[Libreoffice-commits] core.git: Branch 'distro/lhm/libreoffice-6-1+backports' - external/xmlsec xmlsecurity/source
Miklos Vajna (via logerrit)
logerrit at kemper.freedesktop.org
Mon Mar 29 08:54:20 UTC 2021
external/xmlsec/UnpackedTarball_xmlsec.mk | 1
external/xmlsec/xmlsec1-customkeymanage.patch.1 | 4321 ----------
xmlsecurity/source/xmlsec/nss/securityenvironment_nssimpl.cxx | 36
3 files changed, 4358 deletions(-)
New commits:
commit 5b37612f791c6842e4d8082cdbc9f80fb1488b5c
Author: Miklos Vajna <vmiklos at collabora.co.uk>
AuthorDate: Mon Jun 4 21:25:38 2018 +0200
Commit: Michael Stahl <michael.stahl at allotropia.de>
CommitDate: Mon Mar 29 10:53:49 2021 +0200
libxmlsec: drop not needed xmlsec1-customkeymanage.patch.1
This was added in commit ebd1b95bb5f9235d1dba1b840fd746c9b53320d2
(INTEGRATION: CWS xmlsec08 (1.1.2); FILE ADDED; 2005-03-10) without any
real commit message to explain why this is necessary.
system-xmlsec (not containing this patch) works fine for our XML signing
purposes with software certificates, and just recently I learned that
even hardware-based certificates work fine without this patch, so it can
go away.
I assume this was a refactor to allow some new feature as a next step,
but that feature was never implemented.
[ Committer's note: this xmlsec1-customkeymanage.patch.1 breaks the test
SigningTest::testXAdESNotype():
In xmlSecNssKeyDataX509VerifyAndExtractKey(), code is added to extract
the *private* key of the certificate; upstream only extracts the
public key.
Later this causes a key requirement check in xmlSecKeysMngrGetKey() to
succeed which would otherwise fail, and the certificate to remain
uncleared.
Then xmlSecKeyInfoNodeWrite() writes the certificate into the KeyInfo
element, where it was previously read from, so it is duplicated and
LO's CheckX509Data() fails because of 2 signing certificates. ]
Reviewed-on: https://gerrit.libreoffice.org/55296
Tested-by: Jenkins <ci at libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos at collabora.co.uk>
(cherry picked from commit f06004c03bbd076767a570180b7fc239064713e6)
Change-Id: I31639230483cd34b14b35fd41b4fcd8284476138
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113179
Tested-by: Michael Stahl <michael.stahl at allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl at allotropia.de>
diff --git a/external/xmlsec/UnpackedTarball_xmlsec.mk b/external/xmlsec/UnpackedTarball_xmlsec.mk
index 24be126f1d84..cd824e4cff9b 100644
--- a/external/xmlsec/UnpackedTarball_xmlsec.mk
+++ b/external/xmlsec/UnpackedTarball_xmlsec.mk
@@ -11,7 +11,6 @@ xmlsec_patches :=
xmlsec_patches += xmlsec1-configure.patch.1
xmlsec_patches += xmlsec1-vc.patch.1
xmlsec_patches += xmlsec1-1.2.14_fix_extern_c.patch.1
-xmlsec_patches += xmlsec1-customkeymanage.patch.1
# Backport of <https://github.com/lsh123/xmlsec/pull/172>.
xmlsec_patches += xmlsec1-ecdsa-assert.patch.1
diff --git a/external/xmlsec/xmlsec1-customkeymanage.patch.1 b/external/xmlsec/xmlsec1-customkeymanage.patch.1
deleted file mode 100644
index 14595da6df16..000000000000
--- a/external/xmlsec/xmlsec1-customkeymanage.patch.1
+++ /dev/null
@@ -1,4321 +0,0 @@
-From 57f9146c45b1819afdd79a96a77ea55fb84ddb50 Mon Sep 17 00:00:00 2001
-From: Miklos Vajna <vmiklos at collabora.co.uk>
-Date: Fri, 4 Mar 2016 16:19:12 +0100
-Subject: [PATCH] xmlsec1-customkeymanage.patch
-
-Conflicts:
- include/xmlsec/nss/app.h
- include/xmlsec/nss/keysstore.h
- src/nss/Makefile.in
- src/nss/hmac.c
- src/nss/keysstore.c
- src/nss/pkikeys.c
- src/nss/symkeys.c
- src/nss/x509.c
- src/nss/x509vfy.c
----
- include/xmlsec/nss/Makefile.am | 3 +
- include/xmlsec/nss/Makefile.in | 3 +
- include/xmlsec/nss/akmngr.h | 56 +++
- include/xmlsec/nss/app.h | 5 +
- include/xmlsec/nss/ciphers.h | 35 ++
- include/xmlsec/nss/keysstore.h | 4 +
- include/xmlsec/nss/tokens.h | 182 ++++++++++
- src/nss/Makefile.am | 2 +
- src/nss/Makefile.in | 20 ++
- src/nss/akmngr.c | 384 ++++++++++++++++++++
- src/nss/hmac.c | 6 +-
- src/nss/keysstore.c | 772 +++++++++++++++++++++++++++++------------
- src/nss/pkikeys.c | 81 ++---
- src/nss/symkeys.c | 705 +++++++++++++++++++++++++++++++++++--
- src/nss/tokens.c | 544 +++++++++++++++++++++++++++++
- src/nss/x509.c | 491 ++++++--------------------
- src/nss/x509vfy.c | 248 +++++--------
- 17 files changed, 2703 insertions(+), 838 deletions(-)
- create mode 100644 include/xmlsec/nss/akmngr.h
- create mode 100644 include/xmlsec/nss/ciphers.h
- create mode 100644 include/xmlsec/nss/tokens.h
- create mode 100644 src/nss/akmngr.c
- create mode 100644 src/nss/tokens.c
-
-diff --git a/include/xmlsec/nss/Makefile.am b/include/xmlsec/nss/Makefile.am
-index e3521622..997ca7fd 100644
---- a/include/xmlsec/nss/Makefile.am
-+++ b/include/xmlsec/nss/Makefile.am
-@@ -10,6 +10,9 @@ bignum.h \
- keysstore.h \
- pkikeys.h \
- x509.h \
-+akmngr.h \
-+tokens.h \
-+ciphers.h \
- $(NULL)
-
- install-exec-hook:
-diff --git a/include/xmlsec/nss/Makefile.in b/include/xmlsec/nss/Makefile.in
-index 6fecb4f5..672d10e7 100644
---- a/include/xmlsec/nss/Makefile.in
-+++ b/include/xmlsec/nss/Makefile.in
-@@ -407,6 +407,9 @@ bignum.h \
- keysstore.h \
- pkikeys.h \
- x509.h \
-+akmngr.h \
-+tokens.h \
-+ciphers.h \
- $(NULL)
-
- all: all-am
-diff --git a/include/xmlsec/nss/akmngr.h b/include/xmlsec/nss/akmngr.h
-new file mode 100644
-index 00000000..80535110
---- /dev/null
-+++ b/include/xmlsec/nss/akmngr.h
-@@ -0,0 +1,56 @@
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright ..........................
-+ */
-+#ifndef __XMLSEC_NSS_AKMNGR_H__
-+#define __XMLSEC_NSS_AKMNGR_H__
-+
-+#include <nss.h>
-+#include <nspr.h>
-+#include <pk11func.h>
-+#include <cert.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/transforms.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif /* __cplusplus */
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
-+xmlSecNssAppliedKeysMngrCreate(
-+ PK11SlotInfo** slots,
-+ int cSlots,
-+ CERTCertDBHandle* handler
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssAppliedKeysMngrSymKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ PK11SymKey* symKey
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssAppliedKeysMngrPubKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ SECKEYPublicKey* pubKey
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssAppliedKeysMngrPriKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ SECKEYPrivateKey* priKey
-+) ;
-+
-+#ifdef __cplusplus
-+}
-+#endif /* __cplusplus */
-+
-+#endif /* __XMLSEC_NSS_AKMNGR_H__ */
-+
-+
-diff --git a/include/xmlsec/nss/app.h b/include/xmlsec/nss/app.h
-index 93f6c637..03f6aa14 100644
---- a/include/xmlsec/nss/app.h
-+++ b/include/xmlsec/nss/app.h
-@@ -22,6 +22,9 @@ extern "C" {
- #include <xmlsec/keysmngr.h>
- #include <xmlsec/transforms.h>
-
-+#include <xmlsec/nss/tokens.h>
-+#include <xmlsec/nss/akmngr.h>
-+
- /********************************************************************
- *
- * Init/shutdown
-@@ -40,6 +43,8 @@ XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKey(xmlS
- xmlSecKeyPtr key);
- XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr,
- const char* uri);
-+XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKeySlot(xmlSecKeysMngrPtr mngr,
-+ xmlSecNssKeySlotPtr keySlot);
- XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr,
- const char* filename,
- xmlSecKeyDataType type);
-diff --git a/include/xmlsec/nss/ciphers.h b/include/xmlsec/nss/ciphers.h
-new file mode 100644
-index 00000000..607eb1e0
---- /dev/null
-+++ b/include/xmlsec/nss/ciphers.h
-@@ -0,0 +1,35 @@
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright ..........................
-+ */
-+#ifndef __XMLSEC_NSS_CIPHERS_H__
-+#define __XMLSEC_NSS_CIPHERS_H__
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif /* __cplusplus */
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/transforms.h>
-+
-+
-+XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data,
-+ PK11SymKey* symkey ) ;
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ;
-+
-+XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data);
-+
-+
-+#ifdef __cplusplus
-+}
-+#endif /* __cplusplus */
-+
-+#endif /* __XMLSEC_NSS_CIPHERS_H__ */
-+
-+
-diff --git a/include/xmlsec/nss/keysstore.h b/include/xmlsec/nss/keysstore.h
-index eb64d3c3..369a1453 100644
---- a/include/xmlsec/nss/keysstore.h
-+++ b/include/xmlsec/nss/keysstore.h
-@@ -16,6 +16,8 @@ extern "C" {
- #endif /* __cplusplus */
-
- #include <xmlsec/xmlsec.h>
-+#include <xmlsec/keysmngr.h>
-+#include <xmlsec/nss/tokens.h>
-
- /****************************************************************************
- *
-@@ -31,6 +33,8 @@ extern "C" {
- XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId xmlSecNssKeysStoreGetKlass (void);
- XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKey (xmlSecKeyStorePtr store,
- xmlSecKeyPtr key);
-+XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKeySlot(xmlSecKeyStorePtr store,
-+ xmlSecNssKeySlotPtr keySlot);
- XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store,
- const char *uri,
- xmlSecKeysMngrPtr keysMngr);
-diff --git a/include/xmlsec/nss/tokens.h b/include/xmlsec/nss/tokens.h
-new file mode 100644
-index 00000000..444c5614
---- /dev/null
-+++ b/include/xmlsec/nss/tokens.h
-@@ -0,0 +1,182 @@
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved.
