[xmlsec] Big patch to xmlsec in recent OpenOffice.org sources

Aleksey Sanin aleksey at aleksey.com
Tue Mar 1 22:19:49 PST 2005


>>
> Chandler, I think it over about the 
> xmlSecMSCryptoAppliedKeysMngrCreate(). You can replace the functions 
> with another wrapper or block with:
> {
> /* create the key mngr */
> xmlSecKeysMngrPtr keyMngr = xmlSecKeysMngrCreate() ;
> 
> /* add key store to the mngr **/
> xmlSecMSCryptoAppDefaultKeysMngrAdoptKeyStore*( keystore ) ;
> 
> /* add cert store to the mngr **/**
> xmlSecMSCryptoAppDefaultKeysMngrAdoptTrustedStore*( certstore ) ;
> }

This is not quite correct. As it is implemented in the OpenOffice
patch you have sent to me, the xmlSecMSCryptoAppliedKeysMngrCreate
function *did not* add keys or certs store passed into it as
input parameters. But this might have just a bug :)


>> Note that all of the XXXKeyLoad functions you listed have no body at
>> all in the patch that was sent to me thus I did not implement them
>> in xmlsec. I can do it but I am not sure it makes much sense to me :)
>>
> The interfaces really give more flexible for end user specify their own 
> keys for signature and decryption. I think is is much more useful for 
> template driven signature/encryption, for non-template driven 
> signature/encryption, one can directly call some interfaces to set the 
> keys used to a certain sign/enc; but for template-auto driven, no one 
> knows what even the template stuff, so put the  raw keys into the mgr is 
> a good automated way. I think encryption cases will show the value of 
> those interfaces. Because openoffice signature is based on pki cert, 
> they really have not been used. I didn't implement those interfaces in 
> mscrypto engine( I forgot why, because of time or anything else ), but 
> they have been implemented in nss engine.
> 
> Aleksey, I hope you add the interfaces for both mscrypto and nss engine 
> if you feel valuable. :-)

OK, I added mscrypto functions (changed names slightly to follow xmlsec
conventions):

xmlSecMSCryptoAppDefaultKeysMngrPrivateKeyLoad
xmlSecMSCryptoAppDefaultKeysMngrPublicKeyLoad
xmlSecMSCryptoAppDefaultKeysMngrSymKeyLoad

But you promise to implement them one day :)

BTW, just to repeat this to Chandler: to get full compatibility with
current OpenOffice patch, one needs to compile xmlsec-mscrypto in "nt4"
compatibility mode. Otherwise, you'll have same functionality but it
will run only on 95/98 (with necessary SP level), Server 2003 and XP.
You can find detailed instructions, reasons and more explanations here:

http://www.aleksey.com/pipermail/xmlsec/2005/002560.html

Also note that "nt4" compatibility mode *migth not* be thread safe.

Aleksey



More information about the xmlsec mailing list