr.h
-new file mode 100644
-index 00000000..80535110
---- /dev/null
-+++ b/include/xmlsec/nss/akmngr.h
-@@ -0,0 +1,56 @@
-+/** 
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ * 
-+ * Copyright ..........................
-+ */
-+#ifndef __XMLSEC_NSS_AKMNGR_H__
-+#define __XMLSEC_NSS_AKMNGR_H__    
-+
-+#include <nss.h>
-+#include <nspr.h>
-+#include <pk11func.h>
-+#include <cert.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/transforms.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif /* __cplusplus */ 
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
-+xmlSecNssAppliedKeysMngrCreate(
-+    PK11SlotInfo** slots,
-+	int cSlots,
-+    CERTCertDBHandle* handler
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssAppliedKeysMngrSymKeyLoad(
-+	xmlSecKeysMngrPtr	mngr ,
-+	PK11SymKey*			symKey
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssAppliedKeysMngrPubKeyLoad(
-+	xmlSecKeysMngrPtr	mngr ,
-+	SECKEYPublicKey*	pubKey
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssAppliedKeysMngrPriKeyLoad(
-+	xmlSecKeysMngrPtr	mngr ,
-+	SECKEYPrivateKey*	priKey
-+) ;
-+
-+#ifdef __cplusplus
-+}
-+#endif /* __cplusplus */
-+
-+#endif /* __XMLSEC_NSS_AKMNGR_H__ */
-+
-+
-diff --git a/include/xmlsec/nss/app.h b/include/xmlsec/nss/app.h
-index 93f6c637..03f6aa14 100644
---- a/include/xmlsec/nss/app.h
-+++ b/include/xmlsec/nss/app.h
-@@ -22,6 +22,9 @@ extern "C" {
- #include <xmlsec/keysmngr.h>
- #include <xmlsec/transforms.h>
- 
-+#include <xmlsec/nss/tokens.h>
-+#include <xmlsec/nss/akmngr.h>
-+
- /********************************************************************
-  *
-  * Init/shutdown
-@@ -40,6 +43,8 @@ XMLSEC_CRYPTO_EXPORT int                xmlSecNssAppDefaultKeysMngrAdoptKey(xmlS
-                                                                             xmlSecKeyPtr key);
- XMLSEC_CRYPTO_EXPORT int                xmlSecNssAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr,
-                                                                          const char* uri);
-+XMLSEC_CRYPTO_EXPORT int               xmlSecNssAppDefaultKeysMngrAdoptKeySlot(xmlSecKeysMngrPtr mngr,
-+                                                                        xmlSecNssKeySlotPtr keySlot);
- XMLSEC_CRYPTO_EXPORT int                xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr,
-                                                                          const char* filename,
-                                                                          xmlSecKeyDataType type);
-diff --git a/include/xmlsec/nss/ciphers.h b/include/xmlsec/nss/ciphers.h
-new file mode 100644
-index 00000000..607eb1e0
---- /dev/null
-+++ b/include/xmlsec/nss/ciphers.h
-@@ -0,0 +1,35 @@
-+/** 
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ * 
-+ * Copyright ..........................
-+ */
-+#ifndef __XMLSEC_NSS_CIPHERS_H__
-+#define __XMLSEC_NSS_CIPHERS_H__    
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif /* __cplusplus */ 
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/transforms.h>
-+
-+
-+XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data,
-+									PK11SymKey* symkey ) ;
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ;
-+
-+XMLSEC_CRYPTO_EXPORT PK11SymKey*   xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data);
-+
-+
-+#ifdef __cplusplus
-+}
-+#endif /* __cplusplus */
-+
-+#endif /* __XMLSEC_NSS_CIPHERS_H__ */
-+
-+
-diff --git a/include/xmlsec/nss/keysstore.h b/include/xmlsec/nss/keysstore.h
-index eb64d3c3..369a1453 100644
---- a/include/xmlsec/nss/keysstore.h
-+++ b/include/xmlsec/nss/keysstore.h
-@@ -16,6 +16,8 @@ extern "C" {
- #endif /* __cplusplus */
- 
- #include <xmlsec/xmlsec.h>
-+#include <xmlsec/keysmngr.h>
-+#include <xmlsec/nss/tokens.h>
- 
- /****************************************************************************
-  *
-@@ -31,6 +33,8 @@ extern "C" {
- XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId   xmlSecNssKeysStoreGetKlass      (void);
- XMLSEC_CRYPTO_EXPORT int                xmlSecNssKeysStoreAdoptKey      (xmlSecKeyStorePtr store,
-                                                                          xmlSecKeyPtr key);
-+XMLSEC_CRYPTO_EXPORT int               xmlSecNssKeysStoreAdoptKeySlot(xmlSecKeyStorePtr store,
-+                                                                        xmlSecNssKeySlotPtr keySlot);
- XMLSEC_CRYPTO_EXPORT int                xmlSecNssKeysStoreLoad  (xmlSecKeyStorePtr store,
-                                                                  const char *uri,
-                                                                  xmlSecKeysMngrPtr keysMngr);
-diff --git a/include/xmlsec/nss/tokens.h b/include/xmlsec/nss/tokens.h
-new file mode 100644
-index 00000000..444c5614
---- /dev/null
-+++ b/include/xmlsec/nss/tokens.h
-@@ -0,0 +1,182 @@
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ * 
-+ * Copyright (c) 2003 Sun Microsystems, Inc.  All rights reserved.
-+ * 
-+ * Contributor(s): _____________________________
-+ * 
-+ */
-+#ifndef __XMLSEC_NSS_TOKENS_H__
-+#define __XMLSEC_NSS_TOKENS_H__
-+
-+#include <string.h>
-+
-+#include <nss.h>
-+#include <pk11func.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/list.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif /* __cplusplus */ 
-+
-+/**
-+ * xmlSecNssKeySlotListId
-+ *
-+ * The crypto mechanism list klass
-+ */
-+#define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass()
-+XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ;
-+
-+/*******************************************
-+ * KeySlot interfaces
-+ *******************************************/ 
-+/**
-+ * Internal NSS key slot data
-+ * @mechanismList:		the mechanisms that the slot bound with.
-+ * @slot:				the pkcs slot
-+ *
-+ * This context is located after xmlSecPtrList
-+ */
-+typedef struct _xmlSecNssKeySlot	xmlSecNssKeySlot ;
-+typedef struct _xmlSecNssKeySlot*	xmlSecNssKeySlotPtr ;
-+
-+struct _xmlSecNssKeySlot {
-+	CK_MECHANISM_TYPE_PTR	mechanismList ; /* mech. array, NULL ternimated */
-+	PK11SlotInfo*			slot ;
-+} ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotSetMechList(
-+	xmlSecNssKeySlotPtr keySlot ,
-+	CK_MECHANISM_TYPE_PTR mechanismList
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotEnableMech(
-+	xmlSecNssKeySlotPtr keySlot ,
-+	CK_MECHANISM_TYPE mechanism
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotDisableMech(
-+	xmlSecNssKeySlotPtr keySlot ,
-+	CK_MECHANISM_TYPE mechanism
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR
-+xmlSecNssKeySlotGetMechList(
-+    xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotSetSlot(
-+    xmlSecNssKeySlotPtr keySlot ,
-+	PK11SlotInfo* slot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotInitialize(
-+    xmlSecNssKeySlotPtr keySlot ,
-+	PK11SlotInfo* slot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT void
-+xmlSecNssKeySlotFinalize(
-+    xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT PK11SlotInfo*
-+xmlSecNssKeySlotGetSlot(
-+	xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
-+xmlSecNssKeySlotCreate() ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotCopy(
-+	xmlSecNssKeySlotPtr newKeySlot ,
-+	xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
-+xmlSecNssKeySlotDuplicate(
-+	xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT void
-+xmlSecNssKeySlotDestroy(
-+	    xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotBindMech(
-+	xmlSecNssKeySlotPtr keySlot ,
-+	CK_MECHANISM_TYPE type
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotSupportMech(
-+	xmlSecNssKeySlotPtr keySlot ,
-+	CK_MECHANISM_TYPE type
-+) ;
-+
-+
-+/************************************************************************
-+ * PKCS#11 crypto token interfaces
-+ *
-+ * A PKCS#11 slot repository will be defined internally. From the
-+ * repository, a user can specify a particular slot for a certain crypto
-+ * mechanism.
-+ *
-+ * In some situation, some cryptographic operation should act in a user
-+ * designated devices. The interfaces defined here provide the way. If 
-+ * the user do not initialize the repository distinctly, the interfaces
-+ * use the default functions provided by NSS itself.
-+ *
-+ ************************************************************************/
-+/**
-+ * Initialize NSS pkcs#11 slot repository
-+ *
-+ * Returns 0 if success or -1 if an error occurs.
-+ */
-+XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ;
-+
-+/**
-+ * Shutdown and destroy NSS pkcs#11 slot repository
-+ */
-+XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ;
-+
-+/**
-+ * Get PKCS#11 slot handler
-+ * @type	the mechanism that the slot must support.
-+ *
-+ * Returns a pointer to PKCS#11 slot or NULL if an error occurs.
-+ *
-+ * Notes: The returned handler must be destroied distinctly.
-+ */
-+XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ;
-+
-+/**
-+ * Adopt a pkcs#11 slot with a mechanism into the repository
-+ * @slot:	the pkcs#11 slot.
-+ * @mech:	the mechanism.
-+ *
-+ * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with
-+ * this mechanism only can perform on the @slot.
-+ * 
-+ * Returns 0 if success or -1 if an error occurs.
-+ */
-+XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ;
-+
-+#ifdef __cplusplus
-+}
-+#endif /* __cplusplus */
-+
-+#endif	/* __XMLSEC_NSS_TOKENS_H__ */
-+
-diff --git a/src/nss/Makefile.am b/src/nss/Makefile.am
-index e666f33c..ec9e7896 100644
---- a/src/nss/Makefile.am
-+++ b/src/nss/Makefile.am
-@@ -35,6 +35,8 @@ libxmlsec1_nss_la_SOURCES =\
- 	kw_des.c \
- 	kw_aes.c \
- 	globals.h \
-+	akmngr.c \
-+	tokens.c \
- 	$(NULL)
- 
- libxmlsec1_nss_la_LIBADD = \
-diff --git a/src/nss/Makefile.in b/src/nss/Makefile.in
-index 2861e3ce..7532d90e 100644
---- a/src/nss/Makefile.in
-+++ b/src/nss/Makefile.in
-@@ -140,6 +140,8 @@ am_libxmlsec1_nss_la_OBJECTS = libxmlsec1_nss_la-app.lo \
- 	libxmlsec1_nss_la-x509.lo libxmlsec1_nss_la-x509vfy.lo \
- 	libxmlsec1_nss_la-keysstore.lo libxmlsec1_nss_la-keytrans.lo \
- 	libxmlsec1_nss_la-kw_des.lo libxmlsec1_nss_la-kw_aes.lo \
-+	libxmlsec1_nss_la-akmngr.lo \
-+	libxmlsec1_nss_la-tokens.lo \
- 	$(am__objects_1)
- libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS)
- AM_V_lt = $(am__v_lt_ at AM_V@)
-@@ -474,6 +476,8 @@ libxmlsec1_nss_la_SOURCES = \
- 	kw_des.c \
- 	kw_aes.c \
- 	globals.h \
-+	akmngr.c \
-+	tokens.c \
- 	$(NULL)
- 
- libxmlsec1_nss_la_LIBADD = \
-@@ -584,6 +588,8 @@ distclean-compile:
- @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libxmlsec1_nss_la-symkeys.Plo at am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libxmlsec1_nss_la-x509.Plo at am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libxmlsec1_nss_la-x509vfy.Plo at am__quote@
-+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo at am__quote@
-+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libxmlsec1_nss_la-tokens.Plo at am__quote@
- 
- .c.o:
- @am__fastdepCC_TRUE@	$(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
-@@ -616,6 +622,20 @@ libxmlsec1_nss_la-app.lo: app.c
- @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- @am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
- 
-+libxmlsec1_nss_la-akmngr.lo: akmngr.c
-+ at am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-akmngr.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c
-+ at am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo $(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo
-+ at AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='akmngr.c' object='libxmlsec1_nss_la-akmngr.lo' libtool=yes @AMDEPBACKSLASH@
-+ at AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-+ at am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c
-+
-+libxmlsec1_nss_la-tokens.lo: tokens.c
-+ at am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-tokens.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c
-+ at am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo $(DEPDIR)/libxmlsec1_nss_la-tokens.Plo
-+ at AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='tokens.c' object='libxmlsec1_nss_la-tokens.lo' libtool=yes @AMDEPBACKSLASH@
-+ at AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-+ at am__fastdepCC_FALSE@	$(AM_V_CC at am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c
-+
- libxmlsec1_nss_la-bignum.lo: bignum.c
- @am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-bignum.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo -c -o libxmlsec1_nss_la-bignum.lo `test -f 'bignum.c' || echo '$(srcdir)/'`bignum.c
- @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo $(DEPDIR)/libxmlsec1_nss_la-bignum.Plo
-diff --git a/src/nss/akmngr.c b/src/nss/akmngr.c
-new file mode 100644
-index 00000000..65b94ac5
---- /dev/null
-+++ b/src/nss/akmngr.c
-@@ -0,0 +1,384 @@
-+/** 
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ * 
-+ * Copyright.........................