-+ *
-+ * Contributor(s): _____________________________
-+ *
-+ */
-+#ifndef __XMLSEC_NSS_TOKENS_H__
-+#define __XMLSEC_NSS_TOKENS_H__
-+
-+#include <string.h>
-+
-+#include <nss.h>
-+#include <pk11func.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/list.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif /* __cplusplus */
-+
-+/**
-+ * xmlSecNssKeySlotListId
-+ *
-+ * The crypto mechanism list klass
-+ */
-+#define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass()
-+XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ;
-+
-+/*******************************************
-+ * KeySlot interfaces
-+ *******************************************/
-+/**
-+ * Internal NSS key slot data
-+ * @mechanismList: the mechanisms that the slot bound with.
-+ * @slot: the pkcs slot
-+ *
-+ * This context is located after xmlSecPtrList
-+ */
-+typedef struct _xmlSecNssKeySlot xmlSecNssKeySlot ;
-+typedef struct _xmlSecNssKeySlot* xmlSecNssKeySlotPtr ;
-+
-+struct _xmlSecNssKeySlot {
-+ CK_MECHANISM_TYPE_PTR mechanismList ; /* mech. array, NULL ternimated */
-+ PK11SlotInfo* slot ;
-+} ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotSetMechList(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE_PTR mechanismList
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotEnableMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE mechanism
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotDisableMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE mechanism
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR
-+xmlSecNssKeySlotGetMechList(
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotSetSlot(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ PK11SlotInfo* slot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotInitialize(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ PK11SlotInfo* slot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT void
-+xmlSecNssKeySlotFinalize(
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT PK11SlotInfo*
-+xmlSecNssKeySlotGetSlot(
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
-+xmlSecNssKeySlotCreate() ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotCopy(
-+ xmlSecNssKeySlotPtr newKeySlot ,
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
-+xmlSecNssKeySlotDuplicate(
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT void
-+xmlSecNssKeySlotDestroy(
-+ xmlSecNssKeySlotPtr keySlot
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotBindMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE type
-+) ;
-+
-+XMLSEC_CRYPTO_EXPORT int
-+xmlSecNssKeySlotSupportMech(
-+ xmlSecNssKeySlotPtr keySlot ,
-+ CK_MECHANISM_TYPE type
-+) ;
-+
-+
-+/************************************************************************
-+ * PKCS#11 crypto token interfaces
-+ *
-+ * A PKCS#11 slot repository will be defined internally. From the
-+ * repository, a user can specify a particular slot for a certain crypto
-+ * mechanism.
-+ *
-+ * In some situation, some cryptographic operation should act in a user
-+ * designated devices. The interfaces defined here provide the way. If
-+ * the user do not initialize the repository distinctly, the interfaces
-+ * use the default functions provided by NSS itself.
-+ *
-+ ************************************************************************/
-+/**
-+ * Initialize NSS pkcs#11 slot repository
-+ *
-+ * Returns 0 if success or -1 if an error occurs.
-+ */
-+XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ;
-+
-+/**
-+ * Shutdown and destroy NSS pkcs#11 slot repository
-+ */
-+XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ;
-+
-+/**
-+ * Get PKCS#11 slot handler
-+ * @type the mechanism that the slot must support.
-+ *
-+ * Returns a pointer to PKCS#11 slot or NULL if an error occurs.
-+ *
-+ * Notes: The returned handler must be destroied distinctly.
-+ */
-+XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ;
-+
-+/**
-+ * Adopt a pkcs#11 slot with a mechanism into the repository
-+ * @slot: the pkcs#11 slot.
-+ * @mech: the mechanism.
-+ *
-+ * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with
-+ * this mechanism only can perform on the @slot.
-+ *
-+ * Returns 0 if success or -1 if an error occurs.
-+ */
-+XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ;
-+
-+#ifdef __cplusplus
-+}
-+#endif /* __cplusplus */
-+
-+#endif /* __XMLSEC_NSS_TOKENS_H__ */
-+
-diff --git a/src/nss/Makefile.am b/src/nss/Makefile.am
-index e666f33c..ec9e7896 100644
---- a/src/nss/Makefile.am
-+++ b/src/nss/Makefile.am
-@@ -35,6 +35,8 @@ libxmlsec1_nss_la_SOURCES =\
- kw_des.c \
- kw_aes.c \
- globals.h \
-+ akmngr.c \
-+ tokens.c \
- $(NULL)
-
- libxmlsec1_nss_la_LIBADD = \
-diff --git a/src/nss/Makefile.in b/src/nss/Makefile.in
-index 2861e3ce..7532d90e 100644
---- a/src/nss/Makefile.in
-+++ b/src/nss/Makefile.in
-@@ -140,6 +140,8 @@ am_libxmlsec1_nss_la_OBJECTS = libxmlsec1_nss_la-app.lo \
- libxmlsec1_nss_la-x509.lo libxmlsec1_nss_la-x509vfy.lo \
- libxmlsec1_nss_la-keysstore.lo libxmlsec1_nss_la-keytrans.lo \
- libxmlsec1_nss_la-kw_des.lo libxmlsec1_nss_la-kw_aes.lo \
-+ libxmlsec1_nss_la-akmngr.lo \
-+ libxmlsec1_nss_la-tokens.lo \
- $(am__objects_1)
- libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS)
- AM_V_lt = $(am__v_lt_ at AM_V@)
-@@ -474,6 +476,8 @@ libxmlsec1_nss_la_SOURCES = \
- kw_des.c \
- kw_aes.c \
- globals.h \
-+ akmngr.c \
-+ tokens.c \
- $(NULL)
-
- libxmlsec1_nss_la_LIBADD = \
-@@ -584,6 +588,8 @@ distclean-compile:
- @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libxmlsec1_nss_la-symkeys.Plo at am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libxmlsec1_nss_la-x509.Plo at am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libxmlsec1_nss_la-x509vfy.Plo at am__quote@
-+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo at am__quote@
-+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/libxmlsec1_nss_la-tokens.Plo at am__quote@
-
- .c.o:
- @am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
-@@ -616,6 +622,20 @@ libxmlsec1_nss_la-app.lo: app.c
- @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
- @am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
-
-+libxmlsec1_nss_la-akmngr.lo: akmngr.c
-+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-akmngr.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c
-+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo $(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo
-+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='akmngr.c' object='libxmlsec1_nss_la-akmngr.lo' libtool=yes @AMDEPBACKSLASH@
-+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c
-+
-+libxmlsec1_nss_la-tokens.lo: tokens.c
-+ at am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-tokens.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c
-+ at am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo $(DEPDIR)/libxmlsec1_nss_la-tokens.Plo
-+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tokens.c' object='libxmlsec1_nss_la-tokens.lo' libtool=yes @AMDEPBACKSLASH@
-+ at AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-+ at am__fastdepCC_FALSE@ $(AM_V_CC at am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c
-+
- libxmlsec1_nss_la-bignum.lo: bignum.c
- @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-bignum.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo -c -o libxmlsec1_nss_la-bignum.lo `test -f 'bignum.c' || echo '$(srcdir)/'`bignum.c
- @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo $(DEPDIR)/libxmlsec1_nss_la-bignum.Plo
-diff --git a/src/nss/akmngr.c b/src/nss/akmngr.c
-new file mode 100644
-index 00000000..65b94ac5
---- /dev/null
-+++ b/src/nss/akmngr.c
-@@ -0,0 +1,384 @@
-+/**
-+ * XMLSec library
-+ *
-+ * This is free software; see Copyright file in the source
-+ * distribution for preciese wording.
-+ *
-+ * Copyright.........................
-+ */
-+#include "globals.h"
-+
-+#include <nspr.h>
-+#include <nss.h>
-+#include <pk11func.h>
-+#include <cert.h>
-+#include <keyhi.h>
-+
-+#include <xmlsec/xmlsec.h>
-+#include <xmlsec/keys.h>
-+#include <xmlsec/transforms.h>
-+#include <xmlsec/errors.h>
-+
-+#include <xmlsec/nss/crypto.h>
-+#include <xmlsec/nss/tokens.h>
-+#include <xmlsec/nss/akmngr.h>
-+#include <xmlsec/nss/pkikeys.h>
-+#include <xmlsec/nss/ciphers.h>
-+#include <xmlsec/nss/keysstore.h>
-+
-+/**
-+ * xmlSecNssAppliedKeysMngrCreate:
-+ * @slot: array of pointers to NSS PKCS#11 slot information.
-+ * @cSlots: number of slots in the array
-+ * @handler: the pointer to NSS certificate database.
-+ *
-+ * Create and load NSS crypto slot and certificate database into keys manager
-+ *
-+ * Returns keys manager pointer on success or NULL otherwise.
