[xmlsec] Big patch to xmlsec in recent OpenOffice.org sources

Chandler Peng Chuandong.Peng at Sun.COM
Tue Mar 1 22:50:32 PST 2005


>> Chandler, I think it over about the 
>> xmlSecMSCryptoAppliedKeysMngrCreate(). You can replace the functions 
>> with another wrapper or block with:
>> {
>> /* create the key mngr */
>> xmlSecKeysMngrPtr keyMngr = xmlSecKeysMngrCreate() ;
>>
>> /* add key store to the mngr **/
>> xmlSecMSCryptoAppDefaultKeysMngrAdoptKeyStore*( keystore ) ;
>>
>> /* add cert store to the mngr **/**
>> xmlSecMSCryptoAppDefaultKeysMngrAdoptTrustedStore*( certstore ) ;
>> }
>
>
> This is not quite correct. As it is implemented in the OpenOffice
> patch you have sent to me, the xmlSecMSCryptoAppliedKeysMngrCreate
> function *did not* add keys or certs store passed into it as
> input parameters. But this might have just a bug :)
>
OK, I will replace the function xmlSecMSCryptoAppliedKeysMngrCreate() 
with a block like this:
   
{
    keyStore = xmlSecKeyStoreCreate( xmlSecMSCryptoKeysStoreId ) ;
...
    keyMngr = xmlSecKeysMngrCreate() ;

     xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) ;

    xmlSecMSCryptoKeysMngrInit( keyMngr );

    keyMngr->getKey = xmlSecKeysMngrGetKey ;
}

>
>>> Note that all of the XXXKeyLoad functions you listed have no body at
>>> all in the patch that was sent to me thus I did not implement them
>>> in xmlsec. I can do it but I am not sure it makes much sense to me :)
>>>
>> The interfaces really give more flexible for end user specify their 
>> own keys for signature and decryption. I think is is much more useful 
>> for template driven signature/encryption, for non-template driven 
>> signature/encryption, one can directly call some interfaces to set 
>> the keys used to a certain sign/enc; but for template-auto driven, no 
>> one knows what even the template stuff, so put the  raw keys into the 
>> mgr is a good automated way. I think encryption cases will show the 
>> value of those interfaces. Because openoffice signature is based on 
>> pki cert, they really have not been used. I didn't implement those 
>> interfaces in mscrypto engine( I forgot why, because of time or 
>> anything else ), but they have been implemented in nss engine.
>>
>> Aleksey, I hope you add the interfaces for both mscrypto and nss 
>> engine if you feel valuable. :-)
>
>
> OK, I added mscrypto functions (changed names slightly to follow xmlsec
> conventions):
>
> xmlSecMSCryptoAppDefaultKeysMngrPrivateKeyLoad
> xmlSecMSCryptoAppDefaultKeysMngrPublicKeyLoad
> xmlSecMSCryptoAppDefaultKeysMngrSymKeyLoad
>
> But you promise to implement them one day :)
>
> BTW, just to repeat this to Chandler: to get full compatibility with
> current OpenOffice patch, one needs to compile xmlsec-mscrypto in "nt4"
> compatibility mode. Otherwise, you'll have same functionality but it
> will run only on 95/98 (with necessary SP level), Server 2003 and XP.
> You can find detailed instructions, reasons and more explanations here:
>
> http://www.aleksey.com/pipermail/xmlsec/2005/002560.html
>
> Also note that "nt4" compatibility mode *migth not* be thread safe.
>
> Aleksey
>
Thanks , I will test it in openoffice(src680m80) later .

Chandler


More information about the xmlsec mailing list