-+ */
-+#include "globals.h"
-+
-+#include <nspr.h>
-+#include <nss.h>
-+#include <pk11func.h>
-+#include <cert.h>
-+#include <keyhi.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/transforms.h>
-+#include <xmlsec/errors.h>
-+
-+#include <xmlsec/nss/crypto.h>
-+#include <xmlsec/nss/tokens.h>
-+#include <xmlsec/nss/akmngr.h>
-+#include <xmlsec/nss/pkikeys.h>
-+#include <xmlsec/nss/ciphers.h>
-+#include <xmlsec/nss/keysstore.h>
-+
-+/**
-+ * xmlSecNssAppliedKeysMngrCreate:
-+ * @slot:			array of pointers to NSS PKCS#11 slot information.
-+ * @cSlots:			number of slots in the array
-+ * @handler:		the pointer to NSS certificate database.
-+ *
-+ * Create and load NSS crypto slot and certificate database into keys manager
-+ *
-+ * Returns keys manager pointer on success or NULL otherwise.
-+ */
-+xmlSecKeysMngrPtr
-+xmlSecNssAppliedKeysMngrCreate(
-+	PK11SlotInfo** slots, 
-+	int cSlots,
-+	CERTCertDBHandle* handler
-+) {
-+	xmlSecKeyDataStorePtr	certStore = NULL ;
-+	xmlSecKeysMngrPtr		keyMngr = NULL ;
-+	xmlSecKeyStorePtr		keyStore = NULL ;
-+	int islot = 0;
-+	keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ;
-+	if( keyStore == NULL ) {
-+		xmlSecError( XMLSEC_ERRORS_HERE ,
-+			NULL ,
-+			"xmlSecKeyStoreCreate" ,
-+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+			XMLSEC_ERRORS_NO_MESSAGE ) ;
-+		return NULL ;
-+	}
-+
-+	for (islot = 0; islot < cSlots; islot++)
-+	{
-+		xmlSecNssKeySlotPtr		keySlot ;
-+
-+		/* Create a key slot */
-+		keySlot = xmlSecNssKeySlotCreate() ;
-+		if( keySlot == NULL ) {
-+			xmlSecError( XMLSEC_ERRORS_HERE ,
-+				xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+				"xmlSecNssKeySlotCreate" ,
-+				XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+				XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+			xmlSecKeyStoreDestroy( keyStore ) ;
-+			return NULL ;
-+		}
-+
-+		/* Set slot */
-+		if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) {
-+			xmlSecError( XMLSEC_ERRORS_HERE ,
-+				xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+				"xmlSecNssKeySlotSetSlot" ,
-+				XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+				XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+			xmlSecKeyStoreDestroy( keyStore ) ;
-+			xmlSecNssKeySlotDestroy( keySlot ) ;
-+			return NULL ;
-+		}
-+
-+		/* Adopt keySlot */
-+		if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) {
-+			xmlSecError( XMLSEC_ERRORS_HERE ,
-+				xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+				"xmlSecNssKeysStoreAdoptKeySlot" ,
-+				XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+				XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+			xmlSecKeyStoreDestroy( keyStore ) ;
-+			xmlSecNssKeySlotDestroy( keySlot ) ;
-+			return NULL ;
-+		}
-+	}
-+
-+	keyMngr = xmlSecKeysMngrCreate() ;
-+	if( keyMngr == NULL ) {
-+		xmlSecError( XMLSEC_ERRORS_HERE ,
-+			NULL ,
-+			"xmlSecKeysMngrCreate" ,
-+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+			XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+		xmlSecKeyStoreDestroy( keyStore ) ;
-+		return NULL ;
-+	}
-+
-+	/*-
-+	 * Add key store to manager, from now on keys manager destroys the store if
-+	 * needed
-+	 */
-+	if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
-+		xmlSecError( XMLSEC_ERRORS_HERE ,
-+			xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+			"xmlSecKeysMngrAdoptKeyStore" ,
-+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+			XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+		xmlSecKeyStoreDestroy( keyStore ) ;
-+		xmlSecKeysMngrDestroy( keyMngr ) ;
-+		return NULL ;
-+	}
-+
-+	/*-
-+	 * Initialize crypto library specific data in keys manager
-+	 */
-+	if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) {
-+		xmlSecError( XMLSEC_ERRORS_HERE ,
-+			NULL ,
-+			"xmlSecKeysMngrCreate" ,
-+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+			XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+		xmlSecKeysMngrDestroy( keyMngr ) ;
-+		return NULL ;
-+	}
-+
-+	/*-
-+	 * Set certificate databse to X509 key data store
-+	 */
-+	/**
-+	 * Because Tej's implementation of certDB use the default DB, so I ignore
-+	 * the certDB handler at present. I'll modify the cert store sources to
-+	 * accept particular certDB instead of default ones.
-+	certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ;
-+	if( certStore == NULL ) {
-+		xmlSecError( XMLSEC_ERRORS_HERE ,
-+			xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+			"xmlSecKeysMngrGetDataStore" ,
-+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+			XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+		xmlSecKeysMngrDestroy( keyMngr ) ;
-+		return NULL ;
-+	}
-+
-+	if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) {
-+		xmlSecError( XMLSEC_ERRORS_HERE ,
-+			xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+			"xmlSecNssKeyDataStoreX509SetCertDb" ,
-+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+			XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+		xmlSecKeysMngrDestroy( keyMngr ) ;
-+		return NULL ;
-+	}
-+	*/
-+
-+	/*-
-+	 * Set the getKey callback
-+	 */
-+	keyMngr->getKey = xmlSecKeysMngrGetKey ;
-+
-+	return keyMngr ;
-+}
-+
-+int
-+xmlSecNssAppliedKeysMngrSymKeyLoad(
-+	xmlSecKeysMngrPtr	mngr ,
-+	PK11SymKey*			symKey
-+) {
-+	xmlSecKeyPtr		key ;
-+	xmlSecKeyDataPtr	data ;
-+	xmlSecKeyStorePtr	keyStore ;
-+
-+	xmlSecAssert2( mngr != NULL , -1 ) ;
-+	xmlSecAssert2( symKey != NULL , -1 ) ;
-+
-+	keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
-+	if( keyStore == NULL ) {
-+		xmlSecError( XMLSEC_ERRORS_HERE ,
-+			NULL ,
-+			"xmlSecKeysMngrGetKeysStore" ,
-+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+			XMLSEC_ERRORS_NO_MESSAGE ) ;
-+		return(-1) ;
-+	}
-+	xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
-+
-+	data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ;
-+	if( data == NULL ) {
-+		xmlSecError( XMLSEC_ERRORS_HERE ,
-+			NULL ,
-+			"xmlSecNssSymKeyDataKeyAdopt" ,
-+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+			XMLSEC_ERRORS_NO_MESSAGE ) ;
-+		return(-1) ;
-+	}
-+
-+	key = xmlSecKeyCreate() ;
-+	if( key == NULL ) {
-+		xmlSecError( XMLSEC_ERRORS_HERE ,
-+			NULL ,
-+			"xmlSecNssSymKeyDataKeyAdopt" ,
-+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+			XMLSEC_ERRORS_NO_MESSAGE ) ;
-+		xmlSecKeyDataDestroy( data ) ;
-+		return(-1) ;
-+	}
-+
-+	if( xmlSecKeySetValue( key , data ) < 0 ) {
-+		xmlSecError( XMLSEC_ERRORS_HERE ,
-+			NULL ,
-+			"xmlSecNssSymKeyDataKeyAdopt" ,
-+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+			XMLSEC_ERRORS_NO_MESSAGE ) ;
-+		xmlSecKeyDataDestroy( data ) ;
-+		return(-1) ;
-+	}
-+
-+	if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
-+		xmlSecError( XMLSEC_ERRORS_HERE ,
-+			NULL ,
-+			"xmlSecNssSymKeyDataKeyAdopt" ,
-+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+			XMLSEC_ERRORS_NO_MESSAGE ) ;
-+		xmlSecKeyDestroy( key ) ;
-+		return(-1) ;
-+	}
-+
-+	return(0) ;
-+}
-+
-+int
-+xmlSecNssAppliedKeysMngrPubKeyLoad(
-+	xmlSecKeysMngrPtr	mngr ,
-+	SECKEYPublicKey*	pubKey
-+) {
-+	xmlSecKeyPtr		key ;
-+	xmlSecKeyDataPtr	data ;
-+	xmlSecKeyStorePtr	keyStore ;
-+
-+	xmlSecAssert2( mngr != NULL , -1 ) ;
-+	xmlSecAssert2( pubKey != NULL , -1 ) ;
-+
-+	keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
-+	if( keyStore == NULL ) {
-+		xmlSecError( XMLSEC_ERRORS_HERE ,
-+			NULL ,
-+			"xmlSecKeysMngrGetKeysStore" ,
-+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+			XMLSEC_ERRORS_NO_MESSAGE ) ;
-+		return(-1) ;
-+	}
-+	xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
-+
-+	data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
-+	if( data == NULL ) {
-+		xmlSecError( XMLSEC_ERRORS_HERE ,
-+			NULL ,
-+			"xmlSecNssPKIAdoptKey" ,
-+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+			XMLSEC_ERRORS_NO_MESSAGE ) ;
-+		return(-1) ;
-+	}
-+
-+	key = xmlSecKeyCreate() ;
-+	if( key == NULL ) {
-+		xmlSecError( XMLSEC_ERRORS_HERE ,
-+			NULL ,
-+			"xmlSecNssSymKeyDataKeyAdopt" ,
-+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+			XMLSEC_ERRORS_NO_MESSAGE ) ;
-+		xmlSecKeyDataDestroy( data ) ;
-+		return(-1) ;
-+	}
-+
-+	if( xmlSecKeySetValue( key , data ) < 0 ) {
-+		xmlSecError( XMLSEC_ERRORS_HERE ,
-+			NULL ,
-+			"xmlSecNssSymKeyDataKeyAdopt" ,
-+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+			XMLSEC_ERRORS_NO_MESSAGE ) ;
-+		xmlSecKeyDataDestroy( data ) ;
-+		return(-1) ;
-+	}
-+
-+	if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
-+		xmlSecError( XMLSEC_ERRORS_HERE ,
-+			NULL ,
-+			"xmlSecNssSymKeyDataKeyAdopt" ,
-+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+			XMLSEC_ERRORS_NO_MESSAGE ) ;
-+		xmlSecKeyDestroy( key ) ;
-+		return(-1) ;
-+	}
-+
-+	return(0) ;
-+}
-+
-+int
-+xmlSecNssAppliedKeysMngrPriKeyLoad(
-+	xmlSecKeysMngrPtr	mngr ,
-+	SECKEYPrivateKey*	priKey
-+) {
-+	xmlSecKeyPtr		key ;
-+	xmlSecKeyDataPtr	data ;
-+	xmlSecKeyStorePtr	keyStore ;
-+
-+	xmlSecAssert2( mngr != NULL , -1 ) ;
-+	xmlSecAssert2( priKey != NULL , -1 ) ;
-+
-+	keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
-+	if( keyStore == NULL ) {
-+		xmlSecError( XMLSEC_ERRORS_HERE ,
-+			NULL ,
-+			"xmlSecKeysMngrGetKeysStore" ,
-+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+			XMLSEC_ERRORS_NO_MESSAGE ) ;
-+		return(-1) ;
-+	}
-+	xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
-+
-+	data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
-+	if( data == NULL ) {
-+		xmlSecError( XMLSEC_ERRORS_HERE ,
-+			NULL ,
-+			"xmlSecNssPKIAdoptKey" ,
-+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+			XMLSEC_ERRORS_NO_MESSAGE ) ;
-+		return(-1) ;
-+	}
-+
-+	key = xmlSecKeyCreate() ;
-+	if( key == NULL ) {
-+		xmlSecError( XMLSEC_ERRORS_HERE ,
-+			NULL ,
-+			"xmlSecNssSymKeyDataKeyAdopt" ,
-+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+			XMLSEC_ERRORS_NO_MESSAGE ) ;
-+		xmlSecKeyDataDestroy( data ) ;
-+		return(-1) ;
-+	}
-+
-+	if( xmlSecKeySetValue( key , data ) < 0 ) {
-+		xmlSecError( XMLSEC_ERRORS_HERE ,
-+			NULL ,
-+			"xmlSecNssSymKeyDataKeyAdopt" ,
-+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+			XMLSEC_ERRORS_NO_MESSAGE ) ;
-+		xmlSecKeyDataDestroy( data ) ;
-+		return(-1) ;
-+	}
-+
-+	if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
-+		xmlSecError( XMLSEC_ERRORS_HERE ,
-+			NULL ,
-+			"xmlSecNssSymKeyDataKeyAdopt" ,
-+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+			XMLSEC_ERRORS_NO_MESSAGE ) ;
-+		xmlSecKeyDestroy( key ) ;
-+		return(-1) ;
-+	}
-+
-+	return(0) ;
-+}
-+
-diff --git a/src/nss/hmac.c b/src/nss/hmac.c
-index 558d4b93..2ef668c1 100644
---- a/src/nss/hmac.c
-+++ b/src/nss/hmac.c
-@@ -23,8 +23,8 @@
- #include <xmlsec/transforms.h>
- #include <xmlsec/errors.h>
- 