-+ */
-+xmlSecKeysMngrPtr
-+xmlSecNssAppliedKeysMngrCreate(
-+ PK11SlotInfo** slots,
-+ int cSlots,
-+ CERTCertDBHandle* handler
-+) {
-+ xmlSecKeyDataStorePtr certStore = NULL ;
-+ xmlSecKeysMngrPtr keyMngr = NULL ;
-+ xmlSecKeyStorePtr keyStore = NULL ;
-+ int islot = 0;
-+ keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ;
-+ if( keyStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeyStoreCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return NULL ;
-+ }
-+
-+ for (islot = 0; islot < cSlots; islot++)
-+ {
-+ xmlSecNssKeySlotPtr keySlot ;
-+
-+ /* Create a key slot */
-+ keySlot = xmlSecNssKeySlotCreate() ;
-+ if( keySlot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecNssKeySlotCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ return NULL ;
-+ }
-+
-+ /* Set slot */
-+ if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecNssKeySlotSetSlot" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ xmlSecNssKeySlotDestroy( keySlot ) ;
-+ return NULL ;
-+ }
-+
-+ /* Adopt keySlot */
-+ if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecNssKeysStoreAdoptKeySlot" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ xmlSecNssKeySlotDestroy( keySlot ) ;
-+ return NULL ;
-+ }
-+ }
-+
-+ keyMngr = xmlSecKeysMngrCreate() ;
-+ if( keyMngr == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * Add key store to manager, from now on keys manager destroys the store if
-+ * needed
-+ */
-+ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecKeysMngrAdoptKeyStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyStoreDestroy( keyStore ) ;
-+ xmlSecKeysMngrDestroy( keyMngr ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * Initialize crypto library specific data in keys manager
-+ */
-+ if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeysMngrDestroy( keyMngr ) ;
-+ return NULL ;
-+ }
-+
-+ /*-
-+ * Set certificate databse to X509 key data store
-+ */
-+ /**
-+ * Because Tej's implementation of certDB use the default DB, so I ignore
-+ * the certDB handler at present. I'll modify the cert store sources to
-+ * accept particular certDB instead of default ones.
-+ certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ;
-+ if( certStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecKeysMngrGetDataStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeysMngrDestroy( keyMngr ) ;
-+ return NULL ;
-+ }
-+
-+ if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
-+ "xmlSecNssKeyDataStoreX509SetCertDb" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeysMngrDestroy( keyMngr ) ;
-+ return NULL ;
-+ }
-+ */
-+
-+ /*-
-+ * Set the getKey callback
-+ */
-+ keyMngr->getKey = xmlSecKeysMngrGetKey ;
-+
-+ return keyMngr ;
-+}
-+
-+int
-+xmlSecNssAppliedKeysMngrSymKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ PK11SymKey* symKey
-+) {
-+ xmlSecKeyPtr key ;
-+ xmlSecKeyDataPtr data ;
-+ xmlSecKeyStorePtr keyStore ;
-+
-+ xmlSecAssert2( mngr != NULL , -1 ) ;
-+ xmlSecAssert2( symKey != NULL , -1 ) ;
-+
-+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
-+ if( keyStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrGetKeysStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
-+
-+ data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ;
-+ if( data == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+
-+ key = xmlSecKeyCreate() ;
-+ if( key == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecKeySetValue( key , data ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDestroy( key ) ;
-+ return(-1) ;
-+ }
-+
-+ return(0) ;
-+}
-+
-+int
-+xmlSecNssAppliedKeysMngrPubKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ SECKEYPublicKey* pubKey
-+) {
-+ xmlSecKeyPtr key ;
-+ xmlSecKeyDataPtr data ;
-+ xmlSecKeyStorePtr keyStore ;
-+
-+ xmlSecAssert2( mngr != NULL , -1 ) ;
-+ xmlSecAssert2( pubKey != NULL , -1 ) ;
-+
-+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
-+ if( keyStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrGetKeysStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
-+
-+ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
-+ if( data == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssPKIAdoptKey" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+
-+ key = xmlSecKeyCreate() ;
-+ if( key == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecKeySetValue( key , data ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDestroy( key ) ;
-+ return(-1) ;
-+ }
-+
-+ return(0) ;
-+}
-+
-+int
-+xmlSecNssAppliedKeysMngrPriKeyLoad(
-+ xmlSecKeysMngrPtr mngr ,
-+ SECKEYPrivateKey* priKey
-+) {
-+ xmlSecKeyPtr key ;
-+ xmlSecKeyDataPtr data ;
-+ xmlSecKeyStorePtr keyStore ;
-+
-+ xmlSecAssert2( mngr != NULL , -1 ) ;
-+ xmlSecAssert2( priKey != NULL , -1 ) ;
-+
-+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
-+ if( keyStore == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeysMngrGetKeysStore" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
-+
-+ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
-+ if( data == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssPKIAdoptKey" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+
-+ key = xmlSecKeyCreate() ;
-+ if( key == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecKeySetValue( key , data ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataKeyAdopt" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDestroy( key ) ;
-+ return(-1) ;
-+ }
-+
-+ return(0) ;
-+}
-+
-diff --git a/src/nss/hmac.c b/src/nss/hmac.c
-index 558d4b93..2ef668c1 100644
---- a/src/nss/hmac.c
-+++ b/src/nss/hmac.c
-@@ -23,8 +23,8 @@
- #include <xmlsec/transforms.h>
- #include <xmlsec/errors.h>
-
--#include <xmlsec/nss/app.h>
- #include <xmlsec/nss/crypto.h>
-+#include <xmlsec/nss/tokens.h>
-
- /* sizes in bits */
- #define XMLSEC_NSS_MIN_HMAC_SIZE 80
-@@ -355,9 +355,9 @@ xmlSecNssHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
- keyItem.data = xmlSecBufferGetData(buffer);
- keyItem.len = xmlSecBufferGetSize(buffer);
-
-- slot = PK11_GetBestSlot(ctx->digestType, NULL);
-+ slot = xmlSecNssSlotGet(ctx->digestType);
- if(slot == NULL) {
-- xmlSecNssError("PK11_GetBestSlot", xmlSecTransformGetName(transform));
-+ xmlSecNssError("xmlSecNssSlotGet", xmlSecTransformGetName(transform));
- return(-1);
- }
-
-diff --git a/src/nss/keysstore.c b/src/nss/keysstore.c
-index 0976e4a9..03baa887 100644
---- a/src/nss/keysstore.c
-+++ b/src/nss/keysstore.c
-@@ -1,36 +1,56 @@
- /*
- * XML Security Library (http://www.aleksey.com/xmlsec).
- *
-- * Nss keys store that uses Simple Keys Store under the hood. Uses the
-- * Nss DB as a backing store for the finding keys, but the NSS DB is
-- * not written to by the keys store.
-- * So, if store->findkey is done and the key is not found in the simple
-- * keys store, the NSS DB is looked up.
-- * If store is called to adopt a key, that key is not written to the NSS
-- * DB.
-- * Thus, the NSS DB can be used to pre-load keys and becomes an alternate
-- * source of keys for xmlsec
-- *
- * This is free software; see Copyright file in the source
- * distribution for precise wording.
- *
- * Copyright (c) 2003 America Online, Inc. All rights reserved.
- */
-+
-+/**
-+ * NSS key store uses a key list and a slot list as the key repository. NSS slot
-+ * list is a backup repository for the finding keys. If a key is not found from
-+ * the key list, the NSS slot list is looked up.
-+ *
-+ * Any key in the key list will not save to pkcs11 slot. When a store to called
-+ * to adopt a key, the key is resident in the key list; While a store to called
-+ * to set a is resident in the key list; While a store to called to set a slot
-+ * list, which means that the keys in the listed slot can be used for xml sign-
-+ * nature or encryption.
-+ *
-+ * Then, a user can adjust slot list to effect the crypto behaviors of xmlSec.
-+ *
-+ * The framework will decrease the user interfaces to administrate xmlSec crypto
-+ * engine. He can only focus on NSS layer functions. For examples, after the
-+ * user set up a slot list handler to the keys store, he do not need to do any
-+ * other work atop xmlSec interfaces, his action on the slot list handler, such
-+ * as add a token to, delete a token from the list, will directly effect the key
-+ * store behaviors.
-+ *
-+ * For example, a scenariio:
-+ * 0. Create a slot list;( NSS interfaces )
-+ * 1. Create a keys store;( xmlSec interfaces )
-+ * 2. Set slot list with the keys store;( xmlSec Interfaces )
-+ * 3. Add a slot to the slot list;( NSS interfaces )
-+ * 4. Perform xml signature; ( xmlSec Interfaces )
-+ * 5. Deleter a slot from the slot list;( NSS interfaces )
-+ * 6. Perform xml encryption; ( xmlSec Interfaces )
-+ * 7. Perform xml signature;( xmlSec Interfaces )
-+ * 8. Destroy the keys store;( xmlSec Interfaces )
-+ * 8. Destroy the slot list.( NSS Interfaces )
-+ */
- #include "globals.h"
-
- #include <stdlib.h>
- #include <string.h>
-
- #include <nss.h>
--#include <cert.h>
- #include <pk11func.h>
-+#include <prinit.h>
- #include <keyhi.h>
-
--#include <libxml/tree.h>
--
- #include <xmlsec/xmlsec.h>
--#include <xmlsec/buffer.h>
--#include <xmlsec/base64.h>
-+#include <xmlsec/keys.h>
- #include <xmlsec/errors.h>
- #include <xmlsec/xmltree.h>
-
-@@ -38,82 +58,461 @@
-
- #include <xmlsec/nss/crypto.h>
- #include <xmlsec/nss/keysstore.h>
--#include <xmlsec/nss/x509.h>
-+#include <xmlsec/nss/tokens.h>
-+#include <xmlsec/nss/ciphers.h>
- #include <xmlsec/nss/pkikeys.h>
-
- /****************************************************************************
- *
-- * Nss Keys Store. Uses Simple Keys Store under the hood
-+ * Internal NSS key store context
- *
-- * Simple Keys Store ptr is located after xmlSecKeyStore
-+ * This context is located after xmlSecKeyStore
- *
- ***************************************************************************/
--#define xmlSecNssKeysStoreSize \
-- (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr))
-+typedef struct _xmlSecNssKeysStoreCtx xmlSecNssKeysStoreCtx ;
-+typedef struct _xmlSecNssKeysStoreCtx* xmlSecNssKeysStoreCtxPtr ;
-
--#define xmlSecNssKeysStoreGetSS(store) \
-- ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \
-- (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \
-- (xmlSecKeyStorePtr*)NULL)
-+struct _xmlSecNssKeysStoreCtx {
-+ xmlSecPtrListPtr keyList ;
-+ xmlSecPtrListPtr slotList ;
-+} ;
-
--static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store);
--static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store);
--static xmlSecKeyPtr xmlSecNssKeysStoreFindKey (xmlSecKeyStorePtr store,
-- const xmlChar* name,
-- xmlSecKeyInfoCtxPtr keyInfoCtx);
--
--static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
-- sizeof(xmlSecKeyStoreKlass),
-- xmlSecNssKeysStoreSize,
--
-- /* data */
-- BAD_CAST "NSS-keys-store", /* const xmlChar* name; */
-+#define xmlSecNssKeysStoreSize \
-+ ( sizeof( xmlSecKeyStore ) + sizeof( xmlSecNssKeysStoreCtx ) )
-+
-+#define xmlSecNssKeysStoreGetCtx( data ) \
-+ ( ( xmlSecNssKeysStoreCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyStore ) ) )
-+
-+int xmlSecNssKeysStoreAdoptKeySlot(
-+ xmlSecKeyStorePtr store ,
-+ xmlSecNssKeySlotPtr keySlot
-+) {
-+ xmlSecNssKeysStoreCtxPtr context = NULL ;
-+
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
-+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
-+ context = xmlSecNssKeysStoreGetCtx( store ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecNssKeysStoreGetCtx" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ if( context->slotList == NULL ) {
-+ if( ( context->slotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecPtrListCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+ }
-+
-+ if( !xmlSecPtrListCheckId( context->slotList , xmlSecNssKeySlotListId ) ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecPtrListCheckId" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ if( xmlSecPtrListAdd( context->slotList , keySlot ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecPtrListAdd" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+ return 0 ;
-+}
-
-- /* constructors/destructor */
-- xmlSecNssKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */
-- xmlSecNssKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */
-- xmlSecNssKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */
-+int xmlSecNssKeysStoreAdoptKey(
-+ xmlSecKeyStorePtr store ,
-+ xmlSecKeyPtr key
-+) {
-+ xmlSecNssKeysStoreCtxPtr context = NULL ;
-+
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
-+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
-+
-+ context = xmlSecNssKeysStoreGetCtx( store ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecNssKeysStoreGetCtx" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ if( context->keyList == NULL ) {
-+ if( ( context->keyList = xmlSecPtrListCreate( xmlSecKeyPtrListId ) ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecPtrListCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+ }
-+
-+ if( !xmlSecPtrListCheckId( context->keyList , xmlSecKeyPtrListId ) ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecPtrListCheckId" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ if( xmlSecPtrListAdd( context->keyList , key ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecPtrListAdd" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ return 0 ;
-+}
-
-- /* reserved for the future */
-- NULL, /* void* reserved0; */
-- NULL, /* void* reserved1; */
--};
-+/*
-+ * xmlSecKeyStoreInitializeMethod:
-+ * @store: the store.
