[xmlsec] Big patch to xmlsec in recent OpenOffice.org sources

Andrew Fan Xuelei.Fan at Sun.COM
Tue Mar 1 22:00:30 PST 2005


Aleksey Sanin wrote:

> Hi, Chandler!
>
> As we discussed with Andrew before, the MSCryptoAppliedKeysMngr is gone
> and you will need to use MSCryptoDefaultKeysMngr:
>
> http://www.aleksey.com/pipermail/xmlsec/2005/002542.html
> http://www.aleksey.com/pipermail/xmlsec/2005/002546.html
>
Chandler, I think it over about the 
xmlSecMSCryptoAppliedKeysMngrCreate(). You can replace the functions 
with another wrapper or block with:
{
/* create the key mngr */
xmlSecKeysMngrPtr keyMngr = xmlSecKeysMngrCreate() ;

/* add key store to the mngr **/
xmlSecMSCryptoAppDefaultKeysMngrAdoptKeyStore*( keystore ) ;

/* add cert store to the mngr **/**
xmlSecMSCryptoAppDefaultKeysMngrAdoptTrustedStore*( certstore ) ;
}

At the very beginning, I wanted to add the "keystore" ( or and 
"certstore" ) to xmlSecKeyStore instead of xmlSecKeyDataStore, and 
"certstore" to xmlSecKeyDataStore. But because the current solution 
works, so I gave up the idea.

I think the above codes will make OpenOffice work at present.

> Note that all of the XXXKeyLoad functions you listed have no body at
> all in the patch that was sent to me thus I did not implement them
> in xmlsec. I can do it but I am not sure it makes much sense to me :)
>
The interfaces really give more flexible for end user specify their own 
keys for signature and decryption. I think is is much more useful for 
template driven signature/encryption, for non-template driven 
signature/encryption, one can directly call some interfaces to set the 
keys used to a certain sign/enc; but for template-auto driven, no one 
knows what even the template stuff, so put the  raw keys into the mgr is 
a good automated way. I think encryption cases will show the value of 
those interfaces. Because openoffice signature is based on pki cert, 
they really have not been used. I didn't implement those interfaces in 
mscrypto engine( I forgot why, because of time or anything else ), but 
they have been implemented in nss engine.

Aleksey, I hope you add the interfaces for both mscrypto and nss engine 
if you feel valuable. :-)

Thanks,
Andrew

> Aleksey
>
>
> Chandler Peng wrote:
>
>> Hi , Aleksey ,
>> I  have checked the latest trunk of xmlsec-mscrypto and it is no 
>> problem for openoffice(src680m81) except 4 functions missed.
>> The missed funtions are
>> xmlSecMSCryptoAppliedKeysMngrCreate()
>> xmlSecMSCryptoAppliedKeysMngrPriKeyLoad()
>> xmlSecMSCryptoAppliedKeysMngrPubKeyLoad()
>> xmlSecMSCryptoAppliedKeysMngrSymKeyLoad()
>> and implemented in akmngr.c .
>> Would you pleased to add these functions into xmlsec-mscrypto ?
>>
>> Chandler .
>>



More information about the xmlsec mailing list