--#include <xmlsec/nss/app.h>
- #include <xmlsec/nss/crypto.h>
-+#include <xmlsec/nss/tokens.h>
- 
- /* sizes in bits */
- #define XMLSEC_NSS_MIN_HMAC_SIZE                80
-@@ -355,9 +355,9 @@ xmlSecNssHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
-     keyItem.data = xmlSecBufferGetData(buffer);
-     keyItem.len  = xmlSecBufferGetSize(buffer);
- 
--    slot = PK11_GetBestSlot(ctx->digestType, NULL);
-+    slot = xmlSecNssSlotGet(ctx->digestType);
-     if(slot == NULL) {
--        xmlSecNssError("PK11_GetBestSlot", xmlSecTransformGetName(transform));
-+        xmlSecNssError("xmlSecNssSlotGet", xmlSecTransformGetName(transform));
-         return(-1);
-     }
- 
-diff --git a/src/nss/keysstore.c b/src/nss/keysstore.c
-index 0976e4a9..03baa887 100644
---- a/src/nss/keysstore.c
-+++ b/src/nss/keysstore.c
-@@ -1,36 +1,56 @@
- /*
-  * XML Security Library (http://www.aleksey.com/xmlsec).
-  *
-- * Nss keys store that uses Simple Keys Store under the hood. Uses the
-- * Nss DB as a backing store for the finding keys, but the NSS DB is
-- * not written to by the keys store.
-- * So, if store->findkey is done and the key is not found in the simple
-- * keys store, the NSS DB is looked up.
-- * If store is called to adopt a key, that key is not written to the NSS
-- * DB.
-- * Thus, the NSS DB can be used to pre-load keys and becomes an alternate
-- * source of keys for xmlsec
-- *
-  * This is free software; see Copyright file in the source
-  * distribution for precise wording.
-  *
-  * Copyright (c) 2003 America Online, Inc.  All rights reserved.
-  */
-+
-+/**
-+ * NSS key store uses a key list and a slot list as the key repository. NSS slot
-+ * list is a backup repository for the finding keys. If a key is not found from
-+ * the key list, the NSS slot list is looked up.
-+ *
-+ * Any key in the key list will not save to pkcs11 slot. When a store to called
-+ * to adopt a key, the key is resident in the key list; While a store to called
-+ * to set a is resident in the key list; While a store to called to set a slot 
-+ * list, which means that the keys in the listed slot can be used for xml sign-
-+ * nature or encryption.
-+ *
-+ * Then, a user can adjust slot list to effect the crypto behaviors of xmlSec.
-+ *
-+ * The framework will decrease the user interfaces to administrate xmlSec crypto
-+ * engine. He can only focus on NSS layer functions. For examples, after the
-+ * user set up a slot list handler to the keys store, he do not need to do any
-+ * other work atop xmlSec interfaces, his action on the slot list handler, such
-+ * as add a token to, delete a token from the list, will directly effect the key
-+ * store behaviors.
-+ *
-+ * For example, a scenariio:
-+ * 0. Create a slot list;( NSS interfaces )
-+ * 1. Create a keys store;( xmlSec interfaces )
-+ * 2. Set slot list with the keys store;( xmlSec Interfaces )
-+ * 3. Add a slot to the slot list;( NSS interfaces )
-+ * 4. Perform xml signature; ( xmlSec Interfaces )
-+ * 5. Deleter a slot from the slot list;( NSS interfaces )
-+ * 6. Perform xml encryption; ( xmlSec Interfaces )
-+ * 7. Perform xml signature;( xmlSec Interfaces )
-+ * 8. Destroy the keys store;( xmlSec Interfaces )
-+ * 8. Destroy the slot list.( NSS Interfaces )
-+ */
- #include "globals.h"
- 
- #include <stdlib.h>
- #include <string.h>
- 
- #include <nss.h>
--#include <cert.h>
- #include <pk11func.h>
-+#include <prinit.h>
- #include <keyhi.h>
- 
--#include <libxml/tree.h>
--
- #include <xmlsec/xmlsec.h>
--#include <xmlsec/buffer.h>
--#include <xmlsec/base64.h>
-+#include <xmlsec/keys.h>
- #include <xmlsec/errors.h>
- #include <xmlsec/xmltree.h>
- 
-@@ -38,82 +58,461 @@
- 
- #include <xmlsec/nss/crypto.h>
- #include <xmlsec/nss/keysstore.h>
--#include <xmlsec/nss/x509.h>
-+#include <xmlsec/nss/tokens.h>
-+#include <xmlsec/nss/ciphers.h>
- #include <xmlsec/nss/pkikeys.h>
- 
- /****************************************************************************
-  *
-- * Nss Keys Store. Uses Simple Keys Store under the hood
-+ * Internal NSS key store context
-  *
-- * Simple Keys Store ptr is located after xmlSecKeyStore
-+ * This context is located after xmlSecKeyStore
-  *
-  ***************************************************************************/
--#define xmlSecNssKeysStoreSize \
--        (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr))
-+typedef struct _xmlSecNssKeysStoreCtx  xmlSecNssKeysStoreCtx ;
-+typedef struct _xmlSecNssKeysStoreCtx* xmlSecNssKeysStoreCtxPtr ;
- 
--#define xmlSecNssKeysStoreGetSS(store) \
--    ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \
--     (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \
--     (xmlSecKeyStorePtr*)NULL)
-+struct _xmlSecNssKeysStoreCtx {
-+       xmlSecPtrListPtr                keyList ;
-+       xmlSecPtrListPtr                slotList ;
-+} ;
- 
--static int                      xmlSecNssKeysStoreInitialize    (xmlSecKeyStorePtr store);
--static void                     xmlSecNssKeysStoreFinalize      (xmlSecKeyStorePtr store);
--static xmlSecKeyPtr             xmlSecNssKeysStoreFindKey       (xmlSecKeyStorePtr store,
--                                                                 const xmlChar* name,
--                                                                 xmlSecKeyInfoCtxPtr keyInfoCtx);
--
--static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
--    sizeof(xmlSecKeyStoreKlass),
--    xmlSecNssKeysStoreSize,
--
--    /* data */
--    BAD_CAST "NSS-keys-store",          /* const xmlChar* name; */
-+#define xmlSecNssKeysStoreSize \
-+       ( sizeof( xmlSecKeyStore ) + sizeof( xmlSecNssKeysStoreCtx ) )
-+
-+#define xmlSecNssKeysStoreGetCtx( data ) \
-+       ( ( xmlSecNssKeysStoreCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyStore ) ) )
-+
-+int xmlSecNssKeysStoreAdoptKeySlot(
-+       xmlSecKeyStorePtr               store ,
-+       xmlSecNssKeySlotPtr             keySlot
-+) {
-+       xmlSecNssKeysStoreCtxPtr context = NULL ;
-+
-+       xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
-+       xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
-+       context = xmlSecNssKeysStoreGetCtx( store ) ;
-+       if( context == NULL ) {
-+               xmlSecError( XMLSEC_ERRORS_HERE ,
-+                       xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+                       "xmlSecNssKeysStoreGetCtx" ,
-+                       XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+                       XMLSEC_ERRORS_NO_MESSAGE ) ;
-+               return -1 ;
-+       }
-+
-+       if( context->slotList == NULL ) {
-+               if( ( context->slotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ) == NULL ) {
-+                       xmlSecError( XMLSEC_ERRORS_HERE ,
-+                               xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+                               "xmlSecPtrListCreate" ,
-+                               XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+                               XMLSEC_ERRORS_NO_MESSAGE ) ;
-+                       return -1 ;
-+               }
-+       }
-+
-+       if( !xmlSecPtrListCheckId( context->slotList , xmlSecNssKeySlotListId ) ) {
-+               xmlSecError( XMLSEC_ERRORS_HERE ,
-+                       xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+                       "xmlSecPtrListCheckId" ,
-+                       XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+                       XMLSEC_ERRORS_NO_MESSAGE ) ;
-+               return -1 ;
-+       }
-+
-+       if( xmlSecPtrListAdd( context->slotList , keySlot ) < 0 ) {
-+               xmlSecError( XMLSEC_ERRORS_HERE ,
-+                       xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+                       "xmlSecPtrListAdd" ,
-+                       XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+                       XMLSEC_ERRORS_NO_MESSAGE ) ;
-+               return -1 ;
-+       }
-+       return 0 ;
-+}
- 
--    /* constructors/destructor */
--    xmlSecNssKeysStoreInitialize,       /* xmlSecKeyStoreInitializeMethod initialize; */
--    xmlSecNssKeysStoreFinalize,         /* xmlSecKeyStoreFinalizeMethod finalize; */
--    xmlSecNssKeysStoreFindKey,          /* xmlSecKeyStoreFindKeyMethod findKey; */
-+int xmlSecNssKeysStoreAdoptKey(
-+       xmlSecKeyStorePtr       store ,
-+       xmlSecKeyPtr            key
-+) {
-+       xmlSecNssKeysStoreCtxPtr context = NULL ;
-+
-+       xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
-+       xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
-+
-+       context = xmlSecNssKeysStoreGetCtx( store ) ;
-+       if( context == NULL ) {
-+               xmlSecError( XMLSEC_ERRORS_HERE ,
-+                       xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+                       "xmlSecNssKeysStoreGetCtx" ,
-+                       XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+                       XMLSEC_ERRORS_NO_MESSAGE ) ;
-+               return -1 ;
-+       }
-+
-+       if( context->keyList == NULL ) {
-+               if( ( context->keyList = xmlSecPtrListCreate( xmlSecKeyPtrListId ) ) == NULL ) {
-+                       xmlSecError( XMLSEC_ERRORS_HERE ,
-+                               xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+                               "xmlSecPtrListCreate" ,
-+                               XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+                               XMLSEC_ERRORS_NO_MESSAGE ) ;
-+                       return -1 ;
-+               }
-+       }
-+
-+       if( !xmlSecPtrListCheckId( context->keyList , xmlSecKeyPtrListId ) ) {
-+               xmlSecError( XMLSEC_ERRORS_HERE ,
-+                       xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+                       "xmlSecPtrListCheckId" ,
-+                       XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+                       XMLSEC_ERRORS_NO_MESSAGE ) ;
-+               return -1 ;
-+       }
-+
-+       if( xmlSecPtrListAdd( context->keyList , key ) < 0 ) {
-+               xmlSecError( XMLSEC_ERRORS_HERE ,
-+                       xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+                       "xmlSecPtrListAdd" ,
-+                       XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+                       XMLSEC_ERRORS_NO_MESSAGE ) ;
-+               return -1 ;
-+       }
-+
-+       return 0 ;
-+}
- 
--    /* reserved for the future */
--    NULL,                               /* void* reserved0; */
--    NULL,                               /* void* reserved1; */
--};
-+/*
-+ * xmlSecKeyStoreInitializeMethod:
-+ * @store:             the store.