-+ *
-+ * Keys store specific initialization method.
-+ *
-+ * Returns 0 on success or a negative value if an error occurs.
-+ */
-+static int
-+xmlSecNssKeysStoreInitialize(
-+ xmlSecKeyStorePtr store
-+) {
-+ xmlSecNssKeysStoreCtxPtr context = NULL ;
-+
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
-+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
-+
-+ context = xmlSecNssKeysStoreGetCtx( store ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecNssKeysStoreGetCtx" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return -1 ;
-+ }
-+
-+ context->keyList = NULL ;
-+ context->slotList = NULL ;
-+
-+ return 0 ;
-+}
-
- /**
-- * xmlSecNssKeysStoreGetKlass:
- *
-- * The Nss list based keys store klass.
-+ * xmlSecKeyStoreFinalizeMethod:
-+ * @store: the store.
- *
-- * Returns: Nss list based keys store klass.
-+ * Keys store specific finalization (destroy) method.
- */
--xmlSecKeyStoreId
--xmlSecNssKeysStoreGetKlass(void) {
-- return(&xmlSecNssKeysStoreKlass);
-+void
-+xmlSecNssKeysStoreFinalize(
-+ xmlSecKeyStorePtr store
-+) {
-+ xmlSecNssKeysStoreCtxPtr context = NULL ;
-+
-+ xmlSecAssert( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) ) ;
-+ xmlSecAssert( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) ) ;
-+
-+ context = xmlSecNssKeysStoreGetCtx( store ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecNssKeysStoreGetCtx" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return ;
-+ }
-+
-+ if( context->keyList != NULL ) {
-+ xmlSecPtrListDestroy( context->keyList ) ;
-+ context->keyList = NULL ;
-+ }
-+
-+ if( context->slotList != NULL ) {
-+ xmlSecPtrListDestroy( context->slotList ) ;
-+ context->slotList = NULL ;
-+ }
- }
-
--/**
-- * xmlSecNssKeysStoreAdoptKey:
-- * @store: the pointer to Nss keys store.
-- * @key: the pointer to key.
-+xmlSecKeyPtr
-+xmlSecNssKeysStoreFindKeyFromSlot(
-+ PK11SlotInfo* slot,
-+ const xmlChar* name,
-+ xmlSecKeyInfoCtxPtr keyInfoCtx
-+) {
-+ xmlSecKeyPtr key = NULL ;
-+ xmlSecKeyDataPtr data = NULL ;
-+ int length ;
-+
-+ xmlSecAssert2( slot != NULL , NULL ) ;
-+ xmlSecAssert2( name != NULL , NULL ) ;
-+ xmlSecAssert2( keyInfoCtx != NULL , NULL ) ;
-+
-+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSymmetric ) == xmlSecKeyDataTypeSymmetric ) {
-+ PK11SymKey* symKey ;
-+ PK11SymKey* curKey ;
-+
-+ /* Find symmetric key from the slot by name */
-+ symKey = PK11_ListFixedKeysInSlot( slot , ( char* )name , NULL ) ;
-+ for( curKey = symKey ; curKey != NULL ; curKey = PK11_GetNextSymKey( curKey ) ) {
-+ /* Check the key request */
-+ length = PK11_GetKeyLength( curKey ) ;
-+ length *= 8 ;
-+ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
-+ ( length > 0 ) &&
-+ ( length < keyInfoCtx->keyReq.keyBitsSize ) )
-+ continue ;
-+
-+ /* We find a eligible key */
-+ data = xmlSecNssSymKeyDataKeyAdopt( curKey ) ;
-+ if( data == NULL ) {
-+ /* Do nothing */
-+ }
-+ break ;
-+ }
-+
-+ /* Destroy the sym key list */
-+ for( curKey = symKey ; curKey != NULL ; ) {
-+ symKey = curKey ;
-+ curKey = PK11_GetNextSymKey( symKey ) ;
-+ PK11_FreeSymKey( symKey ) ;
-+ }
-+ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
-+ SECKEYPublicKeyList* pubKeyList ;
-+ SECKEYPublicKey* pubKey ;
-+ SECKEYPublicKeyListNode* curPub ;
-+
-+ /* Find asymmetric key from the slot by name */
-+ pubKeyList = PK11_ListPublicKeysInSlot( slot , ( char* )name ) ;
-+ pubKey = NULL ;
-+ curPub = PUBKEY_LIST_HEAD(pubKeyList);
-+ for( ; !PUBKEY_LIST_END(curPub, pubKeyList) ; curPub = PUBKEY_LIST_NEXT( curPub ) ) {
-+ /* Check the key request */
-+ length = SECKEY_PublicKeyStrength( curPub->key ) ;
-+ length *= 8 ;
-+ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
-+ ( length > 0 ) &&
-+ ( length < keyInfoCtx->keyReq.keyBitsSize ) )
-+ continue ;
-+
-+ /* We find a eligible key */
-+ pubKey = curPub->key ;
-+ break ;
-+ }
-+
-+ if( pubKey != NULL ) {
-+ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
-+ if( data == NULL ) {
-+ /* Do nothing */
-+ }
-+ }
-+
-+ /* Destroy the public key list */
-+ SECKEY_DestroyPublicKeyList( pubKeyList ) ;
-+ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
-+ SECKEYPrivateKeyList* priKeyList = NULL ;
-+ SECKEYPrivateKey* priKey = NULL ;
-+ SECKEYPrivateKeyListNode* curPri ;
-+
-+ /* Find asymmetric key from the slot by name */
-+ priKeyList = PK11_ListPrivKeysInSlot( slot , ( char* )name , NULL ) ;
-+ priKey = NULL ;
-+ curPri = PRIVKEY_LIST_HEAD(priKeyList);
-+ for( ; !PRIVKEY_LIST_END(curPri, priKeyList) ; curPri = PRIVKEY_LIST_NEXT( curPri ) ) {
-+ /* Check the key request */
-+ length = PK11_SignatureLen( curPri->key ) ;
-+ length *= 8 ;
-+ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
-+ ( length > 0 ) &&
-+ ( length < keyInfoCtx->keyReq.keyBitsSize ) )
-+ continue ;
-+
-+ /* We find a eligible key */
-+ priKey = curPri->key ;
-+ break ;
-+ }
-+
-+ if( priKey != NULL ) {
-+ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
-+ if( data == NULL ) {
-+ /* Do nothing */
-+ }
-+ }
-+
-+ /* Destroy the private key list */
-+ SECKEY_DestroyPrivateKeyList( priKeyList ) ;
-+ }
-+
-+ /* If we have gotten the key value */
-+ if( data != NULL ) {
-+ if( ( key = xmlSecKeyCreate() ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeyCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyDataDestroy( data ) ;
-+ return NULL ;
-+ }
-+
-+ if( xmlSecKeySetValue( key , data ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeySetValue" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyDestroy( key ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return NULL ;
-+ }
-+ }
-+
-+ return(key);
-+}
-+
-+/**
-+ * xmlSecKeyStoreFindKeyMethod:
-+ * @store: the store.
-+ * @name: the desired key name.
-+ * @keyInfoCtx: the pointer to key info context.
- *
-- * Adds @key to the @store.
-+ * Keys store specific find method. The caller is responsible for destroying
-+ * the returned key using #xmlSecKeyDestroy method.
- *
-- * Returns: 0 on success or a negative value if an error occurs.
-+ * Returns the pointer to a key or NULL if key is not found or an error occurs.
- */
--int
--xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) {
-- xmlSecKeyStorePtr *ss;
-+static xmlSecKeyPtr
-+xmlSecNssKeysStoreFindKey(
-+ xmlSecKeyStorePtr store ,
-+ const xmlChar* name ,
-+ xmlSecKeyInfoCtxPtr keyInfoCtx
-+) {
-+ xmlSecNssKeysStoreCtxPtr context = NULL ;
-+ xmlSecKeyPtr key = NULL ;
-+ xmlSecNssKeySlotPtr keySlot = NULL ;
-+ xmlSecSize pos ;
-+ xmlSecSize size ;
-+
-+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , NULL ) ;
-+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , NULL ) ;
-+ xmlSecAssert2( keyInfoCtx != NULL , NULL ) ;
-+
-+ context = xmlSecNssKeysStoreGetCtx( store ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecNssKeysStoreGetCtx" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return NULL ;
-+ }
-
-- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
-- xmlSecAssert2((key != NULL), -1);
-+ /*-
-+ * Look for key at keyList at first.
-+ */
-+ if( context->keyList != NULL ) {
-+ size = xmlSecPtrListGetSize( context->keyList ) ;
-+ for( pos = 0 ; pos < size ; pos ++ ) {
-+ key = ( xmlSecKeyPtr )xmlSecPtrListGetItem( context->keyList , pos ) ;
-+ if( key != NULL && xmlSecKeyMatch( key , name , &( keyInfoCtx->keyReq ) ) ) {
-+ return xmlSecKeyDuplicate( key ) ;
-+ }
-+ }
-+ }
-+
-+ /*-
-+ * Find the key from slotList
-+ */
-+ if( context->slotList != NULL ) {
-+ PK11SlotInfo* slot = NULL ;
-+
-+ size = xmlSecPtrListGetSize( context->slotList ) ;
-+ for( pos = 0 ; pos < size ; pos ++ ) {
-+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( context->slotList , pos ) ;
-+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
-+ if( slot == NULL ) {
-+ continue ;
-+ } else {
-+ key = xmlSecNssKeysStoreFindKeyFromSlot( slot, name, keyInfoCtx ) ;
-+ if( key == NULL ) {
-+ continue ;
-+ } else {
-+ return( key ) ;
-+ }
-+ }
-+ }
-+ }
-+
-+ /*-
-+ * Create a session key if we can not find the key from keyList and slotList
-+ */
-+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSession ) == xmlSecKeyDataTypeSession ) {
-+ key = xmlSecKeyGenerate( keyInfoCtx->keyReq.keyId , keyInfoCtx->keyReq.keyBitsSize , xmlSecKeyDataTypeSession ) ;
-+ if( key == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
-+ "xmlSecKeySetValue" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return NULL ;
-+ }
-+
-+ return key ;
-+ }
-+
-+ /**
-+ * We have no way to find the key any more.
-+ */
-+ return NULL ;
-+}
-
-- ss = xmlSecNssKeysStoreGetSS(store);
-- xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
-- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
-+static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
-+ sizeof( xmlSecKeyStoreKlass ) ,
-+ xmlSecNssKeysStoreSize ,
-+ BAD_CAST "implicit_nss_keys_store" ,
-+ xmlSecNssKeysStoreInitialize ,
-+ xmlSecNssKeysStoreFinalize ,
-+ xmlSecNssKeysStoreFindKey ,
-+ NULL ,
-+ NULL
-+} ;
-
-- return (xmlSecSimpleKeysStoreAdoptKey(*ss, key));
-+/**
-+ * xmlSecNssKeysStoreGetKlass:
-+ *
-+ * The simple list based keys store klass.
-+ *
-+ */
-+xmlSecKeyStoreId
-+xmlSecNssKeysStoreGetKlass( void ) {
-+ return &xmlSecNssKeysStoreKlass ;
- }
-
-+/**************************
-+ * Application routines
-+ */
-+
- /**
- * xmlSecNssKeysStoreLoad:
- * @store: the pointer to Nss keys store.
-@@ -227,191 +626,126 @@ xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
- */
- int
- xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) {
-- xmlSecKeyStorePtr *ss;
-+ xmlSecKeyInfoCtx keyInfoCtx;
-+ xmlSecNssKeysStoreCtxPtr context ;
-+ xmlSecPtrListPtr list;
-+ xmlSecKeyPtr key;
-+ xmlSecSize i, keysSize;
-+ xmlDocPtr doc;
-+ xmlNodePtr cur;
-+ xmlSecKeyDataPtr data;
-+ xmlSecPtrListPtr idsList;
-+ xmlSecKeyDataId dataId;
-+ xmlSecSize idsSize, j;
-+ int ret;
-
- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
-- xmlSecAssert2((filename != NULL), -1);
-+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ), -1 ) ;
-+ xmlSecAssert2(filename != NULL, -1);
-
-- ss = xmlSecNssKeysStoreGetSS(store);
-- xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
-- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
-+ context = xmlSecNssKeysStoreGetCtx( store ) ;
-+ xmlSecAssert2( context != NULL, -1 );
-
-- return (xmlSecSimpleKeysStoreSave(*ss, filename, type));
--}
--
--static int
--xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) {
-- xmlSecKeyStorePtr *ss;
--
-- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
--
-- ss = xmlSecNssKeysStoreGetSS(store);
-- xmlSecAssert2(((ss == NULL) || (*ss == NULL)), -1);
-+ list = context->keyList ;
-+ xmlSecAssert2( list != NULL, -1 );
-+ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1);
-
-- *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
-- if(*ss == NULL) {
-+ /* create doc */
-+ doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs);
-+ if(doc == NULL) {
- xmlSecInternalError("xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId)",
- xmlSecKeyStoreGetName(store));
- return(-1);
- }
-
-- return(0);
--}
--
--static void
--xmlSecNssKeysStoreFinalize(xmlSecKeyStorePtr store) {
-- xmlSecKeyStorePtr *ss;
--
-- xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId));
--
-- ss = xmlSecNssKeysStoreGetSS(store);
-- xmlSecAssert((ss != NULL) && (*ss != NULL));
--
-- xmlSecKeyStoreDestroy(*ss);
--}
--
--static xmlSecKeyPtr
--xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
-- xmlSecKeyInfoCtxPtr keyInfoCtx) {
-- xmlSecKeyStorePtr* ss;
-- xmlSecKeyPtr key = NULL;
-- xmlSecKeyPtr retval = NULL;
-- xmlSecKeyReqPtr keyReq = NULL;
-- CERTCertificate *cert = NULL;
-- SECKEYPublicKey *pubkey = NULL;
-- SECKEYPrivateKey *privkey = NULL;
-- xmlSecKeyDataPtr data = NULL;
-- xmlSecKeyDataPtr x509Data = NULL;
-- int ret;
--
-- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL);
-- xmlSecAssert2(keyInfoCtx != NULL, NULL);
--
-- ss = xmlSecNssKeysStoreGetSS(store);
-- xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL);
--
-- key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx);
-- if (key != NULL) {
-- return (key);
-- }
--
-- /* Try to find the key in the NSS DB, and construct an xmlSecKey.
-- * we must have a name to lookup keys in NSS DB.
-- */
-- if (name == NULL) {
-- goto done;
-- }
-+ idsList = xmlSecKeyDataIdsGet();
-+ xmlSecAssert2(idsList != NULL, -1);
-
-- /* what type of key are we looking for?
-- * TBD: For now, we'll look only for public/private keys using the
-- * name as a cert nickname. Later on, we can attempt to find
-- * symmetric keys using PK11_FindFixedKey
-- */
-- keyReq = &(keyInfoCtx->keyReq);
-- if (keyReq->keyType &
-- (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) {
-- cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name);
-- if (cert == NULL) {
-- goto done;
-- }
-+ keysSize = xmlSecPtrListGetSize(list);
-+ idsSize = xmlSecPtrListGetSize(idsList);
-+ for(i = 0; i < keysSize; ++i) {
-+ key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i);
-+ xmlSecAssert2(key != NULL, -1);
-
-- if (keyReq->keyType & xmlSecKeyDataTypePublic) {
-- pubkey = CERT_ExtractPublicKey(cert);
-- if (pubkey == NULL) {
-- xmlSecNssError("CERT_ExtractPublicKey", NULL);
-- goto done;
-- }
-+ cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs);
-+ if(cur == NULL) {
-+ xmlSecInternalError("xmlSecAddChild",
-+ xmlSecKeyStoreGetName(store));
-+ xmlFreeDoc(doc);
-+ return(-1);
- }
-
-- if (keyReq->keyType & xmlSecKeyDataTypePrivate) {
-- privkey = PK11_FindKeyByAnyCert(cert, NULL);
-- if (privkey == NULL) {
-- xmlSecNssError("PK11_FindKeyByAnyCert", NULL);
-- goto done;
-+ /* special data key name */
-+ if(xmlSecKeyGetName(key) != NULL) {
-+ if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) {
-+ xmlSecInternalError("xmlSecAddChild",
-+ xmlSecKeyStoreGetName(store));
-+ xmlFreeDoc(doc);
-+ return(-1);
- }
- }
-
-- data = xmlSecNssPKIAdoptKey(privkey, pubkey);
-- if(data == NULL) {
-- xmlSecInternalError("xmlSecNssPKIAdoptKey", NULL);
-- goto done;
-- }
-- privkey = NULL;
-- pubkey = NULL;
-+ /* create nodes for other keys data */
-+ for(j = 0; j < idsSize; ++j) {
-+ dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j);
-+ xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1);
-
-- key = xmlSecKeyCreate();
-- if (key == NULL) {
-- xmlSecInternalError("xmlSecKeyCreate", NULL);
-- return (NULL);
-- }
-+ if(dataId->dataNodeName == NULL) {
-+ continue;
-+ }
-
-- x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id);
-- if(x509Data == NULL) {
-- xmlSecInternalError("xmlSecKeyDataCreate",
-- xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id));
-- goto done;
-- }
-+ data = xmlSecKeyGetData(key, dataId);
-+ if(data == NULL) {
-+ continue;
-+ }
-
-- ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert);
-- if (ret < 0) {
-- xmlSecInternalError("xmlSecNssKeyDataX509AdoptKeyCert",
-- xmlSecKeyDataGetName(x509Data));
-- goto done;
-- }
-- cert = CERT_DupCertificate(cert);
-- if (cert == NULL) {
-- xmlSecNssError("CERT_DupCertificate",
-- xmlSecKeyDataGetName(x509Data));
-- goto done;
-+ if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) {
-+ xmlSecInternalError("xmlSecAddChild",
-+ xmlSecKeyStoreGetName(store));
-+ xmlFreeDoc(doc);
-+ return(-1);
-+ }
- }
-
-- ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert);
-+ ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
- if (ret < 0) {
-- xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert",
-- xmlSecKeyDataGetName(x509Data));
-- goto done;
-+ xmlSecInternalError("xmlSecKeyInfoCtxInitialize",
-+ xmlSecKeyStoreGetName(store));
-+ xmlFreeDoc(doc);
-+ return(-1);
- }
-- cert = NULL;
-
-- ret = xmlSecKeySetValue(key, data);
-- if (ret < 0) {
-- xmlSecInternalError("xmlSecKeySetValue",
-- xmlSecKeyDataGetName(data));
-- goto done;
-- }
-- data = NULL;
-+ keyInfoCtx.mode = xmlSecKeyInfoModeWrite;