-+ *
-+ * Keys store specific initialization method.
-+ *
-+ * Returns 0 on success or a negative value if an error occurs.
-+ */
-+static int
-+xmlSecNssKeysStoreInitialize(
-+       xmlSecKeyStorePtr store
-+) {
-+       xmlSecNssKeysStoreCtxPtr context = NULL ;
-+
-+       xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
-+       xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
-+
-+       context = xmlSecNssKeysStoreGetCtx( store ) ;
-+       if( context == NULL ) {
-+               xmlSecError( XMLSEC_ERRORS_HERE ,
-+                       xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+                       "xmlSecNssKeysStoreGetCtx" ,
-+                       XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+                       XMLSEC_ERRORS_NO_MESSAGE ) ;
-+               return -1 ;
-+       }
-+
-+       context->keyList = NULL ;
-+       context->slotList = NULL ;
-+
-+       return 0 ;
-+}
- 
- /**
-- * xmlSecNssKeysStoreGetKlass:
-  *
-- * The Nss list based keys store klass.
-+ * xmlSecKeyStoreFinalizeMethod:
-+ * @store:             the store.
-  *
-- * Returns: Nss list based keys store klass.
-+ * Keys store specific finalization (destroy) method.
-  */
--xmlSecKeyStoreId
--xmlSecNssKeysStoreGetKlass(void) {
--    return(&xmlSecNssKeysStoreKlass);
-+void
-+xmlSecNssKeysStoreFinalize(
-+       xmlSecKeyStorePtr store
-+) {
-+       xmlSecNssKeysStoreCtxPtr context = NULL ;
-+
-+       xmlSecAssert( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) ) ;
-+       xmlSecAssert( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) ) ;
-+
-+       context = xmlSecNssKeysStoreGetCtx( store ) ;
-+       if( context == NULL ) {
-+               xmlSecError( XMLSEC_ERRORS_HERE ,
-+                       xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+                       "xmlSecNssKeysStoreGetCtx" ,
-+                       XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+                       XMLSEC_ERRORS_NO_MESSAGE ) ;
-+               return ;
-+       }
-+
-+       if( context->keyList != NULL ) {
-+               xmlSecPtrListDestroy( context->keyList ) ;
-+               context->keyList = NULL ;
-+       }
-+
-+       if( context->slotList != NULL ) {
-+               xmlSecPtrListDestroy( context->slotList ) ;
-+               context->slotList = NULL ;
-+       }
- }
- 
--/**
-- * xmlSecNssKeysStoreAdoptKey:
-- * @store:              the pointer to Nss keys store.
-- * @key:                the pointer to key.
-+xmlSecKeyPtr
-+xmlSecNssKeysStoreFindKeyFromSlot(
-+       PK11SlotInfo* slot,
-+       const xmlChar* name,
-+       xmlSecKeyInfoCtxPtr keyInfoCtx
-+) {
-+       xmlSecKeyPtr            key = NULL ;
-+       xmlSecKeyDataPtr        data = NULL ;
-+       int                                     length ;
-+
-+       xmlSecAssert2( slot != NULL , NULL ) ;
-+       xmlSecAssert2( name != NULL , NULL ) ;
-+       xmlSecAssert2( keyInfoCtx != NULL , NULL ) ;
-+
-+       if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSymmetric ) == xmlSecKeyDataTypeSymmetric ) {
-+               PK11SymKey*                     symKey ;
-+               PK11SymKey*                     curKey ;
-+
-+               /* Find symmetric key from the slot by name */
-+               symKey = PK11_ListFixedKeysInSlot( slot , ( char* )name , NULL ) ;
-+               for( curKey = symKey ; curKey != NULL ; curKey = PK11_GetNextSymKey( curKey ) ) {
-+                       /* Check the key request */
-+                       length = PK11_GetKeyLength( curKey ) ;
-+                       length *= 8 ;
-+                       if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
-+                               ( length > 0 ) &&
-+                               ( length < keyInfoCtx->keyReq.keyBitsSize ) )
-+                               continue ;
-+
-+                       /* We find a eligible key */
-+                       data = xmlSecNssSymKeyDataKeyAdopt( curKey ) ;
-+                       if( data == NULL ) {
-+                               /* Do nothing */
-+                       }
-+                       break ;
-+               }
-+
-+               /* Destroy the sym key list */
-+               for( curKey = symKey ; curKey != NULL ; ) {
-+                       symKey = curKey ;
-+                       curKey = PK11_GetNextSymKey( symKey ) ;
-+                       PK11_FreeSymKey( symKey ) ;
-+               }
-+       } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
-+               SECKEYPublicKeyList*            pubKeyList ;
-+               SECKEYPublicKey*                        pubKey ;
-+               SECKEYPublicKeyListNode*        curPub ;
-+
-+               /* Find asymmetric key from the slot by name */
-+               pubKeyList = PK11_ListPublicKeysInSlot( slot , ( char* )name ) ;
-+               pubKey = NULL ;
-+               curPub = PUBKEY_LIST_HEAD(pubKeyList);
-+               for( ; !PUBKEY_LIST_END(curPub, pubKeyList) ; curPub = PUBKEY_LIST_NEXT( curPub ) ) {
-+                       /* Check the key request */
-+                       length = SECKEY_PublicKeyStrength( curPub->key ) ;
-+                       length *= 8 ;
-+                       if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
-+                               ( length > 0 ) &&
-+                               ( length < keyInfoCtx->keyReq.keyBitsSize ) )
-+                               continue ;
-+
-+                       /* We find a eligible key */
-+                       pubKey = curPub->key ;
-+                       break ;
-+               }
-+
-+               if( pubKey != NULL ) {
-+                       data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
-+                       if( data == NULL ) {
-+                               /* Do nothing */
-+                       }
-+               }
-+
-+               /* Destroy the public key list */
-+               SECKEY_DestroyPublicKeyList( pubKeyList ) ;
-+       } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
-+               SECKEYPrivateKeyList*           priKeyList = NULL ;
-+               SECKEYPrivateKey*                       priKey = NULL ;
-+               SECKEYPrivateKeyListNode*       curPri ;
-+
-+               /* Find asymmetric key from the slot by name */
-+               priKeyList = PK11_ListPrivKeysInSlot( slot , ( char* )name , NULL ) ;
-+               priKey = NULL ;
-+               curPri = PRIVKEY_LIST_HEAD(priKeyList);
-+               for( ; !PRIVKEY_LIST_END(curPri, priKeyList) ; curPri = PRIVKEY_LIST_NEXT( curPri ) ) {
-+                       /* Check the key request */
-+                       length = PK11_SignatureLen( curPri->key ) ;
-+                       length *= 8 ;
-+                       if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
-+                               ( length > 0 ) &&
-+                               ( length < keyInfoCtx->keyReq.keyBitsSize ) )
-+                               continue ;
-+
-+                       /* We find a eligible key */
-+                       priKey = curPri->key ;
-+                       break ;
-+               }
-+
-+               if( priKey != NULL ) {
-+                       data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
-+                       if( data == NULL ) {
-+                               /* Do nothing */
-+                       }
-+               }
-+
-+               /* Destroy the private key list */
-+               SECKEY_DestroyPrivateKeyList( priKeyList ) ;
-+       }
-+
-+       /* If we have gotten the key value */
-+       if( data != NULL ) {
-+               if( ( key = xmlSecKeyCreate() ) == NULL ) {
-+                       xmlSecError( XMLSEC_ERRORS_HERE ,
-+                               NULL ,
-+                               "xmlSecKeyCreate" ,
-+                               XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+                               XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+                       xmlSecKeyDataDestroy( data ) ;
-+                       return NULL ;
-+               }
-+
-+               if( xmlSecKeySetValue( key , data ) < 0 ) {
-+                       xmlSecError( XMLSEC_ERRORS_HERE ,
-+                               NULL ,
-+                               "xmlSecKeySetValue" ,
-+                               XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+                               XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+                       xmlSecKeyDestroy( key ) ;
-+                       xmlSecKeyDataDestroy( data ) ;
-+                       return NULL ;
-+               }
-+       }
-+
-+    return(key);
-+}
-+
-+/** 
-+ * xmlSecKeyStoreFindKeyMethod:
-+ * @store:             the store.
-+ * @name:              the desired key name.
-+ * @keyInfoCtx:        the pointer to key info context.
-  *
-- * Adds @key to the @store.
-+ * Keys store specific find method. The caller is responsible for destroying 
-+ * the returned key using #xmlSecKeyDestroy method.
-  *
-- * Returns: 0 on success or a negative value if an error occurs.
-+ * Returns the pointer to a key or NULL if key is not found or an error occurs.
-  */
--int
--xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) {
--    xmlSecKeyStorePtr *ss;
-+static xmlSecKeyPtr
-+xmlSecNssKeysStoreFindKey(
-+       xmlSecKeyStorePtr store ,
-+       const xmlChar* name ,
-+       xmlSecKeyInfoCtxPtr keyInfoCtx
-+) {
-+    xmlSecNssKeysStoreCtxPtr context = NULL ;
-+    xmlSecKeyPtr    key = NULL ;
-+    xmlSecNssKeySlotPtr     keySlot = NULL ;
-+    xmlSecSize              pos ;
-+    xmlSecSize              size ;
-+
-+    xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , NULL ) ;
-+    xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , NULL ) ;
-+    xmlSecAssert2( keyInfoCtx != NULL , NULL ) ;
-+
-+    context = xmlSecNssKeysStoreGetCtx( store ) ;
-+    if( context == NULL ) {
-+            xmlSecError( XMLSEC_ERRORS_HERE ,
-+                    xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+                    "xmlSecNssKeysStoreGetCtx" ,
-+                    XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+                    XMLSEC_ERRORS_NO_MESSAGE ) ;
-+            return NULL ;
-+    }
- 
--    xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
--    xmlSecAssert2((key != NULL), -1);
-+    /*-
-+     * Look for key at keyList at first.
-+     */
-+    if( context->keyList != NULL ) {
-+            size = xmlSecPtrListGetSize( context->keyList ) ;
-+            for( pos = 0 ; pos < size ; pos ++ ) {
-+                    key = ( xmlSecKeyPtr )xmlSecPtrListGetItem( context->keyList , pos ) ;
-+                    if( key != NULL && xmlSecKeyMatch( key , name , &( keyInfoCtx->keyReq ) ) ) {
-+                            return xmlSecKeyDuplicate( key ) ;
-+                    }
-+            }
-+    }
-+
-+    /*-
-+     * Find the key from slotList
-+     */
-+    if( context->slotList != NULL ) {
-+            PK11SlotInfo*                   slot = NULL ;
-+
-+            size = xmlSecPtrListGetSize( context->slotList ) ;
-+            for( pos = 0 ; pos < size ; pos ++ ) {
-+                    keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( context->slotList , pos ) ;
-+                    slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
-+                    if( slot == NULL ) {
-+                            continue ;
-+                    } else {
-+                            key = xmlSecNssKeysStoreFindKeyFromSlot( slot, name, keyInfoCtx ) ;
-+                            if( key == NULL ) {
-+                                    continue ;
-+                            } else {
-+                                    return( key ) ;
-+                            }
-+                    }
-+            }
-+    }
-+
-+    /*-
-+     * Create a session key if we can not find the key from keyList and slotList
-+     */
-+    if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSession ) == xmlSecKeyDataTypeSession ) {
-+            key = xmlSecKeyGenerate( keyInfoCtx->keyReq.keyId , keyInfoCtx->keyReq.keyBitsSize , xmlSecKeyDataTypeSession ) ;
-+            if( key == NULL ) {
-+                    xmlSecError( XMLSEC_ERRORS_HERE ,
-+                            xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+                            "xmlSecKeySetValue" ,
-+                            XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+                            XMLSEC_ERRORS_NO_MESSAGE ) ;
-+                    return NULL ;
-+            }
-+
-+            return key ;
-+    }
-+ 
-+   /**
-+    * We have no way to find the key any more.
-+    */
-+    return NULL ;
-+}
- 
--    ss = xmlSecNssKeysStoreGetSS(store);
--    xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
--                   (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
-+static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
-+       sizeof( xmlSecKeyStoreKlass ) ,
-+       xmlSecNssKeysStoreSize ,
-+       BAD_CAST "implicit_nss_keys_store" ,
-+       xmlSecNssKeysStoreInitialize ,
-+       xmlSecNssKeysStoreFinalize ,
-+       xmlSecNssKeysStoreFindKey ,
-+       NULL ,
-+       NULL
-+} ;
- 
--    return (xmlSecSimpleKeysStoreAdoptKey(*ss, key));
-+/**
-+ * xmlSecNssKeysStoreGetKlass:
-+ *
-+ * The simple list based keys store klass.
-+ *
-+ */
-+xmlSecKeyStoreId
-+xmlSecNssKeysStoreGetKlass( void ) {
-+    return &xmlSecNssKeysStoreKlass ;
- }
- 
-+/**************************
-+ * Application routines
-+ */
-+
- /**
-  * xmlSecNssKeysStoreLoad:
-  * @store:              the pointer to Nss keys store.
-@@ -227,191 +626,126 @@ xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
-  */
- int
- xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) {
--    xmlSecKeyStorePtr *ss;
-+    xmlSecKeyInfoCtx keyInfoCtx;
-+    xmlSecNssKeysStoreCtxPtr context ;
-+    xmlSecPtrListPtr list;
-+    xmlSecKeyPtr key;
-+    xmlSecSize i, keysSize;    
-+    xmlDocPtr doc;
-+    xmlNodePtr cur;
-+    xmlSecKeyDataPtr data;
-+    xmlSecPtrListPtr idsList;
-+    xmlSecKeyDataId dataId;
-+    xmlSecSize idsSize, j;
-+    int ret;
- 
-     xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
--    xmlSecAssert2((filename != NULL), -1);
-+    xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ), -1 ) ;
-+    xmlSecAssert2(filename != NULL, -1);   
- 
--    ss = xmlSecNssKeysStoreGetSS(store);
--    xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
--                   (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
-+    context = xmlSecNssKeysStoreGetCtx( store ) ;
-+    xmlSecAssert2( context != NULL, -1 );
- 
--    return (xmlSecSimpleKeysStoreSave(*ss, filename, type));
--}
--
--static int
--xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) {
--    xmlSecKeyStorePtr *ss;
--
--    xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
--
--    ss = xmlSecNssKeysStoreGetSS(store);
--    xmlSecAssert2(((ss == NULL) || (*ss == NULL)), -1);
-+    list = context->keyList ;
-+       xmlSecAssert2( list != NULL, -1 );
-+    xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1);
- 
--    *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
--    if(*ss == NULL) {
-+    /* create doc */
-+    doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs);
-+    if(doc == NULL) {
-         xmlSecInternalError("xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId)",
-                             xmlSecKeyStoreGetName(store));
-         return(-1);
-     }
- 
--    return(0);
--}
--
--static void
--xmlSecNssKeysStoreFinalize(xmlSecKeyStorePtr store) {
--    xmlSecKeyStorePtr *ss;
--
--    xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId));
--
--    ss = xmlSecNssKeysStoreGetSS(store);
--    xmlSecAssert((ss != NULL) && (*ss != NULL));
--
--    xmlSecKeyStoreDestroy(*ss);
--}
--
--static xmlSecKeyPtr
--xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
--                          xmlSecKeyInfoCtxPtr keyInfoCtx) {
--    xmlSecKeyStorePtr* ss;
--    xmlSecKeyPtr key = NULL;
--    xmlSecKeyPtr retval = NULL;
--    xmlSecKeyReqPtr keyReq = NULL;
--    CERTCertificate *cert = NULL;
--    SECKEYPublicKey *pubkey = NULL;
--    SECKEYPrivateKey *privkey = NULL;
--    xmlSecKeyDataPtr data = NULL;
--    xmlSecKeyDataPtr x509Data = NULL;
--    int ret;
--
--    xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL);
--    xmlSecAssert2(keyInfoCtx != NULL, NULL);
--
--    ss = xmlSecNssKeysStoreGetSS(store);
--    xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL);
--
--    key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx);
--    if (key != NULL) {
--        return (key);
--    }
--
--    /* Try to find the key in the NSS DB, and construct an xmlSecKey.
--     * we must have a name to lookup keys in NSS DB.
--     */
--    if (name == NULL) {
--        goto done;
--    }
-+    idsList = xmlSecKeyDataIdsGet();   
-+    xmlSecAssert2(idsList != NULL, -1);
- 
--    /* what type of key are we looking for?
--     * TBD: For now, we'll look only for public/private keys using the
--     * name as a cert nickname. Later on, we can attempt to find
--     * symmetric keys using PK11_FindFixedKey
--     */
--    keyReq = &(keyInfoCtx->keyReq);
--    if (keyReq->keyType &
--        (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) {
--        cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name);
--        if (cert == NULL) {
--            goto done;
--        }
-+    keysSize = xmlSecPtrListGetSize(list);
-+    idsSize = xmlSecPtrListGetSize(idsList);
-+    for(i = 0; i < keysSize; ++i) {
-+        key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i);
-+        xmlSecAssert2(key != NULL, -1);
- 
--        if (keyReq->keyType & xmlSecKeyDataTypePublic) {
--            pubkey = CERT_ExtractPublicKey(cert);
--            if (pubkey == NULL) {
--                xmlSecNssError("CERT_ExtractPublicKey", NULL);
--                goto done;
--            }
-+        cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs);
-+        if(cur == NULL) {
-+            xmlSecInternalError("xmlSecAddChild",
-+                                xmlSecKeyStoreGetName(store));
-+            xmlFreeDoc(doc); 
-+            return(-1);
-         }
- 
--        if (keyReq->keyType & xmlSecKeyDataTypePrivate) {
--            privkey = PK11_FindKeyByAnyCert(cert, NULL);
--            if (privkey == NULL) {
--                xmlSecNssError("PK11_FindKeyByAnyCert", NULL);
--                goto done;
-+        /* special data key name */
-+        if(xmlSecKeyGetName(key) != NULL) {
-+            if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) {
-+                xmlSecInternalError("xmlSecAddChild",
-+                                    xmlSecKeyStoreGetName(store));
-+            xmlFreeDoc(doc); 
-+            return(-1);
-             }
-         }
- 
--        data = xmlSecNssPKIAdoptKey(privkey, pubkey);
--        if(data == NULL) {
--            xmlSecInternalError("xmlSecNssPKIAdoptKey", NULL);
--            goto done;
--        }
--        privkey = NULL;
--        pubkey = NULL;
-+        /* create nodes for other keys data */
-+        for(j = 0; j < idsSize; ++j) {
-+            dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j);
-+            xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1);
- 
--        key = xmlSecKeyCreate();
--        if (key == NULL) {
--            xmlSecInternalError("xmlSecKeyCreate", NULL);
--            return (NULL);
--        }
-+            if(dataId->dataNodeName == NULL) {
-+                continue;
-+            }
- 
--        x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id);
--        if(x509Data == NULL) {
--            xmlSecInternalError("xmlSecKeyDataCreate",
--                                xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id));
--            goto done;
--        }
-+            data = xmlSecKeyGetData(key, dataId);
-+            if(data == NULL) {
-+                continue;
-+           }
- 
--        ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert);
--        if (ret < 0) {
--            xmlSecInternalError("xmlSecNssKeyDataX509AdoptKeyCert",
--                                xmlSecKeyDataGetName(x509Data));
--            goto done;
--        }
--        cert = CERT_DupCertificate(cert);
--        if (cert == NULL) {
--            xmlSecNssError("CERT_DupCertificate",
--                           xmlSecKeyDataGetName(x509Data));
--            goto done;
-+            if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) {
-+                xmlSecInternalError("xmlSecAddChild",
-+                                    xmlSecKeyStoreGetName(store));
-+                xmlFreeDoc(doc); 
-+                return(-1);
-+           }
-         }
- 
--        ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert);
-+        ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
-         if (ret < 0) {
--            xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert",
--                                xmlSecKeyDataGetName(x509Data));
--            goto done;
-+            xmlSecInternalError("xmlSecKeyInfoCtxInitialize",
-+                                xmlSecKeyStoreGetName(store));
-+            xmlFreeDoc(doc);
-+            return(-1);
-         }
--        cert = NULL;
- 
--        ret = xmlSecKeySetValue(key, data);
--        if (ret < 0) {
--            xmlSecInternalError("xmlSecKeySetValue",
--				xmlSecKeyDataGetName(data));
--            goto done;
--        }
--        data = NULL;
-+        keyInfoCtx.mode                 = xmlSecKeyInfoModeWrite;
-+        keyInfoCtx.keyReq.keyId         = xmlSecKeyDataIdUnknown;
-+        keyInfoCtx.keyReq.keyType       = type;
-+        keyInfoCtx.keyReq.keyUsage      = xmlSecKeyDataUsageAny;
- 
--        ret = xmlSecKeyAdoptData(key, x509Data);
-+        /* finally write key in the node */