-+ keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
-+ keyInfoCtx.keyReq.keyType = type;
-+ keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny;
-
-- ret = xmlSecKeyAdoptData(key, x509Data);
-+ /* finally write key in the node */
-+ ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx);
- if (ret < 0) {
-- xmlSecInternalError("xmlSecKeyAdoptData",
-- xmlSecKeyDataGetName(x509Data));
-- goto done;
-+ xmlSecInternalError("xmlSecKeyInfoNodeWrite",
-+ xmlSecKeyStoreGetName(store));
-+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
-+ xmlFreeDoc(doc);
-+ return(-1);
- }
-- x509Data = NULL;
-
-- retval = key;
-- key = NULL;
-+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
- }
-
--done:
-- if (cert != NULL) {
-- CERT_DestroyCertificate(cert);
-- }
-- if (pubkey != NULL) {
-- SECKEY_DestroyPublicKey(pubkey);
-- }
-- if (privkey != NULL) {
-- SECKEY_DestroyPrivateKey(privkey);
-- }
-- if (data != NULL) {
-- xmlSecKeyDataDestroy(data);
-- }
-- if (x509Data != NULL) {
-- xmlSecKeyDataDestroy(x509Data);
-- }
-- if (key != NULL) {
-- xmlSecKeyDestroy(key);
-+ /* now write result */
-+ ret = xmlSaveFormatFile(filename, doc, 1);
-+ if (ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
-+ "xmlSaveFormatFile",
-+ XMLSEC_ERRORS_R_XML_FAILED,
-+ "filename=%s",
-+ xmlSecErrorsSafeString(filename));
-+ xmlFreeDoc(doc);
-+ return(-1);
- }
-
-- return (retval);
-+ xmlFreeDoc(doc);
-+ return(0);
- }
-diff --git a/src/nss/pkikeys.c b/src/nss/pkikeys.c
-index 25828aec..0a15dae5 100644
---- a/src/nss/pkikeys.c
-+++ b/src/nss/pkikeys.c
-@@ -24,6 +24,7 @@
- #include <xmlsec/nss/crypto.h>
- #include <xmlsec/nss/bignum.h>
- #include <xmlsec/nss/pkikeys.h>
-+#include <xmlsec/nss/tokens.h>
-
- /**************************************************************************
- *
-@@ -115,6 +116,8 @@ xmlSecNSSPKIKeyDataCtxDup(xmlSecNssPKIKeyDataCtxPtr ctxDst,
- xmlSecNssPKIKeyDataCtxPtr ctxSrc)
- {
- xmlSecNSSPKIKeyDataCtxFree(ctxDst);
-+ ctxDst->privkey = NULL ;
-+ ctxDst->pubkey = NULL ;
- if (ctxSrc->privkey != NULL) {
- ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey);
- if(ctxDst->privkey == NULL) {
-@@ -563,9 +566,10 @@ xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- goto done;
- }
-
-- slot = PK11_GetBestSlot(CKM_DSA, NULL);
-+ slot = xmlSecNssSlotGet(CKM_DSA);
- if(slot == NULL) {
-- xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataKlassGetName(id));
-+ xmlSecNssError("xmlSecNssSlotGet",
-+ xmlSecKeyDataKlassGetName(id));
- ret = -1;
- goto done;
- }
-@@ -713,14 +717,14 @@ done:
- if (slot != NULL) {
- PK11_FreeSlot(slot);
- }
-- if (ret != 0) {
-+
- if (pubkey != NULL) {
- SECKEY_DestroyPublicKey(pubkey);
- }
- if (data != NULL) {
- xmlSecKeyDataDestroy(data);
- }
-- }
-+
- return(ret);
- }
-
-@@ -739,7 +743,7 @@ xmlSecNssKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
-
- ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
-+ /*xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
-
- if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
- /* we can have only private key or public key */
-@@ -826,36 +830,32 @@ xmlSecNssKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe
- j = PQG_PBITS_TO_INDEX(sizeBits);
- rv = PK11_PQG_ParamGen(j, &pqgParams, &pqgVerify);
- if (rv != SECSuccess) {
-- xmlSecNssError2("PK11_PQG_ParamGen", xmlSecKeyDataGetName(data),
-+ xmlSecNssError2("PK11_PQG_ParamGen",
-+ xmlSecKeyDataGetName(data),
- "size=%lu", (unsigned long)sizeBits);
-+ ret = -1;
- goto done;
- }
-
- rv = PK11_PQG_VerifyParams(pqgParams, pqgVerify, &res);
- if (rv != SECSuccess || res != SECSuccess) {
-- xmlSecNssError2("PK11_PQG_VerifyParams", xmlSecKeyDataGetName(data),
-- "size=%lu", (unsigned long)sizeBits);
-- goto done;
-- }
--
-- slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL);
-- if(slot == NULL) {
-- xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataGetName(data));
-- goto done;
-- }
--
-- rv = PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
-- if (rv != SECSuccess) {
-- xmlSecNssError2("PK11_Authenticate", xmlSecKeyDataGetName(data),
-- "token=%s", xmlSecErrorsSafeString(PK11_GetTokenName(slot)));
-+ xmlSecNssError2("PK11_PQG_VerifyParams",
-+ xmlSecKeyDataGetName(data),
-+ "size=%lu", (unsigned long)sizeBits);
-+ ret = -1;
- goto done;
- }
-
-+ slot = xmlSecNssSlotGet(CKM_DSA_KEY_PAIR_GEN);
-+ PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
- privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams,
- &pubkey, PR_FALSE, PR_TRUE, NULL);
-
- if((privkey == NULL) || (pubkey == NULL)) {
-- xmlSecNssError("PK11_GenerateKeyPair", xmlSecKeyDataGetName(data));
-+ xmlSecNssError("PK11_GenerateKeyPair",
-+ xmlSecKeyDataGetName(data));
-+
-+ ret = -1;
- goto done;
- }
-
-@@ -866,6 +866,8 @@ xmlSecNssKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe
- goto done;
- }
-
-+ privkey = NULL ;
-+ pubkey = NULL ;
- ret = 0;
-
- done:
-@@ -878,16 +880,13 @@ done:
- if (pqgVerify != NULL) {
- PK11_PQG_DestroyVerify(pqgVerify);
- }
-- if (ret == 0) {
-- return (0);
-- }
- if (pubkey != NULL) {
- SECKEY_DestroyPublicKey(pubkey);
- }
- if (privkey != NULL) {
- SECKEY_DestroyPrivateKey(privkey);
- }
-- return(-1);
-+ return(ret);
- }
-
- static xmlSecKeyDataType
-@@ -897,10 +896,10 @@ xmlSecNssKeyDataDsaGetType(xmlSecKeyDataPtr data) {
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown);
- ctx = xmlSecNssPKIKeyDataGetCtx(data);
- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
-+ /*xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
- if (ctx->privkey != NULL) {
- return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
-- } else {
-+ } else if( ctx->pubkey != NULL ) {
- return(xmlSecKeyDataTypePublic);
- }
-
-@@ -914,7 +913,7 @@ xmlSecNssKeyDataDsaGetSize(xmlSecKeyDataPtr data) {
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0);
- ctx = xmlSecNssPKIKeyDataGetCtx(data);
- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
-+ /*xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
-
- return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
- }
-@@ -1101,9 +1100,10 @@ xmlSecNssKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- goto done;
- }
-
-- slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL);
-+ slot = xmlSecNssSlotGet(CKM_RSA_PKCS);
- if(slot == NULL) {
-- xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataKlassGetName(id));
-+ xmlSecNssError("PK11_GetBestSlot",
-+ xmlSecKeyDataKlassGetName(id));
- ret = -1;
- goto done;
- }
-@@ -1226,7 +1226,7 @@ xmlSecNssKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
-
- ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
-+ /*xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/
-
-
- if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
-@@ -1282,19 +1282,8 @@ xmlSecNssKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe
- params.keySizeInBits = sizeBits;
- params.pe = 65537;
-
-- slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL);
-- if(slot == NULL) {
-- xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataGetName(data));
-- goto done;
-- }
--
-- rv = PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
-- if (rv != SECSuccess) {
-- xmlSecNssError2("PK11_Authenticate", xmlSecKeyDataGetName(data),
-- "token=%s", xmlSecErrorsSafeString(PK11_GetTokenName(slot)));
-- goto done;
-- }
--
-+ slot = xmlSecNssSlotGet(CKM_RSA_PKCS_KEY_PAIR_GEN);
-+ PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
- privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, ¶ms,
- &pubkey, PR_FALSE, PR_TRUE, NULL);
- if(privkey == NULL || pubkey == NULL) {
-@@ -1354,7 +1343,7 @@ xmlSecNssKeyDataRsaGetSize(xmlSecKeyDataPtr data) {
-
- ctx = xmlSecNssPKIKeyDataGetCtx(data);
- xmlSecAssert2(ctx != NULL, -1);
-- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
-+ /*xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/
-
- return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
- }
-diff --git a/src/nss/symkeys.c b/src/nss/symkeys.c
-index c88be8b2..2807f934 100644
---- a/src/nss/symkeys.c
-+++ b/src/nss/symkeys.c
-@@ -14,20 +14,41 @@
- #include <stdio.h>
- #include <string.h>
-
-+#include <pk11func.h>
-+#include <nss.h>
-+
- #include <xmlsec/xmlsec.h>
- #include <xmlsec/xmltree.h>
-+#include <xmlsec/base64.h>
- #include <xmlsec/keys.h>
- #include <xmlsec/keyinfo.h>
- #include <xmlsec/transforms.h>
- #include <xmlsec/errors.h>
-
- #include <xmlsec/nss/crypto.h>
-+#include <xmlsec/nss/ciphers.h>
-+#include <xmlsec/nss/tokens.h>
-
- /*****************************************************************************
- *
-- * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary
-+ * Symmetic (binary) keys - a wrapper over slot information and PK11SymKey
- *
- ****************************************************************************/
-+typedef struct _xmlSecNssSymKeyDataCtx xmlSecNssSymKeyDataCtx ;
-+typedef struct _xmlSecNssSymKeyDataCtx* xmlSecNssSymKeyDataCtxPtr ;
-+
-+struct _xmlSecNssSymKeyDataCtx {
-+ CK_MECHANISM_TYPE cipher ; /* the symmetic key mechanism */
-+ PK11SlotInfo* slot ; /* the key resident slot */
-+ PK11SymKey* symkey ; /* the symmetic key */
-+} ;
-+
-+#define xmlSecNssSymKeyDataSize \
-+ ( sizeof( xmlSecKeyData ) + sizeof( xmlSecNssSymKeyDataCtx ) )
-+
-+#define xmlSecNssSymKeyDataGetCtx( data ) \
-+ ( ( xmlSecNssSymKeyDataCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyData ) ) )
-+
- static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data);
- static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
- xmlSecKeyDataPtr src);
-@@ -66,107 +87,743 @@ static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
- (xmlSecKeyDataIsValid((data)) && \
- xmlSecNssSymKeyDataKlassCheck((data)->id))
-
-+/**
-+ * xmlSecNssSymKeyDataAdoptKey:
-+ * @data: the pointer to symmetric key data.