-+        ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx);
-         if (ret < 0) {
--            xmlSecInternalError("xmlSecKeyAdoptData",
--                                xmlSecKeyDataGetName(x509Data));
--            goto done;
-+            xmlSecInternalError("xmlSecKeyInfoNodeWrite",
-+                                xmlSecKeyStoreGetName(store));
-+        xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
-+        xmlFreeDoc(doc); 
-+        return(-1);
-         }
--        x509Data = NULL;
- 
--        retval = key;
--        key = NULL;
-+        xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
-     }
- 
--done:
--    if (cert != NULL) {
--        CERT_DestroyCertificate(cert);
--    }
--    if (pubkey != NULL) {
--        SECKEY_DestroyPublicKey(pubkey);
--    }
--    if (privkey != NULL) {
--        SECKEY_DestroyPrivateKey(privkey);
--    }
--    if (data != NULL) {
--        xmlSecKeyDataDestroy(data);
--    }
--    if (x509Data != NULL) {
--        xmlSecKeyDataDestroy(x509Data);
--    }
--    if (key != NULL) {
--        xmlSecKeyDestroy(key);
-+    /* now write result */
-+    ret = xmlSaveFormatFile(filename, doc, 1);
-+    if (ret < 0) {
-+        xmlSecError(XMLSEC_ERRORS_HERE,
-+                    xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
-+            "xmlSaveFormatFile",
-+            XMLSEC_ERRORS_R_XML_FAILED,
-+            "filename=%s", 
-+            xmlSecErrorsSafeString(filename));
-+        xmlFreeDoc(doc); 
-+        return(-1);
-     }
- 
--    return (retval);
-+    xmlFreeDoc(doc);
-+    return(0);
- }
-diff --git a/src/nss/pkikeys.c b/src/nss/pkikeys.c
-index 25828aec..0a15dae5 100644
---- a/src/nss/pkikeys.c
-+++ b/src/nss/pkikeys.c
-@@ -24,6 +24,7 @@
- #include <xmlsec/nss/crypto.h>
- #include <xmlsec/nss/bignum.h>
- #include <xmlsec/nss/pkikeys.h>
-+#include <xmlsec/nss/tokens.h>
- 
- /**************************************************************************
-  *
-@@ -115,6 +116,8 @@ xmlSecNSSPKIKeyDataCtxDup(xmlSecNssPKIKeyDataCtxPtr ctxDst,
-                           xmlSecNssPKIKeyDataCtxPtr ctxSrc)
- {
-     xmlSecNSSPKIKeyDataCtxFree(ctxDst);
-+    ctxDst->privkey = NULL ;
-+    ctxDst->pubkey = NULL ;
-     if (ctxSrc->privkey != NULL) {
-         ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey);
-         if(ctxDst->privkey == NULL) {
-@@ -563,9 +566,10 @@ xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
-         goto done;
-     }
- 
--    slot = PK11_GetBestSlot(CKM_DSA, NULL);
-+    slot = xmlSecNssSlotGet(CKM_DSA);
-     if(slot == NULL) {
--        xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataKlassGetName(id));
-+        xmlSecNssError("xmlSecNssSlotGet",
-+                       xmlSecKeyDataKlassGetName(id));
-         ret = -1;
-         goto done;
-     }
-@@ -713,14 +717,14 @@ done:
-     if (slot != NULL) {
-         PK11_FreeSlot(slot);
-     }
--    if (ret != 0) {
-+    
-         if (pubkey != NULL) {
-             SECKEY_DestroyPublicKey(pubkey);
-         }
-         if (data != NULL) {
-             xmlSecKeyDataDestroy(data);
-         }
--    }
-+    
-     return(ret);
- }
- 
-@@ -739,7 +743,7 @@ xmlSecNssKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- 
-     ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
-     xmlSecAssert2(ctx != NULL, -1);
--    xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
-+    /*xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
- 
-     if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
-         /* we can have only private key or public key */
-@@ -826,36 +830,32 @@ xmlSecNssKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe
-     j = PQG_PBITS_TO_INDEX(sizeBits);
-     rv = PK11_PQG_ParamGen(j, &pqgParams, &pqgVerify);
-     if (rv != SECSuccess) {
--        xmlSecNssError2("PK11_PQG_ParamGen", xmlSecKeyDataGetName(data),
-+        xmlSecNssError2("PK11_PQG_ParamGen",
-+                        xmlSecKeyDataGetName(data),
-                         "size=%lu", (unsigned long)sizeBits);
-+	ret = -1;
-         goto done;
-     }
- 
-     rv = PK11_PQG_VerifyParams(pqgParams, pqgVerify, &res);
-     if (rv != SECSuccess || res != SECSuccess) {
--        xmlSecNssError2("PK11_PQG_VerifyParams", xmlSecKeyDataGetName(data),
--                        "size=%lu", (unsigned long)sizeBits);
--        goto done;
--    }
--
--    slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL);
--    if(slot == NULL) {
--        xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataGetName(data));
--        goto done;
--    }
--
--    rv = PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
--    if (rv != SECSuccess) {
--        xmlSecNssError2("PK11_Authenticate", xmlSecKeyDataGetName(data),
--                        "token=%s", xmlSecErrorsSafeString(PK11_GetTokenName(slot)));
-+        xmlSecNssError2("PK11_PQG_VerifyParams",
-+                    xmlSecKeyDataGetName(data),
-+                    "size=%lu", (unsigned long)sizeBits);
-+	ret = -1;
-         goto done;
-     }
- 
-+    slot = xmlSecNssSlotGet(CKM_DSA_KEY_PAIR_GEN);
-+    PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
-     privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams,
-                                    &pubkey, PR_FALSE, PR_TRUE, NULL);
- 
-     if((privkey == NULL) || (pubkey == NULL)) {
--        xmlSecNssError("PK11_GenerateKeyPair", xmlSecKeyDataGetName(data));
-+        xmlSecNssError("PK11_GenerateKeyPair",
-+                    xmlSecKeyDataGetName(data));
-+
-+        ret =  -1;
-         goto done;
-     }
- 
-@@ -866,6 +866,8 @@ xmlSecNssKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe
-         goto done;
-     }
- 
-+    privkey = NULL ;
-+    pubkey = NULL ;
-     ret = 0;
- 
- done:
-@@ -878,16 +880,13 @@ done:
-     if (pqgVerify != NULL) {
-         PK11_PQG_DestroyVerify(pqgVerify);
-     }
--    if (ret == 0) {
--        return (0);
--    }
-     if (pubkey != NULL) {
-         SECKEY_DestroyPublicKey(pubkey);
-     }
-     if (privkey != NULL) {
-         SECKEY_DestroyPrivateKey(privkey);
-     }
--    return(-1);
-+    return(ret);
- }
- 
- static xmlSecKeyDataType
-@@ -897,10 +896,10 @@ xmlSecNssKeyDataDsaGetType(xmlSecKeyDataPtr data) {
-     xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown);
-     ctx = xmlSecNssPKIKeyDataGetCtx(data);
-     xmlSecAssert2(ctx != NULL, -1);
--    xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
-+    /*xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
-     if (ctx->privkey != NULL) {
-         return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
--    } else {
-+    } else if( ctx->pubkey != NULL ) {
-         return(xmlSecKeyDataTypePublic);
-     }
- 
-@@ -914,7 +913,7 @@ xmlSecNssKeyDataDsaGetSize(xmlSecKeyDataPtr data) {
-     xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0);
-     ctx = xmlSecNssPKIKeyDataGetCtx(data);
-     xmlSecAssert2(ctx != NULL, -1);
--    xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
-+    /*xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
- 
-     return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
- }
-@@ -1101,9 +1100,10 @@ xmlSecNssKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
-         goto done;
-     }
- 
--    slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL);
-+    slot = xmlSecNssSlotGet(CKM_RSA_PKCS);
-     if(slot == NULL) {
--        xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataKlassGetName(id));
-+        xmlSecNssError("PK11_GetBestSlot",
-+                       xmlSecKeyDataKlassGetName(id));
-         ret = -1;
-         goto done;
-     }
-@@ -1226,7 +1226,7 @@ xmlSecNssKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- 
-     ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
-     xmlSecAssert2(ctx != NULL, -1);
--    xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
-+    /*xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/
- 
- 
-     if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
-@@ -1282,19 +1282,8 @@ xmlSecNssKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe
-     params.keySizeInBits = sizeBits;
-     params.pe = 65537;
- 
--    slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL);
--    if(slot == NULL) {
--        xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataGetName(data));
--        goto done;
--    }
--
--    rv = PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
--    if (rv != SECSuccess) {
--        xmlSecNssError2("PK11_Authenticate", xmlSecKeyDataGetName(data),
--                        "token=%s", xmlSecErrorsSafeString(PK11_GetTokenName(slot)));
--        goto done;
--    }
--
-+    slot = xmlSecNssSlotGet(CKM_RSA_PKCS_KEY_PAIR_GEN);
-+    PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
-     privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &params,
-                                    &pubkey, PR_FALSE, PR_TRUE, NULL);
-     if(privkey == NULL || pubkey == NULL) {
-@@ -1354,7 +1343,7 @@ xmlSecNssKeyDataRsaGetSize(xmlSecKeyDataPtr data) {
- 
-     ctx = xmlSecNssPKIKeyDataGetCtx(data);
-     xmlSecAssert2(ctx != NULL, -1);
--    xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
-+    /*xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/
- 
-     return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
- }
-diff --git a/src/nss/symkeys.c b/src/nss/symkeys.c
-index c88be8b2..2807f934 100644
---- a/src/nss/symkeys.c
-+++ b/src/nss/symkeys.c
-@@ -14,20 +14,41 @@
- #include <stdio.h>
- #include <string.h>
- 
-+#include <pk11func.h>
-+#include <nss.h>
-+
- #include <xmlsec/xmlsec.h>
- #include <xmlsec/xmltree.h>
-+#include <xmlsec/base64.h>
- #include <xmlsec/keys.h>
- #include <xmlsec/keyinfo.h>
- #include <xmlsec/transforms.h>
- #include <xmlsec/errors.h>
- 
- #include <xmlsec/nss/crypto.h>
-+#include <xmlsec/nss/ciphers.h>
-+#include <xmlsec/nss/tokens.h>
- 
- /*****************************************************************************
-  *
-- * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary
-+ * Symmetic (binary) keys - a wrapper over slot information and PK11SymKey
-  *
-  ****************************************************************************/
-+typedef struct _xmlSecNssSymKeyDataCtx      xmlSecNssSymKeyDataCtx ;
-+typedef struct _xmlSecNssSymKeyDataCtx*     xmlSecNssSymKeyDataCtxPtr ;
-+
-+struct _xmlSecNssSymKeyDataCtx {
-+    CK_MECHANISM_TYPE       cipher ;    /* the symmetic key mechanism */
-+    PK11SlotInfo*           slot ;      /* the key resident slot */
-+    PK11SymKey*             symkey ;    /* the symmetic key */
-+} ;
-+
-+#define xmlSecNssSymKeyDataSize \
-+    ( sizeof( xmlSecKeyData ) + sizeof( xmlSecNssSymKeyDataCtx ) )
-+
-+#define xmlSecNssSymKeyDataGetCtx( data ) \
-+    ( ( xmlSecNssSymKeyDataCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyData ) ) )
-+
- static int      xmlSecNssSymKeyDataInitialize           (xmlSecKeyDataPtr data);
- static int      xmlSecNssSymKeyDataDuplicate            (xmlSecKeyDataPtr dst,
-                                                          xmlSecKeyDataPtr src);
-@@ -66,107 +87,743 @@ static int      xmlSecNssSymKeyDataKlassCheck   (xmlSecKeyDataKlass* klass);
-     (xmlSecKeyDataIsValid((data)) && \
-      xmlSecNssSymKeyDataKlassCheck((data)->id))
- 
-+/**
-+ * xmlSecNssSymKeyDataAdoptKey:
-+ * @data:                              the pointer to symmetric key data.
-+ * @symkey:                            the symmetric key
-+ *
-+ * Set the value of symmetric key data.
-+ *
-+ * Returns 0 on success or a negative value if an error occurs.