-+ * @symkey: the symmetric key
-+ *
-+ * Set the value of symmetric key data.
-+ *
-+ * Returns 0 on success or a negative value if an error occurs.
-+ */
-+int
-+xmlSecNssSymKeyDataAdoptKey(
-+ xmlSecKeyDataPtr data ,
-+ PK11SymKey* symkey
-+) {
-+ xmlSecNssSymKeyDataCtxPtr context = NULL ;
-+
-+ xmlSecAssert2( xmlSecNssSymKeyDataCheckId( data ), -1 ) ;
-+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), -1 ) ;
-+ xmlSecAssert2( symkey != NULL, -1 ) ;
-+
-+ context = xmlSecNssSymKeyDataGetCtx( data ) ;
-+ xmlSecAssert2(context != NULL, -1);
-+
-+ context->cipher = PK11_GetMechanism( symkey ) ;
-+
-+ if( context->slot != NULL ) {
-+ PK11_FreeSlot( context->slot ) ;
-+ context->slot = NULL ;
-+ }
-+ context->slot = PK11_GetSlotFromKey( symkey ) ;
-+
-+ if( context->symkey != NULL ) {
-+ PK11_FreeSymKey( context->symkey ) ;
-+ context->symkey = NULL ;
-+ }
-+ context->symkey = PK11_ReferenceSymKey( symkey ) ;
-+
-+ return 0 ;
-+}
-+
-+xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt(
-+ PK11SymKey* symKey
-+) {
-+ xmlSecKeyDataPtr data = NULL ;
-+ CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM ;
-+
-+ xmlSecAssert2( symKey != NULL , NULL ) ;
-+
-+ mechanism = PK11_GetMechanism( symKey ) ;
-+ switch( mechanism ) {
-+ case CKM_DES3_KEY_GEN :
-+ case CKM_DES3_CBC :
-+ case CKM_DES3_MAC :
-+ data = xmlSecKeyDataCreate( xmlSecNssKeyDataDesId ) ;
-+ if( data == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeyDataCreate" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ "xmlSecNssKeyDataDesId" ) ;
-+ return NULL ;
-+ }
-+ break ;
-+ case CKM_AES_KEY_GEN :
-+ case CKM_AES_CBC :
-+ case CKM_AES_MAC :
-+ data = xmlSecKeyDataCreate( xmlSecNssKeyDataAesId ) ;
-+ if( data == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecKeyDataCreate" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ "xmlSecNssKeyDataDesId" ) ;
-+ return NULL ;
-+ }
-+ break ;
-+ default :
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ NULL ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ "Unsupported mechanism" ) ;
-+ return NULL ;
-+ }
-+
-+ if( xmlSecNssSymKeyDataAdoptKey( data , symKey ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ NULL ,
-+ "xmlSecNssSymKeyDataAdoptKey" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecKeyDataDestroy( data ) ;
-+ return NULL ;
-+ }
-+
-+ return data ;
-+}
-+
-+
-+PK11SymKey*
-+xmlSecNssSymKeyDataGetKey(
-+ xmlSecKeyDataPtr data
-+) {
-+ xmlSecNssSymKeyDataCtxPtr ctx;
-+ PK11SymKey* symkey ;
-+
-+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), NULL);
-+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), NULL);
-+
-+ ctx = xmlSecNssSymKeyDataGetCtx(data);
-+ xmlSecAssert2(ctx != NULL, NULL);
-+
-+ if( ctx->symkey != NULL ) {
-+ symkey = PK11_ReferenceSymKey( ctx->symkey ) ;
-+ } else {
-+ symkey = NULL ;
-+ }
-+
-+ return(symkey);
-+}
-+
- static int
- xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) {
-+ xmlSecNssSymKeyDataCtxPtr ctx;
-+
- xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
-+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), -1);
-+
-+ ctx = xmlSecNssSymKeyDataGetCtx(data);
-+ xmlSecAssert2(ctx != NULL, -1);
-+
-+ memset( ctx, 0, sizeof(xmlSecNssSymKeyDataCtx));
-+
-+ /* Set the block cipher mechanism */
-+#ifndef XMLSEC_NO_DES
-+ if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) {
-+ ctx->cipher = CKM_DES3_KEY_GEN;
-+ } else
-+#endif /* XMLSEC_NO_DES */
-+
-+#ifndef XMLSEC_NO_AES
-+ if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) {
-+ ctx->cipher = CKM_AES_KEY_GEN;
-+ } else
-+#endif /* XMLSEC_NO_AES */
-+
-+ if(1) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-+ NULL ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ "Unsupported block cipher" ) ;
-+ return(-1) ;
-+ }
-
-- return(xmlSecKeyDataBinaryValueInitialize(data));
-+ return(0);
- }
-
- static int
- xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
-+ xmlSecNssSymKeyDataCtxPtr ctxDst;
-+ xmlSecNssSymKeyDataCtxPtr ctxSrc;
-+
- xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1);
-+ xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecNssSymKeyDataSize), -1);
- xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1);
-+ xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecNssSymKeyDataSize), -1);
- xmlSecAssert2(dst->id == src->id, -1);
-
-- return(xmlSecKeyDataBinaryValueDuplicate(dst, src));
-+ ctxDst = xmlSecNssSymKeyDataGetCtx(dst);
-+ xmlSecAssert2(ctxDst != NULL, -1);
-+
-+ ctxSrc = xmlSecNssSymKeyDataGetCtx(src);
-+ xmlSecAssert2(ctxSrc != NULL, -1);
-+
-+ ctxDst->cipher = ctxSrc->cipher ;
-+
-+ if( ctxSrc->slot != NULL ) {
-+ if( ctxDst->slot != NULL && ctxDst->slot != ctxSrc->slot ) {
-+ PK11_FreeSlot( ctxDst->slot ) ;
-+ ctxDst->slot = NULL ;
-+ }
-+
-+ if( ctxDst->slot == NULL && ctxSrc->slot != NULL )
-+ ctxDst->slot = PK11_ReferenceSlot( ctxSrc->slot ) ;
-+ } else {
-+ if( ctxDst->slot != NULL ) {
-+ PK11_FreeSlot( ctxDst->slot ) ;
-+ ctxDst->slot = NULL ;
-+ }
-+ }
-+
-+ if( ctxSrc->symkey != NULL ) {
-+ if( ctxDst->symkey != NULL && ctxDst->symkey != ctxSrc->symkey ) {
-+ PK11_FreeSymKey( ctxDst->symkey ) ;
-+ ctxDst->symkey = NULL ;
-+ }
-+
-+ if( ctxDst->symkey == NULL && ctxSrc->symkey != NULL )
-+ ctxDst->symkey = PK11_ReferenceSymKey( ctxSrc->symkey ) ;
-+ } else {
-+ if( ctxDst->symkey != NULL ) {
-+ PK11_FreeSymKey( ctxDst->symkey ) ;
-+ ctxDst->symkey = NULL ;
-+ }
-+ }
-+
-+ return(0);
- }
-
- static void
- xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) {
-+ xmlSecNssSymKeyDataCtxPtr ctx;
-+
- xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
-+ xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize));
-+
-+ ctx = xmlSecNssSymKeyDataGetCtx(data);
-+ xmlSecAssert(ctx != NULL);
-
-- xmlSecKeyDataBinaryValueFinalize(data);
-+ if( ctx->slot != NULL ) {
-+ PK11_FreeSlot( ctx->slot ) ;
-+ ctx->slot = NULL ;
-+ }
-+
-+ if( ctx->symkey != NULL ) {
-+ PK11_FreeSymKey( ctx->symkey ) ;
-+ ctx->symkey = NULL ;
-+ }
-+
-+ ctx->cipher = CKM_INVALID_MECHANISM ;
- }
-
- static int
- xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
-- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
-+ PK11SymKey* symKey ;
-+ PK11SlotInfo* slot ;
-+ xmlSecBufferPtr keyBuf;
-+ xmlSecSize len;
-+ xmlSecKeyDataPtr data;
-+ xmlSecNssSymKeyDataCtxPtr ctx;
-+ SECItem keyItem ;
-+ int ret;
-+
-+ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
-+ xmlSecAssert2(key != NULL, -1);
-+ xmlSecAssert2(node != NULL, -1);
-+ xmlSecAssert2(keyInfoCtx != NULL, -1);
-+
-+ /* Create a new KeyData from a id */
-+ data = xmlSecKeyDataCreate(id);
-+ if(data == NULL ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeyDataCreate",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-
-- return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx));
-+ ctx = xmlSecNssSymKeyDataGetCtx(data);
-+ xmlSecAssert2(ctx != NULL, -1);
-+
-+ /* Create a buffer for raw symmetric key value */
-+ if( ( keyBuf = xmlSecBufferCreate( 128 ) ) == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecBufferCreate" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ /* Read the raw key value */
-+ if( xmlSecBufferBase64NodeContentRead( keyBuf , node ) < 0 ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecBufferDestroy( keyBuf ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ /* Get slot */
-+ slot = xmlSecNssSlotGet(ctx->cipher);
-+ if( slot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecNssSlotGet" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ xmlSecBufferDestroy( keyBuf ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ /* Wrap the raw key value SECItem */
-+ keyItem.type = siBuffer ;
-+ keyItem.data = xmlSecBufferGetData( keyBuf ) ;
-+ keyItem.len = xmlSecBufferGetSize( keyBuf ) ;
-+
-+ /* Import the raw key into slot temporalily and get the key handler*/
-+ symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ;
-+ if( symKey == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "PK11_ImportSymKey" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+
-+ PK11_FreeSlot( slot ) ;
-+ xmlSecBufferDestroy( keyBuf ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+ PK11_FreeSlot( slot ) ;
-+
-+ /* raw key material has been copied into symKey, it isn't used any more */
-+ xmlSecBufferDestroy( keyBuf ) ;
-+
-+ /* Adopt the symmetric key into key data */
-+ ret = xmlSecNssSymKeyDataAdoptKey(data, symKey);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeyDataBinaryValueSetBuffer",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ PK11_FreeSymKey( symKey ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1);
-+ }
-+ /* symKey has been duplicated into data, it isn't used any more */
-+ PK11_FreeSymKey( symKey ) ;
-+
-+ /* Check value */
-+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeyReqMatchKeyValue",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(0);
-+ }
-+
-+ ret = xmlSecKeySetValue(key, data);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeySetValue",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1);
-+ }
-+
-+ return(0);
- }
-
- static int
- xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
-+ PK11SymKey* symKey ;
-+
- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
-+ xmlSecAssert2(key != NULL, -1);
-+ xmlSecAssert2(node != NULL, -1);
-+ xmlSecAssert2(keyInfoCtx != NULL, -1);
-+
-+ /* Get symmetric key from "key" */
-+ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key));
-+ if( symKey != NULL ) {
-+ SECItem* keyItem ;
-+ xmlSecBufferPtr keyBuf ;
-+
-+ /* Extract raw key data from symmetric key */
-+ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "PK11_ExtractKeyValue",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ PK11_FreeSymKey( symKey ) ;
-+ return(-1);
-+ }
-+
-+ /* Get raw key data from "symKey" */
-+ keyItem = PK11_GetKeyData( symKey ) ;
-+ if(keyItem == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "PK11_GetKeyData",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ PK11_FreeSymKey( symKey ) ;
-+ return(-1);
-+ }
-+
-+ /* Create key data buffer with raw kwy material */
-+ keyBuf = xmlSecBufferCreate(keyItem->len) ;
-+ if(keyBuf == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecBufferCreate",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ PK11_FreeSymKey( symKey ) ;
-+ return(-1);
-+ }
-+
-+ xmlSecBufferSetData( keyBuf , keyItem->data , keyItem->len ) ;
-+
-+ /* Write raw key material into current xml node */
-+ if( xmlSecBufferBase64NodeContentWrite( keyBuf, node, XMLSEC_BASE64_LINESIZE ) < 0 ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecBufferBase64NodeContentWrite",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ xmlSecBufferDestroy(keyBuf);
-+ PK11_FreeSymKey( symKey ) ;
-+ return(-1);
-+ }
-+ xmlSecBufferDestroy(keyBuf);
-+ PK11_FreeSymKey( symKey ) ;
-+ }
-
-- return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx));
-+ return 0 ;
- }
-
- static int
- xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- const xmlSecByte* buf, xmlSecSize bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
-- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
-+ PK11SymKey* symKey ;
-+ PK11SlotInfo* slot ;
-+ xmlSecKeyDataPtr data;
-+ xmlSecNssSymKeyDataCtxPtr ctx;
-+ SECItem keyItem ;
-+ int ret;
-+
-+ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
-+ xmlSecAssert2(key != NULL, -1);
-+ xmlSecAssert2(buf != NULL, -1);
-+ xmlSecAssert2(bufSize != 0, -1);
-+ xmlSecAssert2(keyInfoCtx != NULL, -1);
-+
-+ /* Create a new KeyData from a id */
-+ data = xmlSecKeyDataCreate(id);
-+ if(data == NULL ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeyDataCreate",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ return(-1);
-+ }
-+
-+ ctx = xmlSecNssSymKeyDataGetCtx(data);
-+ xmlSecAssert2(ctx != NULL, -1);
-+
-+ /* Get slot */
-+ slot = xmlSecNssSlotGet(ctx->cipher);
-+ if( slot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecNssSlotGet" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-
-- return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx));
-+ /* Wrap the raw key value SECItem */
-+ keyItem.type = siBuffer ;
-+ keyItem.data = buf ;
-+ keyItem.len = bufSize ;
-+
-+ /* Import the raw key into slot temporalily and get the key handler*/
-+ symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ;
-+ if( symKey == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "PK11_ImportSymKey" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ PK11_FreeSlot( slot ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1) ;
-+ }
-+
-+ /* Adopt the symmetric key into key data */
-+ ret = xmlSecNssSymKeyDataAdoptKey(data, symKey);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeyDataBinaryValueSetBuffer",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ PK11_FreeSymKey( symKey ) ;
-+ PK11_FreeSlot( slot ) ;
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1);
-+ }
-+ /* symKey has been duplicated into data, it isn't used any more */
-+ PK11_FreeSymKey( symKey ) ;
-+ PK11_FreeSlot( slot ) ;
-+
-+ /* Check value */
-+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeyReqMatchKeyValue",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(0);
-+ }
-+
-+ ret = xmlSecKeySetValue(key, data);
-+ if(ret < 0) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "xmlSecKeySetValue",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ xmlSecKeyDataDestroy( data ) ;
-+ return(-1);
-+ }
-+
-+ return(0);
- }
-
- static int
- xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlSecByte** buf, xmlSecSize* bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
-+ PK11SymKey* symKey ;
-+
- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
-+ xmlSecAssert2(key != NULL, -1);
-+ xmlSecAssert2(buf != NULL, -1);
-+ xmlSecAssert2(bufSize != 0, -1);
-+ xmlSecAssert2(keyInfoCtx != NULL, -1);
-+
-+ /* Get symmetric key from "key" */
-+ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key));
-+ if( symKey != NULL ) {
-+ SECItem* keyItem ;
-+
-+ /* Extract raw key data from symmetric key */
-+ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "PK11_ExtractKeyValue",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ PK11_FreeSymKey( symKey ) ;
-+ return(-1);
-+ }
-+
-+ /* Get raw key data from "symKey" */
-+ keyItem = PK11_GetKeyData( symKey ) ;
-+ if(keyItem == NULL) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ "PK11_GetKeyData",
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ PK11_FreeSymKey( symKey ) ;
-+ return(-1);
-+ }
-+
-+ *bufSize = keyItem->len;
-+ *buf = ( xmlSecByte* )xmlMalloc( *bufSize );
-+ if( *buf == NULL ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
-+ NULL,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ XMLSEC_ERRORS_NO_MESSAGE);
-+ PK11_FreeSymKey( symKey ) ;
-+ return(-1);
-+ }
-+
-+ memcpy((*buf), keyItem->data, (*bufSize));
-+ PK11_FreeSymKey( symKey ) ;
-+ }
-
-- return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx));
-+ return 0 ;
- }
-
- static int
- xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
-- xmlSecBufferPtr buffer;
-+ PK11SymKey* symkey ;
-+ PK11SlotInfo* slot ;
-+ xmlSecNssSymKeyDataCtxPtr ctx;
-+ int ret;
-
- xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
- xmlSecAssert2(sizeBits > 0, -1);
-
-- buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
-- xmlSecAssert2(buffer != NULL, -1);
-+ ctx = xmlSecNssSymKeyDataGetCtx(data);
-+ xmlSecAssert2(ctx != NULL, -1);
-+
-+ if( sizeBits % 8 != 0 ) {
-+ xmlSecError(XMLSEC_ERRORS_HERE,
-+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-+ NULL,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
-+ "Symmetric key size must be octuple");
-+ return(-1);
-+ }
-+
-+ /* Get slot */
-+ slot = xmlSecNssSlotGet(ctx->cipher);
-+ if( slot == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
-+ "xmlSecNssSlotGet" ,
-+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ return(-1) ;
-+ }
-+
-+ if( PK11_Authenticate( slot, PR_FALSE , NULL ) != SECSuccess ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
-+ "PK11_Authenticate" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ PK11_FreeSlot( slot ) ;
-+ return -1 ;
-+ }
-+
-+ symkey = PK11_KeyGen( slot , ctx->cipher , NULL , sizeBits/8 , NULL ) ;
-+ if( symkey == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
-+ "PK11_KeyGen" ,
-+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
-+ XMLSEC_ERRORS_NO_MESSAGE ) ;
-+ PK11_FreeSlot( slot ) ;
-+ return -1 ;
-+ }
-
-- return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8));
-+ if( ctx->slot != NULL ) {
-+ PK11_FreeSlot( ctx->slot ) ;
-+ ctx->slot = NULL ;
-+ }
-+ ctx->slot = slot ;
-+
-+ if( ctx->symkey != NULL ) {
-+ PK11_FreeSymKey( ctx->symkey ) ;
-+ ctx->symkey = NULL ;
-+ }
-+ ctx->symkey = symkey ;
-+
-+ return 0;
- }
-
- static xmlSecKeyDataType
- xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) {
-- xmlSecBufferPtr buffer;
-+ xmlSecNssSymKeyDataCtxPtr context = NULL ;
-+ xmlSecKeyDataType type = xmlSecKeyDataTypeUnknown ;
-
- xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown);
-+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), xmlSecKeyDataTypeUnknown ) ;
-+
-+ context = xmlSecNssSymKeyDataGetCtx( data ) ;
-+ if( context == NULL ) {
-+ xmlSecError( XMLSEC_ERRORS_HERE ,
-+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
-+ "xmlSecNssSymKeyDataGetCtx" ,
... etc. - the rest is truncated
More information about the Libreoffice-commits
mailing list