-+ */
-+int
-+xmlSecNssSymKeyDataAdoptKey(
-+       xmlSecKeyDataPtr data ,
-+       PK11SymKey* symkey
-+) {
-+       xmlSecNssSymKeyDataCtxPtr context = NULL ;
-+
-+       xmlSecAssert2( xmlSecNssSymKeyDataCheckId( data ), -1 ) ;
-+       xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), -1 ) ;
-+       xmlSecAssert2( symkey != NULL, -1 ) ;
-+
-+       context = xmlSecNssSymKeyDataGetCtx( data ) ;
-+       xmlSecAssert2(context != NULL, -1);
-+
-+       context->cipher = PK11_GetMechanism( symkey ) ;
-+
-+       if( context->slot != NULL ) {
-+               PK11_FreeSlot( context->slot ) ;
-+               context->slot = NULL ;
-+       }
-+       context->slot = PK11_GetSlotFromKey( symkey ) ;
-+
-+       if( context->symkey != NULL ) {
-+               PK11_FreeSymKey( context->symkey ) ;
-+               context->symkey = NULL ;
-+       }
-+       context->symkey = PK11_ReferenceSymKey( symkey ) ;
-+
-+       return 0 ;
-+}
-+
-+xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt(
-+    PK11SymKey*     symKey
-+) {
-+       xmlSecKeyDataPtr        data = NULL ;
-+       CK_MECHANISM_TYPE       mechanism = CKM_INVALID_MECHANISM ;
-+
-+       xmlSecAssert2( symKey != NULL , NULL ) ;
-+
-+       mechanism = PK11_GetMechanism( symKey ) ;
-+       switch( mechanism ) {
-+               case CKM_DES3_KEY_GEN :
-+               case CKM_DES3_CBC :
-+               case CKM_DES3_MAC :
-+                       data = xmlSecKeyDataCreate( xmlSecNssKeyDataDesId ) ;
-+                       if( data == NULL ) {
-+                               xmlSecError( XMLSEC_ERRORS_HERE ,
-+                                       NULL ,
-+                                       "xmlSecKeyDataCreate" ,
-+                                       XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+                                       "xmlSecNssKeyDataDesId" ) ;
-+                               return NULL ;
-+                       }
-+                       break ;
-+               case CKM_AES_KEY_GEN :
-+               case CKM_AES_CBC :
-+               case CKM_AES_MAC :
-+                       data = xmlSecKeyDataCreate( xmlSecNssKeyDataAesId ) ;
-+                       if( data == NULL ) {
-+                               xmlSecError( XMLSEC_ERRORS_HERE ,
-+                                       NULL ,
-+                                       "xmlSecKeyDataCreate" ,
-+                                       XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+                                       "xmlSecNssKeyDataDesId" ) ;
-+                               return NULL ;
-+                       }
-+                       break ;
-+               default :
-+                       xmlSecError( XMLSEC_ERRORS_HERE ,
-+                               NULL ,
-+                               NULL ,
-+                               XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+                               "Unsupported mechanism" ) ;
-+                       return NULL ;
-+       }
-+
-+       if( xmlSecNssSymKeyDataAdoptKey( data , symKey ) < 0 ) {
-+               xmlSecError( XMLSEC_ERRORS_HERE ,
-+                       NULL ,
-+                       "xmlSecNssSymKeyDataAdoptKey" ,
-+                       XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+                       XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+               xmlSecKeyDataDestroy( data ) ;
-+               return NULL ;
-+       }
-+
-+       return data ;
-+}
-+
-+
-+PK11SymKey*
-+xmlSecNssSymKeyDataGetKey(
-+    xmlSecKeyDataPtr data
-+) {
-+    xmlSecNssSymKeyDataCtxPtr ctx;
-+    PK11SymKey* symkey ;
-+
-+    xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), NULL);
-+    xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), NULL);
-+
-+    ctx = xmlSecNssSymKeyDataGetCtx(data);
-+    xmlSecAssert2(ctx != NULL, NULL);
-+
-+    if( ctx->symkey != NULL ) {
-+        symkey = PK11_ReferenceSymKey( ctx->symkey ) ;
-+    } else {
-+        symkey = NULL ;
-+    }
-+
-+    return(symkey);
-+}
-+
- static int
- xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) {
-+    xmlSecNssSymKeyDataCtxPtr ctx;
-+
-     xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
-+    xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), -1);
-+
-+    ctx = xmlSecNssSymKeyDataGetCtx(data);
-+    xmlSecAssert2(ctx != NULL, -1);
-+
-+    memset( ctx, 0, sizeof(xmlSecNssSymKeyDataCtx));
-+
-+    /* Set the block cipher mechanism */
-+#ifndef XMLSEC_NO_DES
-+    if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) {
-+        ctx->cipher = CKM_DES3_KEY_GEN;
-+    } else
-+#endif  /* XMLSEC_NO_DES */
-+
-+#ifndef XMLSEC_NO_AES
-+    if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) {
-+        ctx->cipher = CKM_AES_KEY_GEN;
-+    } else
-+#endif  /* XMLSEC_NO_AES */
-+
-+    if(1) {
-+        xmlSecError( XMLSEC_ERRORS_HERE ,
-+            xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-+            NULL ,
-+            XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+            "Unsupported block cipher" ) ;
-+        return(-1) ;
-+    }
- 
--    return(xmlSecKeyDataBinaryValueInitialize(data));
-+    return(0);
- }
- 
- static int
- xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
-+    xmlSecNssSymKeyDataCtxPtr ctxDst;
-+    xmlSecNssSymKeyDataCtxPtr ctxSrc;
-+
-     xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1);
-+    xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecNssSymKeyDataSize), -1);
-     xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1);
-+    xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecNssSymKeyDataSize), -1);
-     xmlSecAssert2(dst->id == src->id, -1);
- 
--    return(xmlSecKeyDataBinaryValueDuplicate(dst, src));
-+    ctxDst = xmlSecNssSymKeyDataGetCtx(dst);
-+    xmlSecAssert2(ctxDst != NULL, -1);
-+
-+    ctxSrc = xmlSecNssSymKeyDataGetCtx(src);
-+    xmlSecAssert2(ctxSrc != NULL, -1);
-+
-+    ctxDst->cipher = ctxSrc->cipher ;
-+
-+    if( ctxSrc->slot != NULL ) {
-+        if( ctxDst->slot != NULL && ctxDst->slot != ctxSrc->slot ) {
-+            PK11_FreeSlot( ctxDst->slot ) ;
-+            ctxDst->slot = NULL ;
-+        }
-+
-+        if( ctxDst->slot == NULL && ctxSrc->slot != NULL )
-+            ctxDst->slot = PK11_ReferenceSlot( ctxSrc->slot ) ;
-+    } else {
-+        if( ctxDst->slot != NULL ) {
-+            PK11_FreeSlot( ctxDst->slot ) ;
-+            ctxDst->slot = NULL ;
-+        }
-+    }
-+
-+    if( ctxSrc->symkey != NULL ) {
-+        if( ctxDst->symkey != NULL && ctxDst->symkey != ctxSrc->symkey ) {
-+            PK11_FreeSymKey( ctxDst->symkey ) ;
-+            ctxDst->symkey = NULL ;
-+        }
-+
-+        if( ctxDst->symkey == NULL && ctxSrc->symkey != NULL )
-+            ctxDst->symkey = PK11_ReferenceSymKey( ctxSrc->symkey ) ;
-+    } else {
-+        if( ctxDst->symkey != NULL ) {
-+            PK11_FreeSymKey( ctxDst->symkey ) ;
-+            ctxDst->symkey = NULL ;
-+        }
-+    }
-+
-+    return(0);
- }
- 
- static void
- xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) {
-+    xmlSecNssSymKeyDataCtxPtr ctx;
-+
-     xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
-+    xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize));
-+
-+    ctx = xmlSecNssSymKeyDataGetCtx(data);
-+    xmlSecAssert(ctx != NULL);
- 
--    xmlSecKeyDataBinaryValueFinalize(data);
-+    if( ctx->slot != NULL ) {
-+        PK11_FreeSlot( ctx->slot ) ;
-+        ctx->slot = NULL ;
-+    }
-+
-+    if( ctx->symkey != NULL ) {
-+        PK11_FreeSymKey( ctx->symkey ) ;
-+        ctx->symkey = NULL ;
-+    }
-+
-+    ctx->cipher = CKM_INVALID_MECHANISM ;
- }
- 
- static int
- xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
-                                xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
--    xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
-+    PK11SymKey* symKey ;
-+    PK11SlotInfo* slot ;
-+    xmlSecBufferPtr keyBuf;
-+    xmlSecSize len;
-+    xmlSecKeyDataPtr data;
-+    xmlSecNssSymKeyDataCtxPtr ctx;
-+    SECItem keyItem ;
-+    int ret;
-+    
-+    xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
-+    xmlSecAssert2(key != NULL, -1);
-+    xmlSecAssert2(node != NULL, -1);
-+    xmlSecAssert2(keyInfoCtx != NULL, -1);
-+
-+    /* Create a new KeyData from a id */
-+    data = xmlSecKeyDataCreate(id);
-+    if(data == NULL ) {
-+        xmlSecError(XMLSEC_ERRORS_HERE,
-+            xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+            "xmlSecKeyDataCreate",
-+            XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+            XMLSEC_ERRORS_NO_MESSAGE);
-+        return(-1);
-+    }
- 
--    return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx));
-+    ctx = xmlSecNssSymKeyDataGetCtx(data);
-+    xmlSecAssert2(ctx != NULL, -1);
-+
-+    /* Create a buffer for raw symmetric key value */
-+    if( ( keyBuf = xmlSecBufferCreate( 128 ) ) == NULL ) {
-+        xmlSecError( XMLSEC_ERRORS_HERE ,
-+            xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+            "xmlSecBufferCreate" ,
-+            XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+            XMLSEC_ERRORS_NO_MESSAGE ) ;
-+               xmlSecKeyDataDestroy( data ) ;
-+        return(-1) ;
-+    }
-+
-+    /* Read the raw key value */
-+    if( xmlSecBufferBase64NodeContentRead( keyBuf , node ) < 0 ) {
-+        xmlSecError( XMLSEC_ERRORS_HERE ,
-+            xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+            xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
-+            XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+            XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+        xmlSecBufferDestroy( keyBuf ) ;
-+               xmlSecKeyDataDestroy( data ) ;
-+        return(-1) ;
-+    }
-+
-+    /* Get slot */
-+    slot = xmlSecNssSlotGet(ctx->cipher);
-+    if( slot == NULL ) {
-+        xmlSecError( XMLSEC_ERRORS_HERE ,
-+            xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+            "xmlSecNssSlotGet" ,
-+            XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+            XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+        xmlSecBufferDestroy( keyBuf ) ;
-+               xmlSecKeyDataDestroy( data ) ;
-+        return(-1) ;
-+    }
-+
-+    /* Wrap the raw key value SECItem */
-+    keyItem.type = siBuffer ;
-+    keyItem.data = xmlSecBufferGetData( keyBuf ) ;
-+    keyItem.len = xmlSecBufferGetSize( keyBuf ) ;
-+
-+    /* Import the raw key into slot temporalily and get the key handler*/
-+    symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ;
-+    if( symKey == NULL ) {
-+        xmlSecError( XMLSEC_ERRORS_HERE ,
-+            xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+            "PK11_ImportSymKey" ,
-+            XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+            XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+               PK11_FreeSlot( slot ) ;
-+        xmlSecBufferDestroy( keyBuf ) ;
-+               xmlSecKeyDataDestroy( data ) ;
-+        return(-1) ;
-+    }
-+       PK11_FreeSlot( slot ) ;
-+
-+    /* raw key material has been copied into symKey, it isn't used any more */
-+    xmlSecBufferDestroy( keyBuf ) ;
-+    
-+    /* Adopt the symmetric key into key data */
-+    ret = xmlSecNssSymKeyDataAdoptKey(data, symKey);
-+    if(ret < 0) {
-+        xmlSecError(XMLSEC_ERRORS_HERE,
-+            xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+            "xmlSecKeyDataBinaryValueSetBuffer",
-+            XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+            XMLSEC_ERRORS_NO_MESSAGE);
-+        PK11_FreeSymKey( symKey ) ;
-+               xmlSecKeyDataDestroy( data ) ;
-+        return(-1);
-+    }
-+    /* symKey has been duplicated into data, it isn't used any more */
-+    PK11_FreeSymKey( symKey ) ;
-+
-+    /* Check value */
-+    if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
-+        xmlSecError(XMLSEC_ERRORS_HERE,
-+            xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+            "xmlSecKeyReqMatchKeyValue",
-+            XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+            XMLSEC_ERRORS_NO_MESSAGE);
-+               xmlSecKeyDataDestroy( data ) ;
-+        return(0);
-+    }
-+
-+    ret = xmlSecKeySetValue(key, data);
-+    if(ret < 0) {
-+        xmlSecError(XMLSEC_ERRORS_HERE,
-+            xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+            "xmlSecKeySetValue",
-+            XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+            XMLSEC_ERRORS_NO_MESSAGE);
-+               xmlSecKeyDataDestroy( data ) ;
-+        return(-1);
-+    }
-+
-+    return(0);
- }
- 
- static int
- xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
-                                     xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
-+    PK11SymKey* symKey ;
-+
-     xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
-+    xmlSecAssert2(key != NULL, -1);
-+    xmlSecAssert2(node != NULL, -1);
-+    xmlSecAssert2(keyInfoCtx != NULL, -1);
-+
-+       /* Get symmetric key from "key" */
-+    symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key)); 
-+    if( symKey != NULL ) {
-+        SECItem* keyItem ;
-+               xmlSecBufferPtr keyBuf ;
-+
-+               /* Extract raw key data from symmetric key */
-+               if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
-+               xmlSecError(XMLSEC_ERRORS_HERE,
-+               xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+               "PK11_ExtractKeyValue",
-+               XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+               XMLSEC_ERRORS_NO_MESSAGE);
-+                       PK11_FreeSymKey( symKey ) ;
-+               return(-1);
-+               }
-+
-+               /* Get raw key data from "symKey" */
-+        keyItem = PK11_GetKeyData( symKey ) ;
-+           if(keyItem == NULL) {
-+               xmlSecError(XMLSEC_ERRORS_HERE,
-+               xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+               "PK11_GetKeyData",
-+               XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+               XMLSEC_ERRORS_NO_MESSAGE);
-+                       PK11_FreeSymKey( symKey ) ;
-+               return(-1);
-+       }
-+
-+               /* Create key data buffer with raw kwy material */
-+               keyBuf = xmlSecBufferCreate(keyItem->len) ;
-+           if(keyBuf == NULL) {
-+               xmlSecError(XMLSEC_ERRORS_HERE,
-+               xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+               "xmlSecBufferCreate",
-+               XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+               XMLSEC_ERRORS_NO_MESSAGE);
-+                       PK11_FreeSymKey( symKey ) ;
-+               return(-1);
-+       }
-+
-+               xmlSecBufferSetData( keyBuf , keyItem->data , keyItem->len ) ;
-+
-+               /* Write raw key material into current xml node */
-+               if( xmlSecBufferBase64NodeContentWrite( keyBuf, node, XMLSEC_BASE64_LINESIZE ) < 0 ) {
-+               xmlSecError(XMLSEC_ERRORS_HERE,
-+               xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+               "xmlSecBufferBase64NodeContentWrite",
-+               XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+               XMLSEC_ERRORS_NO_MESSAGE);
-+                       xmlSecBufferDestroy(keyBuf);
-+                       PK11_FreeSymKey( symKey ) ;
-+               return(-1);
-+               }
-+               xmlSecBufferDestroy(keyBuf);
-+               PK11_FreeSymKey( symKey ) ;
-+    }
- 
--    return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx));
-+    return 0 ;
- }
- 
- static int
- xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
-                                     const xmlSecByte* buf, xmlSecSize bufSize,
-                                     xmlSecKeyInfoCtxPtr keyInfoCtx) {
--    xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
-+    PK11SymKey* symKey ;
-+    PK11SlotInfo* slot ;
-+    xmlSecKeyDataPtr data;
-+    xmlSecNssSymKeyDataCtxPtr ctx;
-+    SECItem keyItem ;
-+    int ret;
-+
-+    xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
-+    xmlSecAssert2(key != NULL, -1);
-+    xmlSecAssert2(buf != NULL, -1);
-+    xmlSecAssert2(bufSize != 0, -1);
-+    xmlSecAssert2(keyInfoCtx != NULL, -1);
-+
-+    /* Create a new KeyData from a id */
-+    data = xmlSecKeyDataCreate(id);
-+    if(data == NULL ) {
-+        xmlSecError(XMLSEC_ERRORS_HERE,
-+            xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+            "xmlSecKeyDataCreate",
-+            XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+            XMLSEC_ERRORS_NO_MESSAGE);
-+        return(-1);
-+    }
-+
-+    ctx = xmlSecNssSymKeyDataGetCtx(data);
-+    xmlSecAssert2(ctx != NULL, -1);
-+
-+    /* Get slot */
-+    slot = xmlSecNssSlotGet(ctx->cipher);
-+    if( slot == NULL ) {
-+        xmlSecError( XMLSEC_ERRORS_HERE ,
-+            xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+            "xmlSecNssSlotGet" ,
-+            XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+            XMLSEC_ERRORS_NO_MESSAGE ) ;
-+               xmlSecKeyDataDestroy( data ) ;
-+        return(-1) ;
-+    }
- 
--    return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx));
-+    /* Wrap the raw key value SECItem */
-+    keyItem.type = siBuffer ;
-+    keyItem.data = buf ;
-+    keyItem.len = bufSize ;
-+
-+    /* Import the raw key into slot temporalily and get the key handler*/
-+    symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ;
-+    if( symKey == NULL ) {
-+        xmlSecError( XMLSEC_ERRORS_HERE ,
-+            xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+            "PK11_ImportSymKey" ,
-+            XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+            XMLSEC_ERRORS_NO_MESSAGE ) ;
-+               PK11_FreeSlot( slot ) ;
-+               xmlSecKeyDataDestroy( data ) ;
-+        return(-1) ;
-+    }
-+
-+    /* Adopt the symmetric key into key data */
-+    ret = xmlSecNssSymKeyDataAdoptKey(data, symKey);
-+    if(ret < 0) {
-+        xmlSecError(XMLSEC_ERRORS_HERE,
-+            xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+            "xmlSecKeyDataBinaryValueSetBuffer",
-+            XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+            XMLSEC_ERRORS_NO_MESSAGE ) ;
-+        PK11_FreeSymKey( symKey ) ;
-+               PK11_FreeSlot( slot ) ;
-+               xmlSecKeyDataDestroy( data ) ;
-+        return(-1);
-+    }
-+    /* symKey has been duplicated into data, it isn't used any more */
-+    PK11_FreeSymKey( symKey ) ;
-+       PK11_FreeSlot( slot ) ;
-+
-+    /* Check value */
-+    if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
-+        xmlSecError(XMLSEC_ERRORS_HERE,
-+            xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+            "xmlSecKeyReqMatchKeyValue",
-+            XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+            XMLSEC_ERRORS_NO_MESSAGE);
-+               xmlSecKeyDataDestroy( data ) ;
-+        return(0);
-+    }
-+
-+    ret = xmlSecKeySetValue(key, data);
-+    if(ret < 0) {
-+        xmlSecError(XMLSEC_ERRORS_HERE,
-+            xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+            "xmlSecKeySetValue",
-+            XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+            XMLSEC_ERRORS_NO_MESSAGE);
-+               xmlSecKeyDataDestroy( data ) ;
-+        return(-1);
-+    }
-+
-+    return(0);
- }
- 
- static int
- xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
-                                     xmlSecByte** buf, xmlSecSize* bufSize,
-                                     xmlSecKeyInfoCtxPtr keyInfoCtx) {
-+    PK11SymKey* symKey ;
-+
-     xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
-+    xmlSecAssert2(key != NULL, -1);
-+    xmlSecAssert2(buf != NULL, -1);
-+    xmlSecAssert2(bufSize != 0, -1);
-+    xmlSecAssert2(keyInfoCtx != NULL, -1);
-+
-+       /* Get symmetric key from "key" */
-+    symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key)); 
-+    if( symKey != NULL ) {
-+        SECItem* keyItem ;
-+
-+               /* Extract raw key data from symmetric key */
-+               if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
-+               xmlSecError(XMLSEC_ERRORS_HERE,
-+               xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+               "PK11_ExtractKeyValue",
-+               XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+               XMLSEC_ERRORS_NO_MESSAGE);
-+                       PK11_FreeSymKey( symKey ) ;
-+               return(-1);
-+               }
-+
-+               /* Get raw key data from "symKey" */
-+        keyItem = PK11_GetKeyData( symKey ) ;
-+           if(keyItem == NULL) {
-+               xmlSecError(XMLSEC_ERRORS_HERE,
-+               xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+               "PK11_GetKeyData",
-+               XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+                       XMLSEC_ERRORS_NO_MESSAGE);
-+                       PK11_FreeSymKey( symKey ) ;
-+               return(-1);
-+       }
-+
-+               *bufSize = keyItem->len;
-+               *buf = ( xmlSecByte* )xmlMalloc( *bufSize );
-+               if( *buf == NULL ) {
-+               xmlSecError(XMLSEC_ERRORS_HERE,
-+               xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+               NULL,
-+               XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+               XMLSEC_ERRORS_NO_MESSAGE);
-+                       PK11_FreeSymKey( symKey ) ;
-+               return(-1);
-+       }
-+
-+       memcpy((*buf), keyItem->data, (*bufSize));
-+       PK11_FreeSymKey( symKey ) ;
-+    }
- 
--    return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx));
-+    return 0 ;
- }
- 
- static int
- xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
--    xmlSecBufferPtr buffer;
-+    PK11SymKey* symkey ;
-+    PK11SlotInfo* slot ;
-+    xmlSecNssSymKeyDataCtxPtr ctx;
-+    int ret;
- 
-     xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
-     xmlSecAssert2(sizeBits > 0, -1);
- 
--    buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
--    xmlSecAssert2(buffer != NULL, -1);
-+    ctx = xmlSecNssSymKeyDataGetCtx(data);
-+    xmlSecAssert2(ctx != NULL, -1);
-+
-+    if( sizeBits % 8 != 0 ) {
-+            xmlSecError(XMLSEC_ERRORS_HERE,
-+         xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-+         NULL,
-+         XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+         "Symmetric key size must be octuple");
-+     return(-1);
-+    }
-+
-+    /* Get slot */
-+    slot = xmlSecNssSlotGet(ctx->cipher);
-+    if( slot == NULL ) {
-+        xmlSecError( XMLSEC_ERRORS_HERE ,
-+            xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-+            "xmlSecNssSlotGet" ,
-+            XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+            XMLSEC_ERRORS_NO_MESSAGE ) ;
-+        return(-1) ;
-+    }
-+
-+    if( PK11_Authenticate( slot, PR_FALSE , NULL ) != SECSuccess ) {
-+            xmlSecError( XMLSEC_ERRORS_HERE ,
-+                xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
-+                "PK11_Authenticate" ,
-+                XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+                XMLSEC_ERRORS_NO_MESSAGE ) ;
-+            PK11_FreeSlot( slot ) ;
-+            return -1 ;
-+    }
-+
-+    symkey = PK11_KeyGen( slot , ctx->cipher , NULL , sizeBits/8 , NULL ) ;
-+    if( symkey == NULL ) {
-+            xmlSecError( XMLSEC_ERRORS_HERE ,
-+                xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
-+                "PK11_KeyGen" ,
-+                XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+                XMLSEC_ERRORS_NO_MESSAGE ) ;
-+            PK11_FreeSlot( slot ) ;
-+            return -1 ;
-+    }
- 
--    return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8));
-+    if( ctx->slot != NULL ) {
-+            PK11_FreeSlot( ctx->slot ) ;
-+            ctx->slot = NULL ;
-+    }
-+    ctx->slot = slot ;
-+
-+    if( ctx->symkey != NULL ) {
-+            PK11_FreeSymKey( ctx->symkey ) ;
-+            ctx->symkey = NULL ;
-+    }
-+    ctx->symkey = symkey ;
-+
-+    return 0;
- }
- 
- static xmlSecKeyDataType
- xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) {
--    xmlSecBufferPtr buffer;
-+    xmlSecNssSymKeyDataCtxPtr context = NULL ;
-+    xmlSecKeyDataType type = xmlSecKeyDataTypeUnknown ;
- 
-     xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown);
-+    xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), xmlSecKeyDataTypeUnknown ) ;
-+
-+    context = xmlSecNssSymKeyDataGetCtx( data ) ;
-+    if( context == NULL ) {
-+            xmlSecError( XMLSEC_ERRORS_HERE ,
-+                xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
-+                "xmlSecNssSymKeyDataGetCtx" ,
-+                XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+                XMLSEC_ERRORS_NO_MESSAGE ) ;
-+            return xmlSecKeyDataTypeUnknown ;
-+    }
- 
--    buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
--    xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown);
-+    if( context->symkey != NULL ) {
-+            type |= xmlSecKeyDataTypeSymmetric ;
-+    } else {
-+            type |= xmlSecKeyDataTypeUnknown ;
-+    }
- 
--    return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown);
-+    return type ;
- }
- 
- static xmlSecSize
- xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) {
-+    xmlSecNssSymKeyDataCtxPtr context ;
-+    unsigned int    length = 0 ;
-+
-     xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0);
-+    xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), 0 ) ;
-+    context = xmlSecNssSymKeyDataGetCtx( data ) ;
-+    if( context == NULL ) {
-+            xmlSecError( XMLSEC_ERRORS_HERE ,
-+                xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,

... etc. - the rest is truncated


More information about the Libreoffice-commits mailing list